|
Log-Analyse und Auswertung: Bundespolizei-TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
23.08.2012, 13:00 | #1 | |
| Bundespolizei-Trojaner Hallo, Ich habe mir den schon altbekannten Bundespolizei-Trojaner eingefangen, bei dem einfach gar nichts mehr funktioniert. Im abgesicherten Modus lief mein Laptop dann ganz normal und ich führte eine Systemwiederherstellung durch. Danach konnte ich den Laptop auch ganz normal wieder hochfahren. Alles funktioniert, nichts ist auffällig. AntiVir und Malwarebytes haben auch nichts gefunden. Da ich aber überhaupt keine Ahnung davon habe, wende ich mich nun an Euch, damit da mal jemand drüber schauen kann. Wie muss ich nun vorgehen, um sicher zu sein, dass er wirklich weg ist? Liebe Grüße, Talisha Zitat:
Geändert von xtallix (23.08.2012 um 13:05 Uhr) |
24.08.2012, 02:28 | #2 |
/// Helfer-Team | Bundespolizei-TrojanerCustomScan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\*.* %APPDATA%\*AcroIEH*.* %APPDATA%\*.exe %APPDATA%\*.tmp CREATERESTOREPOINT
__________________ |
24.08.2012, 10:44 | #3 |
| Bundespolizei-Trojaner Erstmal danke für die schnelle Antwort.
__________________Hier die txt von OTL Code:
ATTFilter OTL logfile created on: 24.08.2012 11:19:33 - Run 2 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Nadine Sandmann\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 61,18% Memory free 8,00 Gb Paging File | 6,31 Gb Available in Paging File | 78,86% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 172,99 Gb Total Space | 63,84 Gb Free Space | 36,90% Space Free | Partition Type: NTFS Drive D: | 115,33 Gb Total Space | 102,55 Gb Free Space | 88,92% Space Free | Partition Type: NTFS Computer Name: TALLI | User Name: Nadine Sandmann | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Nadine Sandmann\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe () PRC - C:\Program Files (x86)\ASUS\Net4Switch\Net4Switch.exe (ASUS) PRC - C:\Programme\ATKGFNEX\GFNEXSrv.exe () PRC - C:\Program Files (x86)\ASUS\NB Probe\SPM\spmgr.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswsysmon.dll () MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipsw_cfgmgr.dll () MOD - C:\Program Files (x86)\ASUS\Net4Switch\LogonStartup.dll () MOD - C:\Program Files (x86)\ASUS\Net4Switch\iphelper.dll () MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswui.dll () MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswobj.dll () MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswhlp.dll () MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswgblset.dll () MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswds.dll () MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswcore.dll () MOD - C:\Program Files (x86)\ASUS\Net4Switch\cxcmrt.dll () MOD - C:\Program Files (x86)\ASUS\Net4Switch\ipswresmgr.dll () MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe () MOD - C:\Program Files (x86)\ASUS\Net4Switch\ResItf.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.) SRV - (SolidWorks Licensing Service) -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks) SRV - (HPSLPSVC) -- C:\Users\NADINE~1\AppData\Local\Temp\7zS78D9\hpslpsvc64.dll (Hewlett-Packard Co.) SRV - (TabletServicePen) -- C:\Programme\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.) SRV - (TouchServicePen) -- C:\Programme\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (CoordinatorServiceHost) -- C:\Programme\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe (Dassault Systèmes SolidWorks Corp.) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (AgereModemAudio) -- C:\Programme\LSI SoftModem\agr64svc.exe (LSI Corporation) SRV - (ATKGFNEXSrv) -- C:\Programme\ATKGFNEX\GFNEXSrv.exe () SRV - (spmgr) -- C:\Program Files (x86)\ASUS\NB Probe\SPM\spmgr.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology) DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology) DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (npf) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.) DRV:64bit: - (ATSwpWDF) -- C:\Windows\SysNative\drivers\ATSwpWDF.sys (AuthenTec, Inc.) DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( ) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (MODEMCSA) -- C:\Windows\SysNative\drivers\MODEMCSA.sys (Microsoft Corporation) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC) DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC) DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC) DRV:64bit: - (lullaby) -- C:\Windows\SysNative\drivers\lullaby.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (itecir) -- C:\Windows\SysNative\drivers\itecir.sys (ITE Tech. Inc. ) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (ghaio) -- C:\Program Files (x86)\ASUS\NB Probe\SPM\ghaio.sys () DRV - (ASMMAP64) -- C:\Programme\ATKGFNEX\ASMMAP64.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2982578659-3277241682-3497648708-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2982578659-3277241682-3497648708-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-2982578659-3277241682-3497648708-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D8 8A CF 39 C9 6D CD 01 [binary data] IE - HKU\S-1-5-21-2982578659-3277241682-3497648708-1001\..\SearchScopes,DefaultScope = {DAFFB72C-1F8A-407F-A58C-6AD4DC86E886} IE - HKU\S-1-5-21-2982578659-3277241682-3497648708-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2982578659-3277241682-3497648708-1001\..\SearchScopes\{DAFFB72C-1F8A-407F-A58C-6AD4DC86E886}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-2982578659-3277241682-3497648708-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2982578659-3277241682-3497648708-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> IE - HKU\S-1-5-21-2982578659-3277241682-3497648708-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 1641.77.222232.226:8080 ========== FireFox ========== FF - prefs.js..network.proxy.ftp: "159.224.205.252" FF - prefs.js..network.proxy.ftp_port: 8080 FF - prefs.js..network.proxy.http: "90.183.248.54" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "159.224.205.252" FF - prefs.js..network.proxy.socks_port: 8080 FF - prefs.js..network.proxy.ssl: "159.224.205.252" FF - prefs.js..network.proxy.ssl_port: 8080 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nadine Sandmann\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nadine Sandmann\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\vitzo.com/VDownloader: C:\Program Files (x86)\VDownloader\Addons\npVDownloader.dll (Vitzo) FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012.02.07 16:33:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.25 20:03:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@vdownloader.com: C:\Program Files (x86)\VDownloader\Addons\FireFox [2012.03.18 22:51:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.12 09:42:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.23 12:43:30 | 000,000,000 | ---D | M] [2012.01.14 15:30:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nadine Sandmann\AppData\Roaming\mozilla\Extensions [2012.04.21 16:52:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nadine Sandmann\AppData\Roaming\mozilla\Firefox\Profiles\y5yxrob3.default\extensions [2012.04.26 20:37:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.04.26 20:37:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012.02.23 12:20:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions [2012.02.23 12:20:00 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net [2012.02.25 20:03:57 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012.03.18 22:51:34 | 000,000,000 | ---D | M] (VDownloader) -- C:\PROGRAM FILES (X86)\VDOWNLOADER\ADDONS\FIREFOX [2012.04.21 16:52:19 | 000,181,438 | ---- | M] () (No name found) -- C:\USERS\NADINE SANDMANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y5YXROB3.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI [2012.04.21 16:52:24 | 000,565,918 | ---- | M] () (No name found) -- C:\USERS\NADINE SANDMANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y5YXROB3.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI [2012.01.29 18:12:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.01.29 16:02:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.29 15:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.01.29 16:02:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.01.29 16:02:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.29 16:02:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.29 16:02:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Nadine Sandmann\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Nadine Sandmann\AppData\Local\Google\Chrome\Application\21.0.1180.79\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Nadine Sandmann\AppData\Local\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Nadine Sandmann\AppData\Local\Google\Chrome\Application\21.0.1180.79\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: WacomTabletPlugin (Enabled) = C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll CHR - plugin: VDownloader (Enabled) = C:\Program Files (x86)\VDownloader\Addons\npVDownloader.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Nadine Sandmann\AppData\Local\Facebook\Messenger\2.1.4590.0\npFbDesktopPlugin.dll CHR - Extension: YouTube = C:\Users\Nadine Sandmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Nadine Sandmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: F.B. Purity - Cleans Up Facebook = C:\Users\Nadine Sandmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl\6.7.1_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Nadine Sandmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Google Mail = C:\Users\Nadine Sandmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.02.07 17:55:38 | 000,002,056 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 3dns.adobe.com O1 - Hosts: 127.0.0.1 3dns-1.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-4.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-5.adobe.com O1 - Hosts: 127.0.0.1 activate.adobe.de O1 - Hosts: 127.0.0.1 practivate.adobe.de O1 - Hosts: 14 more lines... O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (IEExtension.VDownloaderBHO) - {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} - mscoree.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O3 - HKU\S-1-5-21-2982578659-3277241682-3497648708-1001\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O4:64bit: - HKLM..\Run: [] File not found O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKU\.DEFAULT..\Run: [20090604] C:\Program Files (x86)\Encore\Hoyle\RegApp\encore_reg.exe (DataLode, Inc.) O4 - HKU\S-1-5-18..\Run: [20090604] C:\Program Files (x86)\Encore\Hoyle\RegApp\encore_reg.exe (DataLode, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2982578659-3277241682-3497648708-1001..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-2982578659-3277241682-3497648708-1001..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-2982578659-3277241682-3497648708-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2982578659-3277241682-3497648708-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.6.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0065A896-9E16-4D3E-9C5F-83A8AB1EED6F}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{bbcc9377-35fa-11e1-be01-0023541e39aa}\Shell - "" = AutoRun O33 - MountPoints2\{bbcc9377-35fa-11e1-be01-0023541e39aa}\Shell\AutoRun\command - "" = F:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.) MsConfig:64bit - StartUpFolder: C:^Users^Nadine Sandmann^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\NADINE~1\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.) MsConfig:64bit - StartUpFolder: C:^Users^Nadine Sandmann^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk - - File not found MsConfig:64bit - StartUpFolder: C:^Users^Nadine Sandmann^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^VDownloader.lnk - - File not found MsConfig:64bit - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AdobeCS5.5ServiceManager - hkey= - key= - File not found MsConfig:64bit - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig:64bit - StartUpReg: BambooCore - hkey= - key= - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe () MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MsConfig:64bit - StartUpReg: Facebook Update - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Nadine Sandmann\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: TkBellExe - hkey= - key= - File not found MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi2 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation) Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: mixer2 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation) Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation) Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation) Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation) Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation) Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation) Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation) Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation) Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation) Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation) Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation) Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation) Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation) Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wave2 - serwvdrv.dll (Microsoft Corporation) Drivers32:64bit: wave3 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation) Drivers32: aux - wdmaud.drv (Microsoft Corporation) Drivers32: midi - wdmaud.drv (Microsoft Corporation) Drivers32: midi1 - wdmaud.drv (Microsoft Corporation) Drivers32: midi2 - wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - midimap.dll (Microsoft Corporation) Drivers32: mixer - wdmaud.drv (Microsoft Corporation) Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation) Drivers32: mixer2 - wdmaud.drv (Microsoft Corporation) Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation) Drivers32: msacm.siren - sirenacm.dll (Microsoft Corporation) Drivers32: vidc.cvid - iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - DivX.dll (DivX, Inc.) Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.iyuv - iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation) Drivers32: vidc.uyvy - msyuv.dll (Microsoft Corporation) Drivers32: vidc.yuy2 - msyuv.dll (Microsoft Corporation) Drivers32: vidc.yv12 - DivX.dll (DivX, Inc.) Drivers32: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation) Drivers32: vidc.yvyu - msyuv.dll (Microsoft Corporation) Drivers32: wave - wdmaud.drv (Microsoft Corporation) Drivers32: wave1 - wdmaud.drv (Microsoft Corporation) Drivers32: wave2 - serwvdrv.dll (Microsoft Corporation) Drivers32: wave3 - wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - msacm32.drv (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.08.24 01:50:22 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{20465E1D-9D2C-4FBB-A9EA-B7D72F8CCFDD} [2012.08.23 12:52:03 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Roaming\elsterformular [2012.08.23 12:51:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular [2012.08.23 12:51:32 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular [2012.08.23 12:50:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElsterFormular [2012.08.23 12:43:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.08.23 12:00:56 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{4709E8AD-DA51-48D6-887F-96FD1E2CD9F5} [2012.08.21 19:19:28 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\Desktop\bilderbilder3 [2012.08.21 19:12:27 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{7D65C231-641B-4A7F-A4F7-789955607C69} [2012.08.15 18:03:41 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{64B264D5-2A4B-4C2C-BD91-B9826CBBDC8F} [2012.08.15 18:03:27 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{2CCDF18A-FF00-496F-9623-274D18D47758} [2012.08.13 12:36:45 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{6AFBC841-55C9-41C0-A858-4A5496D35A31} [2012.08.13 12:36:12 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{4C973F18-2DBF-469A-BC03-439029CDC34C} [2012.08.12 21:26:38 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Roaming\Malwarebytes [2012.08.12 21:26:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.12 21:26:28 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.08.12 21:26:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.08.12 21:26:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.12 21:19:10 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{1DE70EE0-213C-471B-93A0-9BE382EF74C9} [2012.08.12 21:17:03 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{5A1BF89D-659C-4A0A-A1BB-74EC276561A2} [2012.08.12 20:26:15 | 000,000,000 | ---D | C] -- C:\ProgramData\cffiksbhrtiuiyi [2012.08.12 11:34:40 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{3967F28F-8562-40FB-BFC1-CED8CFE67686} [2012.08.12 11:34:28 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{3EF9A665-F7D9-4D30-AB33-F58EA5ECDB42} [2012.08.11 13:30:27 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{B21A0791-5CC4-4E7E-97A0-CE6F6DE4340C} [2012.08.11 13:30:12 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{0B30F173-FECE-4788-B248-C9874BB15DEC} [2012.08.10 21:09:52 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{9E155E73-20C7-49AC-8617-070D80F339C4} [2012.08.10 21:09:18 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{96FD8FE9-37F4-41F4-9248-A40E260D960F} [2012.08.10 03:03:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.08.10 00:50:08 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{59058983-2BDB-4DA5-B4EC-51911E895460} [2012.08.10 00:49:45 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{C42B3274-C0FF-4033-981C-E179BE788D4C} [2012.08.09 10:34:58 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{537FCCB3-3CB8-4055-BBC7-615DB39B514C} [2012.08.09 10:34:21 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{CD5C494C-045B-4580-AE37-62940D39BBCA} [2012.08.08 18:32:57 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{222136E3-0CC3-480A-A791-D3B55AC7AAD1} [2012.08.08 18:32:18 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{986CFE0A-9183-4C5C-BA61-D244747E8F99} [2012.08.07 23:24:02 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{68BB1416-822B-43CD-8D25-60193C91693E} [2012.08.07 23:23:39 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{D0A094BD-7D62-49EF-9133-1364A243B229} [2012.08.07 11:23:03 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{911A26BE-F719-4394-88BB-F68D279B7D2F} [2012.08.07 11:22:30 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{C441A02A-E77E-4C39-9DB4-34847527358B} [2012.08.06 19:36:36 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{6226B438-ABA4-4369-9EDF-0C987E2871E8} [2012.08.06 19:35:57 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{D3A9DE1F-1BA9-4EED-A017-F205AE638C58} [2012.08.05 10:58:42 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{593F33A4-C0D2-440F-9E3F-4D05BBB0599A} [2012.08.05 10:58:24 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{775DF305-6ECF-4726-9438-A24B3DDA33ED} [2012.08.04 13:39:52 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{E6846AE6-E769-4798-9906-361FD4CDEB2F} [2012.08.04 13:39:39 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{2E8B7FAF-819F-4F02-9B5A-04C07B1A6F58} [2012.08.03 11:01:46 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{32C132B8-B708-49FE-9FC8-86ED336B9978} [2012.08.03 11:01:13 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{8B6B6424-3454-4FE8-A87E-6AA1E86052BA} [2012.08.02 11:06:04 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{98AA74E5-0C8F-4134-A20D-DF0B6494DB90} [2012.08.02 11:05:53 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{439F1AB6-F114-473A-84E9-0D3713A06AB2} [2012.08.02 10:28:06 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{45A4583C-4D3E-43DC-A5AB-ACF9550EBD56} [2012.08.02 10:27:19 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{ADD454D6-66A9-4CBC-A132-8865002B98AB} [2012.08.01 21:52:16 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{8B8CF7FD-FE6D-4160-9E1B-1577E972B118} [2012.08.01 21:51:14 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{985C15D8-55D6-46B2-90F6-67EE4671491E} [2012.08.01 13:54:15 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{5473D273-9825-44AB-B1E4-5FCC93D6C35F} [2012.08.01 13:54:15 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{38845276-47AB-4CC0-8390-58C986DBD926} [2012.07.30 21:51:06 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Roaming\Hoyle FaceCreator [2012.07.30 21:51:05 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Roaming\Hoyle Puzzle and Board Games [2012.07.30 19:13:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Encore [2012.07.30 19:12:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Encore [2012.07.30 19:11:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft DirectX SDK (June 2010) [2012.07.30 19:06:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft DirectX SDK (June 2010) [2012.07.30 18:56:47 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images [2012.07.30 18:55:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro [2012.07.30 18:53:28 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\Desktop\hoyle [2012.07.30 18:53:16 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2012.07.30 18:53:11 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Roaming\DAEMON Tools Pro [2012.07.30 18:53:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Pro [2012.07.30 18:52:21 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro [2008.08.11 22:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.24 11:22:01 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.24 11:22:01 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.24 11:14:09 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.24 11:13:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.24 11:13:49 | 3220,525,056 | -HS- | M] () -- C:\hiberfil.sys [2012.08.24 01:50:32 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.23 16:47:00 | 000,001,160 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2982578659-3277241682-3497648708-1001UA.job [2012.08.23 12:51:33 | 000,001,233 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk [2012.08.23 12:47:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2982578659-3277241682-3497648708-1001Core.job [2012.08.21 21:26:29 | 011,812,908 | ---- | M] () -- C:\Users\Nadine Sandmann\Desktop\IMG_0361.psd [2012.08.21 19:15:34 | 001,611,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.21 19:15:34 | 000,696,370 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.21 19:15:34 | 000,651,648 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.21 19:15:34 | 000,147,634 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.21 19:15:34 | 000,120,580 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.12 20:26:15 | 000,000,051 | ---- | M] () -- C:\ProgramData\bljdfpdunexvptq [2012.08.09 11:41:48 | 000,056,214 | ---- | M] () -- C:\Users\Nadine Sandmann\Desktop\167753_1779780370673_3916051_n.jpg [2012.07.31 02:56:36 | 005,020,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.30 18:53:16 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2012.07.27 18:56:32 | 000,945,590 | ---- | M] () -- C:\Users\Nadine Sandmann\Desktop\IMG_0372.JPG [2012.07.27 18:56:29 | 000,923,411 | ---- | M] () -- C:\Users\Nadine Sandmann\Desktop\IMG_0371.JPG [2012.07.27 18:56:12 | 000,909,264 | ---- | M] () -- C:\Users\Nadine Sandmann\Desktop\IMG_0370.JPG [2012.07.26 10:49:00 | 003,390,641 | ---- | M] () -- C:\Users\Nadine Sandmann\Desktop\AsafAvidanOneDayReckoningSongWankelmutRemix_8873.mp3 [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.23 12:51:33 | 000,001,233 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk [2012.08.21 21:26:27 | 011,812,908 | ---- | C] () -- C:\Users\Nadine Sandmann\Desktop\IMG_0361.psd [2012.08.21 20:18:12 | 000,785,113 | ---- | C] () -- C:\Users\Nadine Sandmann\Desktop\IMG_0361.JPG [2012.08.12 20:26:13 | 000,000,051 | ---- | C] () -- C:\ProgramData\bljdfpdunexvptq [2012.08.09 11:41:55 | 000,056,214 | ---- | C] () -- C:\Users\Nadine Sandmann\Desktop\167753_1779780370673_3916051_n.jpg [2012.08.06 12:17:50 | 000,650,649 | ---- | C] () -- C:\Users\Nadine Sandmann\Desktop\IMG_0347.JPG [2012.08.06 12:17:06 | 000,646,915 | ---- | C] () -- C:\Users\Nadine Sandmann\Desktop\IMG_0356.JPG [2012.08.06 12:16:57 | 000,945,590 | ---- | C] () -- C:\Users\Nadine Sandmann\Desktop\IMG_0372.JPG [2012.08.06 12:16:54 | 000,923,411 | ---- | C] () -- C:\Users\Nadine Sandmann\Desktop\IMG_0371.JPG [2012.08.06 12:16:52 | 000,909,264 | ---- | C] () -- C:\Users\Nadine Sandmann\Desktop\IMG_0370.JPG [2012.07.26 10:49:06 | 003,390,641 | ---- | C] () -- C:\Users\Nadine Sandmann\Desktop\AsafAvidanOneDayReckoningSongWankelmutRemix_8873.mp3 [2012.04.12 14:27:37 | 000,000,051 | ---- | C] () -- C:\Users\Nadine Sandmann\start_with_demo.bat [2012.04.12 14:23:46 | 001,589,182 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.04.09 16:50:42 | 000,056,799 | -HS- | C] () -- C:\Users\Nadine Sandmann\Folder.jpg [2012.04.09 16:50:41 | 000,009,287 | -HS- | C] () -- C:\Users\Nadine Sandmann\AlbumArtSmall.jpg [2012.03.18 22:51:34 | 000,444,283 | ---- | C] () -- C:\Program Files (x86)\Common Files\WinPcapNmap.exe [2012.02.09 21:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011.12.27 17:42:07 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI [2009.04.08 11:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll [2008.05.22 09:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg ========== LOP Check ========== [2012.01.24 22:47:56 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\Blender Foundation [2012.06.29 10:25:09 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.12.30 22:07:59 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012.07.30 19:00:40 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\DAEMON Tools Pro [2012.02.01 12:10:44 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\DassaultSystemes [2012.03.27 20:41:20 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\DiskAid [2012.07.31 13:13:09 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\Dropbox [2012.08.23 12:52:05 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\elsterformular [2012.08.04 13:56:05 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\Hoyle FaceCreator [2012.08.12 21:13:52 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\Hoyle Puzzle and Board Games [2012.05.04 16:28:31 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\log [2012.07.09 10:18:32 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\Luxology [2012.06.20 15:18:34 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\Materialise [2011.12.31 13:40:20 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\PACE Anti-Piracy [2012.05.07 15:26:13 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\PDF Software [2012.05.07 15:16:41 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\pdfforge [2012.01.13 00:30:17 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\TrueCrypt [2012.03.18 22:56:11 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\VDownloader [2012.01.22 18:29:10 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\Wacom [2012.01.22 18:29:30 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1 [2012.06.28 19:21:50 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.04.26 16:21:16 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\Adobe [2012.04.02 10:38:38 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\Apple Computer [2011.12.28 11:17:30 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\Avira [2012.01.24 22:47:56 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\Blender Foundation [2012.06.29 10:25:09 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.12.30 22:07:59 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012.07.30 19:00:40 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\DAEMON Tools Pro [2012.02.01 12:10:44 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\DassaultSystemes [2012.03.27 20:41:20 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\DiskAid [2012.05.02 18:29:23 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\DivX [2012.07.31 13:13:09 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\Dropbox [2012.08.23 12:52:05 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\elsterformular [2012.08.04 13:56:05 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\Hoyle FaceCreator [2012.08.12 21:13:52 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\Hoyle Puzzle and Board Games [2011.12.27 16:15:53 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\Identities [2011.12.27 16:27:30 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\InstallShield [2012.05.04 16:28:31 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\log [2012.07.09 10:18:32 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\Luxology [2011.12.27 16:44:25 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\Macromedia [2012.08.12 21:26:38 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\Malwarebytes [2012.06.20 15:18:34 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\Materialise [2009.07.14 20:18:34 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\Media Center Programs [2012.02.27 23:19:08 | 000,000,000 | --SD | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\Microsoft [2012.01.14 15:30:31 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\Mozilla [2012.01.24 22:07:32 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\NVIDIA [2011.12.31 13:40:20 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\PACE Anti-Piracy [2012.05.07 15:26:13 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\PDF Software [2012.05.07 15:16:41 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\pdfforge [2012.08.12 22:50:57 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\Real [2012.08.12 21:06:44 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\Skype [2012.07.09 08:05:52 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\SolidWorks [2012.01.13 00:30:17 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\TrueCrypt [2012.03.18 22:56:11 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\VDownloader [2012.01.22 18:29:10 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\Wacom [2012.01.22 18:29:30 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1 [2011.12.27 16:20:11 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\WinRAR [2012.01.22 18:23:49 | 000,000,000 | ---D | M] -- C:\Users\Nadine Sandmann\AppData\Roaming\WTablet < %APPDATA%\*.exe /s > [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Nadine Sandmann\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012.05.24 20:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\Nadine Sandmann\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe [2012.05.24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\Nadine Sandmann\AppData\Roaming\Dropbox\bin\Uninstall.exe [2012.02.07 16:28:27 | 000,010,134 | R--- | M] () -- C:\Users\Nadine Sandmann\AppData\Roaming\Microsoft\Installer\{024521CF-C07E-4F8E-8481-0D75695E03AF}\ARPPRODUCTICON.exe [2012.07.15 15:12:51 | 000,317,080 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Nadine Sandmann\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\rnupgagent.exe [2012.08.05 14:58:47 | 028,145,120 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Nadine Sandmann\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\stub_data\RealPlayer_de.exe [2012.08.05 14:58:16 | 000,693,504 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Nadine Sandmann\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\stub_exe\RealPlayer_de.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTOR.SYS > [2009.06.04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2009.06.04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys [2009.06.04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys [2009.06.04 19:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2011.11.11 07:40:13 | 010,991,104 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll < %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\*.* > [2012.01.18 00:02:56 | 000,000,174 | -HS- | M] () -- C:\Users\Nadine Sandmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini < %APPDATA%\*AcroIEH*.* > < %APPDATA%\*.exe > < %APPDATA%\*.tmp > < End of report > Liebe Grüße, Talisha |
24.08.2012, 15:18 | #4 |
/// Helfer-Team | Bundespolizei-Trojaner Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2982578659-3277241682-3497648708-1001\..\SearchScopes,DefaultScope = {DAFFB72C-1F8A-407F-A58C-6AD4DC86E886} IE - HKU\S-1-5-21-2982578659-3277241682-3497648708-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2982578659-3277241682-3497648708-1001\..\SearchScopes\{DAFFB72C-1F8A-407F-A58C-6AD4DC86E886}: "URL" = http://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-2982578659-3277241682-3497648708-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2982578659-3277241682-3497648708-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local; IE - HKU\S-1-5-21-2982578659-3277241682-3497648708-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 1641.77.222232.226:8080 FF - prefs.js..network.proxy.ftp: "159.224.205.252" FF - prefs.js..network.proxy.ftp_port: 8080 FF - prefs.js..network.proxy.http: "90.183.248.54" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "159.224.205.252" FF - prefs.js..network.proxy.socks_port: 8080 FF - prefs.js..network.proxy.ssl: "159.224.205.252" FF - prefs.js..network.proxy.ssl_port: 8080 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found O3 - HKU\S-1-5-21-2982578659-3277241682-3497648708-1001\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O4:64bit: - HKLM..\Run: [] File not found O4 - HKU\S-1-5-21-2982578659-3277241682-3497648708-1001..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2982578659-3277241682-3497648708-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.6.2) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{bbcc9377-35fa-11e1-be01-0023541e39aa}\Shell - "" = AutoRun O33 - MountPoints2\{bbcc9377-35fa-11e1-be01-0023541e39aa}\Shell\AutoRun\command - "" = F:\pushinst.exe MsConfig:64bit - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - File not found MsConfig:64bit - StartUpReg: AdobeCS5.5ServiceManager - hkey= - key= - File not found MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MsConfig:64bit - StartUpReg: Facebook Update - hkey= - key= - File not found MsConfig:64bit - StartUpReg: TkBellExe - hkey= - key= - File not found MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume [2012.08.23 12:51:32 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular [2012.08.12 20:26:15 | 000,000,000 | ---D | C] -- C:\ProgramData\cffiksbhrtiuiyi [2012.08.12 20:26:15 | 000,000,051 | ---- | M] () -- C:\ProgramData\bljdfpdunexvptq [2012.07.15 15:12:51 | 000,317,080 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Nadine Sandmann\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\rnupgagent.exe [2012.08.05 14:58:47 | 028,145,120 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Nadine Sandmann\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\stub_data\RealPlayer_de.exe [2012.08.05 14:58:16 | 000,693,504 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Nadine Sandmann\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\stub_exe\RealPlayer_de.exe [2012.08.24 11:14:09 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.24 01:50:22 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{20465E1D-9D2C-4FBB-A9EA-B7D72F8CCFDD} [2012.08.24 01:50:32 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.23 16:47:00 | 000,001,160 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2982578659-3277241682-3497648708-1001UA.job [2012.08.23 12:47:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2982578659-3277241682-3497648708-1001Core.job :Files C:\Users\Nadine Sandmann\AppData\Local\{*} C:\ProgramData\*.exe C:\ProgramData\TEMP C:\Users\Nadine Sandmann\AppData\Local\Temp\*.exe C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache ipconfig /flushdns /c :Commands [purity] [emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! |
24.08.2012, 15:49 | #5 |
| Bundespolizei-Trojaner Danke für die Antwort. Ich habe obiges nun getan, jedoch hat sich OTL aufgehängt. Schon nach 3 Sekunden erschien "(Keine Rückmeldung)" oben im Fenster. Soll ich das Programm nun laufen lassen oder nochmal neu starten? Edit: Musste den Laptop neu starten, da sich dann alles aufgehängt hatte. Auch nach erneutem Versuch mit OTL zu fixen, hängt sich das Programm nach 3 Sekunden wieder auf. Geändert von xtallix (24.08.2012 um 16:24 Uhr) |
24.08.2012, 16:32 | #6 |
/// Helfer-Team | Bundespolizei-Trojaner Versuche diesen Fix: Code:
ATTFilter :OTL IE - HKU\S-1-5-21-2982578659-3277241682-3497648708-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2982578659-3277241682-3497648708-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local; IE - HKU\S-1-5-21-2982578659-3277241682-3497648708-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 1641.77.222232.226:8080 FF - prefs.js..network.proxy.ftp: "159.224.205.252" FF - prefs.js..network.proxy.ftp_port: 8080 FF - prefs.js..network.proxy.http: "90.183.248.54" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "159.224.205.252" FF - prefs.js..network.proxy.socks_port: 8080 FF - prefs.js..network.proxy.ssl: "159.224.205.252" FF - prefs.js..network.proxy.ssl_port: 8080 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found O4:64bit: - HKLM..\Run: [] File not found O4 - HKU\S-1-5-21-2982578659-3277241682-3497648708-1001..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2982578659-3277241682-3497648708-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 [2012.08.23 12:51:32 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular [2012.08.12 20:26:15 | 000,000,000 | ---D | C] -- C:\ProgramData\cffiksbhrtiuiyi [2012.08.12 20:26:15 | 000,000,051 | ---- | M] () -- C:\ProgramData\bljdfpdunexvptq [2012.07.15 15:12:51 | 000,317,080 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Nadine Sandmann\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\rnupgagent.exe [2012.08.05 14:58:47 | 028,145,120 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Nadine Sandmann\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\stub_data\RealPlayer_de.exe [2012.08.05 14:58:16 | 000,693,504 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Nadine Sandmann\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\stub_exe\RealPlayer_de.exe [2012.08.24 11:14:09 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.24 01:50:22 | 000,000,000 | ---D | C] -- C:\Users\Nadine Sandmann\AppData\Local\{20465E1D-9D2C-4FBB-A9EA-B7D72F8CCFDD} [2012.08.24 01:50:32 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.23 16:47:00 | 000,001,160 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2982578659-3277241682-3497648708-1001UA.job [2012.08.23 12:47:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2982578659-3277241682-3497648708-1001Core.job :Files C:\Users\Nadine Sandmann\AppData\Local\{*} C:\ProgramData\*.exe C:\ProgramData\TEMP C:\Users\Nadine Sandmann\AppData\Local\Temp\*.exe C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache ipconfig /flushdns /c :Commands [purity] [emptytemp]
__________________ --> Bundespolizei-Trojaner |
24.08.2012, 16:54 | #7 |
| Bundespolizei-Trojaner Nun hat es funktioniert Code:
ATTFilter All processes killed ========== OTL ========== HKU\S-1-5-21-2982578659-3277241682-3497648708-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\S-1-5-21-2982578659-3277241682-3497648708-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! HKU\S-1-5-21-2982578659-3277241682-3497648708-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! Prefs.js: "159.224.205.252" removed from network.proxy.ftp Prefs.js: 8080 removed from network.proxy.ftp_port Prefs.js: "90.183.248.54" removed from network.proxy.http Prefs.js: 8080 removed from network.proxy.http_port Prefs.js: "localhost, 127.0.0.1, stealthy.co" removed from network.proxy.no_proxies_on Prefs.js: true removed from network.proxy.share_proxy_settings Prefs.js: "159.224.205.252" removed from network.proxy.socks Prefs.js: 8080 removed from network.proxy.socks_port Prefs.js: "159.224.205.252" removed from network.proxy.ssl Prefs.js: 8080 removed from network.proxy.ssl_port Prefs.js: 0 removed from network.proxy.type 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_USERS\S-1-5-21-2982578659-3277241682-3497648708-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge not found. Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found. Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found. Registry value HKEY_USERS\S-1-5-21-2982578659-3277241682-3497648708-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser not found. C:\ProgramData\elsterformular\setup folder moved successfully. C:\ProgramData\elsterformular\pica folder moved successfully. C:\ProgramData\elsterformular folder moved successfully. C:\ProgramData\cffiksbhrtiuiyi folder moved successfully. C:\ProgramData\bljdfpdunexvptq moved successfully. C:\Users\Nadine Sandmann\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\rnupgagent.exe moved successfully. C:\Users\Nadine Sandmann\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\stub_data\RealPlayer_de.exe moved successfully. C:\Users\Nadine Sandmann\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\stub_exe\RealPlayer_de.exe moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully. C:\Users\Nadine Sandmann\AppData\Local\{20465E1D-9D2C-4FBB-A9EA-B7D72F8CCFDD} folder moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully. C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2982578659-3277241682-3497648708-1001UA.job moved successfully. C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2982578659-3277241682-3497648708-1001Core.job moved successfully. ========== FILES ========== C:\Users\Nadine Sandmann\AppData\Local\{09A83211-FD82-4C0A-A2FC-F8AF55517DD2} folder moved successfully. C:\Users\Nadine Sandmann\AppData\Local\{0A3E608B-AF56-457C-A7CA-0C2B79F6D628} folder moved successfully. C:\Users\Nadine Sandmann\AppData\Local\{0B30F173-FECE-4788-B248-C9874BB15DEC} folder moved successfully. C:\Users\Nadine Sandmann\AppData\Local\{1DE70EE0-213C-471B-93A0-9BE382EF74C9} folder moved successfully. C:\Users\Nadine Sandmann\AppData\Local\{222136E3-0CC3-480A-A791-D3B55AC7AAD1} folder moved successfully. C:\Users\Nadine Sandmann\AppData\Local\{2CCDF18A-FF00-496F-9623-274D18D47758} folder moved successfully. C:\Users\Nadine Sandmann\AppData\Local\{2E8B7FAF-819F-4F02-9B5A-04C07B1A6F58} folder moved successfully. C:\Users\Nadine Sandmann\AppData\Local\{32C132B8-B708-49FE-9FC8-86ED336B9978} folder moved successfully. C:\Users\Nadine Sandmann\AppData\Local\{38845276-47AB-4CC0-8390-58C986DBD926} folder moved successfully. C:\Users\Nadine Sandmann\AppData\Local\{3967F28F-8562-40FB-BFC1-CED8CFE67686} folder moved successfully. C:\Users\Nadine Sandmann\AppData\Local\{3BFBF52B-9A17-44B3-B953-C94CB1C087EA} folder moved successfully. C:\Users\Nadine Sandmann\AppData\Local\{3EF9A665-F7D9-4D30-AB33-F58EA5ECDB42} folder moved successfully. C:\Users\Nadine Sandmann\AppData\Local\{439F1AB6-F114-473A-84E9-0D3713A06AB2} folder moved successfully. C:\Users\Nadine Sandmann\AppData\Local\{45A4583C-4D3E-43DC-A5AB-ACF9550EBD56} folder moved successfully. C:\Users\Nadine Sandmann\AppData\Local\{4709E8AD-DA51-48D6-887F-96FD1E2CD9F5} folder moved successfully. C:\Users\Nadine Sandmann\AppData\Local\{4C973F18-2DBF-469A-BC03-439029CDC34C} folder moved successfully. C:\Users\Nadine Sandmann\AppData\Local\{4CE3A239-80BE-41EC-B475-873D4AAB4439} folder moved successfully. C:\Users\Nadine Sandmann\AppData\Local\{537FCCB3-3CB8-4055-BBC7-615DB39B514C} folder moved successfully. C:\Users\Nadine Sandmann\AppData\Local\{5473D273-9825-44AB-B1E4-5FCC93D6C35F} folder moved successfully. C:\Users\Nadine Sandmann\AppData\Local\{59058983-2BDB-4DA5-B4EC-51911E895460} folder moved successfully. C:\Users\Nadine Sandmann\AppData\Local\{593F33A4-C0D2-440F-9E3F-4D05BBB0599A} folder moved successfully. C:\Users\Nadine Sandmann\AppData\Local\{5A1BF89D-659C-4A0A-A1BB-74EC276561A2} folder moved successfully. C:\Users\Nadine Sandmann\AppData\Local\{6226B438-ABA4-4369-9EDF-0C987E2871E8} folder moved successfully. C:\Users\Nadine Sandmann\AppData\Local\{64B264D5-2A4B-4C2C-BD91-B9826CBBDC8F} folder moved successfully. C:\Users\Nadine Sandmann\AppData\Local\{68BB1416-822B-43CD-8D25-60193C91693E} folder moved successfully. C:\Users\Nadine Sandmann\AppData\Local\{6AFBC841-55C9-41C0-A858-4A5496D35A31} folder moved successfully. C:\Users\Nadine Sandmann\AppData\Local\{775DF305-6ECF-4726-9438-A24B3DDA33ED} folder moved successfully. C:\Users\Nadine Sandmann\AppData\Local\{7D65C231-641B-4A7F-A4F7-789955607C69} folder moved successfully. C:\Users\Nadine Sandmann\AppData\Local\{887E5317-9E23-4C05-9AB8-41D260AD9066} folder moved successfully. C:\Users\Nadine Sandmann\AppData\Local\{8B6B6424-3454-4FE8-A87E-6AA1E86052BA} folder moved successfully. C:\Users\Nadine Sandmann\AppData\Local\{8B8CF7FD-FE6D-4160-9E1B-1577E972B118} folder moved successfully. C:\Users\Nadine Sandmann\AppData\Local\{911A26BE-F719-4394-88BB-F68D279B7D2F} folder moved successfully. C:\Users\Nadine Sandmann\AppData\Local\{96FD8FE9-37F4-41F4-9248-A40E260D960F} folder moved successfully. C:\Users\Nadine Sandmann\AppData\Local\{985C15D8-55D6-46B2-90F6-67EE4671491E} folder moved successfully. C:\Users\Nadine Sandmann\AppData\Local\{986CFE0A-9183-4C5C-BA61-D244747E8F99} folder moved successfully. C:\Users\Nadine Sandmann\AppData\Local\{98AA74E5-0C8F-4134-A20D-DF0B6494DB90} folder moved successfully. C:\Users\Nadine Sandmann\AppData\Local\{9E155E73-20C7-49AC-8617-070D80F339C4} folder moved successfully. C:\Users\Nadine Sandmann\AppData\Local\{ADD454D6-66A9-4CBC-A132-8865002B98AB} folder moved successfully. C:\Users\Nadine Sandmann\AppData\Local\{B21A0791-5CC4-4E7E-97A0-CE6F6DE4340C} folder moved successfully. C:\Users\Nadine Sandmann\AppData\Local\{B30B19E2-88D3-4ED3-8E75-A168D85C9A00} folder moved successfully. C:\Users\Nadine Sandmann\AppData\Local\{C1EF6056-440A-4624-80F2-EE78695DCAF5} folder moved successfully. C:\Users\Nadine Sandmann\AppData\Local\{C42B3274-C0FF-4033-981C-E179BE788D4C} folder moved successfully. C:\Users\Nadine Sandmann\AppData\Local\{C441A02A-E77E-4C39-9DB4-34847527358B} folder moved successfully. C:\Users\Nadine Sandmann\AppData\Local\{CD5C494C-045B-4580-AE37-62940D39BBCA} folder moved successfully. C:\Users\Nadine Sandmann\AppData\Local\{D0A094BD-7D62-49EF-9133-1364A243B229} folder moved successfully. C:\Users\Nadine Sandmann\AppData\Local\{D3A9DE1F-1BA9-4EED-A017-F205AE638C58} folder moved successfully. C:\Users\Nadine Sandmann\AppData\Local\{E6846AE6-E769-4798-9906-361FD4CDEB2F} folder moved successfully. File\Folder C:\ProgramData\*.exe not found. File\Folder C:\ProgramData\TEMP not found. C:\Users\Nadine Sandmann\AppData\Local\Temp\KOCG_Solitaire.exe moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully. C:\Users\Nadine Sandmann\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\Nadine Sandmann\Downloads\cmd.bat deleted successfully. C:\Users\Nadine Sandmann\Downloads\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41620 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Nadine Sandmann ->Temp folder emptied: 65940189 bytes ->Temporary Internet Files folder emptied: 8675276 bytes ->FireFox cache emptied: 46498481 bytes ->Google Chrome cache emptied: 64062626 bytes ->Flash cache emptied: 975 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41620 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 169069 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36081758 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 211,00 mb OTL by OldTimer - Version 3.2.57.0 log created on 08242012_174801 Files\Folders moved on Reboot... C:\Users\Nadine Sandmann\AppData\Local\Temp\7zS78D9\HPSLPSVC64.DLL moved successfully. C:\Users\Nadine Sandmann\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\Nadine Sandmann\AppData\Local\Temp\~DF068EC892E30DDEBE.TMP moved successfully. C:\Users\Nadine Sandmann\AppData\Local\Temp\~DF5D1B8E1B494560E5.TMP moved successfully. PendingFileRenameOperations files... File C:\Users\Nadine Sandmann\AppData\Local\Temp\7zS78D9\HPSLPSVC64.DLL not found! File C:\Users\Nadine Sandmann\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! File C:\Users\Nadine Sandmann\AppData\Local\Temp\~DF068EC892E30DDEBE.TMP not found! File C:\Users\Nadine Sandmann\AppData\Local\Temp\~DF5D1B8E1B494560E5.TMP not found! Registry entries deleted on Reboot... |
24.08.2012, 18:07 | #8 |
/// Helfer-Team | Bundespolizei-Trojaner Sehr gut! Wie laeuft der Rechner? 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
24.08.2012, 20:01 | #9 |
| Bundespolizei-Trojaner Ok, Malwarebytes hat nichts gefunden: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.24.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Nadine Sandmann :: TALLI [Administrator] Schutz: Aktiviert 24.08.2012 19:18:44 mbam-log-2012-08-24 (19-18-44).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 449462 Laufzeit: 1 Stunde(n), 34 Minute(n), 29 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter # AdwCleaner v1.801 - Logfile created 08/24/2012 at 20:58:15 # Updated 14/08/2012 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (64 bits) # User : Nadine Sandmann - TALLI # Boot Mode : Normal # Running from : C:\Users\Nadine Sandmann\Downloads\adwcleaner.exe # Option [Search] ***** [Services] ***** ***** [Files / Folders] ***** Folder Found : C:\Users\Nadine Sandmann\AppData\LocalLow\boost_interprocess Folder Found : C:\Users\Nadine Sandmann\AppData\Roaming\pdfforge ***** [Registry] ***** Key Found : HKCU\Software\Softonic [x64] Key Found : HKCU\Software\Softonic ***** [Registre - GUID] ***** ***** [Internet Browsers] ***** -\\ Internet Explorer v8.0.7601.17514 [OK] Registry is clean. -\\ Mozilla Firefox v10.0 (de) Profile name : default File : C:\Users\Nadine Sandmann\AppData\Roaming\Mozilla\Firefox\Profiles\y5yxrob3.default\prefs.js [OK] File is clean. -\\ Google Chrome v21.0.1180.83 File : C:\Users\Nadine Sandmann\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [1127 octets] - [24/08/2012 20:58:15] ########## EOF - C:\AdwCleaner[R1].txt - [1255 octets] ########## Liebe Grüße |
24.08.2012, 20:57 | #10 |
/// Helfer-Team | Bundespolizei-Trojaner Sehr gut!
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
24.08.2012, 22:51 | #11 |
| Bundespolizei-Trojaner Hier die Log vom adwCleaner: Code:
ATTFilter # AdwCleaner v1.801 - Logfile created 08/24/2012 at 22:08:49 # Updated 14/08/2012 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (64 bits) # User : Nadine Sandmann - TALLI # Boot Mode : Normal # Running from : C:\Users\Nadine Sandmann\Downloads\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Users\Nadine Sandmann\AppData\LocalLow\boost_interprocess Folder Deleted : C:\Users\Nadine Sandmann\AppData\Roaming\pdfforge ***** [Registry] ***** Key Deleted : HKCU\Software\Softonic ***** [Registre - GUID] ***** ***** [Internet Browsers] ***** -\\ Internet Explorer v8.0.7601.17514 [OK] Registry is clean. -\\ Mozilla Firefox v10.0 (de) Profile name : default File : C:\Users\Nadine Sandmann\AppData\Roaming\Mozilla\Firefox\Profiles\y5yxrob3.default\prefs.js [OK] File is clean. -\\ Google Chrome v21.0.1180.83 File : C:\Users\Nadine Sandmann\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [1254 octets] - [24/08/2012 20:58:15] AdwCleaner[S1].txt - [1149 octets] - [24/08/2012 22:08:49] ########## EOF - C:\AdwCleaner[S1].txt - [1277 octets] ########## Code:
ATTFilter Emsisoft Anti-Malware - Version 6.6 Letztes Update: 24.08.2012 22:18:59 Scan Einstellungen: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\, D:\ Archiv Scan: An ADS Scan: An Scan Beginn: 24.08.2012 22:19:17 C:\Program Files\WinRAR\Zip.SFX gefunden: Trojan-Spy.Win32.Delf!E1 C:\Program Files\vvvv_45beta27.1\lib\thirdparty\WinLockDll.dll gefunden: Riskware.RiskTool.Win32.Disabler.AMN!E1 Gescannt 727049 Gefunden 2 Scan Ende: 24.08.2012 23:46:38 Scan Zeit: 1:27:21 Liebe Grüße |
24.08.2012, 22:53 | #12 |
/// Helfer-Team | Bundespolizei-Trojaner Sehr gut! Lasse die Funde loeschen, dann: Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
25.08.2012, 04:05 | #13 |
| Bundespolizei-Trojaner Hier die Logfile von ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=d3591d509724624396e51490dabb0ff9 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-08-25 12:40:10 # local_time=2012-08-25 02:40:10 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1792 16777215 100 0 20843459 20843459 0 0 # compatibility_mode=5893 16776573 100 94 1044681 97475694 0 0 # compatibility_mode=8192 67108863 100 0 116 116 0 0 # scanned=248990 # found=1 # cleaned=1 # scan_time=9366 C:\_OTL\MovedFiles\08242012_174801\C_ProgramData\cffiksbhrtiuiyi\main.html HTML/Ransom.B trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C |
25.08.2012, 15:44 | #14 |
/// Helfer-Team | Bundespolizei-Trojaner Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck |
25.08.2012, 16:48 | #15 |
| Bundespolizei-TrojanerCode:
ATTFilter PluginCheck Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen. Überprüft wird: Browser, Flash, Java und Adobe Reader Version. Chrome 21.0.1180.83 ist aktuell Flash 11,3,31,230 ist veraltet! Aktualisieren Sie bitte auf die neueste Version! Java (1,7,0,6) ist aktuell. undefined Edit: Bei Flash wird mir aber angezeigt, dass ich schon einen für Chrome hätte, wenn ich auf die Adobe Seite gehe. Hallo nochmal, ich bin ab morgen früh für 3 Wochen im Urlaub und weiß noch nicht, ob ich in der Zeit in diesem Thread antworten kann. Kommt denn noch einiges auf mich zu oder ist mein Laptop schon auf der Zielgeraden? Ich würde mich über eine schnelle Rückmeldung freuen, liebe Grüße |
Themen zu Bundespolizei-Trojaner |
abgesicherte, abgesicherten, abgesicherten modus, ahnung, antivir, bekannte, bundespolizei-trojaner, einfach, eingefangen, ellung, funktionier, führte, gefangen, gefunde, gen, keine ahnung, konnte, laptop, malwarebytes, modus, nichts, systemwiederherstellung, vorgehen, wirklich, überhaupt |