Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Zugriff auf Filezilla ... wohl über einen Trojaner

Zugriff auf Filezilla ... wohl über einen Trojaner


Log-Analyse und Auswertung: Zugriff auf Filezilla ... wohl über einen Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 07.09.2012, 18:07   #1
JulianW
 
Zugriff auf Filezilla ... wohl über einen Trojaner - Standard

Zugriff auf Filezilla ... wohl über einen Trojaner


Hallo allerseits,

kurzzusammenfassung:
Im Januar hatte ich eine Reinigung gestartet. Damals bin ich bei dem ESET Online-Scanner hängengeblieben, den ich mehrfach "über nacht" gestartet habe, er kam aber nie "durch". Ich kann mich nicht mehr erinnern, ob das daran lag, daß er hängengeblieben ist oder einfach nur viel zu lange gebraucht hat (mehr als 24 Stunden).

Gestern hatte ich ziemlich sicher einen Virenbefall. Nachdem jemand meine FTP-Accounts gehackt hat vermute ich, daß er an meine FileZilla-Einstellungsdateien rankam (FileZilla ist berüchtigt dafür, Passwörter im Klartext abzuspeichern, was ich nicht wusste) und nicht über eine Sicherheitslücke Online.

Ich habe GData konstant laufen, dort war nichts gemeldet. Ich habe einmal Malwarebystes aktualisiert und einen Quick-Scan gemcaht, da wurde was gefunden:

Zitat:
Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{8BFC4388-A939-4040-38E8-1AC7222035D2} (Trojan.ZbotR.Gen) -> Daten: C:\Users\Julian\AppData\Roaming\Ator\zevam.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
Danach ein vollständiger Scan ... keine Meldung.

Aktuell arbeite ich fast nur noch mit einem Zweitrechner, von meinem Hauptrechner aus greife ich auf nichts zu, wo ich ein Passwort eingeben muß oder ähnlihces. Für mich steht die Frage an: Lassen sich alle Viren/Trojaner finden oder muß ich komplett neu Installieren. Im Zweifelsfall neige ich eher zum Neu-Installieren, möchte aber gerne zuerst versuchen, den Rechner ohne Neuinstallation zu retten.

Hier die Log-Files.

- defogger hat nichts gemeldet.

- OLT
Es steht dabei "Alle Programme schließen". Wie sieht es aus mit Hintergrundprozessen wie Firewall, Treibern oder ähnliches? Ich habe alle Programme gschlossen, aber nichts "deaktiviert".

Hier der Log:
Code:
ATTFilter
OTL logfile created on: 07.09.2012 18:51:32 - Run 2
OTL by OldTimer - Version 3.2.61.1     Folder = C:\Users\Julian\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 37,99% Memory free
7,99 Gb Paging File | 5,26 Gb Available in Paging File | 65,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74,43 Gb Total Space | 3,30 Gb Free Space | 4,44% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 57,95 Gb Free Space | 6,22% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 53,84 Gb Free Space | 5,78% Space Free | Partition Type: NTFS
 
Computer Name: SILVERSTONE | User Name: Julian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2012.09.07 18:50:49 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Julian\Desktop\OTL.exe
PRC - [2012.08.17 14:43:24 | 000,413,184 | ---- | M] () -- C:\Program Files (x86)\Polar\Daemon\polard.exe
PRC - [2012.07.18 12:17:47 | 000,913,888 | ---- | M] (Mozilla Corporation) -- D:\Programme\Firefox\firefox.exe
PRC - [2012.07.18 12:17:46 | 000,016,864 | ---- | M] (Mozilla Corporation) -- D:\Programme\Firefox\plugin-container.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.05.25 14:19:24 | 001,540,120 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2012.05.24 05:23:01 | 000,985,624 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe
PRC - [2012.03.29 04:42:27 | 000,470,008 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
PRC - [2012.03.26 09:00:48 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- D:\Programme\Adobe\Adobe Acrobat\Acrobat\acrotray.exe
PRC - [2012.01.27 05:43:33 | 000,468,472 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.05.21 07:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010.11.22 15:50:26 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
PRC - [2010.11.04 08:26:21 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2010.02.16 12:10:46 | 000,308,640 | ---- | M] (Panasonic Corporation) -- C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
PRC - [2009.11.11 16:17:02 | 000,771,360 | ---- | M] (Apple Inc.) -- D:\Programme\AirPort\APAgent.exe
PRC - [2009.08.19 13:56:38 | 000,090,112 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2009.07.23 17:14:40 | 000,086,016 | ---- | M] (Contour Design, Inc.) -- C:\Program Files (x86)\Contour Shuttle\ShuttleEngine.exe
PRC - [2009.07.23 17:14:30 | 000,118,784 | ---- | M] (Contour Design, Inc.) -- C:\Program Files (x86)\Contour Shuttle\ShuttleHelper.exe
PRC - [2009.07.17 16:25:02 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) -- C:\ASUS.SYS\config\DVMExportService.exe
PRC - [2009.06.04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2008.07.11 15:22:56 | 000,251,184 | ---- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe
PRC - [2007.06.15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\SysWOW64\bgsvcgen.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.18 12:17:47 | 002,003,424 | ---- | M] () -- D:\Programme\Firefox\mozjs.dll
MOD - [2012.05.18 05:19:54 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2009.02.27 16:39:28 | 000,019,968 | ---- | M] () -- D:\Programme\Adobe\Adobe Acrobat\Acrobat\AcroTray.DEU
MOD - [2009.02.27 16:32:26 | 000,020,480 | ---- | M] () -- D:\Programme\Adobe\Adobe Acrobat\Acrobat\AcroTray.FRA
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2008.05.08 01:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\SysNative\Crypserv.exe -- (Crypkey License)
SRV - [2012.08.17 14:43:24 | 000,413,184 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Polar\Daemon\polard.exe -- (Polar Daemon)
SRV - [2012.07.18 12:17:47 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.01 05:05:18 | 002,011,056 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe -- (AVKWCtl)
SRV - [2012.05.25 14:19:24 | 001,540,120 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2012.03.29 04:42:27 | 000,470,008 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2012.01.27 05:43:33 | 000,468,472 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe -- (AVKService)
SRV - [2011.05.21 07:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010.11.22 15:50:26 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2010.09.17 12:35:08 | 057,966,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\MSSQL10.TRIPLOG\MSSQL\Binn\sqlservr.exe -- (MSSQL$TRIPLOG)
SRV - [2010.09.17 12:35:08 | 000,154,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.09.17 12:33:26 | 000,430,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL10.TRIPLOG\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$TRIPLOG)
SRV - [2010.05.01 20:11:11 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.03.22 15:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.08.19 13:56:38 | 000,090,112 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009.07.23 17:14:40 | 000,086,016 | ---- | M] (Contour Design, Inc.) [Auto | Running] -- C:\Program Files (x86)\Contour Shuttle\ShuttleEngine.exe -- (ShuttleEngine)
SRV - [2009.07.17 16:25:02 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
SRV - [2008.07.11 15:22:56 | 000,251,184 | ---- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe -- (NasPmService)
SRV - [2008.07.11 06:54:52 | 000,061,976 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)
SRV - [2007.06.15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.06.01 08:26:03 | 000,065,912 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd)
DRV:64bit: - [2012.05.01 09:29:13 | 000,106,648 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD)
DRV:64bit: - [2012.04.24 11:48:07 | 000,064,376 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre)
DRV:64bit: - [2012.04.24 11:48:05 | 000,122,744 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV:64bit: - [2012.04.24 11:48:05 | 000,054,136 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave)
DRV:64bit: - [2012.04.24 11:45:16 | 000,059,768 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV:64bit: - [2011.11.29 04:28:28 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011.08.01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.07.17 13:47:07 | 000,121,432 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2011.07.17 13:46:42 | 000,069,704 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2011.07.17 13:46:32 | 000,084,808 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.05.18 09:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.05.09 06:56:55 | 000,031,448 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GdNetMon64.sys -- (GdNetMon)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 15:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009.07.16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:02 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\irda.sys -- (irda)
DRV:64bit: - [2009.07.10 05:07:02 | 001,222,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.03.18 12:03:30 | 000,346,624 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8187B.sys -- (RTL8187B)
DRV:64bit: - [2008.03.17 19:12:26 | 000,028,664 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Ckldrv.sys -- (NetworkX)
DRV:64bit: - [2008.01.19 06:28:36 | 000,033,792 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\irstusb.sys -- (STIrUsb)
DRV:64bit: - [2007.04.23 13:15:48 | 000,031,016 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtlProt.sys -- (RtlProt)
DRV:64bit: - [2006.08.25 14:36:52 | 000,039,208 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006.11.14 21:26:48 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nlp-deutschland.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 17 DA 31 72 E9 CD CA 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {187F8661-AB7B-4276-93C8-25441D77E658}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{187F8661-AB7B-4276-93C8-25441D77E658}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "google.de PWS"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledAddons: toolbar@seomoz.org:2.23
FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.599: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.599: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.599: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.599: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: D:\Programme\Adobe\Adobe Acrobat\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: D:\Programme\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010.10.25 22:03:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.14 03:56:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: D:\Programme\Firefox\components [2012.07.18 12:17:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: D:\Programme\Firefox\plugins [2012.07.31 03:16:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{E0CC257A-4D42-4ED7-AFAF-0AE6422F60D0}: D:\Programme\Copernic Desktop Search - Home\Firefox36Connector
 
[2010.11.03 08:51:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\Extensions
[2010.11.03 08:51:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.08.31 23:55:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\z1o5kx9v.default\extensions
[2012.08.30 23:56:26 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Julian\AppData\Roaming\mozilla\Firefox\Profiles\z1o5kx9v.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.08.31 23:55:39 | 001,625,368 | ---- | M] () (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\z1o5kx9v.default\extensions\firebug@software.joehewitt.com.xpi
[2012.04.06 06:11:45 | 000,738,156 | ---- | M] () (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\z1o5kx9v.default\extensions\toolbar@seomoz.org.xpi
[2012.07.24 12:18:02 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\z1o5kx9v.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012.06.04 18:22:45 | 000,001,742 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\z1o5kx9v.default\searchplugins\googlede-pws.xml
[2011.04.21 14:51:22 | 000,002,101 | ---- | M] () -- C:\Users\Julian\AppData\Roaming\mozilla\firefox\profiles\z1o5kx9v.default\searchplugins\googlede.xml
[2012.03.14 03:56:03 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = hxxp://www.google.de/search?q={searchTerms}
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Page Speed Plugin (Enabled) = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplegfbjlmmehdoakndmohflojccocli\1.12.0.6_0\pagespeed_plugin_WINNT_x86-msvc.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Disabled) = D:\Programme\Firefox\plugins\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Adobe Contribute CS5  (Enabled) = D:\Programme\Firefox\plugins\npContribute.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = D:\Programme\Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = D:\Programme\Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = D:\Programme\Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = D:\Programme\Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = D:\Programme\Firefox\plugins\nprjplug.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = D:\Programme\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: PageSpeed Insights (by Google) = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplegfbjlmmehdoakndmohflojccocli\2.0.2.0_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Programme\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Programme\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Programme\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G Data\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Programme\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Programme\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Programme\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Classic Start Menu] C:\Programme\Classic Shell\ClassicStartMenu.exe (IvoSoft)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [VIAAUD] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VIAAUD.exe File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] D:\Programme\Adobe\Adobe Acrobat\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] D:\Programme\Adobe\Adobe Acrobat\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AirPort Base Station Agent] D:\Programme\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Contour Shuttle Device Helper] C:\Program Files (x86)\Contour Shuttle\ShuttleHelper.exe (Contour Design, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [DisplayFusion] "D:\Programme\DisplayFusion\DisplayFusion.exe" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Julian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Mit FRITZ!Box Anrufen - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: 使用快车3下载 - C:\Users\Julian\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8:64bit: - Extra context menu item: 使用快车3下载全部链接 - C:\Users\Julian\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Julian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Mit FRITZ!Box Anrufen - Reg Error: Value error. File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: 使用快车3下载 - C:\Users\Julian\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Users\Julian\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Geräteerkennung)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.de/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D97AACD9-A5E3-4745-9647-F4CD22EFEF4F}: NameServer = 192.168.2.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FEC55FE3-66C6-48C3-8A6C-C3A228221151}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.07 18:50:47 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Users\Julian\Desktop\OTL.exe
[2012.09.07 02:39:37 | 000,000,000 | ---D | C] -- C:\Users\Julian\Desktop\Joomla_2.5.6-Stable-Full_Package
[2012.09.07 00:59:59 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Unqyok
[2012.09.07 00:59:59 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\Ator
[2012.08.27 06:53:18 | 000,000,000 | ---D | C] -- C:\Users\Julian\Desktop\com_virtuemart.2.0.10_extract_first
[2012.08.26 21:09:21 | 004,702,324 | ---- | C] (Polar Electro Oy                                            ) -- C:\Users\Julian\Desktop\PolarWebLink_2.4.13.exe
[2012.08.26 19:13:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Polar
[2012.08.26 08:47:13 | 000,000,000 | ---D | C] -- C:\Users\Julian\Desktop\Shape5_shoppingbag_PSD
[2012.08.16 14:46:30 | 000,000,000 | ---D | C] -- C:\Users\Julian\AppData\Roaming\EasyDuplicateFinder
[2012.08.16 14:46:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyDuplicateFinder
[2012.08.15 09:41:58 | 000,000,000 | ---D | C] -- C:\Users\Julian\Desktop\julian and friends fotos
[2012.08.14 09:13:38 | 000,000,000 | ---D | C] -- C:\Users\Julian\Desktop\graphicriver-2461181-bronze-silver-gold-platinum-price-table-more
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.07 18:50:49 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Julian\Desktop\OTL.exe
[2012.09.07 18:50:28 | 000,000,000 | ---- | M] () -- C:\Users\Julian\defogger_reenable
[2012.09.07 18:49:24 | 000,050,477 | ---- | M] () -- C:\Users\Julian\Desktop\Defogger.exe
[2012.09.07 18:44:44 | 000,014,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.07 18:44:44 | 000,014,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.07 18:20:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.07 14:20:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.07 11:07:54 | 000,789,796 | ---- | M] () -- C:\Windows\SysWow64\sig.bin
[2012.09.07 11:07:54 | 000,043,821 | ---- | M] () -- C:\Windows\SysWow64\nmp.map
[2012.09.07 06:11:28 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2012.09.07 06:01:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.07 06:01:22 | 3219,664,896 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.07 05:38:30 | 000,006,326 | ---- | M] () -- C:\Users\Julian\Desktop\index.html
[2012.09.07 04:26:30 | 057,310,133 | ---- | M] () -- C:\Users\Julian\Desktop\ja_community_plus_joomla_2.5.zip
[2012.09.07 02:39:40 | 007,872,678 | ---- | M] () -- C:\Users\Julian\Desktop\Joomla_2.5.6-Stable-Full_Package.zip
[2012.09.05 13:32:07 | 114,667,008 | ---- | M] () -- C:\Users\Julian\Desktop\sandra.bak
[2012.09.02 20:25:11 | 000,005,297 | ---- | M] () -- C:\Users\Julian\Desktop\julian.jpg
[2012.08.31 21:54:02 | 000,001,456 | ---- | M] () -- C:\Users\Julian\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2012.08.28 08:24:19 | 003,491,515 | ---- | M] () -- C:\Users\Julian\Desktop\SiteShaper_Shape5_metroshows_current.zip.part
[2012.08.28 08:24:19 | 001,695,348 | ---- | M] () -- C:\Users\Julian\Desktop\Shape5_metroshows_template_current.zip.part
[2012.08.28 08:22:08 | 011,548,701 | ---- | M] () -- C:\Users\Julian\Desktop\SiteShaper_Shape5_Modern_Flavor_current.zip
[2012.08.28 08:22:05 | 004,390,262 | ---- | M] () -- C:\Users\Julian\Desktop\Shape5_Modern_Flavor_psds.zip
[2012.08.28 08:21:59 | 000,870,835 | ---- | M] () -- C:\Users\Julian\Desktop\Shape5_Modern_Flavor_template_current.zip
[2012.08.28 08:21:31 | 000,748,779 | ---- | M] () -- C:\Users\Julian\Desktop\Shape5_Corporate_Response_psds.zip
[2012.08.28 08:21:29 | 011,238,799 | ---- | M] () -- C:\Users\Julian\Desktop\SiteShaper_Shape5_Corporate_Response_current.zip
[2012.08.28 08:21:24 | 000,774,254 | ---- | M] () -- C:\Users\Julian\Desktop\Shape5_Corporate_Response_template_current.zip
[2012.08.27 07:42:45 | 000,059,068 | ---- | M] () -- C:\Users\Julian\Desktop\com_virtuemart_sofort.2.0.1.zip
[2012.08.27 02:03:39 | 001,097,017 | ---- | M] () -- C:\Users\Julian\Desktop\advancedmodulemanager-v3.2.6.zip
[2012.08.26 21:09:59 | 000,001,793 | ---- | M] () -- C:\Users\Public\Desktop\Polar WebLink.lnk
[2012.08.26 21:09:22 | 004,702,324 | ---- | M] (Polar Electro Oy                                            ) -- C:\Users\Julian\Desktop\PolarWebLink_2.4.13.exe
[2012.08.26 17:46:09 | 011,803,376 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.26 08:50:47 | 000,020,385 | ---- | M] () -- C:\Users\Julian\Desktop\oswald.zip
[2012.08.24 14:40:00 | 000,203,092 | ---- | M] () -- C:\Users\Julian\Desktop\3-jahres-vergleich.pdf
[2012.08.24 13:39:00 | 000,668,615 | ---- | M] () -- C:\Users\Julian\Desktop\januar_juni_2012.pdf
[2012.08.24 13:23:48 | 000,040,798 | ---- | M] () -- C:\Users\Julian\Desktop\27203_102074779827474_3682304_n.jpg
[2012.08.19 14:42:29 | 001,385,736 | ---- | M] () -- C:\Users\Julian\Desktop\rt_diametric-sources.zip
[2012.08.18 11:50:00 | 000,709,385 | ---- | M] () -- C:\Users\Julian\Desktop\calendar-side.jpg.zip
[2012.08.15 09:35:58 | 1220,553,136 | ---- | M] () -- C:\Users\Julian\Desktop\julian and friends fotos.zip
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.07 18:49:23 | 000,050,477 | ---- | C] () -- C:\Users\Julian\Desktop\Defogger.exe
[2012.09.07 04:25:46 | 057,310,133 | ---- | C] () -- C:\Users\Julian\Desktop\ja_community_plus_joomla_2.5.zip
[2012.09.07 03:52:43 | 000,006,326 | ---- | C] () -- C:\Users\Julian\Desktop\index.html
[2012.09.07 02:39:31 | 007,872,678 | ---- | C] () -- C:\Users\Julian\Desktop\Joomla_2.5.6-Stable-Full_Package.zip
[2012.09.05 13:32:04 | 114,667,008 | ---- | C] () -- C:\Users\Julian\Desktop\sandra.bak
[2012.09.02 20:25:11 | 000,005,297 | ---- | C] () -- C:\Users\Julian\Desktop\julian.jpg
[2012.08.28 08:22:06 | 001,695,348 | ---- | C] () -- C:\Users\Julian\Desktop\Shape5_metroshows_template_current.zip.part
[2012.08.28 08:22:04 | 003,491,515 | ---- | C] () -- C:\Users\Julian\Desktop\SiteShaper_Shape5_metroshows_current.zip.part
[2012.08.28 08:22:00 | 004,390,262 | ---- | C] () -- C:\Users\Julian\Desktop\Shape5_Modern_Flavor_psds.zip
[2012.08.28 08:21:58 | 000,870,835 | ---- | C] () -- C:\Users\Julian\Desktop\Shape5_Modern_Flavor_template_current.zip
[2012.08.28 08:21:52 | 011,548,701 | ---- | C] () -- C:\Users\Julian\Desktop\SiteShaper_Shape5_Modern_Flavor_current.zip
[2012.08.28 08:21:31 | 000,748,779 | ---- | C] () -- C:\Users\Julian\Desktop\Shape5_Corporate_Response_psds.zip
[2012.08.28 08:21:24 | 000,774,254 | ---- | C] () -- C:\Users\Julian\Desktop\Shape5_Corporate_Response_template_current.zip
[2012.08.28 08:21:15 | 011,238,799 | ---- | C] () -- C:\Users\Julian\Desktop\SiteShaper_Shape5_Corporate_Response_current.zip
[2012.08.27 07:42:44 | 000,059,068 | ---- | C] () -- C:\Users\Julian\Desktop\com_virtuemart_sofort.2.0.1.zip
[2012.08.27 02:03:37 | 001,097,017 | ---- | C] () -- C:\Users\Julian\Desktop\advancedmodulemanager-v3.2.6.zip
[2012.08.26 21:09:59 | 000,001,793 | ---- | C] () -- C:\Users\Public\Desktop\Polar WebLink.lnk
[2012.08.26 08:50:46 | 000,020,385 | ---- | C] () -- C:\Users\Julian\Desktop\oswald.zip
[2012.08.24 14:40:00 | 000,203,092 | ---- | C] () -- C:\Users\Julian\Desktop\3-jahres-vergleich.pdf
[2012.08.24 13:39:00 | 000,668,615 | ---- | C] () -- C:\Users\Julian\Desktop\januar_juni_2012.pdf
[2012.08.24 13:23:48 | 000,040,798 | ---- | C] () -- C:\Users\Julian\Desktop\27203_102074779827474_3682304_n.jpg
[2012.08.19 14:42:29 | 001,385,736 | ---- | C] () -- C:\Users\Julian\Desktop\rt_diametric-sources.zip
[2012.08.18 11:50:00 | 000,709,385 | ---- | C] () -- C:\Users\Julian\Desktop\calendar-side.jpg.zip
[2012.08.15 09:23:33 | 1220,553,136 | ---- | C] () -- C:\Users\Julian\Desktop\julian and friends fotos.zip
[2012.07.14 04:39:52 | 000,711,240 | ---- | C] () -- C:\Windows\is-PUNPV.exe
[2012.04.04 16:54:09 | 000,007,610 | ---- | C] () -- C:\Users\Julian\AppData\Local\Resmon.ResmonCfg
[2012.02.16 23:17:52 | 000,001,456 | ---- | C] () -- C:\Users\Julian\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012.02.15 15:19:53 | 000,000,165 | ---- | C] () -- C:\Windows\wiso.ini
[2012.01.30 04:05:15 | 000,000,000 | ---- | C] () -- C:\Users\Julian\defogger_reenable
[2011.11.30 08:54:58 | 000,000,132 | ---- | C] () -- C:\Users\Julian\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011.11.17 18:28:42 | 000,000,132 | ---- | C] () -- C:\Users\Julian\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011.06.01 03:07:04 | 000,000,125 | ---- | C] () -- C:\Windows\FlashDecompiler.INI
[2011.05.09 08:53:13 | 000,789,796 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2011.04.04 06:31:37 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.03.14 02:21:54 | 000,003,584 | ---- | C] () -- C:\Users\Julian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.09 22:43:22 | 000,000,295 | ---- | C] () -- C:\Windows\MindMan.INI
[2010.12.15 22:11:35 | 000,000,003 | ---- | C] () -- C:\ProgramData\z156787
[2010.12.15 22:11:34 | 000,013,679 | ---- | C] () -- C:\Users\Julian\AppData\Roaming\standard
[2010.12.15 22:11:34 | 000,013,653 | ---- | C] () -- C:\Users\Julian\AppData\Roaming\standard.bak
[2010.12.15 22:11:28 | 000,000,007 | ---- | C] () -- C:\ProgramData\om
[2010.12.15 22:11:25 | 000,000,045 | ---- | C] () -- C:\ProgramData\omicro.dll
[2010.12.15 22:10:48 | 000,000,048 | ---- | C] () -- C:\ProgramData\zem13a45i2l
[2010.12.15 22:10:26 | 000,000,025 | ---- | C] () -- C:\ProgramData\1764414
[2010.12.15 22:10:26 | 000,000,003 | ---- | C] () -- C:\ProgramData\156787
[2010.11.22 04:26:20 | 000,000,891 | ---- | C] () -- C:\Windows\SysWow64\secushr.dat
[2010.11.22 04:21:51 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010.11.15 18:35:41 | 000,000,600 | ---- | C] () -- C:\Users\Julian\AppData\Local\PUTTY.RND
[2010.11.02 20:35:11 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010.10.25 01:09:46 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
[2010.10.25 01:05:31 | 000,000,068 | ---- | C] () -- C:\Windows\spwdrg.INI
[2010.10.25 01:05:25 | 000,000,077 | ---- | C] () -- C:\Windows\Crypkey.ini
[2010.10.25 01:05:22 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2010.10.25 01:05:22 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2010.10.25 01:05:22 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2010.10.19 07:01:27 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.09.26 05:05:39 | 000,000,600 | ---- | C] () -- C:\Users\Julian\AppData\Roaming\winscp.rnd
[2010.09.21 04:59:30 | 000,000,132 | ---- | C] () -- C:\Users\Julian\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010.08.04 19:02:52 | 000,001,456 | ---- | C] () -- C:\Users\Julian\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2010.03.30 04:30:59 | 000,409,966 | ---- | C] () -- C:\Users\Julian\AppData\Roaming\farm.bmp
[2010.03.30 04:25:25 | 000,018,363 | ---- | C] () -- C:\Users\Julian\AppData\Roaming\settings.dat
 
========== LOP Check ==========
 
[2010.03.28 03:51:38 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Artisteer
[2012.09.07 01:02:55 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Ator
[2010.11.22 04:26:12 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\BITS
[2012.02.15 15:17:23 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Buhl Data Service
[2010.08.02 23:13:24 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.06.25 19:24:09 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Copernic
[2011.12.12 01:13:46 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\DAEMON Tools Lite
[2011.04.04 06:24:18 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Digiarty
[2010.03.28 21:40:59 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\DigitalJuice
[2010.06.30 16:14:58 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\DisplayFusion
[2011.03.09 18:18:08 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.26 08:13:47 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Easy Duplicate Finder
[2012.08.16 14:46:30 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\EasyDuplicateFinder
[2010.07.18 23:29:31 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\EditPlus 3
[2011.09.13 11:11:39 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Encryptomatic, LLC
[2012.09.07 11:26:02 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\FileZilla
[2011.01.10 05:35:17 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\FlashGet
[2010.11.22 04:21:43 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\FlashGetBHO
[2012.02.14 00:41:14 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\FRITZ!
[2011.09.09 02:46:06 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\GrabPro
[2010.09.07 01:46:36 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\HD Tune Pro
[2010.07.01 21:45:22 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Itsth
[2012.07.26 18:12:03 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\KastorFreeVimeoDownloader
[2011.04.24 21:22:11 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Leadertech
[2012.07.26 18:20:04 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\MediaProSoft Free YouTube to FLV Converter
[2011.09.13 11:11:51 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\MessageViewer
[2010.09.07 00:12:34 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\NASNaviator2
[2011.03.24 17:50:51 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Opus
[2011.09.13 03:23:27 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Orbit
[2010.08.02 16:41:57 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\PACE Anti-Piracy
[2011.09.09 02:46:09 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\ProgSense
[2010.03.27 23:16:44 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Publish Providers
[2010.04.01 04:33:32 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Serif
[2010.10.12 03:55:09 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Sierra Entertainment
[2011.01.30 10:32:45 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Sincell
[2011.08.18 01:53:42 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Sony
[2010.04.14 17:53:09 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Sony Creative Software
[2011.03.08 19:15:46 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Sony Creative Software Inc
[2010.09.18 20:49:00 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\SorensonMedia
[2010.10.04 13:56:48 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.08.24 16:15:36 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\TeamViewer
[2010.11.03 08:51:43 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Thunderbird
[2011.09.09 06:22:57 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Unity
[2012.09.07 01:02:42 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\Unqyok
[2011.06.29 15:32:23 | 000,000,000 | ---D | M] -- C:\Users\Julian\AppData\Roaming\YCanPDF
[2010.04.01 07:43:11 | 000,000,214 | ---- | M] () -- C:\Windows\Tasks\CreateChoiceProcessTask.job
[2012.07.23 09:42:34 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 452 bytes -> C:\Users\Julian\Desktop\seminaranmeldung.ppp:SummaryInformation
@Alternate Data Stream - 448 bytes -> C:\Users\Julian\Desktop\Namensschilder.ppp:SummaryInformation
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:4FF9FD44
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:DED17083
@Alternate Data Stream - 1173 bytes -> C:\Program Files\Common Files\System:RkiiH9tguVdpsjvqSTJA4GO
@Alternate Data Stream - 1095 bytes -> C:\ProgramData\Microsoft:ZJG8wqVt0uDYTZve9O
@Alternate Data Stream - 1073 bytes -> C:\ProgramData\Microsoft:7HJeLU7DD79D6Ymr79FdLleG

< End of report >
GMER habe ich nicht laufen lassen, weil ich ein x64-bit-system habe.

So, ich hoffe, ich habe kurz und knackig alle wichtigen Infso zusammenstellen können. ;-)

Alles Liebe, Julian!

 

Themen zu Zugriff auf Filezilla ... wohl über einen Trojaner
adobe, antivirus, bankguard, bho, bonjour, error, explorer, firefox, firewall, format, frage, gdata, gebraucht, google earth, home, homepage, infizierte, intranet, langs, logfile, mozilla, nvidia, plug-in, realtek, registry, server, sierra, siteadvisor, software, trojaner, vdeck.exe, windows


« mbrrootkit, biosvirus: rechner neumachen plus mbr löschen bringt nichts | Rechner mit Trojaner befahlen ... »


Ähnliche Themen: Zugriff auf Filezilla ... wohl über einen Trojaner


  1. Trojaner sendet E-Mails (web.de Account) an Adressbuch (Windows7 zugriff über Google Chrome)
    Log-Analyse und Auswertung - 07.11.2015 (9)
  2. Ich habe wohl einen Browserentführer, werde auf Searchengine umgeleitet und es spielt Musik
    Plagegeister aller Art und deren Bekämpfung - 01.10.2014 (17)
  3. BlackBerry Z10 erlaubte freien Zugriff über das WLAN
    Nachrichten - 12.08.2014 (0)
  4. Qvo6: Ich hab mir wohl einen Trojaner gefangen
    Plagegeister aller Art und deren Bekämpfung - 21.07.2013 (11)
  5. pxMdWicSEXclEk-exe Hab mir wohl einen Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 22.11.2012 (16)
  6. Hallo. Ich habe wohl einen Virus/ Trojaner auf meinem Windows Laptop. Es erscheint direkt nach dem
    Log-Analyse und Auswertung - 05.06.2012 (1)
  7. Lexmark sperrt Zugriff auf Webseiten über Firefox
    Plagegeister aller Art und deren Bekämpfung - 12.03.2012 (1)
  8. Seit gestern habe ich wohl einen Virus (!)
    Plagegeister aller Art und deren Bekämpfung - 12.08.2011 (3)
  9. hab mir wohl was eingefangen...könntet ihr bitte mal über die log sehen
    Log-Analyse und Auswertung - 07.01.2011 (1)
  10. Dubiose Systemstartelemente & Zugriff auf Pc nur über Deaktivierung dieser - XP
    Log-Analyse und Auswertung - 21.08.2010 (31)
  11. Trojaner über einen Link im Internet
    Log-Analyse und Auswertung - 01.05.2010 (4)
  12. Habe wohl einen Virus, ich brauche dringend Hilfe...
    Plagegeister aller Art und deren Bekämpfung - 19.01.2010 (10)
  13. Vermute Zugriff von außen durch einen Dritten!!!
    Log-Analyse und Auswertung - 13.08.2009 (21)
  14. "System Error"-Meldungen über einen Trojaner...hilfe bitte
    Mülltonne - 26.06.2008 (0)
  15. von Pop up über Spyware Quack bis keine Zugriff auf Softwaremanager
    Plagegeister aller Art und deren Bekämpfung - 16.06.2006 (4)
  16. Hife habe mir wohl einen trojaner eingefangen
    Log-Analyse und Auswertung - 17.10.2004 (5)
  17. Ich habe wohl auch einen Trojaner
    Plagegeister aller Art und deren Bekämpfung - 20.06.2004 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Zugriff auf Filezilla ... wohl über einen Trojaner - Hallo allerseits, kurzzusammenfassung: Im Januar hatte ich eine Reinigung gestartet. Damals bin ich bei dem ESET Online-Scanner hängengeblieben, den ich mehrfach "über nacht" gestartet habe, er kam aber nie "durch". - Zugriff auf Filezilla ... wohl über einen Trojaner...
Archiv
Du betrachtest: Zugriff auf Filezilla ... wohl über einen Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131