Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
TR/Kazy.44028.5 Avira ANTIVIR gefunden

TR/Kazy.44028.5 Avira ANTIVIR gefunden


Log-Analyse und Auswertung: TR/Kazy.44028.5 Avira ANTIVIR gefunden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 16.11.2011, 09:28   #1
Fabio-84
 
TR/Kazy.44028.5 Avira ANTIVIR gefunden - Standard

TR/Kazy.44028.5 Avira ANTIVIR gefunden


Hallo Jungs,

also Avira hat folgenden Trojaner gefunden:
TR/Kazy.44028.5

Ich habe diverse Foren durchforstet und bereits einige Tools durchlaufen lassen. Leider konnte ich in eurem Forum keinen Kazy.44028.5 finden, daher eröffne ich einen neuen Beitrag:

Trojaner kam plötzlich beim Besuchen einer Seite - Habe nach Newsletter Systemen gesucht.. der Tr gaukelt vor meine Platte sei defekt - viele "rote" xxxx Fehler.. etc.. ob ich scannen möchte.... nun gut.

Was habe ich unternommen:

Kaspersky Live CD durchlaufen lassen
Trojan-Killer.net gedownloaded durchlaufen lassen
Superantispywware durchlafuen lassen
MBAM durchlaufen lassen
ccleaner durchlaufen lassen
cleanup durchlaufen lassen
unhide.exe durchlaufen lassen
via "autoruns" Auffällige Einträge durchforstet ..., dabei ist mir aufgefallen, dass der viele Dateien bereits durch die Cleans entfernt wurden.
so z.B. in den Temp verzeichnissen, in den geplanten tasks. etc..
habe dort die verwaiste einträge maneull gelöscht..

Restart..
Nach dem Restart weiter meinen Autostart aufgeräumt
Paar unnötige dienste deaktiviert..

nochmals Cleanup
cccleaner
alles durchlaufen lassen..

es wurde nichts mehr gefunden, der PC fühlt sich sauber an

Es gibt nur eine auffälligkeit:
SKYPE war zerstört, der Trojaner hat es gelöscht.
ich habe es jetzt erneut heruntergeladen (MSI Paket) und installiert.
Nach dem Einloggen in Skype bekam ich die Meldung von MBAM:


Code:
ATTFilter
07:59:45	f.scarvaglieri	MESSAGE	Protection started successfully
07:59:48	f.scarvaglieri	MESSAGE	IP Protection started successfully
08:09:11	f.scarvaglieri	MESSAGE	Protection started successfully
08:09:15	f.scarvaglieri	MESSAGE	IP Protection started successfully
08:46:10	f.scarvaglieri	MESSAGE	Protection started successfully
08:46:14	f.scarvaglieri	MESSAGE	IP Protection started successfully
08:53:02	f.scarvaglieri	IP-BLOCK	217.23.8.139 (Type: outgoing, Port: 1378, Process: skype.exe)
Ich werde gleich die Anleitung von euch noch durcharbeiten (leider habe ich Sie erst jetzt entdeckt) und poste alle Logs...
Beginne jetzt mit defogger...

Alt 16.11.2011, 09:54   #2
Fabio-84
 
TR/Kazy.44028.5 Avira ANTIVIR gefunden - Standard

TR/Kazy.44028.5 Avira ANTIVIR gefunden


Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:30 on 16/11/2011 (***)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 16.11.2011 09:35:03 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
11,99 Gb Total Physical Memory | 9,26 Gb Available Physical Memory | 77,24% Memory free
23,98 Gb Paging File | 20,98 Gb Available in Paging File | 87,47% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,31 Gb Total Space | 55,90 Gb Free Space | 28,62% Space Free | Partition Type: NTFS
Drive D: | 366,21 Gb Total Space | 139,23 Gb Free Space | 38,02% Space Free | Partition Type: NTFS
Drive E: | 369,99 Gb Total Space | 82,33 Gb Free Space | 22,25% Space Free | Partition Type: NTFS
Drive H: | 390,63 Gb Total Space | 240,96 Gb Free Space | 61,69% Space Free | Partition Type: NTFS
Drive I: | 368,70 Gb Total Space | 80,60 Gb Free Space | 21,86% Space Free | Partition Type: NTFS
Drive J: | 195,31 Gb Total Space | 114,60 Gb Free Space | 58,67% Space Free | Partition Type: NTFS
Drive L: | 366,21 Gb Total Space | 135,78 Gb Free Space | 37,08% Space Free | Partition Type: NTFS
Drive M: | 369,99 Gb Total Space | 82,33 Gb Free Space | 22,25% Space Free | Partition Type: NTFS
Drive P: | 97,65 Gb Total Space | 0,68 Gb Free Space | 0,70% Space Free | Partition Type: NTFS
Drive Q: | 74,52 Gb Total Space | 39,14 Gb Free Space | 52,52% Space Free | Partition Type: NTFS
 
Computer Name: I920 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.11.16 09:29:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2011.11.09 10:57:00 | 001,089,536 | ---- | M] (Ralf Steinruecken ITecSoft) -- C:\Program Files (x86)\PhoneSuite_CTI_Client\phonesuite.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.06.29 02:38:56 | 000,400,040 | ---- | M] (Avira GmbH) -- C:\program files (x86)\avira\antivir desktop\avcenter.exe
PRC - [2011.06.29 02:38:56 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.01 13:44:54 | 008,003,448 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
PRC - [2011.06.01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.06.01 12:09:02 | 000,609,904 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2011.04.29 02:26:55 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.25 22:42:16 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2011.03.25 22:42:00 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2011.03.25 22:41:50 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2010.11.03 16:06:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.08.26 15:52:46 | 000,494,128 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware View\Client\bin\wsnm.exe
PRC - [2010.05.10 12:54:38 | 001,725,440 | ---- | M] (sw4you, Siegfried Weckmann) -- C:\Program Files (x86)\Hardcopy\hardcopy.exe
PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2009.05.18 12:29:16 | 003,866,624 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
PRC - [2009.02.24 14:47:06 | 000,143,360 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.11.09 10:57:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\PhoneSuite_CTI_Client\ml_res.dll
MOD - [2011.11.09 10:57:00 | 000,094,208 | ---- | M] () -- c:\program files (x86)\phonesuite_cti_client\licence.dll
MOD - [2011.11.09 10:57:00 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\PhoneSuite_CTI_Client\tshk.dll
MOD - [2011.11.09 10:57:00 | 000,061,440 | ---- | M] () -- c:\program files (x86)\phonesuite_cti_client\itapi32.dll
MOD - [2010.06.03 12:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010.05.10 12:39:14 | 000,772,096 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\HcDllS.dll
MOD - [2010.04.21 10:00:35 | 000,058,368 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\HcDLL2_30_Win32.dll
MOD - [2010.01.28 11:57:53 | 000,355,688 | ---- | M] () -- C:\program files (x86)\avira\antivir desktop\sqlite3.dll
MOD - [2009.08.19 12:20:37 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\hardcopy_02.dll
MOD - [2009.02.27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.08.12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010.10.26 14:44:00 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2010.08.26 15:56:12 | 001,118,768 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe -- (wsnm_usbctrl)
SRV:64bit: - [2010.08.26 15:52:46 | 000,494,128 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe -- (wsnm)
SRV:64bit: - [2010.05.05 03:15:10 | 000,202,752 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.06.05 16:42:04 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV:64bit: - [2009.03.05 22:51:34 | 000,284,696 | ---- | M] (SonicWALL, Inc.) [Auto | Running] -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe -- (SWGVCSvc)
SRV:64bit: - [2008.07.29 12:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.06.29 02:38:56 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.06.01 12:09:02 | 000,609,904 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2011.04.29 02:26:55 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.25 22:42:16 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2011.03.25 22:42:00 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2011.03.25 22:41:50 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2010.12.10 16:40:48 | 000,771,992 | ---- | M] (Netviewer AG) [Disabled | Stopped] -- C:\Program Files (x86)\Netviewer\Admin\nvRemoteHost.exe -- (nvRemote_Service)
SRV - [2010.10.26 14:48:14 | 001,974,080 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.10.26 14:43:56 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.08.20 23:53:12 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.08.19 12:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010.07.30 09:08:52 | 000,031,856 | ---- | M] (Arainia Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Gizmo\gservice.exe -- (Gizmo Central)
SRV - [2010.06.24 15:41:38 | 000,092,008 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010.06.10 18:15:44 | 002,480,048 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.01.07 23:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2009.11.12 04:43:16 | 000,894,544 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.15 01:06:02 | 000,188,416 | ---- | M] (Oliver Marr) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\DriveSitter\DSSrv.exe -- (DriveSitterService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.11.15 17:56:46 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\50594648.sys -- (50594648)
DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.06.29 02:38:56 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.29 02:38:56 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.06.01 12:09:00 | 000,040,048 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011.05.10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.03.25 22:43:06 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2011.03.25 22:43:04 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011.03.25 22:41:18 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2011.03.25 22:41:08 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2011.03.25 19:05:00 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2011.03.25 19:04:58 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2011.03.25 19:04:58 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.08.26 15:56:12 | 000,047,664 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmwvusb.sys -- (vmwvusb)
DRV:64bit: - [2010.07.30 09:08:53 | 000,032,840 | ---- | M] (Arainia Solutions LLC) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gizmodrv.sys -- (GizmoDrv)
DRV:64bit: - [2010.07.14 11:51:56 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2010.06.10 18:15:45 | 000,251,488 | ---- | M] (Acronis) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2010.06.10 18:15:43 | 001,477,728 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)
DRV:64bit: - [2010.06.10 18:15:42 | 000,943,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2010.06.10 18:15:37 | 000,257,120 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2010.05.05 03:47:08 | 006,789,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.05.05 02:23:24 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.03.09 11:21:42 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010.01.27 03:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2009.11.12 13:48:56 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen)
DRV:64bit: - [2009.09.28 08:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 16:42:04 | 000,475,136 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.03.05 22:51:50 | 000,099,352 | ---- | M] (SonicWALL, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\SWIPsec.sys -- (SWIPsec)
DRV:64bit: - [2009.03.04 17:03:32 | 000,024,600 | ---- | M] (SonicWALL, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWVNIC.sys -- (SWVNIC)
DRV:64bit: - [2008.11.16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2008.06.27 06:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2007.02.18 00:22:48 | 000,296,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Treiber\VMM.sys -- (vmm)
DRV:64bit: - [2007.02.03 09:30:58 | 000,058,528 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007.02.03 09:25:56 | 000,955,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CamDrL64.sys -- (CamDrL64) Logitech QuickCam Pro 3000(PID_08B0)
DRV:64bit: - [2007.01.29 06:20:34 | 000,079,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV:64bit: - [2005.03.29 00:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2011.07.22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011.07.12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2010.10.07 13:34:32 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2010.08.19 12:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009.11.12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.08.14 06:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@vmware.com/vmrc,version=2.5.0.00000: C:\Program Files (x86)\Common Files\VMware\VMware VMRC Plug-in\Firefox\np-vmware-vmrc.dll (VMware, Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Users\***\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\netviewero2m@netviewero2m: C:\Program Files (x86)\Netviewer\Meet\Plugin\FF plugin\NVFFMeet [2011.01.26 12:07:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.10.06 07:29:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.06 07:29:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox60b5\components [2011.11.15 10:32:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox60b5\plugins [2011.10.06 07:51:33 | 000,000,000 | ---D | M]
 
[2011.01.05 21:11:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.01.05 21:11:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2010.08.19 21:24:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.11.11 15:30:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3qeuupk5.default\extensions
[2011.10.20 17:22:56 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3qeuupk5.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2011.10.06 06:43:06 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3qeuupk5.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2010.06.13 20:56:44 | 000,000,000 | ---D | M] (Live PageRank) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3qeuupk5.default\extensions\{8061ddcf-3632-4287-8d8a-133e219ae838}
[2011.11.11 15:30:02 | 000,000,000 | ---D | M] (kikin plugin) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3qeuupk5.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
[2011.01.11 10:13:34 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3qeuupk5.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011.05.17 14:34:01 | 000,000,000 | ---D | M] ("oneview Tools") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3qeuupk5.default\extensions\{E9A4B2C3-9857-4873-BA67-FB4271257B20}
[2011.08.26 08:18:15 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3qeuupk5.default\extensions\foxmarks@kei.com
[2011.10.28 12:43:15 | 000,000,000 | ---D | M] (KeeFox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3qeuupk5.default\extensions\keefox@chris.tomlinson
[2010.06.18 15:18:53 | 000,000,000 | ---D | M] (Open In RegEdit) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3qeuupk5.default\extensions\openinregedit@firefox
[2010.10.21 08:50:20 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3qeuupk5.default\extensions\toolbar@ask.com
[2010.12.09 15:16:12 | 000,000,000 | ---D | M] (VMware Remote Console Plug-in) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3qeuupk5.default\extensions\VMwareVMRC@vmware.com
[2011.10.06 07:49:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\p182zatd.ff60b5\extensions
[2011.06.13 11:12:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.06.07 14:54:43 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.07.06 16:16:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.06.10 12:55:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.06.13 11:12:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.10.05 09:22:14 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.05 09:22:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.05 09:22:13 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.05 09:22:13 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.05 09:22:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.05 09:22:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.05 09:22:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2011.08.08 11:58:21 | 000,003,312 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 	127.0.0.1       localhost

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (DebugBar BHO) - {69FC0024-10EB-480A-BBF2-3BF4E78E17B1} - C:\Program Files (x86)\Core Services\DebugBar\DebugInfoBar.dll (Core Services)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Netviewer Meet) - {7F375858-2861-4FEC-88CF-FEE2D4E6D870} - C:\PROGRA~2\NETVIE~1\Meet\Plugin\IEPLUG~1\NVIEPL~1.DLL (Netviewer AG)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (DebugBar) - {3E1201F4-1707-409F-BB45-A5F192381DA0} - C:\Program Files (x86)\Core Services\DebugBar\DebugToolBar.dll (Core Services)
O3 - HKLM\..\Toolbar: (&Netviewer Meet) - {5D6FDD2C-2FED-43B9-8A9E-3F9FFA988E5D} - C:\PROGRA~2\NETVIE~1\Meet\Plugin\IEPLUG~1\NVIEPL~1.DLL (Netviewer AG)
O3 - HKCU\..\Toolbar\WebBrowser: (DebugBar) - {3E1201F4-1707-409F-BB45-A5F192381DA0} - C:\Program Files (x86)\Core Services\DebugBar\DebugToolBar.dll (Core Services)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [C:\Program Files (x86)\NetMeter\NetMeter.exe] C:\Program Files (x86)\NetMeter\NetMeter.exe ()
O4 - HKCU..\Run: [GizmoDriveDelegate] RUNDLL32.EXE C:\PROGRA~2\GIZMO\GDRIVE.DLL,Remount_Startup_Images File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\laufwerke.bat ()
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PhoneSuite CTI Client.lnk = C:\Program Files (x86)\PhoneSuite_CTI_Client\phonesuite.exe (Ralf Steinruecken ITecSoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll ()
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - CC:\Program Files (x86)\VMware\VMware Server\x64\vsocklib.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - CC:\Program Files (x86)\VMware\VMware Server\x64\vsocklib.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: yoda ([]file in Local intranet)
O15 - HKCU\..Trusted Domains: rnv-online.de ([citrix] https in Vertrauenswürdige Sites)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex64-2.2.5.7.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {B6FF15CD-5693-4744-A7BC-C19AE91746FE} https://owa.klinik-am-schloss.de/software/AVCT_KVM_VM.cab (Virtual Console)
O16 - DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574} Reg Error: Key error. (VMware Remote Console Plug-in 2.5.0.00000)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.70.6 192.168.70.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mydomain.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9ADF5E86-1144-423E-BD93-5904445DE465}: DhcpNameServer = 192.168.70.6 192.168.70.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9ADF5E86-1144-423E-BD93-5904445DE465}: Domain = ticeba.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D89A2250-08B0-4D72-A523-A24DDFF2537C}: DhcpNameServer = 192.168.100.53 192.168.100.254 192.168.100.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll ()
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wsauth) - C:\Windows\SysNative\wsauth.dll (VMware, Inc.)
O30 - LSA: Security Packages - (wsauth) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.11.23 10:18:52 | 000,000,000 | ---- | M] () - Q:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.16 09:29:21 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.11.16 09:05:24 | 000,589,394 | ---- | C] (ReadError                                                   ) -- C:\Users\***\Desktop\NetMeter_v114_beta.exe
[2011.11.16 08:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.11.16 08:38:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CleanUp!
[2011.11.16 08:38:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanUp!
[2011.11.16 08:37:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CleanUp!
[2011.11.16 08:21:38 | 000,636,728 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\***\Desktop\autoruns.exe
[2011.11.16 08:11:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011.11.16 08:10:12 | 000,460,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\50594648.sys
[2011.11.16 07:59:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2011.11.16 07:59:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.11.16 07:59:07 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.11.16 07:50:41 | 001,098,568 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\***\Desktop\procexp64.exe
[2011.11.16 07:50:16 | 004,845,856 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\***\Desktop\procexp.exe
[2011.11.15 17:24:09 | 013,169,992 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\***\Desktop\SUPERAntiSpywarePro.exe
[2011.11.15 17:16:45 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2011.11.15 17:12:00 | 000,000,000 | -HSD | C] -- C:\found.000
[2011.11.15 16:58:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.11.15 16:58:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.11.15 16:51:48 | 003,511,776 | ---- | C] (Piriform Ltd) -- C:\Users\***\Desktop\ccsetup312.exe
[2011.11.15 16:45:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SUPERAntiSpyware.com
[2011.11.15 16:45:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.11.15 16:44:52 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.11.15 16:44:52 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.11.15 16:38:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft
[2011.11.15 16:38:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GridinSoft Trojan Killer
[2011.11.15 15:43:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.11.10 12:06:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TeamViewer
[2011.11.10 10:05:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.11.10 10:03:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.11.09 11:57:49 | 000,293,888 | ---- | C] (Ralf Steinruecken ITecSoft) -- C:\Windows\SysNative\PhSuConn.tsp
[2011.11.09 11:57:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhoneSuite_CTI_Client
[2011.11.09 11:57:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhoneSuite_CTI_Client
[2011.11.09 11:56:19 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\workingDir
[2011.11.09 11:56:19 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\import
[2011.11.09 10:57:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhoneSuite_CTI_Client
[2011.10.31 09:29:07 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\backup db
[2011.10.28 12:45:58 | 000,005,632 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2L.dll
[2011.10.28 12:45:57 | 000,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysWow64\BroSNMP.dll
[2011.10.28 12:45:57 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2.dll
[2011.10.28 12:45:57 | 000,003,072 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysWow64\BrDctF2S.dll
[2011.10.28 12:42:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\InstallShield
[2011.10.28 12:26:02 | 044,781,986 | ---- | C] (A.I.SOFT,INC.) -- C:\Users\***\Desktop\5890-INST-WIN7-A.EXE
[2011.10.28 12:25:40 | 011,441,642 | ---- | C] (A.I.SOFT,INC.) -- C:\Users\***\Desktop\CC3up_1.30.0020.EXE
[2011.10.24 12:23:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011.10.24 12:23:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2011.10.21 19:32:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\MindGems
[2011.10.21 19:32:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Folder Size
[2011.10.21 19:32:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Folder Size
[2010.06.10 18:15:46 | 001,136,456 | ---- | C] (Netviewer AG) -- C:\Program Files\NV_Meet_Moderator_DE.exe
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.16 09:30:23 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2011.11.16 09:29:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.11.16 09:29:11 | 000,000,112 | ---- | M] () -- C:\Users\***\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board.URL
[2011.11.16 09:28:46 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2011.11.16 09:23:05 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 60e109ce-9f09-4515-99c9-3d4c5d7b84f1.job
[2011.11.16 09:07:58 | 000,000,954 | ---- | M] () -- C:\Users\Public\Desktop\NetMeter.lnk
[2011.11.16 09:05:27 | 000,589,394 | ---- | M] (ReadError                                                   ) -- C:\Users\***\Desktop\NetMeter_v114_beta.exe
[2011.11.16 08:52:15 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.11.16 08:51:15 | 000,014,320 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.16 08:51:15 | 000,014,320 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.16 08:50:58 | 022,478,848 | ---- | M] () -- C:\Users\***\Desktop\SkypeSetup.msi
[2011.11.16 08:43:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.16 08:37:28 | 000,339,257 | ---- | M] () -- C:\Users\***\Desktop\CleanUp452.exe
[2011.11.16 08:13:59 | 001,098,568 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\***\Desktop\procexp64.exe
[2011.11.16 07:59:11 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.16 07:43:49 | 000,684,297 | ---- | M] () -- C:\Users\***\Desktop\unhide.exe
[2011.11.15 21:12:41 | 000,002,168 | -H-- | M] () -- \\yoda\eigene_dateien\***\Default.rdp
[2011.11.15 21:12:40 | 000,000,425 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2011.11.15 21:12:40 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI
[2011.11.15 17:56:46 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\50594648.sys
[2011.11.15 17:25:14 | 001,813,552 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.11.15 17:25:14 | 000,770,078 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.11.15 17:25:14 | 000,723,788 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.11.15 17:25:14 | 000,175,530 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.11.15 17:25:14 | 000,148,276 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.11.15 16:56:05 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.11.15 16:54:01 | 003,511,776 | ---- | M] (Piriform Ltd) -- C:\Users\***\Desktop\ccsetup312.exe
[2011.11.15 16:45:12 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2011.11.15 16:41:28 | 013,169,992 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\***\Desktop\SUPERAntiSpywarePro.exe
[2011.11.15 16:09:52 | 101,684,168 | ---- | M] () -- C:\Users\***\Desktop\setup_11.0.0.1245.x01_2011_11_15_17_56.exe
[2011.11.15 15:39:37 | 003,387,384 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.11.15 14:56:03 | 000,124,879 | ---- | M] () -- C:\Users\***\Desktop\Gutschrift Nr.20110102.pdf
[2011.11.15 14:55:42 | 000,142,090 | ---- | M] () -- C:\Users\***\Desktop\Gutschrift Nr.20112399.pdf
[2011.11.14 12:59:43 | 002,995,003 | ---- | M] () -- C:\Users\***\Desktop\pizzaboy-markierung.pdf
[2011.11.14 12:50:14 | 002,963,891 | ---- | M] () -- C:\Users\***\Desktop\pizzaboy-asaco-vertrtrag.pdf
[2011.11.09 15:21:19 | 000,000,600 | ---- | M] () -- C:\Users\***\AppData\Local\PUTTY.RND
[2011.11.09 14:24:59 | 000,000,054 | ---- | M] () -- C:\Users\***\Desktop\pizzaboy Pizzaservice Lieferservice online bestellen.URL
[2011.11.09 13:15:34 | 000,636,728 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\***\Desktop\autoruns.exe
[2011.11.09 11:57:49 | 000,002,007 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PhoneSuite CTI Client.lnk
[2011.11.09 11:57:49 | 000,001,937 | ---- | M] () -- C:\Users\***\Desktop\PhoneSuite CTI Client.lnk
[2011.11.08 10:08:10 | 000,396,069 | ---- | M] () -- C:\Users\***\Desktop\EDV-Pflege.pdf
[2011.11.08 10:07:30 | 000,146,389 | ---- | M] () -- C:\Users\***\Desktop\Angebot Nr.2011110702.pdf
[2011.11.07 14:02:55 | 000,123,608 | ---- | M] () -- C:\Users\***\Desktop\Rechnung Nr.20110099.pdf
[2011.11.02 08:51:35 | 000,113,469 | ---- | M] () -- C:\Users\***\Desktop\krug_Rechnung Nr.2011103002.pdf
[2011.11.02 08:20:28 | 000,049,867 | ---- | M] () -- C:\Users\***\Desktop\mozzarellasticks.jpg
[2011.11.01 12:00:05 | 044,781,986 | ---- | M] (A.I.SOFT,INC.) -- C:\Users\***\Desktop\5890-INST-WIN7-A.EXE
[2011.10.28 16:46:27 | 000,576,300 | ---- | M] () -- C:\Users\***\Desktop\scan2.pdf
[2011.10.28 16:39:49 | 000,717,025 | ---- | M] () -- C:\Users\***\Desktop\scan1.pdf
[2011.10.28 16:34:48 | 002,570,150 | ---- | M] () -- C:\Users\***\Desktop\manage.pdf
[2011.10.28 12:46:46 | 000,000,824 | ---- | M] () -- C:\Windows\Brpfx04a.ini
[2011.10.28 12:46:46 | 000,000,093 | ---- | M] () -- C:\Windows\brpcfx.ini
[2011.10.28 12:46:15 | 000,000,066 | ---- | M] () -- C:\Windows\Brfaxrx.ini
[2011.10.28 12:46:15 | 000,000,050 | ---- | M] () -- C:\Windows\SysNative\bridf08a.dat
[2011.10.28 12:34:14 | 000,000,600 | ---- | M] () -- C:\Users\***\AppData\Roaming\winscp.rnd
[2011.10.28 12:25:43 | 011,441,642 | ---- | M] (A.I.SOFT,INC.) -- C:\Users\***\Desktop\CC3up_1.30.0020.EXE
[2011.10.27 08:00:32 | 000,000,288 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\laufwerke.bat
[2011.10.25 08:39:48 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011.10.24 10:13:34 | 001,794,458 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.21 19:32:53 | 000,001,049 | ---- | M] () -- C:\Users\***\Desktop\Folder Size.lnk
[2011.10.20 11:00:00 | 000,293,888 | ---- | M] (Ralf Steinruecken ITecSoft) -- C:\Windows\SysNative\PhSuConn.tsp
[2011.10.19 15:00:40 | 000,001,602 | ---- | M] () -- C:\Users\***\Desktop\a.php
[2011.10.19 14:26:17 | 000,001,104 | ---- | M] () -- C:\Users\***\Desktop\index.php
[2011.10.19 14:06:58 | 000,125,911 | ---- | M] () -- C:\Users\***\Desktop\Rechnung Nr.20110055.pdf
 
========== Files Created - No Company Name ==========
 
[2011.11.16 09:30:23 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2011.11.16 09:29:11 | 000,000,112 | ---- | C] () -- C:\Users\***\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board.URL
[2011.11.16 09:28:46 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2011.11.16 09:05:45 | 000,000,954 | ---- | C] () -- C:\Users\Public\Desktop\NetMeter.lnk
[2011.11.16 08:52:15 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.11.16 08:50:50 | 022,478,848 | ---- | C] () -- C:\Users\***\Desktop\SkypeSetup.msi
[2011.11.16 08:37:26 | 000,339,257 | ---- | C] () -- C:\Users\***\Desktop\CleanUp452.exe
[2011.11.16 07:59:11 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.16 07:43:46 | 000,684,297 | ---- | C] () -- C:\Users\***\Desktop\unhide.exe
[2011.11.15 21:12:41 | 000,002,168 | -H-- | C] () -- \\yoda\eigene_dateien\***\Default.rdp
[2011.11.15 17:24:08 | 101,684,168 | ---- | C] () -- C:\Users\***\Desktop\setup_11.0.0.1245.x01_2011_11_15_17_56.exe
[2011.11.15 17:23:17 | 000,000,528 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 60e109ce-9f09-4515-99c9-3d4c5d7b84f1.job
[2011.11.15 16:56:05 | 000,000,829 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.11.15 16:45:12 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2011.11.15 14:55:59 | 000,124,879 | ---- | C] () -- C:\Users\***\Desktop\Gutschrift Nr.20110102.pdf
[2011.11.15 14:55:38 | 000,142,090 | ---- | C] () -- C:\Users\***\Desktop\Gutschrift Nr.20112399.pdf
[2011.11.14 12:59:39 | 002,995,003 | ---- | C] () -- C:\Users\***\Desktop\pizzaboy-markierung.pdf
[2011.11.14 12:50:10 | 002,963,891 | ---- | C] () -- C:\Users\***\Desktop\pizzaboy-asaco-vertrtrag.pdf
[2011.11.09 14:24:59 | 000,000,054 | ---- | C] () -- C:\Users\***\Desktop\pizzaboy Pizzaservice Lieferservice online bestellen.URL
[2011.11.09 11:57:49 | 000,002,007 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PhoneSuite CTI Client.lnk
[2011.11.09 11:57:49 | 000,001,937 | ---- | C] () -- C:\Users\***\Desktop\PhoneSuite CTI Client.lnk
[2011.11.07 16:54:49 | 000,146,389 | ---- | C] () -- C:\Users\***\Desktop\Angebot Nr.2011110702.pdf
[2011.11.07 16:41:33 | 000,396,069 | ---- | C] () -- C:\Users\***\Desktop\EDV-Pflege.pdf
[2011.11.07 14:02:52 | 000,123,608 | ---- | C] () -- C:\Users\***\Desktop\Rechnung Nr.20110099.pdf
[2011.11.02 08:51:33 | 000,113,469 | ---- | C] () -- C:\Users\***\Desktop\krug_Rechnung Nr.2011103002.pdf
[2011.11.02 08:20:26 | 000,049,867 | ---- | C] () -- C:\Users\***\Desktop\mozzarellasticks.jpg
[2011.10.28 16:46:26 | 000,576,300 | ---- | C] () -- C:\Users\***\Desktop\scan2.pdf
[2011.10.28 16:39:48 | 000,717,025 | ---- | C] () -- C:\Users\***\Desktop\scan1.pdf
[2011.10.28 16:34:45 | 002,570,150 | ---- | C] () -- C:\Users\***\Desktop\manage.pdf
[2011.10.28 12:46:02 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011.10.28 12:46:02 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011.10.25 08:39:48 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011.10.21 19:32:53 | 000,001,049 | ---- | C] () -- C:\Users\***\Desktop\Folder Size.lnk
[2011.10.19 15:02:54 | 000,001,602 | ---- | C] () -- C:\Users\***\Desktop\a.php
[2011.10.19 14:10:30 | 000,001,104 | ---- | C] () -- C:\Users\***\Desktop\index.php
[2011.10.19 14:06:55 | 000,125,911 | ---- | C] () -- C:\Users\***\Desktop\Rechnung Nr.20110055.pdf
[2010.12.08 15:41:27 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2010.12.08 15:40:37 | 000,000,080 | ---- | C] () -- C:\Windows\Brownie.ini
[2010.11.12 09:57:08 | 000,360,448 | ---- | C] () -- C:\Program Files (x86)\PizzaFriendDB.sdf
[2010.09.26 18:35:48 | 000,004,096 | ---- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm
[2010.08.03 18:04:12 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2010.06.27 17:18:28 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Local\PUTTY.RND
[2010.06.20 11:34:59 | 001,794,458 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.06.19 13:45:36 | 000,000,121 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2010.06.19 12:37:59 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.06.13 12:14:45 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.06.11 10:54:24 | 000,000,824 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2010.06.11 10:54:24 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2010.06.11 10:53:42 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.06.11 10:53:42 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010.06.11 10:53:17 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2010.06.10 19:12:15 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2010.06.10 18:54:26 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Roaming\winscp.rnd
[2010.06.10 18:53:43 | 000,005,308 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.06.10 17:35:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.06.10 15:58:13 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2010.06.10 15:58:11 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010.06.10 15:58:11 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010.04.28 22:17:50 | 000,002,110 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.01.27 03:09:02 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009.09.30 11:05:48 | 000,290,816 | ---- | C] () -- C:\Windows\SysWow64\nsldap32v60.dll
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008.10.30 17:00:22 | 000,048,640 | ---- | C] () -- C:\Windows\SysWow64\nsldapssl32v60.dll
[2008.10.30 16:59:24 | 000,025,088 | ---- | C] () -- C:\Windows\SysWow64\nsldappr32v60.dll
[2004.12.14 16:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\SysWow64\nsldapssl32v50.dll
[2004.12.14 16:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\SysWow64\nsldappr32v50.dll
[2004.12.14 16:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\SysWow64\nsldap32v50.dll
 
========== LOP Check ==========
 
[2011.03.14 20:33:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acronis
[2010.08.13 22:47:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\adma
[2010.12.22 18:06:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity
[2010.06.21 09:20:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service GmbH
[2010.08.03 18:04:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2010.11.22 08:52:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CounterPath Corporation
[2011.02.28 14:27:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DataDesign
[2011.11.15 08:28:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2011.08.04 00:59:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software
[2010.11.11 10:37:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2010.07.30 12:04:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GHISLER
[2011.05.29 21:26:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Gizmo
[2010.07.05 10:11:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2011.08.16 09:09:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICAClient
[2011.07.03 09:40:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JAM Software
[2011.11.16 09:34:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KeePass
[2010.10.21 12:27:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\kikin
[2010.06.12 11:25:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Miranda
[2011.09.13 08:12:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NetMeter
[2010.06.05 13:37:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2010.06.10 16:32:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2011.06.10 12:58:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2010.06.26 13:28:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2011.07.19 12:01:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Password Solutions
[2010.06.05 13:36:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2010.06.20 11:37:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhonerLite
[2011.06.19 15:01:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ScreeNet iSaver
[2011.04.25 18:20:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skinux
[2011.06.20 08:26:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SmartTools
[2011.03.14 11:10:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SQLyog
[2010.06.02 15:08:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Subversion
[2011.11.11 20:23:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2010.08.19 21:24:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom
[2010.06.13 11:03:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt
[2010.11.14 16:04:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2011.09.16 20:37:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WindSolutions
[2009.07.14 06:08:49 | 000,032,382 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.11.16 09:23:05 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 60e109ce-9f09-4515-99c9-3d4c5d7b84f1.job
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---
__________________

Geändert von Fabio-84 (16.11.2011 um 10:02 Uhr)

Alt 16.11.2011, 11:00   #3
Fabio-84
 
TR/Kazy.44028.5 Avira ANTIVIR gefunden - Standard

TR/Kazy.44028.5 Avira ANTIVIR gefunden


http://www.trojaner-board.de/attachm...1&d=1321437520

hier die logs.zip
__________________
Alt 16.11.2011, 13:23   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Kazy.44028.5 Avira ANTIVIR gefunden - Standard

TR/Kazy.44028.5 Avira ANTIVIR gefunden


Zitat:
also Avira hat folgenden Trojaner gefunden:
TR/Kazy.44028.5
Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner.
Und auch die Logs aller anderen schon eingesetzten Scanner posten!
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu TR/Kazy.44028.5 Avira ANTIVIR gefunden
anleitung, antivir, autoruns, autostart, avira, avira antivir, code, dateien, defekt, diverse, einloggen, folge, foren, forum, live, live cd, meldung, neue, plötzlich, port, scan, seite, systeme, temp, tools, trojaner, trojaner gefunden


« BKA-Trojaner, jedoch OTLPENet.exe nicht downloadbar auf http://oldtimer.geekstogo.com/OTLPENet.exe | BKA Trojaner - OTLPE Fix scan - wie kann ich diese Datei erstellen »


Ähnliche Themen: TR/Kazy.44028.5 Avira ANTIVIR gefunden


  1. TR/APS von Avira Antivir gefunden
    Log-Analyse und Auswertung - 03.11.2013 (29)
  2. (JAVA/Lamar.FI) & (TR/Spy.ZBOT.caw) & (TR/Kazy.160053.1) mit AVIRA gefunden
    Log-Analyse und Auswertung - 05.04.2013 (33)
  3. Fund von TR/PSW.Zbot.7439 und TR/Kazy.17952.100 mittels Avira AntiVir
    Log-Analyse und Auswertung - 01.03.2013 (15)
  4. TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden
    Log-Analyse und Auswertung - 31.10.2012 (51)
  5. TR/Graftor.39522.2 von Avira AntiVir gefunden
    Log-Analyse und Auswertung - 30.08.2012 (3)
  6. Avira Antivir - Es wurden versteckte Objekte gefunden! - Rescue CD
    Log-Analyse und Auswertung - 27.05.2012 (8)
  7. EXP/2011-3544.BU.1 mittels Avira AntiVir gefunden
    Log-Analyse und Auswertung - 19.03.2012 (8)
  8. TR/Shakat.o.909 von Avira Antivir in A0050266.exe gefunden!
    Log-Analyse und Auswertung - 18.11.2011 (6)
  9. TR/Trash.Gen, TR/PSW.Dybalom.ggb.1 und TR/Kazy.23203 per Antivir gefunden
    Plagegeister aller Art und deren Bekämpfung - 28.09.2011 (5)
  10. HTML/Rce.Gen mit Avira AntiVir gefunden + Quarantäne - alles gut?
    Plagegeister aller Art und deren Bekämpfung - 05.07.2011 (30)
  11. 4 Trojaner Kazy, Dofoil, Jorik.Spyeyes, Spy.Gen gefunden durch AntiVir
    Log-Analyse und Auswertung - 05.06.2011 (9)
  12. Avira Antivir findet TR/Kazy.mekml.1
    Log-Analyse und Auswertung - 27.04.2011 (4)
  13. TR/Patched.57393 von Avira AntiVir in meiner Outlook exe gefunden
    Plagegeister aller Art und deren Bekämpfung - 07.11.2010 (3)
  14. HEUR/HTML.Malware von Avira AntiVir gefunden
    Plagegeister aller Art und deren Bekämpfung - 08.05.2010 (1)
  15. Trojaner gefunden mit Avira AntiVir
    Plagegeister aller Art und deren Bekämpfung - 19.04.2010 (4)
  16. Olmarik Trojaner gefunden, Avira Antivir streikt
    Plagegeister aller Art und deren Bekämpfung - 20.01.2010 (6)
  17. Trojaner von Avira AntiVir gefunden
    Log-Analyse und Auswertung - 05.12.2008 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema TR/Kazy.44028.5 Avira ANTIVIR gefunden - Hallo Jungs, also Avira hat folgenden Trojaner gefunden: TR/Kazy.44028.5 Ich habe diverse Foren durchforstet und bereits einige Tools durchlaufen lassen. Leider konnte ich in eurem Forum keinen Kazy.44028.5 finden, daher - TR/Kazy.44028.5 Avira ANTIVIR gefunden...
Archiv
Du betrachtest: TR/Kazy.44028.5 Avira ANTIVIR gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129