| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Bundespolizei - TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
02.08.2012, 14:09
| #1 |
| |  Bundespolizei - Trojaner Hallo, Hab mir heute unglücklicherweise den Bundespolizei - Trojaner eingefangen. Habe mich in anderen Themen zu diesem Trojaner informiert und die erforderlichen Dateien sind im Anhang. Ich bitte um Hilfe zur Beseitigung dieses Trojaners Vielen Dank im Voraus tom_k OTL.txt Code:
ATTFilter OTL logfile created on: 02.08.2012 14:49:48 - Run 2 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Thomas\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3.95 Gb Total Physical Memory | 2.57 Gb Available Physical Memory | 64.97% Memory free 7.90 Gb Paging File | 6.14 Gb Available in Paging File | 77.71% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 48.83 Gb Total Space | 12.99 Gb Free Space | 26.59% Space Free | Partition Type: NTFS Drive D: | 69.53 Gb Total Space | 37.82 Gb Free Space | 54.40% Space Free | Partition Type: NTFS Drive G: | 10.54 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: THOMAS-PC | User Name: Thomas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.02 11:32:55 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe PRC - [2012.07.29 20:25:08 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe PRC - [2012.07.19 10:35:03 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.05.11 10:09:03 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.11 10:09:03 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.11 10:09:03 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.03.14 14:50:56 | 000,365,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe PRC - [2012.03.14 10:28:28 | 000,197,504 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.09.22 20:43:28 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe PRC - [2011.08.24 14:53:42 | 000,823,632 | R--- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe PRC - [2011.08.08 18:46:08 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011.08.08 18:46:06 | 000,325,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2011.03.03 11:32:16 | 000,586,280 | R--- | M] (Ericsson AB) -- C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe PRC - [2010.11.17 10:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2007.07.25 12:24:22 | 000,921,600 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Program Files (x86)\Huawei technologies\Mobile Connect\Mobile Connect.exe ========== Modules (No Company Name) ========== MOD - [2012.07.29 20:25:08 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll MOD - [2012.07.19 10:35:02 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2010.03.24 22:17:36 | 008,794,464 | ---- | M] () -- C:\PROGRA~2\MICROS~1\Office14\1033\GrooveIntlResource.dll MOD - [2010.01.30 03:41:12 | 004,254,560 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf MOD - [2007.07.25 12:25:00 | 000,602,112 | ---- | M] () -- C:\Program Files (x86)\Huawei technologies\Mobile Connect\HostAPI.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012.04.06 01:48:54 | 000,158,208 | ---- | M] (Samsung Electronics) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc2.exe -- (Samsung UPD Service2) SRV:64bit: - [2011.08.23 05:37:04 | 003,175,728 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService) SRV:64bit: - [2011.08.10 00:08:24 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011.05.13 14:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.07.29 20:25:08 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.19 10:35:03 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.14 16:12:23 | 000,308,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV) SRV - [2012.07.14 16:12:23 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AESTSr64.exe -- (AESTFilters) SRV - [2012.05.11 10:09:03 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.11 10:09:03 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.04.25 13:53:36 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012.03.14 14:50:56 | 000,365,440 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe -- (hpHotkeyMonitor) SRV - [2012.03.14 10:28:28 | 000,197,504 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2012.03.04 12:27:01 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.09.22 20:43:28 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent) SRV - [2011.09.09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service) SRV - [2011.08.31 19:08:08 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV - [2011.08.24 14:53:50 | 000,486,224 | R--- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost) SRV - [2011.08.23 05:23:48 | 002,774,320 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService) SRV - [2011.08.08 18:46:08 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011.08.08 18:46:06 | 000,325,912 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2011.06.03 13:51:38 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV - [2011.03.03 11:32:16 | 000,586,280 | R--- | M] (Ericsson AB) [Auto | Running] -- C:\Program Files (x86)\Ericsson\Mobile Broadband Drivers\WMCore\mini_WMCore.exe -- (WMCoreService) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.07.25 13:16:17 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2012.07.14 16:12:23 | 000,535,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2012.05.11 10:09:03 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.11 10:09:03 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.11 20:30:58 | 000,360,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) DRV:64bit: - [2011.09.22 20:29:18 | 000,022,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva) DRV:64bit: - [2011.09.16 17:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.09.15 19:34:38 | 000,392,752 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.09.13 13:48:42 | 000,050,808 | ---- | M] (Cristalink Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SeratoUsb.sys -- (SeratoUsb) DRV:64bit: - [2011.08.10 03:03:10 | 009,090,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.08.09 23:31:30 | 000,299,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.08.08 08:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) DRV:64bit: - [2011.08.08 08:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2011.08.03 18:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2011.07.06 19:11:08 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV:64bit: - [2011.06.06 18:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.05.13 14:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2011.05.13 14:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2011.04.03 19:19:54 | 002,614,520 | ---- | M] (Sunplus Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SPUVCBv_x64.sys -- (SPUVCbv) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.08 12:26:08 | 000,174,680 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2011.03.03 18:05:58 | 000,277,032 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WwanUsbMp64.sys -- (WwanUsbServ) DRV:64bit: - [2011.02.28 15:24:04 | 000,101,416 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\h36wgps64.sys -- (h36wgps) DRV:64bit: - [2011.02.09 15:26:50 | 000,026,712 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\johci.sys -- (johci) DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.12.10 14:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.12.10 14:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.31 17:43:10 | 000,472,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mbm3Mdm.sys -- (Mbm3Mdm) DRV:64bit: - [2010.10.31 17:43:10 | 000,419,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mbm3DevMt.sys -- (Mbm3DevMt) DRV:64bit: - [2010.10.31 17:43:10 | 000,411,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mbm3CBus.sys -- (Mbm3CBus) DRV:64bit: - [2010.10.31 17:43:10 | 000,019,528 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mbm3mdfl.sys -- (Mbm3mdfl) DRV:64bit: - [2010.10.19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.09.29 18:17:27 | 000,084,808 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K) DRV:64bit: - [2010.09.29 18:17:19 | 000,069,320 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS) DRV:64bit: - [2010.02.23 20:25:30 | 000,030,248 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wwussf64.sys -- (ecnssndisfltr) DRV:64bit: - [2010.02.23 20:25:30 | 000,026,664 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wwuss64.sys -- (ecnssndis) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2007.07.11 12:09:56 | 000,112,512 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.wiziwig.tv/competition.php?part=sports&discipline=football IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C5 3B 3B 3B 9D F7 CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2012.07.06 17:19:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 10:35:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.07.07 23:42:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 10:35:03 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.03.01 12:12:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions [2012.05.03 16:04:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\yyakbnvv.default\extensions [2012.05.07 17:50:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.07.19 10:35:03 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.19 21:33:07 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.19 21:33:07 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.19 21:33:07 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.19 21:33:07 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.19 21:33:07 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.19 21:33:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation) O4 - HKLM..\Run: [NUSB3MON] c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A863E9E-0385-40ED-96ED-4CCD1C29EDD0}: DhcpNameServer = 212.186.211.21 195.34.133.21 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{371DD481-2154-40B6-BB4A-CF3D2D4081A4}: NameServer = 194.48.124.202 194.48.124.200 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.07.20 12:13:16 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.) - G:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2006.07.10 20:15:18 | 000,000,046 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{24c2d963-c2a4-11e1-8ec6-100ba9192f8c}\Shell - "" = AutoRun O33 - MountPoints2\{24c2d963-c2a4-11e1-8ec6-100ba9192f8c}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2007.07.20 12:13:16 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{24c2d966-c2a4-11e1-8ec6-100ba9192f8c}\Shell - "" = AutoRun O33 - MountPoints2\{24c2d966-c2a4-11e1-8ec6-100ba9192f8c}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2007.07.20 12:13:16 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{655c5706-7015-11e1-9276-100ba9192f8c}\Shell - "" = AutoRun O33 - MountPoints2\{655c5706-7015-11e1-9276-100ba9192f8c}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2007.07.20 12:13:16 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{655c570d-7015-11e1-9276-100ba9192f8c}\Shell - "" = AutoRun O33 - MountPoints2\{655c570d-7015-11e1-9276-100ba9192f8c}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2007.07.20 12:13:16 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{8a60a049-6443-11e1-951f-e02a82fe4792}\Shell - "" = AutoRun O33 - MountPoints2\{8a60a049-6443-11e1-951f-e02a82fe4792}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{f0ffd864-7b29-11e1-8fb7-100ba9192f8c}\Shell - "" = AutoRun O33 - MountPoints2\{f0ffd864-7b29-11e1-8fb7-100ba9192f8c}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2007.07.20 12:13:16 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{f0ffd866-7b29-11e1-8fb7-100ba9192f8c}\Shell - "" = AutoRun O33 - MountPoints2\{f0ffd866-7b29-11e1-8fb7-100ba9192f8c}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2007.07.20 12:13:16 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\{f0ffd86b-7b29-11e1-8fb7-100ba9192f8c}\Shell - "" = AutoRun O33 - MountPoints2\{f0ffd86b-7b29-11e1-8fb7-100ba9192f8c}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2007.07.20 12:13:16 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2007.07.20 12:13:16 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.02 11:32:54 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe [2012.08.02 11:27:23 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Malwarebytes [2012.08.02 11:27:13 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.08.02 11:27:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.08.02 11:27:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.02 11:17:41 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\backups [2012.08.02 11:12:29 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2012.08.02 10:33:44 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Documents\MATLAB [2012.08.02 10:33:41 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\MathWorks [2012.07.25 13:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner [2012.07.17 19:57:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serious Sam [2012.07.14 16:12:31 | 004,227,072 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stlang64.dll [2012.07.14 16:12:31 | 001,986,048 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapo64.dll [2012.07.14 16:12:31 | 001,424,896 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\sttray64.exe [2012.07.14 16:12:31 | 000,655,872 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapi64.dll [2012.07.14 16:12:31 | 000,535,040 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\drivers\stwrt64.sys [2012.07.14 16:12:31 | 000,446,464 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stcplx64.dll [2012.07.14 16:12:31 | 000,038,400 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\suhlp64.exe [2012.07.14 16:12:30 | 006,126,592 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\IDTNGUI.exe [2012.07.14 16:12:30 | 005,124,096 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\IDTNHP.dll [2012.07.14 16:12:30 | 001,819,136 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\IDTNC64.cpl [2012.07.14 16:12:30 | 001,055,744 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\IDTNX.dll [2012.07.14 16:12:30 | 000,308,736 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stacsv64.exe [2012.07.14 16:12:30 | 000,249,856 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\sluapo64.dll [2012.07.14 16:12:30 | 000,241,664 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\IDTNJ.exe [2012.07.14 16:12:30 | 000,223,744 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\HPToneCtrls64.dll [2012.07.14 16:12:30 | 000,169,472 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\slcshp64.dll [2012.07.14 16:12:30 | 000,160,256 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\sltshd64.dll [2012.07.14 16:12:30 | 000,140,800 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\slh36064.dll [2012.07.14 16:12:30 | 000,088,576 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\IDTPMA64.exe [2012.07.14 16:12:29 | 000,000,000 | ---D | C] -- C:\Program Files\IDT [2012.07.10 13:14:04 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers [2012.07.10 13:14:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung [2012.07.10 13:13:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung [2012.07.10 13:13:13 | 000,158,208 | ---- | C] (Samsung Electronics) -- C:\Windows\SysNative\SUPDSvc2.exe [2012.07.10 13:13:13 | 000,157,184 | ---- | C] (Samsung Electronics) -- C:\Windows\SysNative\SUPDSvcA2.dll [2012.07.10 13:13:13 | 000,089,600 | ---- | C] (SS) -- C:\Windows\SysNative\spd__ci.dll [2012.07.06 17:22:07 | 000,000,000 | ---D | C] -- C:\ProgramData\DigitalPersona [2012.07.06 17:21:37 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\DigitalPersona [2012.07.06 17:21:37 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\DigitalPersona [2012.07.06 17:20:24 | 000,000,000 | ---D | C] -- C:\ProgramData\HPQLOG [2012.07.06 17:19:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrovision [2012.07.06 17:19:55 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\Programs [2012.07.06 17:19:54 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\FLEXnet [2012.07.06 17:19:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\zh-Hant [2012.07.06 17:19:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\zh-Hans [2012.07.06 17:19:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ru [2012.07.06 17:19:49 | 000,000,000 | ---D | C] -- C:\Windows\DPDrv [2012.07.06 17:19:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\zh-Hant [2012.07.06 17:19:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\zh-Hans [2012.07.06 17:19:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ru [2012.07.06 17:19:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ko [2012.07.06 17:19:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ko [2012.07.06 17:19:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ja [2012.07.06 17:19:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ja [2012.07.06 17:19:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\it [2012.07.06 17:19:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\it [2012.07.06 17:19:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\fr [2012.07.06 17:19:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\fr [2012.07.06 17:19:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\es [2012.07.06 17:19:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\es [2012.07.06 17:19:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\cs [2012.07.06 17:19:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\cs [2012.07.06 16:52:18 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C} ========== Files - Modified Within 30 Days ========== [2012.08.02 14:42:02 | 000,022,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.02 14:42:02 | 000,022,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.02 14:39:56 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.02 14:39:56 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.02 14:39:56 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.02 14:39:56 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.02 14:39:56 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.02 14:34:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.02 14:34:47 | 3182,186,496 | -HS- | M] () -- C:\hiberfil.sys [2012.08.02 11:32:55 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe [2012.08.02 11:27:14 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.02 11:25:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.02 11:09:09 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad [2012.07.25 13:16:17 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys [2012.07.18 13:15:18 | 000,000,607 | ---- | M] () -- C:\Users\Thomas\Desktop\SeriousSam - Verknüpfung.lnk [2012.07.14 16:12:23 | 006,126,592 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\IDTNGUI.exe [2012.07.14 16:12:23 | 005,124,096 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\IDTNHP.dll [2012.07.14 16:12:23 | 004,227,072 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\stlang64.dll [2012.07.14 16:12:23 | 001,986,048 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\stapo64.dll [2012.07.14 16:12:23 | 001,819,136 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\IDTNC64.cpl [2012.07.14 16:12:23 | 001,424,896 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\sttray64.exe [2012.07.14 16:12:23 | 001,424,896 | ---- | M] (IDT, Inc.) -- C:\Windows\sttray64.exe [2012.07.14 16:12:23 | 001,055,744 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\IDTNX.dll [2012.07.14 16:12:23 | 000,655,872 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\stapi64.dll [2012.07.14 16:12:23 | 000,535,040 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\drivers\stwrt64.sys [2012.07.14 16:12:23 | 000,446,464 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\stcplx64.dll [2012.07.14 16:12:23 | 000,308,736 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\stacsv64.exe [2012.07.14 16:12:23 | 000,255,488 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\staco64.dll [2012.07.14 16:12:23 | 000,249,856 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\SysNative\sluapo64.dll [2012.07.14 16:12:23 | 000,241,664 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\IDTNJ.exe [2012.07.14 16:12:23 | 000,223,744 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\HPToneCtrls64.dll [2012.07.14 16:12:23 | 000,169,472 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\SysNative\slcshp64.dll [2012.07.14 16:12:23 | 000,160,256 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\SysNative\sltshd64.dll [2012.07.14 16:12:23 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\Presets.bin [2012.07.14 16:12:23 | 000,140,800 | ---- | M] (SRS Labs, Inc.) -- C:\Windows\SysNative\slh36064.dll [2012.07.14 16:12:23 | 000,088,576 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\IDTPMA64.exe [2012.07.14 16:12:23 | 000,077,796 | ---- | M] () -- C:\Windows\SysNative\B-31C3.ini [2012.07.14 16:12:23 | 000,076,693 | ---- | M] () -- C:\Windows\SysNative\B-31C2.ini [2012.07.14 16:12:23 | 000,075,620 | ---- | M] () -- C:\Windows\SysNative\B-31A0.ini [2012.07.14 16:12:23 | 000,075,612 | ---- | M] () -- C:\Windows\SysNative\B-21C0.ini [2012.07.14 16:12:23 | 000,075,610 | ---- | M] () -- C:\Windows\SysNative\B-21D1.ini [2012.07.14 16:12:23 | 000,075,599 | ---- | M] () -- C:\Windows\SysNative\B-32A1.ini [2012.07.14 16:12:23 | 000,075,595 | ---- | M] () -- C:\Windows\SysNative\B-21D0.ini [2012.07.14 16:12:23 | 000,075,591 | ---- | M] () -- C:\Windows\SysNative\B-21B1.ini [2012.07.14 16:12:23 | 000,075,582 | ---- | M] () -- C:\Windows\SysNative\B-21B0.ini [2012.07.14 16:12:23 | 000,075,559 | ---- | M] () -- C:\Windows\SysNative\B-21C1.ini [2012.07.14 16:12:23 | 000,075,557 | ---- | M] () -- C:\Windows\SysNative\B-31C1.ini [2012.07.14 16:12:23 | 000,075,548 | ---- | M] () -- C:\Windows\SysNative\B-31C0.ini [2012.07.14 16:12:23 | 000,075,539 | ---- | M] () -- C:\Windows\SysNative\B-31E0.ini [2012.07.14 16:12:23 | 000,075,535 | ---- | M] () -- C:\Windows\SysNative\B-31D0.ini [2012.07.14 16:12:23 | 000,075,524 | ---- | M] () -- C:\Windows\SysNative\B-31F0.ini [2012.07.14 16:12:23 | 000,075,141 | ---- | M] () -- C:\Windows\SysNative\B-41A0.ini [2012.07.14 16:12:23 | 000,074,026 | ---- | M] () -- C:\Windows\SysNative\B-23B1.ini [2012.07.14 16:12:23 | 000,074,025 | ---- | M] () -- C:\Windows\SysNative\B-24A1.ini [2012.07.14 16:12:23 | 000,074,013 | ---- | M] () -- C:\Windows\SysNative\B-23A1.ini [2012.07.14 16:12:23 | 000,074,005 | ---- | M] () -- C:\Windows\SysNative\B-23A0.ini [2012.07.14 16:12:23 | 000,073,993 | ---- | M] () -- C:\Windows\SysNative\B-23B0.ini [2012.07.14 16:12:23 | 000,073,992 | ---- | M] () -- C:\Windows\SysNative\B-23C0.ini [2012.07.14 16:12:23 | 000,073,950 | ---- | M] () -- C:\Windows\SysNative\B-24A0.ini [2012.07.14 16:12:23 | 000,073,276 | ---- | M] () -- C:\Windows\SysNative\B-02C.ini [2012.07.14 16:12:23 | 000,038,400 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\suhlp64.exe [2012.07.14 16:12:23 | 000,032,578 | ---- | M] () -- C:\Windows\SysNative\2011_SRS_Speaker_L.ini [2012.07.14 16:12:23 | 000,032,578 | ---- | M] () -- C:\Windows\SysNative\2011_BEATS_Speaker_M.ini [2012.07.14 16:12:23 | 000,004,082 | ---- | M] () -- C:\Windows\SysNative\stwrt64.ini [2012.07.14 16:12:23 | 000,000,149 | ---- | M] () -- C:\Windows\SysNative\IDTNGUI.exe.config [2012.07.12 09:33:53 | 000,421,864 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012.08.02 11:27:13 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.02 11:08:53 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad [2012.07.25 13:16:17 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys [2012.07.18 13:15:18 | 000,000,607 | ---- | C] () -- C:\Users\Thomas\Desktop\SeriousSam - Verknüpfung.lnk [2012.07.14 16:12:52 | 000,001,646 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRS Premium Sound.lnk [2012.07.14 16:12:31 | 000,004,082 | ---- | C] () -- C:\Windows\SysNative\stwrt64.ini [2012.07.14 16:12:30 | 000,148,128 | ---- | C] () -- C:\Windows\SysNative\Presets.bin [2012.07.14 16:12:30 | 000,077,796 | ---- | C] () -- C:\Windows\SysNative\B-31C3.ini [2012.07.14 16:12:30 | 000,076,693 | ---- | C] () -- C:\Windows\SysNative\B-31C2.ini [2012.07.14 16:12:30 | 000,075,620 | ---- | C] () -- C:\Windows\SysNative\B-31A0.ini [2012.07.14 16:12:30 | 000,075,612 | ---- | C] () -- C:\Windows\SysNative\B-21C0.ini [2012.07.14 16:12:30 | 000,075,610 | ---- | C] () -- C:\Windows\SysNative\B-21D1.ini [2012.07.14 16:12:30 | 000,075,599 | ---- | C] () -- C:\Windows\SysNative\B-32A1.ini [2012.07.14 16:12:30 | 000,075,595 | ---- | C] () -- C:\Windows\SysNative\B-21D0.ini [2012.07.14 16:12:30 | 000,075,591 | ---- | C] () -- C:\Windows\SysNative\B-21B1.ini [2012.07.14 16:12:30 | 000,075,582 | ---- | C] () -- C:\Windows\SysNative\B-21B0.ini [2012.07.14 16:12:30 | 000,075,559 | ---- | C] () -- C:\Windows\SysNative\B-21C1.ini [2012.07.14 16:12:30 | 000,075,557 | ---- | C] () -- C:\Windows\SysNative\B-31C1.ini [2012.07.14 16:12:30 | 000,075,548 | ---- | C] () -- C:\Windows\SysNative\B-31C0.ini [2012.07.14 16:12:30 | 000,075,539 | ---- | C] () -- C:\Windows\SysNative\B-31E0.ini [2012.07.14 16:12:30 | 000,075,535 | ---- | C] () -- C:\Windows\SysNative\B-31D0.ini [2012.07.14 16:12:30 | 000,075,524 | ---- | C] () -- C:\Windows\SysNative\B-31F0.ini [2012.07.14 16:12:30 | 000,075,141 | ---- | C] () -- C:\Windows\SysNative\B-41A0.ini [2012.07.14 16:12:30 | 000,074,026 | ---- | C] () -- C:\Windows\SysNative\B-23B1.ini [2012.07.14 16:12:30 | 000,074,025 | ---- | C] () -- C:\Windows\SysNative\B-24A1.ini [2012.07.14 16:12:30 | 000,074,013 | ---- | C] () -- C:\Windows\SysNative\B-23A1.ini [2012.07.14 16:12:30 | 000,074,005 | ---- | C] () -- C:\Windows\SysNative\B-23A0.ini [2012.07.14 16:12:30 | 000,073,993 | ---- | C] () -- C:\Windows\SysNative\B-23B0.ini [2012.07.14 16:12:30 | 000,073,992 | ---- | C] () -- C:\Windows\SysNative\B-23C0.ini [2012.07.14 16:12:30 | 000,073,950 | ---- | C] () -- C:\Windows\SysNative\B-24A0.ini [2012.07.14 16:12:30 | 000,073,276 | ---- | C] () -- C:\Windows\SysNative\B-02C.ini [2012.07.14 16:12:30 | 000,032,578 | ---- | C] () -- C:\Windows\SysNative\2011_SRS_Speaker_L.ini [2012.07.14 16:12:30 | 000,032,578 | ---- | C] () -- C:\Windows\SysNative\2011_BEATS_Speaker_M.ini [2012.07.14 16:12:30 | 000,000,149 | ---- | C] () -- C:\Windows\SysNative\IDTNGUI.exe.config [2012.07.10 13:13:51 | 001,558,432 | ---- | C] () -- C:\Windows\TotalUninstaller.exe [2012.07.10 13:13:13 | 000,382,976 | ---- | C] () -- C:\Windows\SysNative\UPDIO2.dll [2012.07.10 13:13:13 | 000,253,440 | ---- | C] () -- C:\Windows\SysNative\SUPDRun.exe [2012.07.10 13:13:13 | 000,151,552 | ---- | C] () -- C:\Windows\SysNative\spd__ci.exe [2012.07.10 13:13:13 | 000,034,304 | ---- | C] () -- C:\Windows\SysNative\spd__l.dll [2012.07.10 13:13:12 | 000,000,357 | ---- | C] () -- C:\Windows\SysNative\spd__l.smt [2012.06.24 20:41:49 | 000,015,109 | ---- | C] () -- C:\Users\Thomas\.recently-used.xbel [2012.05.04 12:21:37 | 000,001,403 | ---- | C] () -- C:\Users\Thomas\LSM2_history.xml [2012.05.04 08:21:06 | 000,000,164 | ---- | C] () -- C:\Users\Thomas\LSM2_config.xml [2012.04.04 19:25:20 | 000,000,337 | ---- | C] () -- C:\Users\Thomas\AppData\Local\Perfmon.PerfmonCfg [2012.03.01 13:01:31 | 000,030,028 | R--- | C] () -- C:\Windows\ConnectionProfiles.dat [2012.03.01 12:33:39 | 000,094,776 | ---- | C] () -- C:\Windows\un_dext.exe [2012.03.01 12:33:39 | 000,087,928 | ---- | C] () -- C:\Windows\SPRemove_x64.exe [2012.03.01 12:33:39 | 000,014,409 | ---- | C] () -- C:\Windows\TWAIN2080.ini [2012.03.01 12:33:39 | 000,003,926 | ---- | C] () -- C:\Windows\Dext_12.ini [2012.03.01 12:33:39 | 000,003,892 | ---- | C] () -- C:\Windows\Dext_27.ini [2012.03.01 12:33:39 | 000,003,884 | ---- | C] () -- C:\Windows\Dext_25.ini [2012.03.01 12:33:39 | 000,003,882 | ---- | C] () -- C:\Windows\Dext_21.ini [2012.03.01 12:33:39 | 000,003,820 | ---- | C] () -- C:\Windows\Dext_11.ini [2012.03.01 12:33:39 | 000,003,802 | ---- | C] () -- C:\Windows\Dext_14.ini [2012.03.01 12:33:39 | 000,003,802 | ---- | C] () -- C:\Windows\Dext_05.ini [2012.03.01 12:33:39 | 000,003,704 | ---- | C] () -- C:\Windows\Dext_10.ini [2012.03.01 12:33:39 | 000,003,700 | ---- | C] () -- C:\Windows\Dext_16.ini [2012.03.01 12:33:39 | 000,003,682 | ---- | C] () -- C:\Windows\Dext_08.ini [2012.03.01 12:33:39 | 000,003,672 | ---- | C] () -- C:\Windows\Dext_31.ini [2012.03.01 12:33:39 | 000,003,648 | ---- | C] () -- C:\Windows\Dext_36.ini [2012.03.01 12:33:39 | 000,003,624 | ---- | C] () -- C:\Windows\Dext_1046.ini [2012.03.01 12:33:39 | 000,003,622 | ---- | C] () -- C:\Windows\Dext_20.ini [2012.03.01 12:33:39 | 000,003,591 | ---- | C] () -- C:\Windows\remove.ini [2012.03.01 12:33:39 | 000,003,588 | ---- | C] () -- C:\Windows\Dext_06.ini [2012.03.01 12:33:39 | 000,003,586 | ---- | C] () -- C:\Windows\Dext_22.ini [2012.03.01 12:33:39 | 000,003,550 | ---- | C] () -- C:\Windows\Dext_19.ini [2012.03.01 12:33:39 | 000,003,550 | ---- | C] () -- C:\Windows\Dext_07.ini [2012.03.01 12:33:39 | 000,003,522 | ---- | C] () -- C:\Windows\Dext_02.ini [2012.03.01 12:33:39 | 000,003,492 | ---- | C] () -- C:\Windows\Dext_24.ini [2012.03.01 12:33:39 | 000,003,450 | ---- | C] () -- C:\Windows\Dext_29.ini [2012.03.01 12:33:39 | 000,003,416 | ---- | C] () -- C:\Windows\Dext_01.ini [2012.03.01 12:33:39 | 000,003,342 | ---- | C] () -- C:\Windows\Dext_30.ini [2012.03.01 12:33:39 | 000,003,220 | ---- | C] () -- C:\Windows\Dext_09.ini [2012.03.01 12:33:39 | 000,003,174 | ---- | C] () -- C:\Windows\Dext_13.ini [2012.03.01 12:33:39 | 000,002,850 | ---- | C] () -- C:\Windows\Dext_04.ini [2012.03.01 12:33:39 | 000,002,750 | ---- | C] () -- C:\Windows\Dext_17.ini [2012.03.01 12:33:39 | 000,002,674 | ---- | C] () -- C:\Windows\Dext_18.ini [2012.03.01 12:33:39 | 000,002,638 | ---- | C] () -- C:\Windows\Dext_2052.ini [2012.03.01 12:02:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.08.24 15:30:30 | 000,000,256 | R--- | C] () -- C:\Windows\SysWow64\DPLic.dll.hpsign [2011.08.24 14:55:46 | 000,000,256 | R--- | C] () -- C:\Windows\SysWow64\DPPassFilter.dll.hpsign [2011.08.24 14:55:46 | 000,000,256 | R--- | C] () -- C:\Windows\SysWow64\DPCrProv.dll.hpsign [2011.08.24 14:55:30 | 000,000,256 | R--- | C] () -- C:\Windows\SysWow64\DPFPApiUI.dll.hpsign [2011.08.24 14:53:44 | 000,000,256 | R--- | C] () -- C:\Windows\SysWow64\DPSCEL.dll.hpsign [2011.08.24 14:53:44 | 000,000,256 | R--- | C] () -- C:\Windows\SysWow64\DPFPApi.dll.hpsign [2011.08.24 14:53:42 | 000,000,256 | R--- | C] () -- C:\Windows\SysWow64\DPClback.dll.hpsign [2011.08.23 11:10:44 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\vcsAPIShared.dll.hpsign [2011.07.12 19:05:52 | 000,008,704 | ---- | C] () -- C:\Windows\HPun2430Version.dll [2011.05.30 22:58:34 | 000,185,168 | ---- | C] () -- C:\Windows\SysWow64\PassThroughOTP.dll [2011.05.30 22:58:34 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\PassThroughOTP.dll.hpsign [2010.12.20 21:27:22 | 000,003,113 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== LOP Check ========== [2012.06.20 13:37:02 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\CadSoft [2012.07.06 17:21:37 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\DigitalPersona [2012.05.09 15:49:43 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Downloaded Installations [2012.08.02 14:37:28 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Dropbox [2012.07.05 11:45:28 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\gtk-2.0 [2012.04.15 21:10:03 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\IDT [2012.05.09 15:52:47 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Nitro PDF [2012.05.11 13:37:33 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Notepad++ [2012.03.01 12:45:04 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Sierra Wireless [2012.03.01 13:50:59 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Synaptics [2012.03.01 15:13:30 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Thunderbird [2012.07.17 23:38:22 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\uTorrent [2012.05.04 13:56:41 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\xm1 [2012.07.09 09:33:20 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
| Themen zu Bundespolizei - Trojaner |
| adobe, antivir, autorun, avg, avira, beseitigung, bho, document, excel, explorer, firefox, flash player, format, helper, langs, logfile, mozilla, object, opera, plug-in, programme, registry, scan, security, sierra, thomas, trojaner, usb, usb 3.0, windows |
Baum-Darstellung