Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Nach Virus/Trojaner-Befall nun "sauber"? (GEMA Virus)

Nach Virus/Trojaner-Befall nun "sauber"? (GEMA Virus)


Plagegeister aller Art und deren Bekämpfung: Nach Virus/Trojaner-Befall nun "sauber"? (GEMA Virus)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 30.08.2012, 07:24   #1
goodlife
 
Nach Virus/Trojaner-Befall nun "sauber"? (GEMA Virus) - Standard

Nach Virus/Trojaner-Befall nun "sauber"? (GEMA Virus)


Hallo ihr Lieben,
wie schön, dass es diese Board gibt! Nachdem ich vorhin Virenmeldungen hatte, hatte ich wie verrückt gegoogelt und bin hier fündig geworden, habe größtenteils nach den Anweisungen hier gehandelt und hoffe, ich bin die Trojaner wieder los.

Erst hatte antivir mir gemeldet, im c:/Recycle Ordner wären bds.zeroaccess Trojaner gefunden worden. Zugriff verweigert, gleich in Quarantäne. Ich habe dann gleich Malwarebytes rüberlaufen lassen, und es zeigte mir 3 infizierte Dateien an,
trojan.phex.thagen6 im Ordner Appdata/Local
selber in der Registry und dann noch mal im Memory Process.

Im Taskmanager lief dann auch plötzlich "syshost.exe" mit.

Ich habe die Funde gelöscht, sämtliche Einträge gelöscht, die ich finden konnte, auch im Autostart-Menü (wo sich syshost gleich schön eingefressen hatte), mit CCleaner nach Fehlern in der Registry gesucht, gleich beheben lassen, das ganze 4 x hintereinander.

Nochmals mit OTL Oldtimer gescannt, gefixt.

So: Großes Bibbern vor dem Neustart, ob ich so eine grauslige Erpresser-Seite zu sehen bekommen werde oder ob alles funktionieren wird.

Habe es doch gewagt und es scheint alles gut zu laufen.

Radikalfans sagen zwar, "ach, da bleibt immer was, da ist man nie mehr sicher, man MUSS den Computer neu aufsetzen", aber ist das wirklich so? Ich habe sehr viele Programme, die ich so durch eine Reformatierung und Neuinstallation nicht verlieren möchte, auch die ganzen Einstellungen und Bookmarks, und und und. Das würde mich an den Rand der Verzweiflung bringen!

Ich scanne gerade erneut mit Malwarebytes.

Hier der Log:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.29.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
 :: PC [Administrator]

30.08.2012 07:01:04
mbam-log-2012-08-30 (07-01-04).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 359801
Laufzeit: 1 Stunde(n), 22 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Hier noch der OTL Log
Code:
ATTFilter
OTL logfile created on: 30.08.2012 08:26:24 - Run 1
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\Patricia\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,96 Gb Total Physical Memory | 0,91 Gb Available Physical Memory | 30,57% Memory free
5,92 Gb Paging File | 3,53 Gb Available in Paging File | 59,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218,20 Gb Total Space | 65,25 Gb Free Space | 29,90% Space Free | Partition Type: NTFS
Drive E: | 7,55 Gb Total Space | 0,77 Gb Free Space | 10,20% Space Free | Partition Type: FAT32
Drive G: | 1,84 Gb Total Space | 1,59 Gb Free Space | 86,41% Space Free | Partition Type: FAT
Drive H: | 980,72 Mb Total Space | 648,19 Mb Free Space | 66,09% Space Free | Partition Type: FAT
 
Computer Name: PC | User Name: Patricia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.30 08:19:28 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Patricia\Desktop\OTL.exe
PRC - [2012.08.30 06:36:27 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.08.08 21:14:36 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012.05.08 21:27:47 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 21:27:46 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.01.27 04:15:18 | 000,131,552 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\WSCStub.exe
PRC - [2011.11.30 04:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe
PRC - [2011.11.11 03:04:30 | 000,107,000 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
PRC - [2011.09.06 19:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
PRC - [2011.08.18 17:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
PRC - [2011.08.18 17:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
PRC - [2011.08.01 19:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2009.06.05 03:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009.05.21 16:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2008.12.18 22:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe
PRC - [2003.12.02 09:49:00 | 000,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\SysWOW64\gearsec.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.30 06:36:26 | 002,242,528 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.06.14 18:19:19 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012.06.14 18:18:59 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.14 18:18:49 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.06.14 18:18:41 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012.05.12 23:50:28 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012.05.12 19:24:24 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012.05.12 19:22:55 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.12 19:22:47 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.12 19:22:42 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.12 19:22:40 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.12 19:22:25 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011.08.18 17:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.17 03:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009.06.29 06:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\WINDOWS\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV - [2012.08.30 06:36:26 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.25 17:15:22 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe -- (NIS)
SRV - [2012.05.08 21:27:47 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 21:27:46 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.18 17:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2011.01.02 21:29:50 | 000,009,216 | ---- | M] (www.shadowexplorer.com) [Auto | Running] -- C:\Program Files (x86)\ShadowExplorer\sesvc.exe -- (sesvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.29 06:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe -- (STacSV)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
SRV - [2009.05.21 16:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
SRV - [2008.12.18 22:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2003.12.02 09:49:00 | 000,053,248 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\SysWOW64\gearsec.exe -- (gearsec)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.08.30 07:34:10 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012.07.06 04:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\NISx64\1308000.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012.06.07 06:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\NISx64\1308000.00E\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012.05.22 03:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\NISx64\1308000.00E\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012.05.08 21:27:47 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 21:27:47 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.18 03:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\NISx64\1308000.00E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.30 18:10:13 | 000,047,208 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2011.11.24 03:50:28 | 000,738,936 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\NISx64\1305000.091\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011.11.17 05:38:00 | 000,405,624 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\SysNative\drivers\NISx64\1305000.091\symnets.sys -- (SymNetS)
DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.08.16 08:51:40 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\NISx64\1308000.00E\symds64.sys -- (SymDS)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009.09.02 11:29:06 | 000,626,688 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\emOEM64.sys -- (USB28xxOEM)
DRV:64bit: - [2009.09.01 15:31:42 | 000,649,984 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\emBDA64.sys -- (USB28xxBGA)
DRV:64bit: - [2009.08.28 20:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009.07.17 03:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009.07.17 03:06:16 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.29 06:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.04 12:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.06.03 05:16:56 | 007,333,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.05.20 05:10:00 | 000,393,728 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.05.18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.08 10:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.02.05 13:54:10 | 000,225,328 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2007.06.22 18:59:50 | 000,077,824 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\emAudio64.sys -- (emAudio)
DRV:64bit: - [2006.11.01 20:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2012.08.30 07:42:13 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20120829.018\EX64.SYS -- (NAVEX15)
DRV - [2012.08.30 07:42:11 | 000,125,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20120829.018\ENG64.SYS -- (NAVENG)
DRV - [2012.08.29 16:06:56 | 000,512,672 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20120829.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012.08.23 03:52:48 | 001,161,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20120823.007\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.12.13 18:15:26 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2004.06.11 08:45:00 | 000,013,872 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {13698D86-664E-4E4D-BE5D-8013E23012DF}
IE:64bit: - HKLM\..\SearchScopes\{13698D86-664E-4E4D-BE5D-8013E23012DF}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{42B655B4-4BD7-4E35-AF3F-3740F4F8E904}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {42B655B4-4BD7-4E35-AF3F-3740F4F8E904}
IE - HKCU\..\SearchScopes\{876E071F-11ED-423C-92E2-162FE5A643B1}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://de.mc367.mail.yahoo.com/mc/welcome?.gx=1&.rand=c1vutu9vdonk3"
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.10.1
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.67
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.8
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.0.9
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110704
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: autofillForms@blueimp.net:0.9.8.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.7
FF - prefs.js..extensions.enabledItems: {5C655500-E712-41e7-9349-CE462F844B19}:0.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: sharemenot@franziroesner.com:1.0.0.4
FF - prefs.js..extensions.enabledItems: adblockpopups@jessehakanen.net:0.2.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..network.proxy.autoconfig_url: "chrome://viewtubes/content/viewtubes_false.pac"
FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ftp_port: 4001
FF - prefs.js..network.proxy.backup.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.backup.gopher_port: 4001
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ssl_port: 4001
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 4001
FF - prefs.js..network.proxy.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.gopher_port: 4001
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 4001
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 4001
FF - prefs.js..network.proxy.type: 2
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Patricia\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2011.11.11 03:05:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn\ [2012.08.30 07:34:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\ [2012.08.30 07:34:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.30 06:36:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.20 00:11:25 | 000,000,000 | ---D | M]
 
[2009.11.26 19:03:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patricia\AppData\Roaming\mozilla\Extensions
[2012.08.30 06:36:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patricia\AppData\Roaming\mozilla\Firefox\Profiles\nidaa7xe.default\extensions
[2011.07.17 20:51:17 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Patricia\AppData\Roaming\mozilla\Firefox\Profiles\nidaa7xe.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2012.08.30 06:36:31 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Patricia\AppData\Roaming\mozilla\Firefox\Profiles\nidaa7xe.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.03.30 16:18:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Patricia\AppData\Roaming\mozilla\Firefox\Profiles\nidaa7xe.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.10.29 00:42:53 | 000,000,000 | ---D | M] (Autofill Forms) -- C:\Users\Patricia\AppData\Roaming\mozilla\Firefox\Profiles\nidaa7xe.default\extensions\autofillForms@blueimp.net
[2011.01.07 05:21:17 | 000,001,445 | ---- | M] () -- C:\Users\Patricia\AppData\Roaming\Mozilla\Firefox\Profiles\nidaa7xe.default\searchplugins\dictcc-en-de.xml
[2012.06.20 00:11:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.20 00:11:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.08.29 01:31:40 | 000,527,469 | ---- | M] () (No name found) -- C:\USERS\PATRICIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NIDAA7XE.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012.08.23 02:53:44 | 000,341,143 | ---- | M] () (No name found) -- C:\USERS\PATRICIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NIDAA7XE.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
[2012.01.06 14:33:18 | 000,017,992 | ---- | M] () (No name found) -- C:\USERS\PATRICIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NIDAA7XE.DEFAULT\EXTENSIONS\{B71ACFF2-E436-4CC7-B5E3-0C8E2CC981BA}.XPI
[2012.01.22 15:44:29 | 000,138,614 | ---- | M] () (No name found) -- C:\USERS\PATRICIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NIDAA7XE.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2012.08.10 23:16:19 | 000,045,226 | ---- | M] () (No name found) -- C:\USERS\PATRICIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NIDAA7XE.DEFAULT\EXTENSIONS\{EF522540-89F5-46B9-B6FE-1829E2B572C6}.XPI
[2012.06.20 23:42:54 | 000,109,964 | ---- | M] () (No name found) -- C:\USERS\PATRICIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NIDAA7XE.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI
[2012.08.30 06:36:27 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.12 05:55:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 06:36:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.12 05:55:29 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.12 05:55:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.12 05:55:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.12 05:55:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\WINDOWS\System32\StikyNot.exe File not found
O4 - Startup: C:\Users\Patricia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: RF - Formular ausfüllen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: RF - Formular speichern - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: RF - Menü anpassen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: RF - RoboForm-Leiste ein/aus - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: RF - Formular ausfüllen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RF - Formular speichern - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: RF - Menü anpassen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: RF - RoboForm-Leiste ein/aus - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.5.0)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.30 08:19:27 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Patricia\Desktop\OTL.exe
[2012.08.30 07:41:12 | 000,405,624 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symnets.sys
[2012.08.30 07:41:11 | 001,129,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symefa64.sys
[2012.08.30 07:41:11 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symds64.sys
[2012.08.30 07:41:11 | 000,037,536 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtspx64.sys
[2012.08.30 07:41:10 | 000,737,952 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtsp64.sys
[2012.08.30 07:41:10 | 000,190,072 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ironx64.sys
[2012.08.30 07:41:10 | 000,167,072 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ccsetx64.sys
[2012.08.30 07:40:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E
[2012.08.30 07:34:10 | 000,175,736 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012.08.30 07:34:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012.08.30 07:34:10 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012.08.30 07:33:10 | 001,092,728 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1305000.091\SymEFA64.sys
[2012.08.30 07:33:10 | 000,738,936 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1305000.091\srtsp64.sys
[2012.08.30 07:33:10 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1305000.091\SymDS64.sys
[2012.08.30 07:33:10 | 000,405,624 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1305000.091\symnets.sys
[2012.08.30 07:33:10 | 000,190,072 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1305000.091\Ironx64.sys
[2012.08.30 07:33:10 | 000,037,496 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1305000.091\srtspx64.sys
[2012.08.30 07:33:08 | 000,167,048 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1305000.091\ccSetx64.sys
[2012.08.30 07:32:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
[2012.08.30 07:32:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1305000.091
[2012.08.30 07:32:37 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2012.08.30 07:32:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2012.08.30 07:32:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012.08.30 07:31:57 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012.08.30 07:31:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2012.08.30 07:27:17 | 119,139,072 | ---- | C] (Symantec Corporation) -- C:\Users\Patricia\Desktop\NIS-TW-30-19-5-0-145-EN.exe
[2012.08.30 03:38:44 | 013,856,992 | ---- | C] (BitDefender LLC) -- C:\Users\Patricia\Desktop\BDRemovalToolLauncher_sirefef_sfc_x64.exe
[2012.07.14 06:23:38 | 020,928,200 | ---- | C] (Audacity Team                                               ) -- C:\Users\Patricia\audacity-win-2.0.1.exe
[2012.07.06 04:51:59 | 021,869,488 | ---- | C] (Oracle Corporation) -- C:\Users\Patricia\jre-7u5-windows-x64.exe
[2012.07.06 04:51:28 | 021,054,960 | ---- | C] (Oracle Corporation) -- C:\Users\Patricia\jre-7u5-windows-i586.exe
[2011.11.11 02:58:47 | 007,951,672 | ---- | C] (Siber Systems) -- C:\Users\Patricia\AiRoboForm.exe
[2011.09.15 07:13:57 | 003,480,352 | ---- | C] (Piriform Ltd) -- C:\Users\Patricia\ccsetup310.exe
[2009.11.26 21:20:07 | 006,677,264 | ---- | C] (Adobe Systems Inc.) -- C:\Users\Patricia\Shockwave_Installer_Slim.exe
[1 C:\Users\Patricia\Documents\*.tmp files -> C:\Users\Patricia\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.30 08:19:28 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Patricia\Desktop\OTL.exe
[2012.08.30 08:02:17 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.30 08:00:57 | 000,000,378 | ---- | M] () -- C:\Users\Patricia\Documents\cc_20120830_080053.reg
[2012.08.30 07:57:16 | 004,032,002 | ---- | M] () -- C:\Users\Patricia\Documents\bookmarks.html
[2012.08.30 07:41:38 | 000,008,942 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\VT20120731.038
[2012.08.30 07:35:40 | 002,200,233 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\Cat.DB
[2012.08.30 07:34:10 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012.08.30 07:34:10 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012.08.30 07:34:10 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012.08.30 07:34:04 | 000,002,586 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012.08.30 07:29:48 | 119,139,072 | ---- | M] (Symantec Corporation) -- C:\Users\Patricia\Desktop\NIS-TW-30-19-5-0-145-EN.exe
[2012.08.30 06:58:50 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.30 06:58:50 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.30 06:51:25 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012.08.30 06:51:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.30 06:51:05 | 2384,744,448 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.30 06:35:33 | 018,236,077 | ---- | M] () -- C:\Users\Patricia\Documents\Firefox 14.0.1 (de) - 2012-08-30.pcv
[2012.08.30 05:34:54 | 210,292,736 | ---- | M] () -- C:\Users\Patricia\Desktop\KWU_1.0.3.upd.iso
[2012.08.30 04:47:35 | 000,000,538 | ---- | M] () -- C:\Users\Patricia\Documents\cc_20120830_044732.reg
[2012.08.30 04:46:41 | 000,011,452 | ---- | M] () -- C:\Users\Patricia\Documents\cc_20120830_044627.reg
[2012.08.30 04:44:09 | 000,618,227 | ---- | M] () -- C:\Users\Patricia\Desktop\adwcleaner.exe
[2012.08.30 03:39:07 | 013,856,992 | ---- | M] (BitDefender LLC) -- C:\Users\Patricia\Desktop\BDRemovalToolLauncher_sirefef_sfc_x64.exe
[2012.08.30 02:27:14 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.29 21:11:51 | 089,838,958 | ---- | M] () -- C:\Users\Patricia\Desktop\Zmix Mixathon 1st Hour.avi
[2012.08.25 18:44:19 | 1027,966,474 | ---- | M] () -- C:\Users\Patricia\Desktop\Sting_Live_in_Berlin_12.08.12_02-05_zdfkultur_90_TVOON_DE.mpg.avi
[2012.08.15 18:38:08 | 000,378,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.12 06:29:49 | 000,001,568 | ---- | M] () -- C:\Users\Patricia\AppData\Roaming\wklnhst.dat
[2012.08.12 03:04:10 | 001,512,418 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.12 03:04:10 | 000,659,238 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.12 03:04:10 | 000,620,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.12 03:04:10 | 000,132,776 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.12 03:04:10 | 000,108,566 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.11 01:09:03 | 000,010,752 | ---- | M] () -- C:\Users\Patricia\Documents\Mimi itunes codes.xlr
[2012.08.10 07:28:35 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\isolate.ini
[2012.08.09 02:33:27 | 000,001,706 | ---- | M] () -- C:\Users\Patricia\Documents\cc_20120809_023317.reg
[1 C:\Users\Patricia\Documents\*.tmp files -> C:\Users\Patricia\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.30 08:00:55 | 000,000,378 | ---- | C] () -- C:\Users\Patricia\Documents\cc_20120830_080053.reg
[2012.08.30 07:57:13 | 004,032,002 | ---- | C] () -- C:\Users\Patricia\Documents\bookmarks.html
[2012.08.30 07:43:29 | 000,008,942 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\VT20120731.038
[2012.08.30 07:41:12 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symnet64.cat
[2012.08.30 07:41:12 | 000,001,441 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symnet.inf
[2012.08.30 07:41:11 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symds64.cat
[2012.08.30 07:41:11 | 000,003,435 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symefa.inf
[2012.08.30 07:41:11 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symds.inf
[2012.08.30 07:41:11 | 000,001,419 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtspx64.inf
[2012.08.30 07:41:10 | 000,007,450 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\iron.cat
[2012.08.30 07:41:10 | 000,007,446 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ccsetx64.cat
[2012.08.30 07:41:10 | 000,007,402 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtsp64.cat
[2012.08.30 07:41:10 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtsp64.inf
[2012.08.30 07:41:10 | 000,000,853 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ccsetx64.inf
[2012.08.30 07:41:10 | 000,000,772 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\iron.inf
[2012.08.30 07:40:25 | 000,007,438 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symefa64.cat
[2012.08.30 07:40:25 | 000,007,406 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtspx64.cat
[2012.08.30 07:40:25 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\isolate.ini
[2012.08.30 07:34:13 | 002,200,233 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\Cat.DB
[2012.08.30 07:34:10 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012.08.30 07:34:10 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012.08.30 07:34:04 | 000,002,586 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012.08.30 07:32:58 | 000,003,434 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\SymEFA.inf
[2012.08.30 07:32:58 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\SymDS.inf
[2012.08.30 07:32:58 | 000,001,441 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\SymNet.inf
[2012.08.30 07:32:58 | 000,001,438 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\srtsp64.inf
[2012.08.30 07:32:58 | 000,001,420 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\srtspx64.inf
[2012.08.30 07:32:58 | 000,000,853 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\ccSetx64.inf
[2012.08.30 07:32:58 | 000,000,772 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\Iron.inf
[2012.08.30 07:32:42 | 000,004,782 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\SymVTcer.dat
[2012.08.30 07:32:40 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\SymDS64.cat
[2012.08.30 07:32:40 | 000,007,468 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\ccSetx64.cat
[2012.08.30 07:32:40 | 000,007,462 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\srtspx64.cat
[2012.08.30 07:32:40 | 000,007,460 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\SymEFA64.cat
[2012.08.30 07:32:40 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\symnet64.cat
[2012.08.30 07:32:40 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\srtsp64.cat
[2012.08.30 07:32:40 | 000,007,450 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\iron.cat
[2012.08.30 07:32:40 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\isolate.ini
[2012.08.30 06:35:22 | 018,236,077 | ---- | C] () -- C:\Users\Patricia\Documents\Firefox 14.0.1 (de) - 2012-08-30.pcv
[2012.08.30 05:30:06 | 210,292,736 | ---- | C] () -- C:\Users\Patricia\Desktop\KWU_1.0.3.upd.iso
[2012.08.30 04:47:33 | 000,000,538 | ---- | C] () -- C:\Users\Patricia\Documents\cc_20120830_044732.reg
[2012.08.30 04:46:33 | 000,011,452 | ---- | C] () -- C:\Users\Patricia\Documents\cc_20120830_044627.reg
[2012.08.30 04:22:31 | 000,618,227 | ---- | C] () -- C:\Users\Patricia\Desktop\adwcleaner.exe
[2012.08.29 21:00:13 | 089,838,958 | ---- | C] () -- C:\Users\Patricia\Desktop\Zmix Mixathon 1st Hour.avi
[2012.08.25 18:07:54 | 1027,966,474 | ---- | C] () -- C:\Users\Patricia\Desktop\Sting_Live_in_Berlin_12.08.12_02-05_zdfkultur_90_TVOON_DE.mpg.avi
[2012.08.13 03:41:51 | 000,048,181 | ---- | C] () -- C:\Users\Patricia\Desktop\ThroatClearM.mp3
[2012.08.09 02:33:24 | 000,001,706 | ---- | C] () -- C:\Users\Patricia\Documents\cc_20120809_023317.reg
[2012.08.06 02:11:02 | 000,010,752 | ---- | C] () -- C:\Users\Patricia\Documents\Mimi itunes codes.xlr
[2012.07.07 04:28:07 | 022,657,136 | ---- | C] () -- C:\Users\Patricia\vlc-2.0.2-win32.exe
[2011.07.10 07:17:06 | 001,402,880 | ---- | C] () -- C:\Users\Patricia\HiJackThis.msi
[2011.04.09 03:37:13 | 000,004,096 | -H-- | C] () -- C:\Users\Patricia\AppData\Local\keyfile3.drm
[2011.03.04 21:23:18 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2011.03.04 21:22:31 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.05.16 05:12:18 | 000,236,616 | ---- | C] () -- C:\Users\Patricia\install_win.html
[2010.03.16 02:49:49 | 000,000,036 | ---- | C] () -- C:\Users\Patricia\AppData\Local\housecall.guid.cache
[2009.12.22 16:58:24 | 001,057,102 | ---- | C] () -- C:\Users\Patricia\lameplugin.exe
[2009.12.08 20:01:25 | 000,000,947 | ---- | C] () -- C:\Users\Patricia\AppData\Roaming\DataSafeDotNet.exe
[2009.11.26 23:05:14 | 018,030,130 | ---- | C] () -- C:\Users\Patricia\vlc-1.0.3-win32.exe
[2009.11.26 22:00:20 | 000,010,240 | ---- | C] () -- C:\Users\Patricia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.26 20:14:22 | 000,001,568 | ---- | C] () -- C:\Users\Patricia\AppData\Roaming\wklnhst.dat
[2009.11.26 18:34:30 | 034,119,048 | ---- | C] () -- C:\Program Files\avira_antivir_personal408_de.exe
[2008.10.30 10:49:34 | 000,000,022 | ---- | C] () -- C:\ProgramData\8f01a90e-7eb3-48d3-93b1-50d88fd146fb
 
========== LOP Check ==========
 
[2010.06.29 20:08:49 | 000,000,000 | -HSD | M] -- C:\Users\Patricia\AppData\Roaming\.#
[2010.03.10 06:25:41 | 000,000,000 | ---D | M] -- C:\Users\Patricia\AppData\Roaming\Anthropics
[2010.02.06 19:41:26 | 000,000,000 | ---D | M] -- C:\Users\Patricia\AppData\Roaming\Ashampoo
[2012.08.14 04:49:40 | 000,000,000 | ---D | M] -- C:\Users\Patricia\AppData\Roaming\Audacity
[2011.06.26 19:47:20 | 000,000,000 | ---D | M] -- C:\Users\Patricia\AppData\Roaming\BOM
[2009.12.01 04:20:54 | 000,000,000 | ---D | M] -- C:\Users\Patricia\AppData\Roaming\Broad Intelligence
[2010.03.16 02:06:56 | 000,000,000 | ---D | M] -- C:\Users\Patricia\AppData\Roaming\DeepBurner
[2010.05.08 09:07:00 | 000,000,000 | ---D | M] -- C:\Users\Patricia\AppData\Roaming\FabFilter
[2010.07.07 04:00:31 | 000,000,000 | ---D | M] -- C:\Users\Patricia\AppData\Roaming\Foxit
[2012.01.23 21:00:59 | 000,000,000 | ---D | M] -- C:\Users\Patricia\AppData\Roaming\Foxit Software
[2012.03.19 03:54:59 | 000,000,000 | ---D | M] -- C:\Users\Patricia\AppData\Roaming\Free Download Manager
[2010.03.16 21:45:15 | 000,000,000 | ---D | M] -- C:\Users\Patricia\AppData\Roaming\Hardcore
[2011.03.08 22:59:44 | 000,000,000 | ---D | M] -- C:\Users\Patricia\AppData\Roaming\MAGIX
[2009.12.10 02:07:53 | 000,000,000 | ---D | M] -- C:\Users\Patricia\AppData\Roaming\OpenOffice.org
[2009.12.05 18:18:40 | 000,000,000 | ---D | M] -- C:\Users\Patricia\AppData\Roaming\phonostar GmbH
[2010.03.16 17:19:48 | 000,000,000 | ---D | M] -- C:\Users\Patricia\AppData\Roaming\QuickScan
[2009.12.25 03:18:34 | 000,000,000 | ---D | M] -- C:\Users\Patricia\AppData\Roaming\RapidSolution
[2009.12.24 08:20:50 | 000,000,000 | ---D | M] -- C:\Users\Patricia\AppData\Roaming\Samsung
[2011.03.20 03:15:30 | 000,000,000 | ---D | M] -- C:\Users\Patricia\AppData\Roaming\SF Software
[2009.11.27 17:57:53 | 000,000,000 | ---D | M] -- C:\Users\Patricia\AppData\Roaming\Template
[2010.06.28 09:29:11 | 000,000,000 | ---D | M] -- C:\Users\Patricia\AppData\Roaming\Wallpapers
[2011.10.14 19:14:13 | 000,000,000 | ---D | M] -- C:\Users\Patricia\AppData\Roaming\www.shadowexplorer.com
[2012.07.20 12:10:25 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
Ist das jetzt ok? Über Euren Rat würde ich mich wirklich sehr freuen! Dankeschön!

 

Themen zu Nach Virus/Trojaner-Befall nun "sauber"? (GEMA Virus)
administrator, anti-malware, antivir, application/pdf:, audacity, aufsetzen, ccleaner, ccsetup, code, computer, dateien, einstellungen, explorer, fehler, free download, gelöscht, infizierte, infizierte dateien, log, malwarebytes, neu aufsetzen, neustart, ordner, plug-in, programme, registry, rojaner gefunden, speicher, taskmanager, trojaner, verlieren, zugriff, zugriff verweigert


« Gebraucht PC gekauft TR/Spx.Gen und TR/Spy.Banker gefunden | GVU auf Laptop »


Ähnliche Themen: Nach Virus/Trojaner-Befall nun "sauber"? (GEMA Virus)


  1. "Suspicious.Cloud.9" (Trojaner) und "SAPE.DnwldSponsor.2" (Virus?, vielleicht False Positive)
    Plagegeister aller Art und deren Bekämpfung - 22.08.2015 (23)
  2. "Fehler: Server nicht gefunden" immer noch nach "WAJAM.A.1"-Befall
    Plagegeister aller Art und deren Bekämpfung - 05.11.2014 (15)
  3. Umfrage zur Schadsoftware des sog. "BKA-, GVU-, GEMA-, Bundespolizei-Virus/Trojaner"
    Diskussionsforum - 17.11.2013 (4)
  4. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  5. Laptop nach GVU-Trojaner Befall wieder am Laufen aber bestimmt noch nicht "sauber"
    Plagegeister aller Art und deren Bekämpfung - 23.07.2013 (11)
  6. Diverse Fehlermeldungen bei Start des Systems nach "Entfernen" des "Polizei-Virus"
    Log-Analyse und Auswertung - 27.10.2012 (10)
  7. "Polizei-Trojaner - österr. Variante" - Ist mein PC wieder "sauber"?
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (1)
  8. Kinox.to "GEMA"-Virus
    Plagegeister aller Art und deren Bekämpfung - 08.06.2012 (1)
  9. "Alle Programme" leer in Windows 7 nach S.M.A.R.T Repair Trojaner Befall
    Plagegeister aller Art und deren Bekämpfung - 08.06.2012 (11)
  10. Der "Gema-Virus" lag gestern vor.
    Log-Analyse und Auswertung - 01.06.2012 (5)
  11. Computer nach GEMA-Virus? neu aufgesetzt,ist er sauber?
    Plagegeister aller Art und deren Bekämpfung - 05.04.2012 (1)
  12. GEMA Trojaner aus Link in E-Mail erworben;Bildschirm zeigt "PC ist gesperrt" an "lt.Gema"
    Plagegeister aller Art und deren Bekämpfung - 27.02.2012 (7)
  13. Vermehrtes Virenvrkommen nach "50€-Virus" unteranderem "TR/injetor569344.5"
    Plagegeister aller Art und deren Bekämpfung - 04.02.2012 (1)
  14. "GEMA-Virus" entfernt, nun aber Desktop leer
    Log-Analyse und Auswertung - 14.01.2012 (1)
  15. Nicht sicher, ob PC nach "System Fix" Entfernung wieder "sauber"
    Log-Analyse und Auswertung - 07.01.2012 (18)
  16. "Ordentlicher" Befall nach Öffnen eines fremden Sticks. Wieder sauber?
    Plagegeister aller Art und deren Bekämpfung - 14.08.2009 (15)
  17. habe das gleiche problem wie "neuinstallation nach virus befall nicht möglich" !
    Plagegeister aller Art und deren Bekämpfung - 01.09.2007 (0)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Nach Virus/Trojaner-Befall nun "sauber"? (GEMA Virus) - Hallo ihr Lieben, wie schön, dass es diese Board gibt! Nachdem ich vorhin Virenmeldungen hatte, hatte ich wie verrückt gegoogelt und bin hier fündig geworden, habe größtenteils nach den Anweisungen - Nach Virus/Trojaner-Befall nun "sauber"? (GEMA Virus)...
Archiv
Du betrachtest: Nach Virus/Trojaner-Befall nun "sauber"? (GEMA Virus) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131