|
Plagegeister aller Art und deren Bekämpfung: Incredibar loswerdenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
21.11.2012, 21:22 | #16 |
/// Malware-holic | Incredibar loswerden Noch Probleme, wenn ja, welche?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
21.11.2012, 21:27 | #17 |
| Incredibar loswerden Ja, und zwar:
__________________Die Incredibar ist immer noch da :-/ Muss ich da in den Browsern noch nachträglich was ändern? |
21.11.2012, 23:29 | #18 |
/// Malware-holic | Incredibar loswerden hi
__________________jetzt aber. dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL [2012.11.14 08:28:33 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\01pvotic.default\extensions\ffxtlbr@incredibar.com CHR - default_search_provider: MyStart Search () CHR - default_search_provider: search_url = hxxp://mystart.incredibar.com/mb185/?loc=IB_DSsearch={searchTerms}a=6PQPFUUJC1i=26 CHR - Extension: IncrediBar for Chrome\u2122 = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\niogeckbkdcabhnapjbkeiklablhjoca\1.0.5_0\ :Files :Commands [EMPTYFLASH] [emptytemp] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
__________________ |
22.11.2012, 08:01 | #19 |
| Incredibar loswerden Sie ist immer noch da - in Firefox. In Google Chrome habe ich in den Einstellungen noch was geändert (die Startseite), sodass sie jetzt da weg ist -aber wer weiß, vielleicht kommt sie ja wieder. Aber in Firefox konnte ich in den Einstellungen nichts finden: Immer wenn ich ein neues Tab öffne, kommt die Incredibar zum Vorschein. All processes killed ========== OTL ========== Folder C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\01pvotic.default\extensions\ffxtlbr@incredibar.com\ not found. Use Chrome's Settings page to remove the default_search_provider items. Use Chrome's Settings page to remove the default_search_provider items. File C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\niogeckbkdcabhnapjbkeiklablhjoca\1.0.5_0 not found. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User: Default User User: Public User: user ->Flash cache emptied: 951 bytes Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: user ->Temp folder emptied: 29311488 bytes ->Temporary Internet Files folder emptied: 259464 bytes ->FireFox cache emptied: 68350382 bytes ->Google Chrome cache emptied: 6457860 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 5364 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 100,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 11222012_075239 Files\Folders moved on Reboot... C:\Users\user\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... Ach nein, da ist sie ja wieder, auch in Google Chrome. Welcome back in my life, Incredibar! ♥ :-D |
22.11.2012, 13:09 | #20 |
/// Malware-holic | Incredibar loswerden Poste mir noch mal ein neues otl log.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
22.11.2012, 13:38 | #21 |
| Incredibar loswerden Soll ich das durch den "Scan"-Button neu erstellen? |
22.11.2012, 14:09 | #22 |
/// Malware-holic | Incredibar loswerden ja, sonst bekomm ich ja kein neues Log.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
22.11.2012, 14:35 | #23 |
| Incredibar loswerden OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.11.2012 14:29:11 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,90 Gb Total Physical Memory | 2,81 Gb Available Physical Memory | 72,19% Memory free 7,79 Gb Paging File | 6,35 Gb Available in Paging File | 81,48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 297,99 Gb Total Space | 156,25 Gb Free Space | 52,43% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.14 15:10:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe PRC - [2012.10.11 11:26:57 | 007,388,160 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\Messenger Plus! for Skype.exe PRC - [2012.10.11 10:24:43 | 000,122,368 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe PRC - [2012.10.09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\user\AppData\Local\Akamai\netsession_win.exe PRC - [2012.09.23 19:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.02 08:11:14 | 002,498,048 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe PRC - [2012.01.20 15:29:28 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.01.20 15:29:26 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2011.10.18 10:50:10 | 001,001,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2011.10.18 10:50:04 | 001,354,064 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe PRC - [2011.10.18 10:49:52 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2011.10.18 10:49:48 | 000,846,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe PRC - [2009.06.24 15:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe PRC - [2009.02.03 21:41:54 | 000,192,696 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnui.exe PRC - [2009.02.03 21:39:09 | 000,427,192 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe ========== Modules (No Company Name) ========== MOD - [2012.07.02 08:11:30 | 000,198,144 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\plugins\iCalendarPlugin.dll MOD - [2012.07.02 08:11:14 | 002,498,048 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe MOD - [2012.06.17 14:22:08 | 000,012,800 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\lfs.dll MOD - [2012.05.16 20:01:30 | 000,140,800 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\lua52.dll MOD - [2012.03.18 11:10:52 | 008,499,712 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\QtGui4.dll MOD - [2012.03.18 11:07:57 | 002,347,520 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\QtCore4.dll MOD - [2012.03.18 11:07:57 | 000,200,704 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\imageformats\qjpeg4.dll MOD - [2012.03.18 11:07:55 | 000,863,744 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\QtNetwork4.dll MOD - [2012.03.18 11:07:54 | 000,026,624 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\imageformats\qgif4.dll MOD - [2012.01.15 16:50:08 | 000,370,688 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\libsndfile.dll MOD - [2012.01.15 16:50:00 | 000,390,656 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\lame_enc.dll MOD - [2010.12.12 11:58:14 | 000,502,784 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxmsw28u_xrc_vc_rny.dll MOD - [2010.12.12 11:58:00 | 000,131,584 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxbase28u_xml_vc_rny.dll MOD - [2010.12.12 11:57:56 | 000,485,376 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxmsw28u_html_vc_rny.dll MOD - [2010.12.12 11:57:44 | 000,707,584 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxmsw28u_adv_vc_rny.dll MOD - [2010.12.12 11:57:36 | 002,633,216 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxmsw28u_core_vc_rny.dll MOD - [2010.12.12 11:56:46 | 001,205,760 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\wxbase28u_vc_rny.dll ========== Services (SafeList) ========== SRV - [2012.11.19 18:11:57 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.10.30 13:08:34 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.11 10:24:43 | 000,122,368 | ---- | M] (Yuna Software) [Auto | Running] -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe -- (MsgPlusService) SRV - [2012.09.23 19:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.04.04 20:12:04 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.01.20 15:29:28 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.01.20 15:29:26 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.01.10 20:01:52 | 000,627,936 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2011.11.01 12:37:56 | 001,518,352 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2011.11.01 12:25:42 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV - [2011.11.01 12:22:28 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2011.10.20 17:33:22 | 000,135,440 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV - [2011.10.19 13:25:00 | 000,661,504 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV - [2011.10.18 10:50:10 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2011.10.18 10:50:04 | 001,354,064 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2011.10.18 10:49:52 | 000,936,272 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.11.17 17:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.02.03 21:39:09 | 000,427,192 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.03.26 19:09:54 | 014,748,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.24 14:01:40 | 000,416,592 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2011.12.06 02:23:08 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2011.11.10 00:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011.10.31 14:57:50 | 008,615,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2011.10.19 13:19:08 | 000,195,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) DRV:64bit: - [2011.10.19 13:19:08 | 000,195,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2011.10.11 12:08:00 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex) DRV:64bit: - [2011.10.10 15:43:16 | 000,288,768 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf) DRV:64bit: - [2011.09.08 16:40:24 | 000,508,520 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169) DRV:64bit: - [2011.09.05 08:38:22 | 000,212,544 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc) DRV:64bit: - [2011.09.05 08:38:22 | 000,069,184 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh) DRV:64bit: - [2011.08.29 15:32:18 | 000,053,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:64bit: - [2011.07.28 13:33:50 | 000,313,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR) DRV:64bit: - [2011.05.20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.05.19 00:17:02 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaud.sys -- (btmaudio) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.29 16:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.09.30 20:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.09.30 20:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.15 12:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.02.03 21:23:46 | 000,019,456 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 87 DA A9 FA 7E C8 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: wisestamp@wisestamp.com:3.11.21 FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: youtube2mp3@mondayx.de:1.2.3 FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb185/?loc=IB_DS&a=6PQPFUUJC1&&i=26&search=" FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.30 13:08:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.30 13:08:34 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.15 08:33:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions [2012.11.21 21:29:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\01pvotic.default\extensions [2012.10.18 20:42:56 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\01pvotic.default\extensions\ich@maltegoetz.de [2012.10.17 16:09:28 | 001,771,909 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\01pvotic.default\extensions\wisestamp@wisestamp.com.xpi [2012.10.18 23:08:04 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\01pvotic.default\extensions\youtube2mp3@mondayx.de.xpi [2012.10.30 13:08:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.30 13:08:34 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.10.11 03:10:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.11 03:10:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.11 03:10:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.11 03:10:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.11 03:10:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.11 03:10:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.de/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.de/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\user\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\user\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Google Mail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [FLxHCIm64] C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe (Windows (R) Win 7 DDK provider) O4 - HKLM..\Run: [MessengerPlusForSkypeService] C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe (Yuna Software) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\user\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{212A68AD-2162-44A7-A181-4D5330BD25EC}: NameServer = 192.168.2.240 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BCD97863-3E94-4D24-9420-63E198042557}: Domain = rz.fh-kempten.de O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BCD97863-3E94-4D24-9420-63E198042557}: NameServer = 193.174.193.80 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFEE7098-4AE5-470B-90BF-490051845002}: DhcpNameServer = 172.16.255.250 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.21 21:25:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.11.21 21:25:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.11.21 21:04:59 | 000,000,000 | ---D | C] -- C:\_OTL [2012.11.21 11:34:00 | 000,509,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxsrvc.exe [2012.11.21 11:34:00 | 000,437,760 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrtrk.lrc [2012.11.21 11:34:00 | 000,410,624 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxTMM.dll [2012.11.21 11:34:00 | 000,276,248 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012.11.21 11:34:00 | 000,213,504 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\iglhcp64.dll [2012.11.21 11:34:00 | 000,177,152 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\iglhcp32.dll [2012.11.21 11:34:00 | 000,090,112 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxCoIn_v2712.dll [2012.11.21 11:33:59 | 008,087,040 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igdumd64.dll [2012.11.21 11:33:59 | 002,967,040 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxcmjit64.dll [2012.11.21 11:33:59 | 002,321,408 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igfxcmjit32.dll [2012.11.21 11:33:59 | 000,440,320 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrell.lrc [2012.11.21 11:33:59 | 000,439,808 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrfra.lrc [2012.11.21 11:33:59 | 000,439,808 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxresn.lrc [2012.11.21 11:33:59 | 000,439,296 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrrus.lrc [2012.11.21 11:33:59 | 000,439,296 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrrom.lrc [2012.11.21 11:33:59 | 000,438,784 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrptg.lrc [2012.11.21 11:33:59 | 000,438,784 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrplk.lrc [2012.11.21 11:33:59 | 000,438,784 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrnld.lrc [2012.11.21 11:33:59 | 000,438,784 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrita.lrc [2012.11.21 11:33:59 | 000,438,784 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrhrv.lrc [2012.11.21 11:33:59 | 000,438,272 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrsky.lrc [2012.11.21 11:33:59 | 000,438,272 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrhun.lrc [2012.11.21 11:33:59 | 000,438,272 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrfin.lrc [2012.11.21 11:33:59 | 000,438,272 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrcsy.lrc [2012.11.21 11:33:59 | 000,437,760 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrsve.lrc [2012.11.21 11:33:59 | 000,437,760 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrslv.lrc [2012.11.21 11:33:59 | 000,437,760 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrptb.lrc [2012.11.21 11:33:59 | 000,437,760 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrnor.lrc [2012.11.21 11:33:59 | 000,437,248 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrtha.lrc [2012.11.21 11:33:59 | 000,437,248 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrdan.lrc [2012.11.21 11:33:59 | 000,435,712 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrheb.lrc [2012.11.21 11:33:59 | 000,435,712 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrara.lrc [2012.11.21 11:33:59 | 000,434,688 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxdev.dll [2012.11.21 11:33:59 | 000,432,128 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrjpn.lrc [2012.11.21 11:33:59 | 000,430,592 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrkor.lrc [2012.11.21 11:33:59 | 000,429,056 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrcht.lrc [2012.11.21 11:33:59 | 000,428,544 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrchs.lrc [2012.11.21 11:33:59 | 000,386,560 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxpph.dll [2012.11.21 11:33:59 | 000,325,120 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igfxdv32.dll [2012.11.21 11:33:59 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrenu.lrc [2012.11.21 11:33:59 | 000,250,136 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxext.exe [2012.11.21 11:33:59 | 000,237,056 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igfxcmrt32.dll [2012.11.21 11:33:59 | 000,193,024 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxcmrt64.dll [2012.11.21 11:33:59 | 000,142,336 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxdo.dll [2012.11.21 11:33:59 | 000,126,976 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxcpl.cpl [2012.11.21 11:33:59 | 000,025,088 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igfxexps32.dll [2012.11.21 11:33:58 | 014,748,416 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\igdkmd64.sys [2012.11.21 11:33:55 | 005,888,792 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\GfxUI.exe [2012.11.21 11:33:55 | 000,184,600 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\difx64.exe [2012.11.21 11:33:55 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\gfxSrvc.dll [2012.11.20 23:44:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real [2012.11.20 23:44:19 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Real [2012.11.20 23:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Real [2012.11.19 13:19:15 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.11.19 13:17:39 | 004,010,544 | ---- | C] (Piriform Ltd) -- C:\Users\user\Desktop\ccsetup324.exe [2012.11.15 22:10:21 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\vlc [2012.11.15 22:08:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2012.11.14 21:37:52 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes [2012.11.14 21:37:30 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.11.14 21:37:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.11.14 21:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.14 17:53:25 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2012.11.14 17:53:25 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2012.11.14 17:48:39 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.11.14 17:48:39 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.11.14 17:48:38 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.11.14 17:48:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.11.14 17:48:37 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.11.14 17:48:37 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.11.14 17:48:37 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.11.14 17:48:37 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.11.14 17:48:37 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.11.14 17:48:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.11.14 17:48:37 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.11.14 17:48:37 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.11.14 17:48:35 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.11.14 17:48:35 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.11.14 17:48:35 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.11.14 17:45:34 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2012.11.14 17:45:31 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2012.11.14 17:45:31 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2012.11.14 17:45:31 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2012.11.14 15:10:46 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Trojaner-Board-Dateien [2012.11.14 15:10:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe [2012.11.14 10:01:39 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2012.11.14 10:01:39 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2012.11.14 10:01:39 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2012.11.14 10:01:36 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2012.11.14 10:01:36 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2012.11.14 10:01:36 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2012.11.14 10:01:35 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2012.11.14 10:01:35 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2012.11.14 10:01:35 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2012.11.14 10:01:24 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2012.11.14 10:01:24 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2012.11.13 23:15:10 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Dell WebCam Central [2012.11.13 12:16:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickDic [2012.11.13 10:04:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\tuloxFreeWBE [2012.11.13 10:04:36 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\tulox [2012.11.13 10:04:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\tulox [2012.11.12 23:46:07 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Einkauf & Finanzen [2012.11.12 23:41:26 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Reisen [2012.11.12 23:38:13 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Cádiz [2012.11.11 23:10:56 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Marcos MUC [2012.11.10 19:48:31 | 000,000,000 | ---D | C] -- C:\Users\user\.rainlendar2 [2012.11.10 19:48:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainlendar2 [2012.11.10 19:48:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rainlendar2 [2012.10.30 19:52:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint [2012.10.30 19:52:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2012.10.30 19:51:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services [2012.10.30 19:51:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2012.10.30 19:50:46 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2012.10.30 19:50:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework [2012.10.30 19:50:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition [2012.10.30 19:48:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8 [2012.10.30 19:48:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2012.10.30 19:48:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2012.10.30 19:47:41 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Microsoft Help [2012.10.30 19:47:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2012.10.30 19:47:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2012.10.30 19:47:13 | 000,000,000 | RH-D | C] -- C:\MSOCache [2012.10.30 13:08:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.10.24 08:52:15 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Diagnostics [2012.10.23 15:45:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyClient [2012.10.23 15:45:30 | 000,000,000 | ---D | C] -- C:\Program Files\AnyClient [2012.10.23 15:44:20 | 001,034,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2012.10.23 15:44:20 | 000,916,456 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2012.10.23 15:44:20 | 000,289,768 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012.10.23 15:44:05 | 000,189,416 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012.10.23 15:44:05 | 000,188,904 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012.10.23 15:44:05 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2012.10.23 15:43:54 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.10.23 15:29:41 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Cisco [2012.10.23 15:26:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco [2012.10.23 15:26:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco ========== Files - Modified Within 30 Days ========== [2012.11.22 14:10:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.22 13:41:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.22 08:01:10 | 000,021,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.22 08:01:10 | 000,021,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.22 07:54:01 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.22 07:53:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.22 07:53:47 | 3137,994,752 | -HS- | M] () -- C:\hiberfil.sys [2012.11.21 21:25:00 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.11.21 21:07:36 | 000,015,384 | ---- | M] () -- C:\Windows\SysNative\results.xml [2012.11.20 21:11:37 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.20 21:11:37 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.20 21:11:37 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.20 21:11:37 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.20 21:11:37 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.20 14:35:26 | 000,001,284 | ---- | M] () -- C:\Users\user\site.xml [2012.11.20 14:23:43 | 007,076,713 | ---- | M] () -- C:\Users\user\Markenführung_der_Zu.pdf [2012.11.19 21:56:11 | 000,543,531 | ---- | M] () -- C:\Users\user\Desktop\adwcleaner.exe [2012.11.19 18:11:57 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.11.19 18:11:57 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.11.19 15:57:43 | 000,289,263 | ---- | M] () -- C:\Users\user\Erlebniswelten.pdf [2012.11.19 15:14:37 | 029,595,552 | ---- | M] () -- C:\Users\user\Jahrbuch_Seniorenmar.pdf [2012.11.19 14:42:45 | 001,265,590 | ---- | M] () -- C:\Users\user\Tourismus-Marketing mit Profil.pdf [2012.11.19 14:02:46 | 002,944,827 | ---- | M] () -- C:\Users\user\Das Erlebnis ist das Marketing.pdf [2012.11.19 13:19:15 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.11.19 13:18:47 | 004,010,544 | ---- | M] (Piriform Ltd) -- C:\Users\user\Desktop\ccsetup324.exe [2012.11.14 18:51:53 | 000,435,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.14 16:28:04 | 015,292,097 | ---- | M] () -- C:\Users\user\Middleton&Fyall&Morgan 2009 pp. 337-359.pdf [2012.11.14 16:26:38 | 008,620,051 | ---- | M] () -- C:\Users\user\Kolb, Bonita 2006 pp. 51-74.pdf [2012.11.14 16:23:50 | 000,169,408 | ---- | M] () -- C:\Users\user\Promoting tourism destinations -a strategic marketing approach.pdf [2012.11.14 16:23:47 | 000,260,849 | ---- | M] () -- C:\Users\user\Regional Destination Marketing a Collaborative Approach.pdf [2012.11.14 16:23:41 | 000,206,604 | ---- | M] () -- C:\Users\user\Critical success factors in destination marketing -Branding.pdf [2012.11.14 16:23:32 | 000,383,796 | ---- | M] () -- C:\Users\user\An Evaluation on How Market Segmentation Aid DeMa.pdf [2012.11.14 15:10:46 | 000,051,280 | ---- | M] () -- C:\Users\user\Desktop\Trojaner-Board.html [2012.11.14 15:10:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe [2012.11.14 13:41:35 | 002,186,747 | ---- | M] () -- C:\Users\user\Kriminologie-FH-2012-13-03-ppp.pdf [2012.11.12 00:38:33 | 000,001,103 | ---- | M] () -- C:\Users\user\Desktop\Eigene Dateien.lnk [2012.10.23 15:43:56 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2012.10.23 15:43:56 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2012.10.23 15:43:56 | 000,289,768 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2012.10.23 15:43:56 | 000,189,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012.10.23 15:43:56 | 000,188,904 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012.10.23 15:43:56 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll ========== Files Created - No Company Name ========== [2012.11.21 11:34:00 | 000,018,656 | ---- | C] () -- C:\Windows\SysNative\iglhxs64.vp [2012.11.21 11:33:59 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.11.21 11:33:59 | 000,261,208 | ---- | C] () -- C:\Windows\SysNative\igfcg600m.bin [2012.11.21 11:33:59 | 000,009,216 | ---- | C] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll [2012.11.21 11:33:57 | 000,079,360 | ---- | C] () -- C:\Windows\SysNative\igdde64.dll [2012.11.21 11:33:57 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.11.21 11:33:55 | 018,137,088 | ---- | C] () -- C:\Windows\SysNative\ig4icd64.dll [2012.11.21 11:33:55 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2012.11.21 11:33:55 | 000,221,877 | ---- | C] () -- C:\Windows\SysNative\Gfxres.th-TH.resources [2012.11.21 11:33:55 | 000,208,522 | ---- | C] () -- C:\Windows\SysNative\Gfxres.el-GR.resources [2012.11.21 11:33:55 | 000,192,378 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources [2012.11.21 11:33:55 | 000,164,821 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources [2012.11.21 11:33:55 | 000,162,150 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources [2012.11.21 11:33:55 | 000,157,713 | ---- | C] () -- C:\Windows\SysNative\Gfxres.he-IL.resources [2012.11.21 11:33:55 | 000,148,461 | ---- | C] () -- C:\Windows\SysNative\Gfxres.it-IT.resources [2012.11.21 11:33:55 | 000,147,116 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources [2012.11.21 11:33:55 | 000,146,125 | ---- | C] () -- C:\Windows\SysNative\Gfxres.es-ES.resources [2012.11.21 11:33:55 | 000,146,008 | ---- | C] () -- C:\Windows\SysNative\Gfxres.de-DE.resources [2012.11.21 11:33:55 | 000,144,790 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ro-RO.resources [2012.11.21 11:33:55 | 000,144,267 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources [2012.11.21 11:33:55 | 000,143,564 | ---- | C] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources [2012.11.21 11:33:55 | 000,143,112 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources [2012.11.21 11:33:55 | 000,142,797 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources [2012.11.21 11:33:55 | 000,142,606 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources [2012.11.21 11:33:55 | 000,142,079 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources [2012.11.21 11:33:55 | 000,141,854 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources [2012.11.21 11:33:55 | 000,141,421 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources [2012.11.21 11:33:55 | 000,141,282 | ---- | C] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources [2012.11.21 11:33:55 | 000,140,949 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources [2012.11.21 11:33:55 | 000,140,548 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources [2012.11.21 11:33:55 | 000,139,901 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hr-HR.resources [2012.11.21 11:33:55 | 000,136,850 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources [2012.11.21 11:33:55 | 000,136,778 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources [2012.11.21 11:33:55 | 000,136,261 | ---- | C] () -- C:\Windows\SysNative\Gfxres.da-DK.resources [2012.11.21 11:33:55 | 000,131,674 | ---- | C] () -- C:\Windows\SysNative\Gfxres.en-US.resources [2012.11.21 11:33:55 | 000,125,306 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources [2012.11.21 11:33:55 | 000,123,778 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources [2012.11.20 14:23:43 | 007,076,713 | ---- | C] () -- C:\Users\user\Markenführung_der_Zu.pdf [2012.11.19 21:56:04 | 000,543,531 | ---- | C] () -- C:\Users\user\Desktop\adwcleaner.exe [2012.11.19 15:57:43 | 000,289,263 | ---- | C] () -- C:\Users\user\Erlebniswelten.pdf [2012.11.19 15:14:36 | 029,595,552 | ---- | C] () -- C:\Users\user\Jahrbuch_Seniorenmar.pdf [2012.11.19 14:42:45 | 001,265,590 | ---- | C] () -- C:\Users\user\Tourismus-Marketing mit Profil.pdf [2012.11.19 14:02:46 | 002,944,827 | ---- | C] () -- C:\Users\user\Das Erlebnis ist das Marketing.pdf [2012.11.19 13:19:15 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.11.14 17:53:26 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.14 17:45:30 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.14 16:23:40 | 000,260,849 | ---- | C] () -- C:\Users\user\Regional Destination Marketing a Collaborative Approach.pdf [2012.11.14 16:23:35 | 008,620,051 | ---- | C] () -- C:\Users\user\Kolb, Bonita 2006 pp. 51-74.pdf [2012.11.14 16:23:34 | 000,169,408 | ---- | C] () -- C:\Users\user\Promoting tourism destinations -a strategic marketing approach.pdf [2012.11.14 16:23:31 | 015,292,097 | ---- | C] () -- C:\Users\user\Middleton&Fyall&Morgan 2009 pp. 337-359.pdf [2012.11.14 16:23:31 | 000,206,604 | ---- | C] () -- C:\Users\user\Critical success factors in destination marketing -Branding.pdf [2012.11.14 16:23:25 | 000,383,796 | ---- | C] () -- C:\Users\user\An Evaluation on How Market Segmentation Aid DeMa.pdf [2012.11.14 15:10:45 | 000,051,280 | ---- | C] () -- C:\Users\user\Desktop\Trojaner-Board.html [2012.11.14 13:40:49 | 002,186,747 | ---- | C] () -- C:\Users\user\Kriminologie-FH-2012-13-03-ppp.pdf [2012.11.13 12:16:59 | 000,001,037 | ---- | C] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickDic.lnk [2012.11.12 20:50:51 | 000,001,284 | ---- | C] () -- C:\Users\user\site.xml [2012.10.15 08:42:20 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.10.11 14:04:00 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin [2012.10.11 13:48:25 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2012.01.10 19:39:16 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > |
23.11.2012, 14:43 | #24 |
/// Malware-holic | Incredibar loswerden hi dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb185/?loc=IB_DSa=6PQPFUUJC1&i=26search=" :Files :Commands [EMPTYFLASH] [emptytemp] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. neustarten, testen bitte.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
28.11.2012, 07:26 | #25 |
| Incredibar loswerden Sie ist noch da... All processes killed ========== OTL ========== Prefs.js: "hxxp://mystart.incredibar.com/mb185/?loc=IB_DSa=6PQPFUUJC1&i=26search=" removed from keyword.URL ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User: Default User User: Public User: user ->Flash cache emptied: 2004 bytes Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: user ->Temp folder emptied: 267909 bytes ->Temporary Internet Files folder emptied: 3692562 bytes ->FireFox cache emptied: 361949212 bytes ->Google Chrome cache emptied: 65284958 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 84326 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 411,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 11282012_072118 Files\Folders moved on Reboot... C:\Users\user\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... |
29.11.2012, 13:20 | #26 |
/// Malware-holic | Incredibar loswerden Öffne firefox, tippe in die Adressleiste: About:config enter Klicke auf, Ich werde vorsichtig sein, versprochen! gebe in das suchfeld ein: Incredibar enter Dann Rechtsklick, auf den zuerst gefundenen Wert, kopieren, undhier einfügen. Bitte wiederhole die Suche so lange, bis nichts mehr gefunden wird, und poste das Ergebniss
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
29.11.2012, 13:28 | #27 |
| Incredibar loswerden extensions.incredibar_i.aflt;orgnl |
29.11.2012, 16:10 | #28 |
/// Malware-holic | Incredibar loswerden hi waren das alle Werte, also hast du die suche so oft wiederholt, bis keine neuen Funde angezeigt wurden, falls ja, suche erneut, wie oben beschrieben, dann Rechtsklick auf: extensions.incredibar_i.aflt;orgnl Löschen. ff schließen und noch mals testen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
05.12.2012, 19:32 | #29 |
| Incredibar loswerden Also ich glaube, das war ein Missverständnis. Ich habe zuerst die Ergebnisse nicht gelöscht, sondern dachte, ich soll einfach die erste Zeile reinkopieren. Jetzt hab ich alles gelöscht, aber bei der nächsten Suche erscheint wieder diese Liste: extensions.incredibar_i.aflt;orgnl extensions.incredibar_i.dfltLng; extensions.incredibar_i.did;10678 extensions.incredibar_i.excTlbr;false extensions.incredibar_i.id;564fd1190000000000004ceb420416be extensions.incredibar_i.installerproductid;26 extensions.incredibar_i.instlDay;15658 extensions.incredibar_i.instlRef; extensions.incredibar_i.ms_url_id; extensions.incredibar_i.newTab;false extensions.incredibar_i.ppd;111 extensions.incredibar_i.prdct;incredibar extensions.incredibar_i.productid;26 extensions.incredibar_i.prtnrId;Incredibar extensions.incredibar_i.smplGrp;none extensions.incredibar_i.tlbrId;base extensions.incredibar_i.tlbrSrchUrl;hxxp://mystart.Incredibar.com/?a=6PQPFUUJC1&loc=IB_TB&i=26&search= extensions.incredibar_i.upn2;6PQPFUUJC1 extensions.incredibar_i.upn2n;92543923836391241 extensions.incredibar_i.vrsn;1.5.11.14 extensions.incredibar_i.vrsnTs;1.5.11.148:28:33 extensions.incredibar_i.vrsni;1.5.11.14 |
05.12.2012, 21:22 | #30 |
/// Malware-holic | Incredibar loswerden Hi kannst du deine Kopie von adwcleaner löschen, neu laden und ein neues Log erstellen? Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu Incredibar loswerden |
andere, anderen, angelegt, gelegt, incredibar, incredibar loswerden, installier, installiert, laptop, loswerden, programm, versehentlich, vorgehen |