Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
"Bundestrojaner"

"Bundestrojaner"


Plagegeister aller Art und deren Bekämpfung: "Bundestrojaner"

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 24.05.2012, 15:18   #1
feldba
 
"Bundestrojaner" - Standard

"Bundestrojaner"


Hey!

Mein Dad hat sich den "Bundestrojaner" eingefangen. Unten finden sich dds.txt, attach.txt und otl.txt. Diese wurden alle im Abgesicherten modus mit Eingabeaufforderung erstellt, da ich im "normalen" Modus nichts machen kann.

Ich habe bereits entdeckt dass die Datei die er Anzeigt unter C:\Users\Hofer\AppData\Roaming\fifa liegt. Es hilft allerdings nichts die darin befindliche txt und bmp datei zu löschen, da sobald wieder eine Internetverbindung besteht diese erneut auftauchen.

Ich hoffe um erfolgreiche Hilfe

Am Rechner ist Mc Affee oben und es handelt sich um 64bit Windows 7 Pro.

Symbolbild aus dem Netz:



Code:
ATTFilter
.DDS Logfile:
DDS Logfile:


	
Code: 

 
ATTFilter


  

	
DDS (Ver_2011-08-26.01) - NTFSAMD64 MINIMAL
Internet Explorer: 9.0.8112.16421
Run by Hofer at 15:56:36 on 2012-05-24
Microsoft Windows 7 Professional   6.1.7600.0.1252.43.1031.18.3959.2921 [GMT 2:00]
.
AV: McAfee  Anti-Virus und Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee  Anti-Virus und Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee  Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\conhost.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.at/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120509091711.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [SignIn] "C:\Program Files (x86)\Microsoft Online Services\Sign In\SignIn.exe" /autorun
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
mRunOnce: [STToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
mExplorerRun: [63488] C:\PROGRA~3\LOCALS~1\Temp\msotmoqvc.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PASSWO~1.LNK - C:\Program Files (x86)\password-taxi\pt.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Nach Microsoft E&xel exportieren - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: Interfaces\{352CB4CF-D402-46F0-9F5A-F99369D1DAF3} : NameServer = 192.168.0.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{27B4851A-3207-45A2-B947-BE8AFE6163AB}
{7DB2D5A0-7241-4E79-B68D-6309F01C5231}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [SignIn] "C:\Program Files (x86)\Microsoft Online Services\Sign In\SignIn.exe" /autorun
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
mRunOnce-x64: [STToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
.
============= SERVICES / DRIVERS ===============
.
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
S0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
S1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
S1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
S2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-2-11 92160]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-3 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-3 249936]
S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-3 249936]
S2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-8-6 199272]
S2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-8-6 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-8-6 162192]
S2 ReportServer$SQLEXPRESS;SQL Server Reporting Services (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSRS10_50.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-4-24 2175328]
S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-2-11 656624]
S2 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-2-11 172328]
S2 VIP-Registrierung;VIP-Registrierung;C:\VIPReg\VIPRServ.exe [2007-6-15 40960]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 IntcDAud;Intel(R) Display-Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
S3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 MSSQLFDLauncher$SQLEXPRESS;SQL Full-text Filter Daemon Launcher (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe [2010-4-3 32096]
S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\system32\drivers\nmwcdx64.sys --> C:\Windows\system32\drivers\nmwcdx64.sys [?]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 StorSvc;Speicherdienst;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
S4 RsFx0150;RsFx0150 Driver;C:\Windows\system32\DRIVERS\RsFx0150.sys --> C:\Windows\system32\DRIVERS\RsFx0150.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-4-24 428384]
.
=============== Created Last 30 ================
.
2012-05-23 08:42:45	--------	d-----w-	C:\ProgramData\Spybot - Search & Destroy
2012-05-23 08:41:42	--------	d-sh--w-	C:\$RECYCLE.BIN
2012-05-23 08:38:50	--------	d-----w-	C:\Users\Hofer\AppData\Local\temp
2012-05-23 08:31:28	98816	----a-w-	C:\Windows\sed.exe
2012-05-23 08:31:28	518144	----a-w-	C:\Windows\SWREG.exe
2012-05-23 08:31:28	256000	----a-w-	C:\Windows\PEV.exe
2012-05-23 08:31:28	208896	----a-w-	C:\Windows\MBR.exe
2012-05-22 10:50:43	--------	d-----w-	C:\Users\Hofer\AppData\Roaming\fifa
2012-05-11 07:13:23	1541120	----a-w-	C:\Windows\System32\DWrite.dll
2012-05-11 07:13:22	320512	----a-w-	C:\Windows\System32\d3d10_1core.dll
2012-05-11 07:13:22	218624	----a-w-	C:\Windows\SysWow64\d3d10_1core.dll
2012-05-11 07:13:22	1837568	----a-w-	C:\Windows\System32\d3d10warp.dll
2012-05-11 07:13:22	1074176	----a-w-	C:\Windows\SysWow64\DWrite.dll
2012-05-11 07:13:21	902656	----a-w-	C:\Windows\System32\d2d1.dll
2012-05-11 07:13:21	739840	----a-w-	C:\Windows\SysWow64\d2d1.dll
2012-05-11 07:13:21	197120	----a-w-	C:\Windows\System32\d3d10_1.dll
2012-05-11 07:13:21	161792	----a-w-	C:\Windows\SysWow64\d3d10_1.dll
2012-05-11 07:13:21	1170944	----a-w-	C:\Windows\SysWow64\d3d10warp.dll
2012-05-11 07:12:28	5504880	----a-w-	C:\Windows\System32\ntoskrnl.exe
2012-05-11 07:12:27	3143680	----a-w-	C:\Windows\System32\win32k.sys
2012-05-11 07:12:26	3902320	----a-w-	C:\Windows\SysWow64\ntoskrnl.exe
2012-05-11 07:12:25	3958128	----a-w-	C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-11 07:12:23	75632	----a-w-	C:\Windows\System32\drivers\partmgr.sys
2012-05-11 07:12:19	1895280	----a-w-	C:\Windows\System32\drivers\tcpip.sys
2012-05-11 07:12:15	1732096	----a-w-	C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-11 07:12:15	1367552	----a-w-	C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 07:12:14	936960	----a-w-	C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 07:12:14	1402880	----a-w-	C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-11 07:12:14	1393664	----a-w-	C:\Program Files\Windows Journal\JNTFiltr.dll
.
==================== Find3M  ====================
.
2012-03-01 06:54:38	22896	----a-w-	C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:45:41	220672	----a-w-	C:\Windows\System32\wintrust.dll
2012-03-01 06:40:14	80896	----a-w-	C:\Windows\System32\imagehlp.dll
2012-03-01 06:35:16	5120	----a-w-	C:\Windows\System32\wmi.dll
2012-03-01 05:49:05	172544	----a-w-	C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:45:05	158720	----a-w-	C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:40:44	5120	----a-w-	C:\Windows\SysWow64\wmi.dll
2012-02-28 06:56:48	2311168	----a-w-	C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56	1390080	----a-w-	C:\Windows\System32\wininet.dll
2012-02-28 06:48:57	1493504	----a-w-	C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55	2382848	----a-w-	C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55	1799168	----a-w-	C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21	1427456	----a-w-	C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07	1127424	----a-w-	C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16	2382848	----a-w-	C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 15:57:22,03 ===============
--- --- ---
--- --- ---


Code:
ATTFilter
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional 
Boot Device: \Device\HarddiskVolume2
Install Date: 18.02.2010 17:58:00
System Uptime: 24.05.2012 15:53:21 (0 hours ago)
.
Motherboard: Dell Inc. |  | 033FF6
Processor: Intel(R) Core(TM) i3 CPU         530  @ 2.93GHz | CPU 1 | 2925/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 587 GiB total, 519,054 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: McAfee Inc. mfehidk
Device ID: ROOT\LEGACY_MFEHIDK\0000
Manufacturer: 
Name: McAfee Inc. mfehidk
PNP Device ID: ROOT\LEGACY_MFEHIDK\0000
Service: mfehidk
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer: 
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP194: 16.04.2012 09:12:14 - Windows-Sicherung
RP195: 23.04.2012 09:17:01 - Windows-Sicherung
RP196: 30.04.2012 10:26:09 - Windows-Sicherung
RP197: 07.05.2012 13:23:33 - Windows-Sicherung
RP198: 11.05.2012 16:22:56 - Windows Update
RP199: 14.05.2012 09:04:53 - Windows-Sicherung
RP200: 21.05.2012 08:49:36 - Windows-Sicherung
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 10 ActiveX
Adobe Reader 9.2 - Deutsch
AFPL Ghostscript 8.11
AFPL Ghostscript Fonts
AutoHotkey 1.0.48.05
Berater Installer Compact Edition
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Support Center (Support Software)
DHTML Editing Component
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Java Auto Updater
Java(TM) 6 Update 26
Kunden Service System 8.8
McAfee SecurityCenter
Microsoft Office 2003 Web Components
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Basic 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint Viewer 2007 (German)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Online Services-Anmeldung
Microsoft Report Viewer Redistributable 2008 (KB971119)
Microsoft Report Viewer Redistributable 2008 SP1
Microsoft Report Viewer Redistributable 2008 SP1 Language Pack - DEU
Microsoft SQL Server 2008 R2-Richtlinien
Microsoft SQL Server Browser
Microsoft SQL Server Compact 3.5 SP2 DEU
Microsoft SQL Server Compact 3.5 SP2 Query Tools DEU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio 2008 Shell (integrated mode) - DEU
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser und SDK
OutsideIn CCA Redistributable
password-taxi Password Manager
PDFCreator
PowerDVD DX
Realtek High Definition Audio Driver
ReportEngine Redistributable
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition 
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition 
TeamViewer 5 Host
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Word 2007 Help (KB963665)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
VIP - 03.2011 Nr. 2 (C:\WINVIP)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Workbase Professional Edition - V2.1.1524
.
==== End Of File ===========================
Code:
ATTFilter
OTL logfile created on: 24.05.2012 16:04:15 - Run 2
OTL by OldTimer - Version 3.2.43.1     Folder = I:\
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 3,33 Gb Available Physical Memory | 86,08% Memory free
7,73 Gb Paging File | 7,23 Gb Available in Paging File | 93,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 586,96 Gb Total Space | 519,05 Gb Free Space | 88,43% Space Free | Partition Type: NTFS
Drive I: | 963,70 Mb Total Space | 856,11 Mb Free Space | 88,84% Space Free | Partition Type: FAT
 
Computer Name: HOFER-PC1 | User Name: Hofer | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - I:\OTL.exe (OldTimer Tools)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Programme\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (ReportServer$SQLEXPRESS) SQL Server Reporting Services (SQLEXPRESS) -- c:\Programme\Microsoft SQL Server\MSRS10_50.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe (Microsoft Corporation)
SRV - (SQLAgent$SQLEXPRESS) SQL Server-Agent (SQLEXPRESS) -- c:\Programme\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- c:\Programme\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLFDLauncher$SQLEXPRESS) SQL Full-text Filter Daemon Launcher (SQLEXPRESS) -- c:\Programme\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe (Microsoft Corporation)
SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper100) -- c:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV - (VIP-Registrierung) -- C:\VIPReg\VIPRServ.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RsFx0150) -- C:\Windows\SysNative\drivers\RsFx0150.sys (Microsoft Corporation)
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\nmwcdx64.sys (Nokia)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKCU\..\SearchScopes,DefaultScope = {22013F05-FCBF-4A6B-8149-76810381953F}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{22013F05-FCBF-4A6B-8149-76810381953F}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012.05.09 12:13:59 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2012.05.23 10:37:25 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20120509091711.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120509091711.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SignIn] C:\Program Files (x86)\Microsoft Online Services\Sign In\SignIn.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - HKLM..\RunOnce: [STToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 63488 = C:\PROGRA~3\LOCALS~1\Temp\msotmoqvc.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.home] https in Local intranet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.home.apac.emea] https in Local intranet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.home.emea] https in Local intranet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.home.emea.emea] https in Local intranet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.home.noam.emea] https in Local intranet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.sharepoint] https in Local intranet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.sharepoint.apac.emea] https in Local intranet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.sharepoint.emea] https in Local intranet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.sharepoint.emea.emea] https in Local intranet)
O15 - HKCU\..Trusted Domains: microsoftonline.com ([*.sharepoint.noam.emea] https in Local intranet)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{352CB4CF-D402-46F0-9F5A-F99369D1DAF3}: NameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O31 - SafeBoot: UseAlternatShell - 1
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.24 16:00:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012.05.23 10:42:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.05.23 10:41:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.05.23 10:38:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.05.23 10:38:50 | 000,000,000 | ---D | C] -- C:\Users\Hofer\AppData\Local\temp
[2012.05.23 10:31:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.05.23 10:31:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.05.23 10:31:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.05.23 10:31:24 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.05.23 10:29:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.05.22 12:50:43 | 000,000,000 | ---D | C] -- C:\Users\Hofer\AppData\Roaming\fifa
[2012.05.22 12:50:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Local Settings
[2012.05.11 16:25:33 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012.05.11 09:13:23 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.05.11 09:13:22 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012.05.11 09:13:22 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012.05.11 09:13:21 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012.05.11 09:13:21 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012.05.11 09:12:28 | 005,504,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.05.11 09:12:26 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.05.11 09:12:25 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.24 15:56:14 | 000,000,000 | ---- | M] () -- C:\Users\Hofer\defogger_reenable
[2012.05.24 15:53:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.24 15:53:33 | 3113,574,400 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.24 09:24:16 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.24 09:24:16 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.24 09:23:25 | 001,723,990 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.24 09:23:25 | 000,735,090 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.05.24 09:23:25 | 000,695,708 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.24 09:23:25 | 000,159,880 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.05.24 09:23:25 | 000,135,748 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.23 10:37:25 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.05.13 16:51:00 | 000,323,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.05.24 15:56:14 | 000,000,000 | ---- | C] () -- C:\Users\Hofer\defogger_reenable
[2012.05.23 10:31:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.05.23 10:31:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.05.23 10:31:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.05.23 10:31:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.05.23 10:31:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.08.03 12:16:15 | 001,742,708 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.11.25 18:58:18 | 000,038,487 | ---- | C] () -- C:\Users\Hofer\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2010.09.17 11:00:04 | 012,832,768 | ---- | C] () -- C:\Windows\SysWow64\wb_gsdll32.dll
 
========== LOP Check ==========
 
[2010.09.03 15:12:52 | 000,000,000 | ---D | M] -- C:\Users\Hofer\AppData\Roaming\.oit
[2010.12.10 10:11:49 | 000,000,000 | ---D | M] -- C:\Users\Hofer\AppData\Roaming\Dropbox
[2012.05.24 09:18:54 | 000,000,000 | ---D | M] -- C:\Users\Hofer\AppData\Roaming\fifa
[2010.02.23 17:16:39 | 000,000,000 | ---D | M] -- C:\Users\Hofer\AppData\Roaming\TeamViewer
[2012.01.16 09:51:22 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

 

Themen zu "Bundestrojaner"
adobe, cpu, defender, email, explorer, firefox, firewall, flash player, format, helper, intranet, logfile, mcafee firewall, nodrives, nvidia, office 2007, pdf, phishing, plug-in, programme, proxy, realtek, registry, searchscopes, security, svchost.exe, system, temp, usb, visual studio, windows


« Windows Verschlüsselungs trojaner eingefangen! | BKA-Virus durch E-Mail im Postfach mit Rechnungsanhang »


Ähnliche Themen: "Bundestrojaner"


  1. samsung galaxy tab 3 LITE "Bundestrojaner entfernen"
    Smartphone, Tablet & Handy Security - 24.02.2016 (17)
  2. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  3. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  4. Bundestrojaner vor 1 Monat "entfernt", jedoch NICHT vollständig
    Log-Analyse und Auswertung - 07.08.2013 (13)
  5. "bundestrojaner" seit heute morgen auf pc
    Log-Analyse und Auswertung - 11.06.2013 (10)
  6. Bundestrojaner AppData\Roaming\Gyiv\dirao.exe aufgrund von Emailanhang "Vertrag Vorname Nachname.zip"
    Log-Analyse und Auswertung - 24.02.2013 (1)
  7. "Schweizer-Eidgenossenschafts-Trojaner" (dem "Bundestrojaner" sehr ähnlich)
    Plagegeister aller Art und deren Bekämpfung - 17.01.2013 (12)
  8. "Deutsche Post(eMail-Anhang)" Alle "EXE(Programme)" werden blockiert "WIN 7 Defender"
    Plagegeister aller Art und deren Bekämpfung - 27.12.2012 (3)
  9. Bundestrojaner Variante: "Ihr Computer wurde gesperrt"; " Ihr Computer wurde durch das Speichern der autom. Informationskontrolle gesperrt"
    Log-Analyse und Auswertung - 25.11.2012 (10)
  10. U-Cash "Bundestrojaner" Nachwirkungen beseitigen
    Plagegeister aller Art und deren Bekämpfung - 01.11.2012 (14)
  11. "The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar"
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (38)
  12. Bundestrojaner "Verstoß gegen Gesetze der Bundesrep Dtschl" Log Auswertung benötigt!
    Log-Analyse und Auswertung - 01.10.2012 (9)
  13. Probleme mit Internetverbindung über LAN und "wpbt0.dll-Fehlermeldung" nach entferntem Bundestrojaner
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (1)
  14. C:\Users\HP\AppData\Local\Temp\0_0u_I.exe !!! "Bundestrojaner" ?!? Fehlermeldung
    Log-Analyse und Auswertung - 08.07.2012 (5)
  15. Nach "Bundestrojaner" verschlüsselte Datein entschlüsseln?
    Plagegeister aller Art und deren Bekämpfung - 27.04.2012 (1)
  16. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  17. ">"">><meta http-equiv="Refresh" content="0;url=http://askimizsonsuza.com/code/">"">
    Plagegeister aller Art und deren Bekämpfung - 04.09.2006 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema "Bundestrojaner" - Hey! Mein Dad hat sich den "Bundestrojaner" eingefangen. Unten finden sich dds.txt, attach.txt und otl.txt. Diese wurden alle im Abgesicherten modus mit Eingabeaufforderung erstellt, da ich im "normalen" Modus nichts - "Bundestrojaner"...
Archiv
Du betrachtest: "Bundestrojaner" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132