| |  Bundespolizei (Österreich) - Ihr Computer wurde gesperrt
 hi liebes trojaner-board,
auch ich habe mir den bundespolizei (österreich) trojaner eingeschleppt.
der screen zur aufforderung einer strafzahlung erscheint nicht mehr (aktuell)
ich hoffe ihr könnt mir helfen! schon mal im voraus tausend dank1!
hier mal der report von OTL.txt - Extras.txt und gmer.txt sind im anhang! Zitat:
OTL logfile created on: 12.07.2012 13:34:11 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Dokumente und Einstellungen\c.zinganell\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 52,52% Memory free
5,82 Gb Paging File | 5,02 Gb Available in Paging File | 86,17% Paging File free
Paging file location(s): C:\pagefile.sys 4096 4096 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 29,29 Gb Total Space | 7,14 Gb Free Space | 24,37% Space Free | Partition Type: NTFS
Drive D: | 119,75 Gb Total Space | 59,84 Gb Free Space | 49,97% Space Free | Partition Type: NTFS
Drive G: | 3,78 Gb Total Space | 0,85 Gb Free Space | 22,35% Space Free | Partition Type: NTFS
Drive I: | 1047,19 Gb Total Space | 240,61 Gb Free Space | 22,98% Space Free | Partition Type: NTFS
Drive J: | 937,66 Gb Total Space | 157,27 Gb Free Space | 16,77% Space Free | Partition Type: NTFS
Drive O: | 20478,01 Gb Total Space | 10913,37 Gb Free Space | 53,29% Space Free | Partition Type: NTFS
Drive T: | 2176,00 Gb Total Space | 376,29 Gb Free Space | 17,29% Space Free | Partition Type: NTFS
Computer Name: 2008110032NB | User Name: c.zinganell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.07.11 15:23:02 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\c.zinganell\Desktop\OTL.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.06.08 11:20:20 | 000,161,736 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.02.23 22:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe
PRC - [2011.02.17 11:51:00 | 000,389,960 | ---- | M] (CA) -- C:\Programme\CA\eTrustITM\InoTask.exe
PRC - [2009.12.13 18:36:49 | 000,283,888 | ---- | M] (CA, Inc.) -- C:\Programme\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
PRC - [2009.04.21 11:26:59 | 000,192,512 | ---- | M] (CA) -- C:\Programme\CA\eTrustITM\InoRPC.exe
PRC - [2009.02.27 11:56:07 | 000,208,896 | ---- | M] (CA) -- C:\Programme\CA\eTrustITM\InoRT.exe
PRC - [2008.10.15 18:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) -- C:\Programme\RealVNC\VNC4\winvnc4.exe
PRC - [2008.06.18 14:46:54 | 002,691,185 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\SecuRemote\bin\SR_GUI.exe
PRC - [2008.06.18 14:46:52 | 000,036,982 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
PRC - [2008.06.18 14:46:50 | 000,106,613 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\SecuRemote\bin\SR_Service.exe
PRC - [2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.02.25 22:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007.02.05 08:57:24 | 000,106,496 | ---- | M] (CA, Inc.) -- C:\Programme\CA\SharedComponents\iTechnology\igateway.exe
PRC - [2007.01.16 22:27:58 | 000,407,632 | ---- | M] (CA) -- C:\Programme\CA\eTrustITM\Realmon.exe
PRC - [2006.11.17 16:38:40 | 000,080,688 | ---- | M] (FUJITSU LIMITED) -- C:\Programme\Fujitsu\FUJ02E3\FUJ02E3.exe
PRC - [2006.08.02 20:13:10 | 000,081,920 | ---- | M] (FUJITSU LIMITED) -- C:\AddOn\Fujitsu\DispSwitch\DispSwitchLauncher.exe
PRC - [2006.04.20 15:23:46 | 000,090,112 | ---- | M] (FUJITSU LIMITED) -- C:\Programme\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
PRC - [2006.03.21 15:23:30 | 006,485,528 | ---- | M] (3M) -- D:\Programme\3M_Notes\PDNotes.exe
PRC - [2005.11.01 21:12:24 | 000,353,792 | ---- | M] (FUJITSU LIMITED) -- C:\Programme\Fujitsu\Application Panel\QuickTouch.exe
PRC - [2005.11.01 21:06:36 | 000,061,440 | ---- | M] (FUJITSU LIMITED) -- C:\Programme\Fujitsu\BtnHnd\BtnHnd.exe
PRC - [2005.01.27 00:33:58 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\o2flash.exe
PRC - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
========== Modules (No Company Name) ==========
MOD - [2012.01.08 15:41:12 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.10.08 10:42:07 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_a4a979e6\mscorlib.dll
MOD - [2010.10.08 10:42:05 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_8823e59c\system.drawing.dll
MOD - [2010.10.08 10:41:55 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_1bab8a54\system.xml.dll
MOD - [2010.10.08 10:41:47 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_80cca10d\system.windows.forms.dll
MOD - [2010.10.08 10:41:32 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_371ba9e2\system.dll
MOD - [2010.10.08 10:41:17 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2010.06.17 21:56:52 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll
MOD - [2009.01.16 09:07:35 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2009.01.16 09:07:34 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2009.01.16 09:07:33 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2009.01.16 09:06:55 | 000,233,472 | ---- | M] () -- c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.01.16 09:06:55 | 000,180,224 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms.resources\1.0.5000.0_de_b77a5c561934e089\system.windows.forms.resources.dll
MOD - [2008.06.18 14:46:52 | 000,073,808 | ---- | M] () -- C:\Programme\CheckPoint\SecuRemote\bin\Bind82.dll
MOD - [2007.02.05 08:57:22 | 000,974,848 | ---- | M] () -- C:\Programme\CA\SharedComponents\iTechnology\libetpki_openssl_crypto.dll
MOD - [2007.02.05 08:57:22 | 000,798,720 | ---- | M] () -- C:\Programme\CA\SharedComponents\iTechnology\libeay32.dll
MOD - [2007.02.05 08:57:22 | 000,184,320 | ---- | M] () -- C:\Programme\CA\SharedComponents\iTechnology\libetpki_openssl_ssl.dll
MOD - [2007.02.05 08:57:22 | 000,155,648 | ---- | M] () -- C:\Programme\CA\SharedComponents\iTechnology\ssleay32.dll
MOD - [2007.02.05 08:57:22 | 000,073,728 | ---- | M] () -- C:\Programme\CA\SharedComponents\iTechnology\zlib.dll
MOD - [2007.01.16 22:34:00 | 000,143,360 | ---- | M] () -- C:\Programme\CA\eTrustITM\Lang\German\RealmonRes.dll
MOD - [2007.01.16 22:34:00 | 000,069,632 | ---- | M] () -- C:\Programme\CA\eTrustITM\Lang\German\wBkRsrcRes.dll
MOD - [2007.01.16 22:34:00 | 000,032,768 | ---- | M] () -- C:\Programme\CA\eTrustITM\Lang\German\ScanResRes.dll
MOD - [2006.03.21 15:22:44 | 000,206,392 | ---- | M] () -- D:\Programme\3M_Notes\PDN4.dll
MOD - [2005.01.27 00:33:58 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\o2flash.exe
========== Win32 Services (SafeList) ==========
SRV - [2012.07.11 22:42:32 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.20 09:58:21 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.08 11:20:20 | 000,161,736 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.02.17 11:51:00 | 000,389,960 | ---- | M] (CA) [Auto | Running] -- C:\Programme\CA\eTrustITM\InoTask.exe -- (InoTask)
SRV - [2009.12.13 18:36:49 | 000,283,888 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Programme\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe -- (ITMRTSVC)
SRV - [2009.10.27 09:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.04.21 11:26:59 | 000,192,512 | ---- | M] (CA) [Auto | Running] -- C:\Programme\CA\eTrustITM\InoRPC.exe -- (InoRPC)
SRV - [2009.02.27 11:56:07 | 000,208,896 | ---- | M] (CA) [Auto | Running] -- C:\Programme\CA\eTrustITM\InoRT.exe -- (InoRT)
SRV - [2008.10.15 18:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Programme\RealVNC\VNC4\winvnc4.exe -- (WinVNC4)
SRV - [2008.06.18 14:46:52 | 000,036,982 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\SecuRemote\bin\SR_Watchdog.exe -- (SR_Watchdog)
SRV - [2008.06.18 14:46:50 | 000,106,613 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\SecuRemote\bin\SR_Service.exe -- (SR_Service)
SRV - [2007.02.25 22:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007.02.05 08:57:24 | 000,106,496 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Programme\CA\SharedComponents\iTechnology\igateway.exe -- (iGateway)
SRV - [2005.01.27 00:33:58 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\o2flash.exe -- (O2Flash)
SRV - [2004.10.22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - File not found [File_System | On_Demand | Stopped] -- -- (StarOpen)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010.10.13 22:54:50 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009.01.16 12:00:32 | 000,015,104 | R--- | M] (Fujitsu Siemens Computers) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\snidmi.sys -- (SniDmi)
DRV - [2008.06.18 14:46:58 | 000,047,504 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\omdrv.sys -- (CP_OMDRV)
DRV - [2008.06.18 14:46:56 | 002,235,760 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fw.sys -- (FW1)
DRV - [2008.06.18 14:46:54 | 000,121,136 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vnasc.sys -- (VNASC)
DRV - [2008.06.18 14:46:52 | 000,673,872 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vpn.sys -- (VPN-1)
DRV - [2008.04.14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2007.10.18 21:14:32 | 000,184,080 | ---- | M] (Computer Associates) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\ino_fltr.sys -- (INO_FLTR)
DRV - [2007.08.06 22:07:02 | 000,027,536 | ---- | M] (Computer Associates) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\ino_flpy.sys -- (INO_FLPY)
DRV - [2007.06.22 19:14:40 | 004,432,384 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.06.11 15:25:28 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (tosrfusb)
DRV - [2007.05.24 15:27:30 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007.05.22 05:12:12 | 000,095,616 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ozscr.sys -- (O2SCBUS)
DRV - [2007.04.24 14:20:06 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007.04.11 01:41:32 | 000,011,156 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\iaStor.cat -- (iaStor)
DRV - [2007.03.01 17:53:10 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007.02.25 07:05:24 | 002,203,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007.01.22 11:43:26 | 000,053,376 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2006.11.20 18:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006.11.02 09:01:00 | 000,250,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006.10.10 20:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006.06.21 01:09:54 | 000,029,184 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2006.04.06 15:11:48 | 000,122,368 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MicroTV.sys -- (PinnacleMicroTV)
DRV - [2006.02.26 23:00:50 | 000,034,880 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2005.11.01 21:06:36 | 000,021,120 | ---- | M] (FUJITSU LIMITED) [Kernel | Auto | Running] -- C:\Programme\Fujitsu\BtnHnd\BtnHnd.sys -- (BtnHnd)
DRV - [2005.01.07 06:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004.01.17 22:15:20 | 000,004,864 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fuj02e3.sys -- (FUJ02E3)
DRV - [2001.08.18 05:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001.08.01 22:00:22 | 000,005,248 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fuj02b1.sys -- (FUJ02B1)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://wwwi.evva.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = hxxp://autoproxy.evva.com/proxy1.pac
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://wwwi.evva.com"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {1d682819-bef2-4a75-8ffa-adf3733f5557}:0.4.0.4
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.04 13:27:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.20 09:58:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.05.02 18:21:09 | 000,000,000 | ---D | M]
[2011.01.22 12:05:46 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\c.zinganell\Anwendungsdaten\Mozilla\Extensions
[2012.06.08 09:40:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\c.zinganell\Anwendungsdaten\Mozilla\Firefox\Profiles\mj6hjo2n.default\extensions
[2011.09.29 08:54:47 | 000,000,000 | ---D | M] (Instaright!) -- C:\Dokumente und Einstellungen\c.zinganell\Anwendungsdaten\Mozilla\Firefox\Profiles\mj6hjo2n.default\extensions\{1d682819-bef2-4a75-8ffa-adf3733f5557}
[2011.01.24 15:02:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\c.zinganell\Anwendungsdaten\Mozilla\Firefox\Profiles\mj6hjo2n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.03.09 14:40:41 | 000,002,057 | ---- | M] () -- C:\Dokumente und Einstellungen\c.zinganell\Anwendungsdaten\Mozilla\Firefox\Profiles\mj6hjo2n.default\searchplugins\youtube-videosuche.xml
[2012.06.01 13:23:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.08 09:40:16 | 000,505,801 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\C.ZINGANELL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\MJ6HJO2N.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
[2012.05.18 12:10:02 | 001,335,949 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\C.ZINGANELL\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\MJ6HJO2N.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2012.06.20 09:58:22 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.02.15 13:49:44 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2011.10.03 11:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Programme\mozilla firefox\plugins\npvsharetvplg.dll
[2012.02.21 00:47:43 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.21 00:47:43 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.02.21 00:47:43 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.21 00:47:43 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.21 00:47:43 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.21 00:47:43 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2012.07.11 16:33:38 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Client Access Service] C:\Programme\IBM\Client Access\cwbsvstr.exe (IBM Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IndicatorUtility] C:\Programme\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadBtnHnd] C:\Programme\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFUJ02E3] C:\Programme\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Programme\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Realtime Monitor] C:\Programme\CA\eTrustITM\realmon.exe (CA)
O4 - HKLM..\Run: [TvOutSwitch] C:\AddOn\Fujitsu\DispSwitch\DispSwitchLauncher.exe (FUJITSU LIMITED)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Post-it® Digital Notes.lnk = D:\Programme\3M_Notes\PDNotes.exe (3M)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Activities present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\SQM present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Suggested Sites present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1
O15 - HKCU\..Trusted Domains: localhost ([]http in Lokales Intranet)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = evva.werk
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{609133BE-20FA-4BE6-9F74-CD986C91A1AB}: DhcpNameServer = 172.16.0.2 172.16.0.3
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ckpNotify: DllName - (ckpNotify.dll) - C:\WINDOWS\System32\ckpNotify.dll (Check Point Software Technologies)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\c.zinganell\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\c.zinganell\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.12.20 14:41:43 | 000,000,369 | RHS- | M] () - J:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010.12.21 16:18:24 | 000,000,369 | ---- | M] () - O:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\##172.16.1.2#optspool\Shell - "" = AutoRun
O33 - MountPoints2\##172.16.1.2#optspool\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\##172.16.1.2#optspool\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\trendmicro.exe
O33 - MountPoints2\##172.16.1.2#optspool\Shell\Open\command - "" = Z:\RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\trendmicro.exe
O33 - MountPoints2\##netapp1#work\Shell - "" = AutoRun
O33 - MountPoints2\##netapp1#work\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\##netapp1#work\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL S.SeiDL.eXE
O33 - MountPoints2\{3f5b7084-b17c-11e1-9145-54348ccf6c08}\Shell - "" = AutoRun
O33 - MountPoints2\{3f5b7084-b17c-11e1-9145-54348ccf6c08}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3f5b7084-b17c-11e1-9145-54348ccf6c08}\Shell\AutoRun\command - "" = G:\.\setup.exe AUTORUN=1
O33 - MountPoints2\{69eedb66-2013-11e0-909c-54348ccf6c08}\Shell - "" = AutoRun
O33 - MountPoints2\{69eedb66-2013-11e0-909c-54348ccf6c08}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{69eedb66-2013-11e0-909c-54348ccf6c08}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\trendmicro.exe
O33 - MountPoints2\{69eedb66-2013-11e0-909c-54348ccf6c08}\Shell\Open\command - "" = G:\RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\trendmicro.exe
O33 - MountPoints2\{bbf654cb-36bb-11e1-912a-00215c1e25f7}\Shell - "" = AutoRun
O33 - MountPoints2\{bbf654cb-36bb-11e1-912a-00215c1e25f7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bbf654cb-36bb-11e1-912a-00215c1e25f7}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{d81c9fe7-cf70-11e0-910f-00215c1e25f7}\Shell - "" = AutoRun
O33 - MountPoints2\{d81c9fe7-cf70-11e0-910f-00215c1e25f7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d81c9fe7-cf70-11e0-910f-00215c1e25f7}\Shell\AutoRun\command - "" = H:\LGAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012.07.12 13:11:53 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\c.zinganell\Desktop\OTL.exe
[2012.07.11 16:43:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\c.zinganell\Anwendungsdaten\Malwarebytes
[2012.07.11 16:43:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.07.11 16:43:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.07.11 16:43:08 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.07.11 16:43:08 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.06.18 17:34:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\c.zinganell\FreePDF
[2012.06.18 17:25:01 | 000,000,000 | ---D | C] -- C:\FreePDF
[2012.06.18 17:20:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\FreePDF
[2012.06.18 17:20:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\c.zinganell\Anwendungsdaten\FreePDF
[2012.06.18 17:18:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ghostscript
[2012.06.18 17:18:46 | 000,000,000 | ---D | C] -- C:\Programme\gs9.04
[2012.06.15 13:10:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\c.zinganell\Lokale Einstellungen\Anwendungsdaten\Sun
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\c.zinganell\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\c.zinganell\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.07.12 13:42:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.07.12 13:12:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.07.12 12:00:57 | 000,017,682 | RHS- | M] () -- C:\Dokumente und Einstellungen\c.zinganell\ntuser.pol
[2012.07.12 11:58:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.07.12 11:57:13 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.12 11:56:47 | 000,000,020 | ---- | M] () -- C:\Dokumente und Einstellungen\c.zinganell\defogger_reenable
[2012.07.12 11:31:11 | 000,000,398 | -H-- | M] () -- C:\WINDOWS\tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_EVVA_c.zinganell.job
[2012.07.11 16:33:38 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012.07.11 16:33:17 | 004,503,728 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\go_0molg.pad
[2012.07.11 16:32:21 | 000,525,238 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.07.11 16:32:21 | 000,500,116 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.07.11 16:32:21 | 000,104,984 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.07.11 16:32:21 | 000,087,634 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.07.11 15:23:02 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\c.zinganell\Desktop\OTL.exe
[2012.07.11 15:18:49 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.07.05 16:37:23 | 000,009,999 | ---- | M] () -- C:\Dokumente und Einstellungen\c.zinganell\Desktop\DMS.jar
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\c.zinganell\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\c.zinganell\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.07.12 11:56:30 | 000,000,020 | ---- | C] () -- C:\Dokumente und Einstellungen\c.zinganell\defogger_reenable
[2012.07.11 16:44:16 | 000,000,762 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.09 14:47:53 | 004,503,728 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\go_0molg.pad
[2012.07.05 16:37:23 | 000,009,999 | ---- | C] () -- C:\Dokumente und Einstellungen\c.zinganell\Desktop\DMS.jar
[2012.07.05 14:21:20 | 000,000,336 | ---- | C] () -- C:\Dokumente und Einstellungen\c.zinganell\Desktop\trinity_icon.gif
[2012.06.18 17:20:52 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2012.06.18 17:20:52 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2012.01.12 17:22:36 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\Hooks.dll
[2011.11.15 11:43:15 | 000,000,144 | ---- | C] () -- C:\Dokumente und Einstellungen\c.zinganell\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2011.07.21 14:51:16 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011.04.01 20:05:01 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011.04.01 20:05:00 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011.04.01 19:14:26 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2010.12.17 14:19:11 | 000,001,677 | ---- | C] () -- C:\Dokumente und Einstellungen\c.zinganell\Anwendungsdaten\SQLite3.dll
[2010.11.02 11:53:26 | 000,000,005 | -H-- | C] () -- C:\Dokumente und Einstellungen\c.zinganell\.zs
[2010.10.08 11:01:02 | 000,060,928 | ---- | C] () -- C:\Dokumente und Einstellungen\c.zinganell\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.08 09:27:03 | 000,017,682 | RHS- | C] () -- C:\Dokumente und Einstellungen\c.zinganell\ntuser.pol
[2009.01.16 12:00:20 | 000,010,313 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol
========== LOP Check ==========
[2010.12.24 11:20:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2011.04.08 18:45:58 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2011.04.01 19:47:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CMUV
[2010.10.13 22:54:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2011.04.01 19:34:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DBC2F6FD-3140-41E0-A2A1-D6BAB77D5E21
[2012.03.19 16:04:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ID3-TagIT 3
[2010.05.14 14:34:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
[2010.05.14 14:47:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2010.02.12 12:06:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\phpDesigner
[2011.11.15 11:50:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\c.zinganell\Anwendungsdaten\3M
[2010.12.24 11:20:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\c.zinganell\Anwendungsdaten\Canneverbe Limited
[2011.04.01 19:48:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\c.zinganell\Anwendungsdaten\CMUV
[2010.10.13 23:05:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\c.zinganell\Anwendungsdaten\DAEMON Tools Lite
[2011.04.01 19:34:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\c.zinganell\Anwendungsdaten\DBC2F6FD-3140-41E0-A2A1-D6BAB77D5E21
[2012.04.04 13:37:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\c.zinganell\Anwendungsdaten\DDMSettings
[2012.05.29 20:52:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\c.zinganell\Anwendungsdaten\Dropbox
[2012.02.13 16:08:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\c.zinganell\Anwendungsdaten\FileZilla
[2012.06.18 17:20:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\c.zinganell\Anwendungsdaten\FreePDF
[2012.03.19 16:23:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\c.zinganell\Anwendungsdaten\ID3-TagIT 3
[2011.03.09 13:47:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\c.zinganell\Anwendungsdaten\Inkscape
[2010.10.28 18:39:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\c.zinganell\Anwendungsdaten\Nokia
[2011.01.21 14:44:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\c.zinganell\Anwendungsdaten\Opera
[2012.06.08 11:23:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\c.zinganell\Anwendungsdaten\Oracle
[2010.10.28 18:40:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\c.zinganell\Anwendungsdaten\PC Suite
[2012.06.04 17:04:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\c.zinganell\Anwendungsdaten\uTorrent
[2012.07.12 11:31:11 | 000,000,398 | -H-- | M] () -- C:\WINDOWS\Tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_EVVA_c.zinganell.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 971 bytes -> C:\Dokumente und Einstellungen\All Users\Desktop:$SS_DESCRIPTOR_LBV6VGVFLVPVTFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GVV1VLVV5VXVVD
< End of report >
|
|
12.07.2012, 14:20
Baum-Darstellung