Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Datei C:\Windows\System32\services.exe infiziert: W32/Patched.UB, Patched.UA, Patched.ZA (https://www.trojaner-board.de/119721-datei-c-windows-system32-services-exe-infiziert-w32-patched-ub-patched-ua-patched-za.html)

lilaitz 17.07.2012 12:47
Datei C:\Windows\System32\services.exe infiziert: W32/Patched.UB, Patched.UA, Patched.ZA
 
Hallo allerseits,

ich verwende Avira Free AntiVirus. Dieses zeigt mir o.g. Schädlinge an. Avira selbst kann diese nicht entfernen bzw. in die Quarantäne verschieben.

Ausgehend von Anleitungen zu ähnlichen Problemen habe ich ein paar Scans gemacht:
Ein Scan mit Malwarebytes Antimalware hat "0 infizierte Dateien" ergeben.
Im Anhang befindet sich der Logfile von Hijackthis.

Außer den ewigen Meldungen von Avira hat sich mehrmals eine Webseite mit Spielen geöffnet.

Vielen Dank für Eure Hilfe!

Gruß
lilaitz

lilaitz 17.07.2012 13:05
Hier noch ein Logfile des OTL-Scans:
Leider ist er zu groß und lässt sich nicht hochladen.OTL Logfile:OTL Logfile:
Code:
OTL logfile created on: 17.07.2012 13:41:27 - Run 2
OTL by OldTimer - Version 3.2.53.1    Folder = C:\Users\username\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,42 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 46,96% Memory free
6,83 Gb Paging File | 4,22 Gb Available in Paging File | 61,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,89 Gb Total Space | 24,10 Gb Free Space | 16,08% Space Free | Partition Type: NTFS
Drive E: | 148,10 Gb Total Space | 147,82 Gb Free Space | 99,81% Space Free | Partition Type: NTFS
 
Computer Name: H-BRS | User Name: username | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.12 13:57:11 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
PRC - [2012.07.11 12:19:10 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\username\Desktop\OTL.scr
PRC - [2012.07.07 05:44:08 | 000,428,768 | ---- | M] (hxxp://code.google.com/p/TortoiseGit) -- C:\Programme\TortoiseGit\bin\TGitCache.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.06.29 18:39:34 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.06.26 19:33:03 | 003,906,432 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012.06.20 11:38:38 | 000,400,352 | ---- | M] (Mozilla Messaging) -- C:\Programme\Mozilla Thunderbird\thunderbird.exe
PRC - [2012.05.08 21:48:32 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 21:48:31 | 000,466,896 | ---- | M] (Avira Operations GmbH & Co. KG) -- c:\Programme\Avira\AntiVir Desktop\avscan.exe
PRC - [2012.05.08 21:48:31 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 21:48:31 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 21:48:31 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.25 19:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.08.25 19:35:02 | 000,055,296 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe
PRC - [2011.08.25 19:35:02 | 000,024,064 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe
PRC - [2011.07.01 11:46:40 | 000,099,328 | ---- | M] () -- C:\Programme\OpenVPN\bin\openvpn-gui-1.0.3.exe
PRC - [2011.06.29 10:51:24 | 000,112,800 | ---- | M] (Intel Corporation) -- C:\Windows\System32\IPROSetMonitor.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.03.02 17:20:58 | 000,224,256 | ---- | M] () -- C:\Programme\GNU\GnuPG\dirmngr.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 23:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.10.20 11:21:42 | 000,167,936 | ---- | M] () -- C:\Programme\gateProtect\VPN Client\bin\Service.exe
PRC - [2010.05.08 13:48:36 | 000,229,376 | ---- | M] () -- C:\ProgramData\DataCardService\DCService.exe
PRC - [2010.05.08 13:48:26 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DataCardService\DCSHelper.exe
PRC - [2009.07.14 03:14:36 | 000,259,072 | R--- | M] () -- C:\Windows\System32\services.exe
PRC - [2009.03.30 03:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
PRC - [2008.08.29 13:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008.07.10 02:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.16 09:27:25 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012.07.16 09:27:24 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012.07.12 13:57:11 | 009,465,032 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_265.dll
MOD - [2012.07.07 05:44:40 | 000,072,416 | ---- | M] () -- C:\Programme\TortoiseGit\bin\zlib132.dll
MOD - [2012.07.07 05:44:30 | 000,333,024 | ---- | M] () -- C:\Programme\TortoiseGit\bin\libgit232.dll
MOD - [2012.06.29 18:39:34 | 002,042,848 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.06.29 13:38:04 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012.06.29 13:38:03 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012.06.20 11:38:40 | 001,977,312 | ---- | M] () -- C:\Programme\Mozilla Thunderbird\mozjs.dll
MOD - [2012.06.20 11:38:40 | 000,162,784 | ---- | M] () -- C:\Programme\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2012.06.20 11:38:40 | 000,021,984 | ---- | M] () -- C:\Programme\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2012.04.25 19:52:28 | 001,270,160 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\qtscript4.dll
MOD - [2012.04.25 19:52:26 | 007,422,352 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\qtgui4.dll
MOD - [2012.04.25 19:52:24 | 000,795,024 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\qtnetwork4.dll
MOD - [2012.04.25 19:52:24 | 000,192,912 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\qtsql4.dll
MOD - [2012.04.25 19:52:22 | 002,453,904 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\qtdeclarative4.dll
MOD - [2012.04.25 19:52:22 | 002,126,224 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\qtcore4.dll
MOD - [2011.08.25 19:35:02 | 000,055,296 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe
MOD - [2011.08.25 19:34:06 | 000,039,424 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.SSL.pyd
MOD - [2011.08.25 19:34:06 | 000,006,656 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\pyovpnc.pyd
MOD - [2011.08.25 19:34:00 | 000,010,240 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.rand.pyd
MOD - [2011.08.25 19:33:58 | 000,061,440 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.crypto.pyd
MOD - [2011.08.25 19:33:38 | 000,007,680 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\twisted.protocols._c_urlarg.pyd
MOD - [2011.08.25 19:32:48 | 000,019,968 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\zope.interface._zope_interface_coptimizations.pyd
MOD - [2011.08.19 01:44:10 | 000,005,632 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\ovpntray.dll
MOD - [2011.07.01 11:46:40 | 000,099,328 | ---- | M] () -- C:\Programme\OpenVPN\bin\openvpn-gui-1.0.3.exe
MOD - [2011.05.28 23:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2011.03.07 04:07:58 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2011.03.02 17:18:28 | 000,656,384 | ---- | M] () -- C:\Programme\GNU\GnuPG\gpgex.dll
MOD - [2011.02.27 10:12:56 | 000,110,080 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\pywintypes26.dll
MOD - [2011.02.26 11:33:20 | 000,167,424 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\win32gui.pyd
MOD - [2011.02.26 11:33:14 | 000,096,768 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\win32api.pyd
MOD - [2011.02.26 11:32:28 | 000,035,840 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\win32process.pyd
MOD - [2011.02.26 11:31:48 | 000,017,408 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\win32event.pyd
MOD - [2010.08.24 18:48:54 | 000,011,776 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\select.pyd
MOD - [2010.08.24 18:48:52 | 000,286,208 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\_hashlib.pyd
MOD - [2010.08.24 18:48:48 | 000,153,088 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\pyexpat.pyd
MOD - [2010.08.24 18:48:16 | 000,073,728 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\_ctypes.pyd
MOD - [2010.08.24 18:48:02 | 000,720,896 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\_ssl.pyd
MOD - [2010.08.24 18:47:50 | 000,040,448 | ---- | M] () -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\_socket.pyd
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.12 13:57:11 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.29 18:39:34 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.08 21:48:32 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 21:48:31 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.25 19:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Programme\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe -- (KSS)
SRV - [2012.02.15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.29 23:13:04 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.08.25 19:35:02 | 000,024,064 | ---- | M] () [Auto | Running] -- C:\Programme\OpenVPN Technologies\OpenVPN Client\core\capiws.exe -- (OpenVPNAccessClient)
SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011.07.01 11:46:40 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2011.06.29 10:51:24 | 000,112,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\System32\IPROSetMonitor.exe -- (Intel(R) PROSet Monitoring Service) Intel(R)
SRV - [2011.03.02 17:20:58 | 000,224,256 | ---- | M] () [Auto | Running] -- C:\Programme\GNU\GnuPG\dirmngr.exe -- (DirMngr)
SRV - [2010.11.20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.10.20 11:21:42 | 000,167,936 | ---- | M] () [Auto | Running] -- C:\Programme\gateProtect\VPN Client\bin\Service.exe -- (GPVPNService)
SRV - [2010.05.08 13:48:36 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DataCardService\DCService.exe -- (DCService.exe)
SRV - [2009.10.20 20:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Programme\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009.07.21 04:04:00 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.03.30 03:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2009.03.30 03:23:32 | 000,254,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2009.03.30 03:23:24 | 000,366,936 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server-Agent (SQLEXPRESS)
SRV - [2008.08.29 13:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008.07.10 02:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.05.08 21:48:32 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 21:48:32 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.09.15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.08.19 01:46:06 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tapoas.sys -- (tapoas)
DRV - [2011.08.17 09:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011.08.04 02:27:18 | 007,517,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32) ___ Intel(R)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.20 09:36:42 | 000,268,968 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1c6232.sys -- (e1cexpress) Intel(R)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.07.01 11:46:40 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2011.06.21 08:50:42 | 000,195,968 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2011.06.21 08:50:42 | 000,017,920 | ---- | M] (Xilinx, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xusb_xp2.sys -- (XilinxFirmwarePusb2Loader)
DRV - [2011.06.21 08:50:42 | 000,016,000 | ---- | M] (Xilinx, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\xpc4drvr.sys -- (XilinxPC4Driver)
DRV - [2011.03.18 23:46:26 | 000,061,704 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2011.01.18 18:38:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Programme\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys -- (VSPerfDrv100)
DRV - [2010.11.20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010.11.20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010.11.20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.10.19 23:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI) Intel(R)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.10.20 20:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009.06.29 18:59:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009.06.29 18:59:02 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2009.04.09 14:38:26 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.03.30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2008.08.29 13:57:18 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008.03.29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007.01.18 18:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=102&q={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-574850090-3422465443-89485644-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/ [binary data]
IE - HKU\S-1-5-21-574850090-3422465443-89485644-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.jzip.com/
IE - HKU\S-1-5-21-574850090-3422465443-89485644-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-574850090-3422465443-89485644-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-574850090-3422465443-89485644-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 42 7B 07 9D B2 76 CC 01  [binary data]
IE - HKU\S-1-5-21-574850090-3422465443-89485644-1000\..\SearchScopes,DefaultScope = {848C3FF2-C933-42F4-B977-2AEEFCDFBED4}
IE - HKU\S-1-5-21-574850090-3422465443-89485644-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-574850090-3422465443-89485644-1000\..\SearchScopes\{848C3FF2-C933-42F4-B977-2AEEFCDFBED4}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811_yserp&p={searchTerms}
IE - HKU\S-1-5-21-574850090-3422465443-89485644-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=102&q={searchTerms}
IE - HKU\S-1-5-21-574850090-3422465443-89485644-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811_yserp"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/webhp?hl=de"
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.29 18:39:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.21 23:21:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.20 11:38:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.29 18:39:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.21 23:21:37 | 000,000,000 | ---D | M]
 
[2011.09.23 10:30:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\username\AppData\Roaming\mozilla\Extensions
[2012.07.16 12:35:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\username\AppData\Roaming\mozilla\Firefox\Profiles\ebkc64cb.default\extensions
[2012.06.29 13:22:01 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\username\AppData\Roaming\mozilla\Firefox\Profiles\ebkc64cb.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011.09.19 13:07:15 | 000,002,497 | ---- | M] () -- C:\Users\username\AppData\Roaming\Mozilla\Firefox\Profiles\ebkc64cb.default\searchplugins\SearchResults.xml
[2012.01.24 13:10:00 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.13 12:20:24 | 000,007,990 | ---- | M] () (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EBKC64CB.DEFAULT\EXTENSIONS\POWER-DEBUGGER_SELENIUM-IDE@SAMIT.BADLE.XPI
[2012.04.26 17:32:23 | 000,021,258 | ---- | M] () (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EBKC64CB.DEFAULT\EXTENSIONS\SELENIUM_IDE_BUTTONS@EGARRACINGTEAM.COM.AR.XPI
[2012.06.13 12:20:25 | 000,016,283 | ---- | M] () (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EBKC64CB.DEFAULT\EXTENSIONS\SELENIUM-EXPERT_SELENIUM-IDE@SAMIT.BADLE.XPI
[2012.06.29 18:39:34 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.01.24 13:09:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.24 13:09:52 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.01.24 13:09:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.24 13:09:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.19 13:07:15 | 000,002,497 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2012.01.24 13:09:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.24 13:09:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.10.17 11:28:00 | 000,000,994 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.94.0.1        client.openvpn.net
O1 - Hosts: 127.94.0.2        openvpn-client.us.shieldexchange.com
O2 - BHO: (Microsoft-Webtestaufzeichnung 10.0-Hilfsprogramm) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Programme\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Smart File Advisor] C:\Program Files\Smart File Advisor\sfa.exe (Filefacts.net)
O4 - HKU\S-1-5-21-574850090-3422465443-89485644-1000..\Run: [Adobe Reader Synchronizer] C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-574850090-3422465443-89485644-1000..\Run: [KSS] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
O4 - HKU\S-1-5-21-574850090-3422465443-89485644-1000..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.95.66.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5173053F-2E01-4ECB-B4F5-A0B847FCE7D6}: DhcpNameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{700CE3F2-5C2A-4175-95C7-8FC9CFB9AD76}: DhcpNameServer = 194.95.66.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ACA5E565-955F-4BA6-8C51-D952C3560E68}: DhcpNameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE78BFF2-B5CD-46A5-B5F6-378062360E00}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{215176ed-2efd-11e1-9a8c-ec55f9efbdd0}\Shell - "" = AutoRun
O33 - MountPoints2\{215176ed-2efd-11e1-9a8c-ec55f9efbdd0}\Shell\AutoRun\command - "" = D:\Startme.exe
O33 - MountPoints2\{908de51e-0a2a-11e1-b462-ec55f9efbdd0}\Shell - "" = AutoRun
O33 - MountPoints2\{908de51e-0a2a-11e1-b462-ec55f9efbdd0}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{d52e9dc1-0a46-11e1-818d-ec55f9efbdd0}\Shell - "" = AutoRun
O33 - MountPoints2\{d52e9dc1-0a46-11e1-818d-ec55f9efbdd0}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{ec37febc-08bc-11e1-bec4-ec55f9efbdd0}\Shell - "" = AutoRun
O33 - MountPoints2\{ec37febc-08bc-11e1-bec4-ec55f9efbdd0}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{ec37ff4d-08bc-11e1-bec4-ec55f9efbdd0}\Shell - "" = AutoRun
O33 - MountPoints2\{ec37ff4d-08bc-11e1-bec4-ec55f9efbdd0}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{faadcc94-e24d-11e0-b1d7-ec55f9efbdd0}\Shell - "" = AutoRun
O33 - MountPoints2\{faadcc94-e24d-11e0-b1d7-ec55f9efbdd0}\Shell\AutoRun\command - "" = D:\start.exe /auto
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 90 Days ==========
 
[2012.07.17 09:35:38 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Roaming\elsterformular
[2012.07.17 09:35:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
[2012.07.17 09:35:05 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular
[2012.07.17 09:34:33 | 000,000,000 | ---D | C] -- C:\Program Files\ElsterFormular
[2012.07.16 12:43:45 | 000,000,000 | ---D | C] -- C:\Users\username\Desktop\Cybersecurity
[2012.07.14 21:17:30 | 000,000,000 | ---D | C] -- C:\Users\username\Desktop\GirlsDay1 2012
[2012.07.14 21:17:25 | 000,000,000 | ---D | C] -- C:\Users\username\Desktop\GirlsDay2 2012
[2012.07.14 21:17:18 | 000,000,000 | ---D | C] -- C:\Users\username\Desktop\GirlsDay 2012korea
[2012.07.14 21:17:16 | 000,000,000 | ---D | C] -- C:\Users\username\Desktop\rika@huenerbach.de
[2012.07.12 23:14:37 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
[2012.07.12 23:13:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012.07.12 23:13:51 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2012.07.11 15:48:29 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.11 13:26:53 | 001,153,912 | ---- | C] (Emsi Software GmbH) -- C:\Users\username\Desktop\BlitzBlank.exe
[2012.07.11 12:19:08 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\username\Desktop\OTL.scr
[2012.07.11 10:25:57 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.07.11 10:25:55 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2012.07.11 10:25:52 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2012.07.10 14:15:31 | 000,000,000 | ---D | C] -- C:\Users\username\Desktop\gitRep
[2012.07.10 14:04:54 | 000,000,000 | ---D | C] -- C:\Users\username\.ssh
[2012.07.09 12:49:50 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Local\TGitCache
[2012.07.09 12:38:50 | 000,000,000 | ---D | C] -- C:\Users\username\GitRep
[2012.07.09 11:21:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY
[2012.07.09 11:21:23 | 000,000,000 | ---D | C] -- C:\Program Files\PuTTY
[2012.07.09 11:16:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseGit
[2012.07.09 11:16:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays
[2012.07.09 11:16:02 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseGit
[2012.07.09 11:12:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
[2012.07.09 11:11:37 | 000,000,000 | ---D | C] -- C:\Program Files\Git
[2012.07.05 23:51:53 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2012.07.04 20:14:43 | 000,000,000 | ---D | C] -- C:\Users\username\Desktop\Implementierung Tests
[2012.06.29 18:37:57 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Roaming\Malwarebytes
[2012.06.29 18:37:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.29 18:37:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.29 18:37:49 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.29 18:37:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.06.29 13:37:51 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Roaming\SUPERAntiSpyware.com
[2012.06.29 13:37:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.06.29 13:37:38 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.06.29 13:37:38 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.06.29 13:22:10 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Roaming\QuickScan
[2012.06.27 12:57:06 | 000,000,000 | ---D | C] -- C:\Users\username\Desktop\Projekt
[2012.06.21 19:35:21 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.21 19:35:21 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.21 19:34:54 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.21 19:34:53 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.21 19:34:53 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.21 19:34:34 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.21 19:34:34 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012.06.15 11:28:44 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Local\Macromedia
[2012.06.14 14:48:09 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.06.14 14:48:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.06.14 14:48:09 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.06.14 14:48:09 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.06.14 14:48:08 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.06.14 14:48:00 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012.06.14 14:48:00 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012.06.14 14:48:00 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012.06.13 14:44:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Modelsim PE 10.0c
[2012.06.13 14:39:17 | 000,000,000 | ---D | C] -- C:\modeltech_pe_10.0c
[2012.06.13 14:38:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mentor Graphics
[2012.06.13 14:37:55 | 000,000,000 | ---D | C] -- C:\MentorGraphics
[2012.06.07 14:50:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012.06.07 14:49:25 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012.06.07 14:49:19 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Local\Google
[2012.05.31 15:03:25 | 000,978,432 | ---- | C] (GNU <www.gnu.org>) -- C:\Windows\System32\libiconv2.dll
[2012.05.21 23:21:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.05.21 23:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012.05.21 23:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012.05.12 09:54:02 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.05.12 09:54:01 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.05.12 09:53:57 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.05.05 16:04:48 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Roaming\MiKTeX
[2012.05.05 16:04:10 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Local\MiKTeX
[2012.05.05 15:53:11 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Texmaker
[2012.05.05 15:53:01 | 000,000,000 | ---D | C] -- C:\Program Files\Texmaker
[2012.05.05 15:49:26 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ghostscript
[2012.05.05 15:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\gs
[2012.05.05 00:11:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.9
[2012.05.05 00:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\MiKTeX
[2012.05.04 23:19:15 | 000,000,000 | ---D | C] -- C:\Program Files\MiKTeX 2.9
[2012.05.03 09:01:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.05.03 09:01:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.04.18 20:56:30 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2012.04.18 20:56:30 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
 
========== Files - Modified Within 90 Days ==========
 
[2012.07.17 13:57:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.17 13:54:04 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.17 13:10:29 | 000,000,600 | ---- | M] () -- C:\Users\username\AppData\Local\PUTTY.RND
[2012.07.17 10:15:49 | 000,050,461 | ---- | M] () -- C:\Users\username\Desktop\Ausschreibung_wissenschaftliche_Begegnungen.pdf
[2012.07.17 09:35:09 | 000,001,183 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2012.07.16 23:36:32 | 000,762,182 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.16 23:36:32 | 000,717,460 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.16 23:36:32 | 000,172,536 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.16 23:36:32 | 000,145,482 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.16 23:06:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.16 15:04:38 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.16 12:49:10 | 000,120,141 | ---- | M] () -- C:\Users\username\Desktop\CPC_2013_special_Flajolet_issue_CFP.pdf
[2012.07.16 12:32:14 | 000,000,516 | ---- | M] () -- C:\Windows\wiso.ini
[2012.07.16 09:33:48 | 000,022,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.16 09:33:48 | 000,022,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.16 09:25:09 | 000,000,021 | ---- | M] () -- C:\Windows\S.dirmngr
[2012.07.16 09:24:25 | 2750,337,024 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.13 23:24:29 | 000,065,263 | ---- | M] () -- C:\Users\username\Desktop\gesis.pdf
[2012.07.13 23:24:23 | 000,032,524 | ---- | M] () -- C:\Users\username\Desktop\gesis.odt
[2012.07.13 23:10:37 | 000,312,258 | ---- | M] () -- C:\Users\username\Desktop\Lebenslauf_Deutsch.pdf
[2012.07.13 06:03:48 | 000,001,063 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.12 23:14:21 | 000,001,047 | ---- | M] () -- C:\Users\username\Desktop\Kaspersky Security Scan.lnk
[2012.07.12 13:57:11 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.07.12 13:57:11 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.07.11 17:28:06 | 000,292,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.11 15:37:10 | 000,000,218 | ---- | M] () -- C:\Users\username\.recently-used.xbel
[2012.07.11 13:30:39 | 000,751,104 | ---- | M] () -- C:\Users\username\Desktop\zoek.exe
[2012.07.11 13:26:55 | 001,153,912 | ---- | M] (Emsi Software GmbH) -- C:\Users\username\Desktop\BlitzBlank.exe
[2012.07.11 13:26:12 | 000,000,080 | ---- | M] () -- C:\Fix.bat
[2012.07.11 12:19:10 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\username\Desktop\OTL.scr
[2012.07.10 14:16:58 | 000,000,006 | ---- | M] () -- C:\Users\username\.gitconfig
[2012.07.09 11:12:06 | 000,001,822 | ---- | M] () -- C:\Users\Public\Desktop\Git Bash.lnk
[2012.07.06 19:43:19 | 003,478,087 | ---- | M] () -- C:\Users\username\Desktop\GlitchFreeFPGA-HOST12.pdf
[2012.07.06 19:41:54 | 000,024,858 | ---- | M] () -- C:\Users\username\Desktop\sboxmaskcorr15stageInvENBuff.v
[2012.07.04 15:13:22 | 002,002,342 | ---- | M] () -- C:\Users\username\Desktop\27I8-IJAET0805831-FPGA-IMPLEMENTATIONS.pdf
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.01 23:12:32 | 000,456,895 | ---- | M] () -- C:\Users\username\Desktop\findform.pdf
[2012.06.29 13:37:45 | 000,001,957 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.06.17 14:45:25 | 000,138,236 | ---- | M] () -- C:\Users\username\Desktop\gedicht.pdf
[2012.06.12 04:40:48 | 002,345,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.06.06 07:03:06 | 000,805,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2012.06.05 13:54:13 | 000,282,956 | ---- | M] () -- C:\Users\username\Desktop\MMTT.pdf
[2012.06.03 00:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.03 00:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.03 00:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.03 00:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.03 00:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.02 15:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012.06.02 06:39:10 | 000,219,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.05.18 14:17:46 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2012.05.15 05:00:45 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.05.08 21:48:32 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.05.08 21:48:32 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.04.26 06:45:55 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012.04.26 06:45:54 | 000,129,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012.04.26 06:41:16 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012.04.20 07:00:27 | 000,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.04.20 06:57:39 | 000,627,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.04.20 06:56:51 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.04.20 05:16:44 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.04.18 20:56:30 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2012.04.18 20:56:30 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
 
========== Files Created - No Company Name ==========
 
[2012.07.17 10:15:33 | 000,050,461 | ---- | C] () -- C:\Users\username\Desktop\Ausschreibung_wissenschaftliche_Begegnungen.pdf
[2012.07.17 09:35:09 | 000,001,183 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2012.07.16 20:45:42 | 000,556,333 | ---- | C] () -- C:\Users\username\Desktop\enlnff.pdf
[2012.07.16 12:48:41 | 000,120,141 | ---- | C] () -- C:\Users\username\Desktop\CPC_2013_special_Flajolet_issue_CFP.pdf
[2012.07.15 10:29:35 | 000,000,021 | ---- | C] () -- C:\Windows\S.dirmngr
[2012.07.13 23:11:56 | 000,312,258 | ---- | C] () -- C:\Users\username\Desktop\Lebenslauf_Deutsch.pdf
[2012.07.13 22:24:20 | 000,065,263 | ---- | C] () -- C:\Users\username\Desktop\gesis.pdf
[2012.07.13 22:24:15 | 000,032,524 | ---- | C] () -- C:\Users\username\Desktop\gesis.odt
[2012.07.12 23:14:37 | 000,001,047 | ---- | C] () -- C:\Users\username\Desktop\Kaspersky Security Scan.lnk
[2012.07.11 15:37:10 | 000,000,218 | ---- | C] () -- C:\Users\username\.recently-used.xbel
[2012.07.11 13:30:37 | 000,751,104 | ---- | C] () -- C:\Users\username\Desktop\zoek.exe
[2012.07.11 13:26:38 | 000,000,080 | ---- | C] () -- C:\Fix.bat
[2012.07.10 14:16:58 | 000,000,006 | ---- | C] () -- C:\Users\username\.gitconfig
[2012.07.09 12:36:40 | 000,000,600 | ---- | C] () -- C:\Users\username\AppData\Local\PUTTY.RND
[2012.07.09 11:12:06 | 000,001,822 | ---- | C] () -- C:\Users\Public\Desktop\Git Bash.lnk
[2012.07.06 19:43:19 | 003,478,087 | ---- | C] () -- C:\Users\username\Desktop\GlitchFreeFPGA-HOST12.pdf
[2012.07.06 19:41:54 | 000,024,858 | ---- | C] () -- C:\Users\username\Desktop\sboxmaskcorr15stageInvENBuff.v
[2012.07.04 15:13:22 | 002,002,342 | ---- | C] () -- C:\Users\username\Desktop\27I8-IJAET0805831-FPGA-IMPLEMENTATIONS.pdf
[2012.07.04 14:46:25 | 017,573,442 | ---- | C] () -- C:\Users\username\Desktop\FPGA_Prototyping_by_VHDL_Examples__Xilinx_Spartan_3_Version.pdf
[2012.07.04 14:46:05 | 035,763,729 | ---- | C] () -- C:\Users\username\Desktop\RTL_Hardware_Design_Using_VHDL___Coding_for_Efficiency__Portability__and_Scalability.pdf
[2012.07.01 23:12:32 | 000,456,895 | ---- | C] () -- C:\Users\username\Desktop\findform.pdf
[2012.06.29 18:37:51 | 000,001,063 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.29 13:37:45 | 000,001,957 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.06.17 14:45:22 | 000,138,236 | ---- | C] () -- C:\Users\username\Desktop\gedicht.pdf
[2012.06.07 14:49:29 | 000,001,126 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.07 14:49:28 | 000,001,122 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.05 13:54:13 | 000,282,956 | ---- | C] () -- C:\Users\username\Desktop\MMTT.pdf
[2012.05.31 15:03:26 | 005,875,200 | ---- | C] () -- C:\Windows\System32\pdftk.exe
[2012.05.18 14:17:46 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2012.01.28 22:50:23 | 000,000,516 | ---- | C] () -- C:\Windows\wiso.ini
[2012.01.11 22:38:08 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{e126cd52-b531-6220-4476-e3b42e487d04}\@
[2012.01.11 22:38:08 | 000,002,048 | -HS- | C] () -- C:\Users\username\AppData\Local\{e126cd52-b531-6220-4476-e3b42e487d04}\@
[2012.01.10 17:54:03 | 000,000,245 | ---- | C] () -- C:\Users\username\openvpn-connect.json
[2012.01.09 22:00:48 | 004,346,880 | ---- | C] () -- C:\Windows\System32\ffmpeg.dll
[2012.01.08 00:22:00 | 000,172,032 | ---- | C] () -- C:\Windows\System32\libbluray.dll
[2012.01.08 00:21:50 | 006,366,094 | ---- | C] () -- C:\Windows\System32\avcodec-lav-53.dll
[2012.01.08 00:21:50 | 001,007,151 | ---- | C] () -- C:\Windows\System32\avformat-lav-53.dll
[2012.01.08 00:21:50 | 000,354,979 | ---- | C] () -- C:\Windows\System32\swscale-lav-2.dll
[2012.01.08 00:21:50 | 000,203,306 | ---- | C] () -- C:\Windows\System32\avutil-lav-51.dll
[2012.01.08 00:21:50 | 000,138,727 | ---- | C] () -- C:\Windows\System32\avfilter-lav-2.dll
[2011.12.20 20:50:04 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.12.20 20:49:56 | 000,099,328 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2011.12.20 20:49:54 | 000,158,720 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2011.12.20 20:49:54 | 000,146,944 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2011.12.20 20:49:52 | 001,525,248 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2011.12.20 20:49:52 | 000,212,480 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2011.12.20 20:49:52 | 000,115,200 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2011.12.20 20:49:50 | 000,328,704 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2011.12.20 20:49:50 | 000,260,608 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2011.12.20 20:49:50 | 000,137,728 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2011.12.07 21:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\Lagarith.dll
[2011.12.06 16:46:30 | 000,001,252 | ---- | C] () -- C:\Users\username\Downloads - Verknüpfung.lnk
[2011.11.30 23:49:10 | 000,001,235 | ---- | C] () -- C:\Users\username\.octave_hist
[2011.10.17 11:47:59 | 000,000,186 | ---- | C] () -- C:\Users\username\wlanfb02.opvn
[2011.09.08 16:00:52 | 000,150,528 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2011.09.08 16:00:48 | 000,142,336 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2011.09.08 16:00:42 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2011.09.08 16:00:38 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2011.09.08 16:00:34 | 000,113,152 | ---- | C] () -- C:\Windows\System32\dsmux.exe
[2011.09.08 16:00:24 | 000,154,624 | ---- | C] () -- C:\Windows\System32\ts.dll
[2011.09.08 16:00:10 | 000,137,728 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe
[2011.09.08 16:00:06 | 000,358,400 | ---- | C] () -- C:\Windows\System32\gdsmux.exe
[2011.09.08 15:59:54 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2011.09.08 15:59:52 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2011.05.30 15:42:50 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.05.23 09:46:30 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.03.07 04:45:46 | 000,213,332 | ---- | C] () -- C:\Windows\System32\igfcg600m.bin
[2011.03.07 04:45:46 | 000,145,804 | ---- | C] () -- C:\Windows\System32\igcompkrng600.bin
[2011.03.07 04:45:44 | 000,963,116 | ---- | C] () -- C:\Windows\System32\igkrng600.bin
[2011.03.07 04:13:22 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011.03.07 04:11:08 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011.03.07 04:07:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2011.03.03 13:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll
[2011.03.03 13:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll
[2011.03.03 13:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll
[2010.11.21 02:46:14 | 000,762,182 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010.11.21 02:46:14 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010.11.21 02:46:14 | 000,172,536 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010.11.21 02:46:14 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010.11.20 23:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.08.18 21:56:38 | 000,000,151 | ---- | C] () -- C:\Windows\System32\Registration.ini
 
========== LOP Check ==========
 
[2011.09.19 15:49:14 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\.purple
[2012.01.28 22:50:28 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Buhl Data Service
[2011.11.06 23:22:31 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Bytemobile
[2012.07.17 09:35:55 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\elsterformular
[2011.10.17 10:50:41 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\gateProtect
[2012.07.11 15:36:57 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\gnupg
[2012.07.11 15:36:45 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\gtk-2.0
[2011.09.18 22:13:07 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\hte
[2011.10.11 11:05:03 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\OpenOffice.org
[2012.07.14 10:55:49 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\QuickScan
[2012.02.18 23:10:10 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Subversion
[2011.09.26 11:01:39 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Thunderbird
[2011.11.06 23:22:40 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Vodafone
[2011.11.17 20:31:13 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Vodafone Mobile Connect
[2012.01.11 15:48:36 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\Xilinx
[2011.10.28 12:07:58 | 000,000,000 | ---D | M] -- C:\Users\username\AppData\Roaming\xm1
[2012.06.18 09:44:44 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2012.06.09 01:06:08 | 950,323,214 | ---- | M] ()(C:\Users\username\Documents\-----------------.mp4) -- C:\Users\username\Documents\---.mp4
[2012.06.09 00:54:08 | 950,323,214 | ---- | C] ()(C:\Users\username\Documents\-------------.mp4) -- C:\Users\username\Documents\---.mp4

< End of report >
--- --- ---

markusg 17.07.2012 16:28
hi
wenn du onlinebanking machst, rufe die bank an, lasse es wegen zero access rootkits sperren.
du musst am ende auch alle passwörter endern.
da dieses rootkit gefärhlich ist:
der pc muss neu aufgesetzt und dann abgesichert werden
1. Datenrettung:2. Formatieren, Windows neu instalieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.

lilaitz 17.07.2012 16:55
Hallo,

vielen Dank erstmal für die Infos.
Woran hast du erkannt, daß es um ZeroAccessRootkits geht?
Werde jetzt erstmal deine Tipps befolgen.

Gruß
lilaitz

lilaitz 19.07.2012 05:44
Hallo,

gibt es irgendeine Möglichkeit, die Schädling ezu entfernen ohne das System neu aufsetzen zu müssen?

Da ich den Rechner täglich nutzen muss benötige ich eine schnelle Lösung des Problems.

Bitte helft mir!

Ich wäre euch sehr dankbar für eure Zeit.

Gruß
lilaitz

markusg 19.07.2012 14:47
bitte setze das system neu auf, sind die daten gesichert?
erkennt man an den fundmeldung
wegen der schnellen hilfe, die will hier jeder, die regeln lesen bitte, ne antwort kann 3 tage dauern.
wem das nicht gefällt, sollte einen geschäft in seiner nähe aufsuchen und die dann für die arbeit bezahlen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:34 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131