| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Bundestrojaner: wie weiß ich ob er weg ist?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.09.2012, 21:52
| #1 |
| |  Bundestrojaner: wie weiß ich ob er weg ist? Hallo zusammen, ich hatte heute morgen einen Bundestrojaner, zumindest passt er auf die Beschreibungen (mit Zahlungsaufforderungen usw.) Habe den PC gleich ausgeschaltet, im abgesicherten Modus gestartet, Malwarebytes Quickscan ausgeführt und die Funde gelöscht: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.23.02 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus) Internet Explorer 9.0.8112.16421 Christian Lauer :: CLWHITE [Administrator] 03.09.2012 09:08:25 mbam-log-2012-09-03 (09-08-25).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 218420 Laufzeit: 28 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\***\AppData\Local\Temp\roper0dun.exe (Exploit.Drop.GS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Wie weiß ich ob der PC wieder clean ist? Es gibt keine Sympome, alles scheint ok. Malwarebytes findet auch mit ausführlichem Scan nichts mehr. Hier das OTL Log: Code:
ATTFilter OTL logfile created on: 03.09.2012 22:17:32 - Run 1 OTL by OldTimer - Version 3.2.60.0 Folder = C:\Users\***\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,90 Gb Total Physical Memory | 13,53 Gb Available Physical Memory | 85,08% Memory free 31,79 Gb Paging File | 29,03 Gb Available in Paging File | 91,31% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 223,57 Gb Total Space | 108,93 Gb Free Space | 48,73% Space Free | Partition Type: NTFS Drive E: | 931,51 Gb Total Space | 434,47 Gb Free Space | 46,64% Space Free | Partition Type: NTFS Drive F: | 931,44 Gb Total Space | 304,33 Gb Free Space | 32,67% Space Free | Partition Type: NTFS Computer Name: CLWHITE | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.03 22:14:44 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.04.10 15:41:58 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.04.10 15:41:54 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.04.10 15:41:50 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe PRC - [2012.04.10 15:41:40 | 000,165,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.03.27 10:14:28 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2012.03.26 09:00:48 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe PRC - [2012.02.13 22:19:20 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe PRC - [2011.06.17 19:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe ========== Modules (No Company Name) ========== MOD - [2012.05.30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.05.30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009.02.27 16:39:29 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.deu ========== Services (SafeList) ========== SRV:64bit: - [2012.07.28 04:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012.06.22 07:38:04 | 000,177,144 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2012.05.25 16:59:02 | 000,210,616 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV:64bit: - [2012.05.25 16:58:32 | 000,199,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service) SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy) SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc) SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV:64bit: - [2011.01.27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.09.03 08:41:38 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.08.30 09:01:20 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.08.23 11:57:48 | 000,502,064 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS) SRV - [2012.08.09 14:37:12 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.04.10 15:41:58 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.04.10 15:41:54 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.04.10 15:41:50 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R) SRV - [2012.04.10 15:41:40 | 000,165,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.03.19 16:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.03.07 02:00:46 | 000,629,984 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2012.02.13 22:19:20 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe -- (BBUpdate) SRV - [2012.02.13 22:19:20 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe -- (BBSvc) SRV - [2011.09.08 17:48:36 | 006,583,160 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen) SRV - [2011.09.08 17:48:36 | 000,528,760 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen) SRV - [2011.06.17 19:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService) SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.10.28 12:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2010.10.22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.07.28 06:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.07.28 03:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.06.22 07:38:16 | 000,335,784 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk) DRV:64bit: - [2012.06.22 07:36:12 | 000,752,672 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2012.06.22 07:34:00 | 000,169,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2012.05.14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.04.25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.03.27 10:13:20 | 000,789,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.03.27 10:13:20 | 000,356,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.03.27 10:13:18 | 000,019,224 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012.03.19 16:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.03.08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.22 13:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek) DRV:64bit: - [2012.02.22 13:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2012.02.22 13:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet) DRV:64bit: - [2012.02.22 13:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk) DRV:64bit: - [2012.02.22 13:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids) DRV:64bit: - [2011.12.06 04:23:10 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2011.11.10 01:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011.09.08 17:49:26 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter) DRV:64bit: - [2011.09.08 17:49:24 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid) DRV:64bit: - [2011.05.09 20:42:14 | 000,425,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.04 16:00:14 | 000,390,632 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011.03.04 16:00:14 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.08.24 19:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2010.08.24 19:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2010.08.24 19:29:10 | 000,013,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd) DRV:64bit: - [2010.08.24 19:28:58 | 000,074,320 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb) DRV:64bit: - [2009.11.18 07:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {38BB1D0F-3482-41EB-8F6B-499807E975AC} IE:64bit: - HKLM\..\SearchScopes\{38BB1D0F-3482-41EB-8F6B-499807E975AC}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {38BB1D0F-3482-41EB-8F6B-499807E975AC} IE - HKLM\..\SearchScopes\{38BB1D0F-3482-41EB-8F6B-499807E975AC}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.cldes.de/typo3/index.php IE - HKCU\..\SearchScopes,DefaultScope = {38BB1D0F-3482-41EB-8F6B-499807E975AC} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "https://www.google.de/" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.08.09 15:41:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012.08.10 09:22:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.08.10 09:23:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.30 09:01:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.08.09 15:41:56 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.30 09:01:20 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.09 14:47:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.08.25 09:33:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cl5qivyj.default\extensions [2012.08.10 09:55:23 | 000,000,000 | ---D | M] (FT PureWhite) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\cl5qivyj.default\extensions\{2f149710-41a6-11e0-9207-0800200c9a66} [2012.08.09 14:47:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.08.10 09:22:31 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES (X86)\COMMON FILES\MCAFEE\SYSTEMCORE [2012.08.09 18:12:08 | 000,028,993 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CL5QIVYJ.DEFAULT\EXTENSIONS\{75CEEE46-9B64-46F8-94BF-54012DE155F0}.XPI [2012.08.30 09:01:20 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 09:01:19 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: SiteAdvisor = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\ CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20120810092228.dll (McAfee, Inc.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120810092228.dll (McAfee, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E20E980-0248-44B7-B918-40FB5CB6D43B}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.09.03 22:14:43 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.09.03 22:13:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2012.09.03 10:08:03 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.09.02 10:34:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\2XClient [2012.09.01 10:12:48 | 001,326,456 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Pen_Touch_Tablet.dll [2012.09.01 10:12:48 | 001,107,832 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\Pen_Touch_Tablet.dll [2012.09.01 10:12:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\WTablet [2012.09.01 10:12:43 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bamboo [2012.09.01 10:12:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TabletPlugins [2012.09.01 10:12:39 | 000,012,848 | ---- | C] (Wacom Technology) -- C:\Windows\SysNative\drivers\wacommousefilter.sys [2012.09.01 10:12:32 | 000,016,168 | ---- | C] (Wacom Technology) -- C:\Windows\SysNative\drivers\wacomvhid.sys [2012.09.01 10:12:30 | 001,665,400 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Pen_Tablet.dll [2012.09.01 10:12:30 | 001,401,208 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\Wintab32.dll [2012.09.01 10:12:30 | 001,392,504 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysNative\WacomMT.dll [2012.09.01 10:12:30 | 001,369,464 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\Pen_Tablet.dll [2012.09.01 10:12:30 | 001,156,472 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\Wintab32.dll [2012.09.01 10:12:30 | 001,152,888 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\SysWow64\WacomMT.dll [2012.09.01 10:12:28 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet [2012.08.31 07:17:22 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard [2012.08.23 16:41:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\PhotoScape [2012.08.23 16:41:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape [2012.08.23 16:41:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoScape [2012.08.23 06:44:45 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.08.23 06:44:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2012.08.23 06:44:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2012.08.20 20:24:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.08.12 13:56:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\com.prezi.PreziDesktop [2012.08.12 13:56:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PreziDesktop3 [2012.08.12 11:41:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision [2012.08.12 11:40:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activision [2012.08.12 09:36:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan [2012.08.12 09:15:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2012.08.10 14:36:14 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet [2012.08.10 13:46:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012.08.10 09:56:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\FastStone [2012.08.10 09:37:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.08.10 09:37:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.10 09:36:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.10 09:36:53 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.08.10 09:36:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.08.10 09:30:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\dispcalGUI [2012.08.10 09:30:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dispcalGUI [2012.08.10 09:29:57 | 000,000,000 | ---D | C] -- C:\ProgramData\dispcalGUI [2012.08.10 09:29:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\dispcalGUI [2012.08.10 09:28:57 | 000,000,000 | ---D | C] -- C:\Program Registry (x86) [2012.08.10 09:22:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee.com [2012.08.10 09:22:28 | 000,010,248 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeclnk.sys [2012.08.10 09:22:27 | 000,487,296 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfefirek.sys [2012.08.10 09:22:27 | 000,229,528 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeavfk.sys [2012.08.10 09:22:27 | 000,100,912 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mferkdet.sys [2012.08.10 09:22:27 | 000,075,936 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfenlfk.sys [2012.08.10 09:22:27 | 000,065,264 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\cfwids.sys [2012.08.10 09:22:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee [2012.08.10 09:22:26 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com [2012.08.10 09:22:26 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee [2012.08.10 09:22:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee [2012.08.10 09:06:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Leadertech [2012.08.10 09:06:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd [2012.08.10 09:06:04 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd [2012.08.10 09:06:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2012.08.10 09:05:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd [2012.08.10 09:05:56 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech [2012.08.10 09:05:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd [2012.08.10 09:05:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Logitech [2012.08.10 09:05:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Logishrd [2012.08.10 09:01:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\FileZilla [2012.08.10 09:01:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client [2012.08.10 09:01:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client [2012.08.10 08:53:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee [2012.08.10 08:40:30 | 000,177,144 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe [2012.08.09 23:06:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Diagnostics [2012.08.09 23:00:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ATI [2012.08.09 23:00:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ATI [2012.08.09 22:59:48 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD [2012.08.09 22:59:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2012.08.09 22:59:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies [2012.08.09 22:59:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies [2012.08.09 22:59:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2012.08.09 22:59:19 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2012.08.09 22:59:16 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2012.08.09 22:58:36 | 000,000,000 | ---D | C] -- C:\AMD [2012.08.09 18:09:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Apple Computer [2012.08.09 18:09:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple Computer [2012.08.09 18:09:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.08.09 18:09:13 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.08.09 18:09:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012.08.09 18:09:13 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.08.09 18:09:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012.08.09 18:09:13 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} [2012.08.09 18:09:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple [2012.08.09 18:09:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2012.08.09 18:08:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2012.08.09 18:08:54 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2012.08.09 18:08:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2012.08.09 18:08:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2012.08.09 18:08:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2012.08.09 18:07:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer [2012.08.09 18:07:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FastStone Image Viewer [2012.08.09 18:06:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Macromedia [2012.08.09 17:47:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2012.08.09 17:47:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2012.08.09 17:38:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2012.08.09 17:38:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works [2012.08.09 17:38:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio [2012.08.09 17:38:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2012.08.09 17:36:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2012.08.09 17:36:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft Help [2012.08.09 17:36:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2012.08.09 17:36:19 | 000,000,000 | RH-D | C] -- C:\MSOCache [2012.08.09 17:24:33 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2012.08.09 17:23:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2012.08.09 17:22:28 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2012.08.09 17:22:28 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2012.08.09 17:22:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan [2012.08.09 17:20:26 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Sonstiges [2012.08.09 17:20:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TrueCrypt [2012.08.09 17:20:09 | 000,222,160 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\SysWow64\drivers\truecrypt.sys [2012.08.09 17:20:09 | 000,000,000 | ---D | C] -- C:\ProgramData\TrueCrypt [2012.08.09 17:20:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrueCrypt [2012.08.09 17:19:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc [2012.08.09 17:19:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012.08.09 17:19:08 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2012.08.09 16:01:37 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG [2012.08.09 16:00:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\HP [2012.08.09 16:00:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\HP [2012.08.09 15:41:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\HpUpdate [2012.08.09 15:41:44 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant [2012.08.09 15:41:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2012.08.09 15:41:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool [2012.08.09 15:41:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP [2012.08.09 15:41:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard [2012.08.09 15:41:14 | 000,000,000 | -H-D | C] -- C:\Config.Msi [2012.08.09 15:41:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP [2012.08.09 15:40:52 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2012.08.09 15:40:48 | 000,553,472 | ---- | C] (Hewlett Packard) -- C:\Windows\SysNative\hppldcoi.dll [2012.08.09 14:51:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.08.09 14:51:50 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2012.08.09 14:49:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.08.09 14:49:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Google [2012.08.09 14:49:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Opera [2012.08.09 14:49:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Opera [2012.08.09 14:49:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera [2012.08.09 14:47:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mozilla [2012.08.09 14:47:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Mozilla [2012.08.09 14:47:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012.08.09 14:47:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.08.09 14:47:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.08.09 14:37:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared [2012.08.09 14:20:51 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM [2012.08.09 14:18:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2012.08.09 14:18:46 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2012.08.09 14:17:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player [2012.08.09 14:17:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe [2012.08.09 14:16:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2012.08.09 14:16:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Design Premium CS5 [2012.08.09 14:16:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2012.08.09 14:16:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2012.08.09 14:15:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2012.08.09 14:15:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2012.08.09 14:13:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Macromedia [2012.08.09 14:13:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Adobe [2012.08.09 14:13:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Adobe [2012.08.09 13:55:20 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012.08.09 13:55:20 | 000,000,000 | R--D | C] -- C:\Users\***\Searches [2012.08.09 13:55:20 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012.08.09 13:55:14 | 000,000,000 | R--D | C] -- C:\Users\***\Contacts [2012.08.09 13:55:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Identities [2012.08.09 13:55:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\VirtualStore [2012.08.09 13:53:46 | 000,000,000 | -HSD | C] -- C:\Users\***\Vorlagen [2012.08.09 13:53:46 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Verlauf [2012.08.09 13:53:46 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Temporary Internet Files [2012.08.09 13:53:46 | 000,000,000 | -HSD | C] -- C:\Users\***\Startmenü [2012.08.09 13:53:46 | 000,000,000 | -HSD | C] -- C:\Users\***\SendTo [2012.08.09 13:53:46 | 000,000,000 | -HSD | C] -- C:\Users\***\Recent [2012.08.09 13:53:46 | 000,000,000 | -HSD | C] -- C:\Users\***\Netzwerkumgebung [2012.08.09 13:53:46 | 000,000,000 | -HSD | C] -- C:\Users\***\Lokale Einstellungen [2012.08.09 13:53:46 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Videos [2012.08.09 13:53:46 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Musik [2012.08.09 13:53:46 | 000,000,000 | -HSD | C] -- C:\Users\***\Eigene Dateien [2012.08.09 13:53:46 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Bilder [2012.08.09 13:53:46 | 000,000,000 | -HSD | C] -- C:\Users\***\Druckumgebung [2012.08.09 13:53:46 | 000,000,000 | -HSD | C] -- C:\Users\***\Cookies [2012.08.09 13:53:46 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Anwendungsdaten [2012.08.09 13:53:46 | 000,000,000 | -HSD | C] -- C:\Users\***\Anwendungsdaten [2012.08.09 13:53:45 | 000,000,000 | --SD | C] -- C:\Users\***\AppData\Roaming\Microsoft [2012.08.09 13:53:45 | 000,000,000 | R--D | C] -- C:\Users\***\Videos [2012.08.09 13:53:45 | 000,000,000 | R--D | C] -- C:\Users\***\Saved Games [2012.08.09 13:53:45 | 000,000,000 | R--D | C] -- C:\Users\***\Pictures [2012.08.09 13:53:45 | 000,000,000 | R--D | C] -- C:\Users\***\Music [2012.08.09 13:53:45 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.08.09 13:53:45 | 000,000,000 | R--D | C] -- C:\Users\***\Links [2012.08.09 13:53:45 | 000,000,000 | R--D | C] -- C:\Users\***\Favorites [2012.08.09 13:53:45 | 000,000,000 | R--D | C] -- C:\Users\***\Downloads [2012.08.09 13:53:45 | 000,000,000 | R--D | C] -- C:\Users\***\Documents [2012.08.09 13:53:45 | 000,000,000 | R--D | C] -- C:\Users\***\Desktop [2012.08.09 13:53:45 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.08.09 13:53:45 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData [2012.08.09 13:53:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Temp [2012.08.09 13:53:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft [2012.08.09 13:53:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Media Center Programs [2012.08.09 13:53:37 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2012.08.09 13:53:37 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2012.08.09 13:53:37 | 000,000,000 | -HSD | C] -- C:\Recovery [2012.08.09 13:53:37 | 000,000,000 | -HSD | C] -- C:\Programme [2012.08.09 13:53:37 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2012.08.09 13:53:37 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2012.08.09 13:53:37 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2012.08.09 13:53:37 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2012.08.09 13:53:37 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2012.08.09 13:53:37 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2012.08.09 13:53:37 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2012.08.09 13:53:37 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2012.08.09 13:53:36 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2012.08.08 07:45:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asmedia Technology [2012.08.08 07:45:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASM104xUSB3 [2012.08.08 07:11:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2012.08.08 07:11:54 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2012.08.08 07:11:51 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2012.08.08 07:11:51 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2012.08.08 07:11:51 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2012.08.08 07:11:51 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2012.08.08 07:11:51 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2012.08.08 07:11:51 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2012.08.08 07:11:51 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2012.08.08 07:11:51 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2012.08.08 07:11:51 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2012.08.08 07:11:51 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2012.08.08 07:11:51 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2012.08.08 07:11:50 | 002,528,832 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2012.08.08 07:11:50 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2012.08.08 07:11:50 | 000,978,776 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll [2012.08.08 07:11:50 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2012.08.08 07:11:50 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2012.08.08 07:11:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2012.08.08 07:11:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2012.08.08 07:11:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel [2012.08.08 07:11:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel [2012.08.08 07:10:43 | 000,000,000 | ---D | C] -- C:\Program Files\Intel [2012.08.08 07:10:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent [2012.08.08 07:10:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel [2012.08.08 07:10:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel [2012.08.08 07:09:48 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2012.08.08 07:09:37 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll [2012.08.08 07:09:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel [2012.08.08 07:09:34 | 000,000,000 | ---D | C] -- C:\Intel [2012.08.08 07:09:09 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom ========== Files - Modified Within 30 Days ========== [2012.09.03 22:16:12 | 000,034,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.03 22:16:12 | 000,034,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.03 22:14:59 | 001,507,502 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.09.03 22:14:59 | 000,657,698 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.09.03 22:14:59 | 000,618,974 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.09.03 22:14:59 | 000,131,070 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.09.03 22:14:59 | 000,107,294 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.09.03 22:14:44 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.09.03 22:14:17 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.09.03 22:13:41 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2012.09.03 22:09:08 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job [2012.09.03 22:09:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.03 22:09:02 | 4211,900,414 | -HS- | M] () -- C:\hiberfil.sys [2012.09.03 19:46:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.03 17:59:01 | 000,001,160 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1141799663-1850302816-3924333869-1001UA.job [2012.09.03 14:59:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1141799663-1850302816-3924333869-1001Core.job [2012.09.03 09:06:51 | 004,503,728 | ---- | M] () -- C:\ProgramData\nud0repor.pad [2012.08.27 14:24:27 | 000,000,132 | ---- | M] () -- C:\Users\***\AppData\Roaming\Adobe PNG Format CS5 Prefs [2012.08.25 12:32:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job [2012.08.23 07:45:47 | 001,526,976 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.08.15 13:06:04 | 012,264,384 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.08.13 16:56:23 | 000,007,602 | ---- | M] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2012.08.13 09:03:32 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.08.12 13:56:15 | 000,000,931 | ---- | M] () -- C:\Users\Public\Desktop\PreziDesktop3.lnk [2012.08.12 11:41:01 | 000,000,336 | ---- | M] () -- C:\Windows\game.ini [2012.08.12 09:36:58 | 000,001,021 | ---- | M] () -- C:\Users\***\Desktop\SpeedFan.lnk [2012.08.12 09:36:58 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo [2012.08.12 09:15:02 | 000,002,104 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012.08.10 09:37:09 | 000,001,123 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.10 09:30:02 | 000,002,160 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\dispcalGUI Profile Loader.lnk [2012.08.10 09:01:41 | 000,001,221 | ---- | M] () -- C:\Users\***\Desktop\FileZilla.lnk [2012.08.10 08:49:52 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2012.08.09 23:00:17 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin [2012.08.09 18:09:26 | 000,001,793 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.08.09 18:07:47 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\FastStone Image Viewer.lnk [2012.08.09 17:38:52 | 000,002,723 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office PowerPoint 2007.lnk [2012.08.09 17:38:52 | 000,002,703 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Excel 2007.lnk [2012.08.09 17:38:52 | 000,002,697 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Word 2007.lnk [2012.08.09 17:34:23 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\Lightroom 3.6 64-Bit.lnk [2012.08.09 17:20:09 | 000,222,160 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysWow64\drivers\truecrypt.sys [2012.08.09 17:19:09 | 000,000,881 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.08.09 16:00:07 | 000,266,553 | ---- | M] () -- C:\Windows\hpwins22.dat [2012.08.09 15:41:38 | 000,002,109 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012.08.09 14:49:00 | 000,001,843 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk [2012.08.09 14:37:12 | 000,002,031 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Pro.lnk [2012.08.09 14:24:13 | 000,001,215 | ---- | M] () -- C:\Users\***\Desktop\Adobe InDesign CS5.lnk [2012.08.09 14:22:22 | 000,001,091 | ---- | M] () -- C:\Users\***\Desktop\Adobe Photoshop CS5 (64 Bit).lnk [2012.08.09 14:20:52 | 000,001,670 | ---- | M] () -- C:\Users\***\Desktop\Adobe Illustrator CS5.lnk [2012.08.09 13:53:01 | 000,055,513 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2012.08.09 13:53:01 | 000,055,513 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2012.08.08 07:46:55 | 000,018,366 | ---- | M] () -- C:\Windows\SysNative\results.xml [2012.08.08 07:12:07 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf ========== Files Created - No Company Name ========== [2012.09.03 22:14:17 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.09.03 22:13:41 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2012.09.03 09:05:39 | 004,503,728 | ---- | C] () -- C:\ProgramData\nud0repor.pad [2012.08.13 16:56:23 | 000,007,602 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2012.08.13 09:03:32 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.08.12 15:18:25 | 000,000,132 | ---- | C] () -- C:\Users\***\AppData\Roaming\Adobe PNG Format CS5 Prefs [2012.08.12 13:56:15 | 000,000,943 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PreziDesktop3.lnk [2012.08.12 13:56:15 | 000,000,931 | ---- | C] () -- C:\Users\Public\Desktop\PreziDesktop3.lnk [2012.08.12 11:41:01 | 000,000,336 | ---- | C] () -- C:\Windows\game.ini [2012.08.12 09:36:58 | 000,001,021 | ---- | C] () -- C:\Users\***\Desktop\SpeedFan.lnk [2012.08.12 09:36:58 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo [2012.08.10 10:28:09 | 000,002,723 | ---- | C] () -- C:\Users\***\Desktop\Microsoft Office PowerPoint 2007.lnk [2012.08.10 09:37:09 | 000,001,123 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.10 09:30:02 | 000,002,160 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\dispcalGUI Profile Loader.lnk [2012.08.10 09:02:49 | 000,001,221 | ---- | C] () -- C:\Users\***\Desktop\FileZilla.lnk [2012.08.09 23:00:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.08.09 18:09:26 | 000,001,793 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.08.09 18:09:01 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012.08.09 18:07:47 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\FastStone Image Viewer.lnk [2012.08.09 17:49:21 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif [2012.08.09 17:49:14 | 001,526,976 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.08.09 17:41:47 | 000,002,703 | ---- | C] () -- C:\Users\***\Desktop\Microsoft Office Excel 2007.lnk [2012.08.09 17:41:41 | 000,002,697 | ---- | C] () -- C:\Users\***\Desktop\Microsoft Office Word 2007.lnk [2012.08.09 17:34:23 | 000,002,085 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 3.6 64-Bit.lnk [2012.08.09 17:34:23 | 000,002,077 | ---- | C] () -- C:\Users\Public\Desktop\Lightroom 3.6 64-Bit.lnk [2012.08.09 17:24:29 | 000,001,670 | ---- | C] () -- C:\Users\***\Desktop\Adobe Illustrator CS5.lnk [2012.08.09 17:24:22 | 000,001,215 | ---- | C] () -- C:\Users\***\Desktop\Adobe InDesign CS5.lnk [2012.08.09 17:24:14 | 000,001,091 | ---- | C] () -- C:\Users\***\Desktop\Adobe Photoshop CS5 (64 Bit).lnk [2012.08.09 17:23:42 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.09 17:22:28 | 000,002,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012.08.09 17:22:25 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.08.09 17:19:09 | 000,000,881 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.08.09 15:41:49 | 000,001,064 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk [2012.08.09 15:41:38 | 000,002,109 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012.08.09 15:40:55 | 000,266,553 | ---- | C] () -- C:\Windows\hpwins22.dat [2012.08.09 15:40:55 | 000,002,850 | ---- | C] () -- C:\Windows\hpwmdl22.dat [2012.08.09 14:49:43 | 000,001,160 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1141799663-1850302816-3924333869-1001UA.job [2012.08.09 14:49:43 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1141799663-1850302816-3924333869-1001Core.job [2012.08.09 14:49:00 | 000,001,855 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk [2012.08.09 14:49:00 | 000,001,843 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk [2012.08.09 14:47:45 | 000,001,156 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.08.09 14:37:04 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 9.lnk [2012.08.09 14:37:04 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 9 Pro.lnk [2012.08.09 14:37:04 | 000,002,181 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle Designer ES 8.2.lnk [2012.08.09 14:37:04 | 000,002,031 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Pro.lnk [2012.08.09 14:16:33 | 000,001,007 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk [2012.08.09 13:55:21 | 000,001,419 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2012.08.09 13:55:20 | 000,001,453 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.08.08 07:46:55 | 000,018,366 | ---- | C] () -- C:\Windows\SysNative\results.xml [2012.08.08 07:12:07 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf [2012.08.08 07:11:51 | 002,261,764 | ---- | C] () -- C:\Windows\SysNative\drivers\rtvienna.dat [2012.08.08 07:11:51 | 000,272,629 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT [2012.08.08 07:11:34 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job [2012.08.08 07:11:34 | 000,000,828 | ---- | C] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job [2012.08.08 07:11:11 | 000,015,128 | ---- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll [2012.08.08 07:10:01 | 001,981,696 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa [2012.08.08 07:10:01 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2012.08.08 07:10:01 | 000,755,188 | ---- | C] () -- C:\Windows\SysNative\igkrng700.bin [2012.08.08 07:10:01 | 000,059,425 | ---- | C] () -- C:\Windows\SysNative\iglhxo64.vp [2012.08.08 07:10:01 | 000,059,398 | ---- | C] () -- C:\Windows\SysNative\iglhxg64.vp [2012.08.08 07:10:01 | 000,059,230 | ---- | C] () -- C:\Windows\SysNative\iglhxc64.vp [2012.08.08 07:10:01 | 000,059,104 | ---- | C] () -- C:\Windows\SysNative\iglhxc64_dev.vp [2012.08.08 07:10:01 | 000,058,796 | ---- | C] () -- C:\Windows\SysNative\iglhxg64_dev.vp [2012.08.08 07:10:01 | 000,058,109 | ---- | C] () -- C:\Windows\SysNative\iglhxo64_dev.vp [2012.08.08 07:10:01 | 000,018,660 | ---- | C] () -- C:\Windows\SysNative\iglhxs64.vp [2012.08.08 07:10:01 | 000,001,074 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.vp [2012.08.08 07:09:59 | 000,009,216 | ---- | C] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll [2012.08.08 07:09:58 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2012.08.08 07:09:58 | 000,561,508 | ---- | C] () -- C:\Windows\SysNative\igfcg700m.bin [2012.08.08 07:09:55 | 000,079,360 | ---- | C] () -- C:\Windows\SysNative\igdde64.dll [2012.08.08 07:09:55 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.08.08 07:09:53 | 017,226,240 | ---- | C] () -- C:\Windows\SysNative\ig7icd64.dll [2012.08.08 07:09:53 | 013,024,256 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll [2012.08.08 07:09:52 | 000,094,208 | ---- | C] () -- C:\Windows\SysNative\IccLibDll_x64.dll [2012.08.08 07:09:52 | 000,000,264 | ---- | C] () -- C:\Windows\SysNative\GfxUI.exe.config [2012.08.08 07:09:51 | 000,221,877 | ---- | C] () -- C:\Windows\SysNative\Gfxres.th-TH.resources [2012.08.08 07:09:51 | 000,208,522 | ---- | C] () -- C:\Windows\SysNative\Gfxres.el-GR.resources [2012.08.08 07:09:51 | 000,192,378 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources [2012.08.08 07:09:51 | 000,164,821 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources [2012.08.08 07:09:51 | 000,162,150 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources [2012.08.08 07:09:51 | 000,157,713 | ---- | C] () -- C:\Windows\SysNative\Gfxres.he-IL.resources [2012.08.08 07:09:51 | 000,148,461 | ---- | C] () -- C:\Windows\SysNative\Gfxres.it-IT.resources [2012.08.08 07:09:51 | 000,147,116 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources [2012.08.08 07:09:51 | 000,146,125 | ---- | C] () -- C:\Windows\SysNative\Gfxres.es-ES.resources [2012.08.08 07:09:51 | 000,146,008 | ---- | C] () -- C:\Windows\SysNative\Gfxres.de-DE.resources [2012.08.08 07:09:51 | 000,144,790 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ro-RO.resources [2012.08.08 07:09:51 | 000,144,267 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources [2012.08.08 07:09:51 | 000,143,564 | ---- | C] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources [2012.08.08 07:09:51 | 000,143,112 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources [2012.08.08 07:09:51 | 000,142,797 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources [2012.08.08 07:09:51 | 000,142,606 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources [2012.08.08 07:09:51 | 000,142,079 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources [2012.08.08 07:09:51 | 000,141,854 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources [2012.08.08 07:09:51 | 000,141,421 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources [2012.08.08 07:09:51 | 000,141,297 | ---- | C] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources [2012.08.08 07:09:51 | 000,140,949 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources [2012.08.08 07:09:51 | 000,140,548 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources [2012.08.08 07:09:51 | 000,139,901 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hr-HR.resources [2012.08.08 07:09:51 | 000,136,850 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources [2012.08.08 07:09:51 | 000,136,778 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources [2012.08.08 07:09:51 | 000,136,261 | ---- | C] () -- C:\Windows\SysNative\Gfxres.da-DK.resources [2012.08.08 07:09:51 | 000,131,674 | ---- | C] () -- C:\Windows\SysNative\Gfxres.en-US.resources [2012.08.08 07:09:51 | 000,125,306 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources [2012.08.08 07:09:51 | 000,123,778 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources [2012.08.08 07:08:49 | 000,000,114 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\alternate.net.url [2012.06.11 18:50:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.06.11 18:50:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.05.10 16:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.03.07 01:40:52 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.04.28 11:53:01 | 000,002,048 | ---- | C] () -- C:\Windows\hidcon.exe ========== LOP Check ========== [2012.09.02 10:34:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\2XClient [2012.08.20 20:24:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.08.12 13:56:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.prezi.PreziDesktop [2012.08.10 09:30:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dispcalGUI [2012.09.03 19:44:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2012.08.10 09:06:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2012.08.09 14:49:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2012.08.23 16:55:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoScape [2012.08.09 17:20:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt [2012.09.03 22:09:08 | 000,000,828 | ---- | M] () -- C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job [2012.08.25 12:32:00 | 000,000,830 | ---- | M] () -- C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job [2012.08.29 10:36:42 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Christian |
|
04.09.2012, 21:00
| #2 |
| /// Helfer-Team  | Bundestrojaner: wie weiß ich ob er weg ist? Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________ |
|
05.09.2012, 11:20
| #3 |
| | Bundestrojaner: wie weiß ich ob er weg ist? t'john, danke für die Hilfe!
__________________Hier der Bericht: Code:
ATTFilter Emsisoft Anti-Malware - Version 6.6
Letztes Update: 05.09.2012 08:47:09
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, E:\, F:\
Archiv Scan: An
ADS Scan: An
Scan Beginn: 05.09.2012 08:47:37
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\2d87829a-1659ab26 -> googlea\googlee.class gefunden: Java.CVE!E2
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\2d87829a-1659ab26 -> googlea\googlec.class gefunden: Trojan.CVE-2012-1723-EC!E2
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\2d87829a-1659ab26 -> googlea\googlea.class gefunden: Trojan.CVE-2012-1723-EC!E2
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\21f13c2-5fa3ad7f gefunden: Trojan.Win32.Agent.AMN!E1
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\cl5qivyj.default\Cache\F\D5\B0C89d01 gefunden: Exploit.JS.Blacole!E2
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\cl5qivyj.default\Cache\2\BE\51324d01 gefunden: Trojan.IframeRef!E2
Gescannt 866535
Gefunden 6
Scan Ende: 05.09.2012 11:50:06
Scan Zeit: 3:02:29
|
|
06.09.2012, 00:53
| #4 |
| /// Helfer-Team | Bundestrojaner: wie weiß ich ob er weg ist? Sehr gut!  Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
|
06.09.2012, 08:39
| #5 |
| | Bundestrojaner: wie weiß ich ob er weg ist? Super, danke für deine schnelle Antwort! Und hier kommt auch gleich das nächste Log vom ESET Online Scanner: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1238a59250ee4f4b8611aac8caa939ac
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-06 05:41:49
# local_time=2012-09-06 07:41:49 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5121 16777213 100 75 852601 1195211 0 0
# compatibility_mode=5893 16776574 100 94 2040060 98539959 0 0
# compatibility_mode=8192 67108863 100 0 66 66 0 0
# scanned=104
# found=0
# cleaned=0
# scan_time=3
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1238a59250ee4f4b8611aac8caa939ac
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-06 07:23:33
# local_time=2012-09-06 09:23:33 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5121 16777214 100 75 852790 1195400 0 0
# compatibility_mode=5893 16776574 100 94 2040249 98540148 0 0
# compatibility_mode=8192 67108863 100 0 255 255 0 0
# scanned=428222
# found=1
# cleaned=1
# scan_time=5915
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\cl5qivyj.default\Cache\4\8E\B6EE8d01 HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
|
|
06.09.2012, 18:25
| #6 |
| /// Helfer-Team | Bundestrojaner: wie weiß ich ob er weg ist? Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck
__________________ --> Bundestrojaner: wie weiß ich ob er weg ist? |
|
07.09.2012, 06:18
| #7 |
| | Bundestrojaner: wie weiß ich ob er weg ist? Mit aktiviertem und aktualisiertem Java bekomme ich folgende Anzeige: Firefox 15.0 ist aktuell Flash (11,4,402,265) ist aktuell. Java (1,7,0,7) ist aktuell. Adobe Reader 10,1,4,38 ist aktuell. Nach deaktivieren von Java kommt das: Firefox 15.0 ist aktuell Flash (11,4,402,265) ist aktuell. Java ist Installiert aber nicht aktiviert. Adobe Reader 10,1,4,38 ist aktuell. Danke & Grüße! Christian |
|
07.09.2012, 15:31
| #8 |
| /// Helfer-Team | Bundestrojaner: wie weiß ich ob er weg ist? Sehr gut! damit bist Du sauber und entlassen!  adwCleaner entfernen
Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Systemwiederherstellungen leeren Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein: Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7 Danach wieder aktivieren. Aufräumen mit CCleaner Lasse mit CCleaner (Download) (Anleitung) Fehler in der
Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html PC wird immer langsamer - was tun? |
|
08.09.2012, 17:09
| #9 |
| | Bundestrojaner: wie weiß ich ob er weg ist? Ein herzlicher Dank für die Unterstützung !!! :-) |
|
| Themen zu Bundestrojaner: wie weiß ich ob er weg ist? |
| administrator, adobe, adobe flash player, autorun, bho, bingbar, bonjour, explorer, firefox, flash player, format, ftp, helper, hewlett packard, installation, logfile, mozilla, photoshop, plug-in, programme, realtek, registry, security, siteadvisor, software, tablet, temp, usb, usb 3.0, windows xp |
Linear-Darstellung
