Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Bundespolizei Trojaner entfernt - Systembereinigung erfolgreich?

Bundespolizei Trojaner entfernt - Systembereinigung erfolgreich?


Log-Analyse und Auswertung: Bundespolizei Trojaner entfernt - Systembereinigung erfolgreich?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 13.08.2011, 09:20   #1
mattan75
 
Bundespolizei Trojaner entfernt - Systembereinigung erfolgreich? - Standard

Bundespolizei Trojaner entfernt - Systembereinigung erfolgreich?


Hallo zusammen,

auch bei mir hat der Bundespolizei Trojaner zugeschlagen. Konnte mit Taskmanager einen Win7 Neustart im abgesicherten Modus erzwingen und mit Malwarebytes entfernen. Logs im Anhang.

OTL und GMER habe ich ausgeführt, Logs siehe unten. Leider hat OTL mir trotz mehrmaligem Versuch keine Extra.txt erstellt - mach ich etwas falsch?

Wäre sehr dankbar, falls mir jemand von euch helfen könnte, mein System auf weitere bestehende Infizierung zu prüfen - oder ist wirklich bereits alles sauber?


Vielen Dank im Voraus für eure Hilfe!!!

Sämtliche Malwarebytes Logs, die ich bestitze befinden sich im Anhang.

OTL.txt:
Code:
ATTFilter
OTL logfile created on: 13.08.2011 09:44:05 - Run 3
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\*******\Desktop\Systembereinigung
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 70,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 890,41 Gb Total Space | 778,31 Gb Free Space | 87,41% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 29,12 Gb Free Space | 72,81% Space Free | Partition Type: NTFS
 
Computer Name: DESKTOP | User Name: ******* | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.06.28 19:58:46 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.04.28 09:59:58 | 000,220,552 | ---- | M] (Geek Software GmbH) -- C:\Program Files\PDF24\pdf24.exe
PRC - [2011.04.27 18:01:13 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.22 14:21:10 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011.04.22 09:24:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\*******\Desktop\Systembereinigung\OTL.exe
PRC - [2011.03.10 20:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.02.06 17:17:27 | 000,234,784 | ---- | M] (Apple Inc.) -- C:\Program Files\AirPrint\airprint.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.14 13:37:58 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.04.02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010.04.01 23:57:15 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010.01.08 15:23:58 | 000,303,104 | ---- | M] (Wistron Corporation) -- C:\Program Files\RemoteKeySrv\RemoteKeySrv.exe
PRC - [2009.12.09 19:02:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009.11.07 04:46:52 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe
PRC - [2009.07.01 19:03:12 | 002,352,416 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009.07.01 19:03:12 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009.07.01 19:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.04.22 09:24:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\*******\Desktop\Systembereinigung\OTL.exe
MOD - [2010.11.20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2009.07.01 19:03:26 | 000,226,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.06.28 19:58:46 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.28 13:19:39 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011.05.26 14:34:34 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.04.27 18:01:13 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011.03.10 20:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.02.06 17:17:27 | 000,234,784 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\AirPrint\Airprint.exe -- (AirPrint)
SRV - [2010.01.08 15:23:58 | 000,303,104 | ---- | M] (Wistron Corporation) [Auto | Running] -- C:\Program Files\RemoteKeySrv\RemoteKeySrv.exe -- (RemoteKeySrv)
SRV - [2009.12.09 19:02:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009.11.07 04:46:52 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.01 19:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.06.28 19:58:46 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.28 19:58:46 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.04.19 02:00:29 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011.04.19 02:00:28 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011.03.14 17:15:58 | 001,115,240 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2010.12.04 12:33:03 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.04.01 18:20:05 | 000,013,824 | ---- | M] (LoteSoft Co.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\splitcam.sys -- (SPLITCAM)
DRV - [2010.03.29 20:20:26 | 000,223,440 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010.01.07 10:05:26 | 000,182,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009.12.22 14:43:16 | 001,558,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap)
DRV - [2009.12.03 12:26:22 | 009,941,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.10.29 12:20:40 | 000,010,360 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\hidkmdf.sys -- (hidkmdf)
DRV - [2009.10.29 12:20:38 | 000,022,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\NW1950.sys -- (NW1950)
DRV - [2009.10.13 14:03:28 | 000,067,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009.07.01 13:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2009.05.13 13:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\x10ufx2.sys -- (XUIF)
DRV - [2009.05.13 13:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\x10hid.sys -- (X10Hid)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2005.12.08 15:33:40 | 000,004,096 | ---- | M] (Wistron) [Kernel | On_Demand | Running] -- C:\Program Files\RemoteKeySrv\GENPORT.sys -- (genport)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://webmail.*******.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: {99B98C2C-7274-45a3-A640-D9DF1A1C8460}:1.4
FF - prefs.js..extensions.enabledItems: {338B4DFE-2E2C-4338-9E41-E176D497299E}:1.0.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.08.12 23:33:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.12 23:33:54 | 000,000,000 | ---D | M]
 
[2010.03.31 16:53:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*******\AppData\Roaming\mozilla\Extensions
[2010.03.31 16:53:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*******\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.08.05 22:59:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*******\AppData\Roaming\mozilla\Firefox\Profiles\lmsewdbk.default\extensions
[2010.04.01 18:19:15 | 000,000,000 | ---D | M] (SplitCam Toolbar) -- C:\Users\*******\AppData\Roaming\mozilla\Firefox\Profiles\lmsewdbk.default\extensions\{338B4DFE-2E2C-4338-9E41-E176D497299E}
[2011.07.16 19:41:56 | 000,000,000 | ---D | M] (CookieCuller) -- C:\Users\*******\AppData\Roaming\mozilla\Firefox\Profiles\lmsewdbk.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}
[2011.08.01 21:36:17 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\*******\AppData\Roaming\mozilla\Firefox\Profiles\lmsewdbk.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.07.16 19:19:04 | 000,002,101 | ---- | M] () -- C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\lmsewdbk.default\searchplugins\googlede.xml
[2011.06.23 12:41:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.07.16 19:41:34 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.07.16 19:41:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.07.16 19:41:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.07.16 19:41:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.07.16 19:41:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.17 12:51:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) -- 
() (No name found) -- C:\USERS\*******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LMSEWDBK.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
() (No name found) -- C:\USERS\*******\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LMSEWDBK.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
[2011.06.21 20:14:31 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011.07.17 12:51:36 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.03.22 21:23:29 | 000,004,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.22 21:23:29 | 000,004,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011.03.22 21:23:30 | 000,004,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.22 21:23:30 | 000,008,192 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.22 21:23:30 | 000,004,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.22 21:23:30 | 000,004,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.04.26 21:22:13 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\SplitCam Toolbar\tbcore3.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\ccleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: microsoft.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] * in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] * in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: TomTomHOME.exe - hkey= - key= - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)

 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.08.12 23:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\QuickTime
[2011.08.12 23:33:29 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011.07.27 18:26:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2011.07.27 18:26:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Yahoo! Messenger
[2011.07.25 21:33:51 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\Apple Computer
[2011.07.25 21:33:51 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Local\Apple Computer
[2011.07.25 21:33:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\iTunes
[2011.07.25 21:32:20 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011.07.25 21:03:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.07.25 21:03:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.07.25 20:05:19 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011.07.24 23:16:08 | 000,000,000 | ---D | C] -- C:\Users\*******\Documents\VLC
[2011.07.24 15:51:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Google Earth
[2011.07.22 20:20:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011.07.22 20:20:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2011.07.17 12:43:30 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2011.07.17 12:25:20 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\Sasa
[2011.07.17 12:25:20 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\Gyyqo
[2011.07.17 09:24:52 | 000,000,000 | ---D | C] -- C:\AULOGS
[2011.07.16 19:31:13 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2011.07.16 19:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2004.11.24 21:25:52 | 000,335,872 | ---- | C] ( ) -- C:\Windows\System32\drvc.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.08.13 09:41:51 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.08.13 09:41:45 | 000,678,404 | ---- | M] () -- C:\Windows\System32\AAWService__2011_08_13_09_41_45_00004816.dmp
[2011.08.13 09:41:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.13 09:41:42 | 2414,432,256 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.13 09:06:57 | 000,009,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.13 09:06:57 | 000,009,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.13 08:59:33 | 000,672,591 | ---- | M] () -- C:\Windows\System32\AAWService__2011_08_13_08_59_33_000045c6.dmp
[2011.08.13 08:58:32 | 000,000,020 | ---- | M] () -- C:\Users\*******\defogger_reenable
[2011.08.13 08:55:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.13 08:51:38 | 000,678,312 | ---- | M] () -- C:\Windows\System32\AAWService__2011_08_13_08_51_38_000052d0.dmp
[2011.08.12 23:56:03 | 000,673,046 | ---- | M] () -- C:\Windows\System32\AAWService__2011_08_12_23_56_03_00005abc.dmp
[2011.08.12 23:51:15 | 000,670,709 | ---- | M] () -- C:\Windows\System32\AAWService__2011_08_12_23_51_15_00006a56.dmp
[2011.08.12 23:48:09 | 000,679,345 | ---- | M] () -- C:\Windows\System32\AAWService__2011_08_12_23_48_09_00006a75.dmp
[2011.08.12 23:33:41 | 000,001,779 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011.08.12 23:22:03 | 000,677,756 | ---- | M] () -- C:\Windows\System32\AAWService__2011_08_12_23_22_02_00009a99.dmp
[2011.08.11 22:36:59 | 000,655,284 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.08.11 22:36:59 | 000,616,866 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.08.11 22:36:59 | 000,129,824 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.08.11 22:36:59 | 000,106,048 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.08.11 22:22:36 | 000,678,388 | ---- | M] () -- C:\Windows\System32\AAWService__2011_08_11_22_22_36_0000a42a.dmp
[2011.08.11 19:52:51 | 000,670,848 | ---- | M] () -- C:\Windows\System32\AAWService__2011_08_11_19_52_51_000052ff.dmp
[2011.08.10 21:41:35 | 000,671,050 | ---- | M] () -- C:\Windows\System32\AAWService__2011_08_10_21_41_35_0000694c.dmp
[2011.08.10 20:25:16 | 000,000,933 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.08.10 19:27:34 | 000,675,328 | ---- | M] () -- C:\Windows\System32\AAWService__2011_08_10_19_27_34_000052d0.dmp
[2011.08.09 20:06:11 | 000,676,814 | ---- | M] () -- C:\Windows\System32\AAWService__2011_08_09_20_06_11_00005530.dmp
[2011.08.08 18:32:00 | 000,669,928 | ---- | M] () -- C:\Windows\System32\AAWService__2011_08_08_18_32_00_00006a65.dmp
[2011.08.07 09:08:49 | 000,679,827 | ---- | M] () -- C:\Windows\System32\AAWService__2011_08_07_09_08_49_000051e6.dmp
[2011.08.06 15:11:44 | 000,672,947 | ---- | M] () -- C:\Windows\System32\AAWService__2011_08_06_15_11_44_0000557e.dmp
[2011.08.05 17:47:02 | 000,672,604 | ---- | M] () -- C:\Windows\System32\AAWService__2011_08_05_17_47_02_00005169.dmp
[2011.08.04 22:22:49 | 000,675,979 | ---- | M] () -- C:\Windows\System32\AAWService__2011_08_04_22_22_49_000053aa.dmp
[2011.08.03 19:01:30 | 000,680,193 | ---- | M] () -- C:\Windows\System32\AAWService__2011_08_03_19_01_30_00005263.dmp
[2011.08.02 22:12:16 | 000,671,730 | ---- | M] () -- C:\Windows\System32\AAWService__2011_08_02_22_12_15_000054e2.dmp
[2011.08.01 21:35:13 | 000,682,147 | ---- | M] () -- C:\Windows\System32\AAWService__2011_08_01_21_35_13_000053e9.dmp
[2011.08.01 19:59:14 | 000,671,965 | ---- | M] () -- C:\Windows\System32\AAWService__2011_08_01_19_59_14_00005263.dmp
[2011.07.31 11:36:18 | 000,682,378 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_31_11_36_18_0000563a.dmp
[2011.07.30 11:15:48 | 000,680,304 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_30_11_15_48_00005234.dmp
[2011.07.29 20:10:13 | 000,673,301 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_29_20_10_12_00005494.dmp
[2011.07.28 20:39:26 | 000,673,562 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_28_20_39_26_0000531e.dmp
[2011.07.27 21:10:30 | 000,672,909 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_27_21_10_30_0000558e.dmp
[2011.07.27 17:37:42 | 000,673,967 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_27_17_37_42_0000555f.dmp
[2011.07.26 20:45:11 | 000,677,017 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_26_20_45_10_000058b9.dmp
[2011.07.26 18:23:42 | 000,671,601 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_26_18_23_42_000063ff.dmp
[2011.07.25 21:42:32 | 000,169,048 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2011.07.25 21:33:47 | 000,001,717 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.07.25 21:29:07 | 000,678,790 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_25_21_29_06_0000643e.dmp
[2011.07.25 21:01:39 | 000,673,612 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_25_21_01_39_0000618f.dmp
[2011.07.25 20:46:29 | 000,675,776 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_25_20_46_29_00006e9a.dmp
[2011.07.25 19:54:18 | 000,675,876 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_25_19_54_18_00005772.dmp
[2011.07.24 22:42:38 | 000,672,705 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_24_22_42_38_000071b5.dmp
[2011.07.24 15:51:37 | 000,002,134 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.07.24 10:35:58 | 000,674,540 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_24_10_35_58_00005446.dmp
[2011.07.23 13:02:46 | 000,678,464 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_23_13_02_46_00005f2f.dmp
[2011.07.23 09:38:42 | 000,682,507 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_23_09_38_42_00006640.dmp
[2011.07.22 20:23:26 | 000,674,625 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_22_20_23_25_0000a4d6.dmp
[2011.07.22 20:23:15 | 000,471,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.07.22 19:58:50 | 000,677,347 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_22_19_58_50_000056e5.dmp
[2011.07.21 18:10:19 | 000,674,093 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_21_18_10_19_000056f5.dmp
[2011.07.19 07:54:18 | 000,682,673 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_19_07_54_18_00005456.dmp
[2011.07.18 21:41:14 | 000,675,385 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_18_21_41_14_00005d8a.dmp
[2011.07.18 20:58:26 | 000,682,116 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_18_20_58_26_00005965.dmp
[2011.07.18 18:27:07 | 000,673,122 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_18_18_27_07_00005704.dmp
[2011.07.17 18:56:42 | 000,679,637 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_17_18_56_42_00009c2f.dmp
[2011.07.17 09:42:54 | 000,676,376 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_17_09_42_54_00009bf0.dmp
[2011.07.17 09:38:30 | 000,672,769 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_17_09_38_30_0000538b.dmp
[2011.07.17 09:31:14 | 000,672,851 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_17_09_31_14_00005263.dmp
[2011.07.17 09:08:29 | 000,672,211 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_17_09_08_28_000060a5.dmp
[2011.07.17 00:03:35 | 000,676,399 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_17_00_03_35_00006ef7.dmp
[2011.07.16 23:55:39 | 000,679,556 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_16_23_55_39_00007712.dmp
[2011.07.16 23:50:45 | 000,671,711 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_16_23_50_45_000072de.dmp
[2011.07.16 23:29:20 | 000,675,763 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_16_23_29_20_0000533d.dmp
[2011.07.16 19:40:15 | 000,674,679 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_16_19_40_14_00005188.dmp
[2011.07.16 19:11:40 | 000,677,919 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_16_19_11_40_0000952d.dmp
[2011.07.16 18:56:18 | 000,673,634 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_16_18_56_17_0000a968.dmp
[2011.07.16 18:45:32 | 000,674,487 | ---- | M] () -- C:\Windows\System32\AAWService__2011_07_16_18_45_32_00007d88.dmp
[2011.07.14 19:03:38 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011.07.14 19:03:38 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
 
========== Files Created - No Company Name ==========
 
[2011.08.13 09:41:45 | 000,678,404 | ---- | C] () -- C:\Windows\System32\AAWService__2011_08_13_09_41_45_00004816.dmp
[2011.08.13 08:59:33 | 000,672,591 | ---- | C] () -- C:\Windows\System32\AAWService__2011_08_13_08_59_33_000045c6.dmp
[2011.08.13 08:58:12 | 000,000,020 | ---- | C] () -- C:\Users\*******\defogger_reenable
[2011.08.13 08:51:38 | 000,678,312 | ---- | C] () -- C:\Windows\System32\AAWService__2011_08_13_08_51_38_000052d0.dmp
[2011.08.12 23:56:03 | 000,673,046 | ---- | C] () -- C:\Windows\System32\AAWService__2011_08_12_23_56_03_00005abc.dmp
[2011.08.12 23:51:15 | 000,670,709 | ---- | C] () -- C:\Windows\System32\AAWService__2011_08_12_23_51_15_00006a56.dmp
[2011.08.12 23:48:09 | 000,679,345 | ---- | C] () -- C:\Windows\System32\AAWService__2011_08_12_23_48_09_00006a75.dmp
[2011.08.12 23:33:41 | 000,001,779 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011.08.12 23:22:02 | 000,677,756 | ---- | C] () -- C:\Windows\System32\AAWService__2011_08_12_23_22_02_00009a99.dmp
[2011.08.11 22:22:36 | 000,678,388 | ---- | C] () -- C:\Windows\System32\AAWService__2011_08_11_22_22_36_0000a42a.dmp
[2011.08.11 19:52:51 | 000,670,848 | ---- | C] () -- C:\Windows\System32\AAWService__2011_08_11_19_52_51_000052ff.dmp
[2011.08.10 21:41:35 | 000,671,050 | ---- | C] () -- C:\Windows\System32\AAWService__2011_08_10_21_41_35_0000694c.dmp
[2011.08.10 19:27:34 | 000,675,328 | ---- | C] () -- C:\Windows\System32\AAWService__2011_08_10_19_27_34_000052d0.dmp
[2011.08.09 20:06:11 | 000,676,814 | ---- | C] () -- C:\Windows\System32\AAWService__2011_08_09_20_06_11_00005530.dmp
[2011.08.08 18:32:00 | 000,669,928 | ---- | C] () -- C:\Windows\System32\AAWService__2011_08_08_18_32_00_00006a65.dmp
[2011.08.07 09:08:49 | 000,679,827 | ---- | C] () -- C:\Windows\System32\AAWService__2011_08_07_09_08_49_000051e6.dmp
[2011.08.06 15:11:44 | 000,672,947 | ---- | C] () -- C:\Windows\System32\AAWService__2011_08_06_15_11_44_0000557e.dmp
[2011.08.05 17:47:02 | 000,672,604 | ---- | C] () -- C:\Windows\System32\AAWService__2011_08_05_17_47_02_00005169.dmp
[2011.08.04 22:22:49 | 000,675,979 | ---- | C] () -- C:\Windows\System32\AAWService__2011_08_04_22_22_49_000053aa.dmp
[2011.08.03 19:01:30 | 000,680,193 | ---- | C] () -- C:\Windows\System32\AAWService__2011_08_03_19_01_30_00005263.dmp
[2011.08.02 22:12:15 | 000,671,730 | ---- | C] () -- C:\Windows\System32\AAWService__2011_08_02_22_12_15_000054e2.dmp
[2011.08.01 21:35:13 | 000,682,147 | ---- | C] () -- C:\Windows\System32\AAWService__2011_08_01_21_35_13_000053e9.dmp
[2011.08.01 19:59:14 | 000,671,965 | ---- | C] () -- C:\Windows\System32\AAWService__2011_08_01_19_59_14_00005263.dmp
[2011.07.31 11:36:18 | 000,682,378 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_31_11_36_18_0000563a.dmp
[2011.07.30 11:15:48 | 000,680,304 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_30_11_15_48_00005234.dmp
[2011.07.29 20:10:12 | 000,673,301 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_29_20_10_12_00005494.dmp
[2011.07.28 20:39:26 | 000,673,562 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_28_20_39_26_0000531e.dmp
[2011.07.27 21:10:30 | 000,672,909 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_27_21_10_30_0000558e.dmp
[2011.07.27 17:37:42 | 000,673,967 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_27_17_37_42_0000555f.dmp
[2011.07.26 20:45:10 | 000,677,017 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_26_20_45_10_000058b9.dmp
[2011.07.26 18:23:42 | 000,671,601 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_26_18_23_42_000063ff.dmp
[2011.07.25 21:42:32 | 000,169,048 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011.07.25 21:33:47 | 000,001,717 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.07.25 21:29:06 | 000,678,790 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_25_21_29_06_0000643e.dmp
[2011.07.25 21:01:39 | 000,673,612 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_25_21_01_39_0000618f.dmp
[2011.07.25 20:50:39 | 000,001,552 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\iTunes
[2011.07.25 20:46:29 | 000,675,776 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_25_20_46_29_00006e9a.dmp
[2011.07.25 19:54:18 | 000,675,876 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_25_19_54_18_00005772.dmp
[2011.07.24 22:42:38 | 000,672,705 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_24_22_42_38_000071b5.dmp
[2011.07.24 15:51:37 | 000,002,134 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.07.24 10:35:58 | 000,674,540 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_24_10_35_58_00005446.dmp
[2011.07.23 13:02:46 | 000,678,464 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_23_13_02_46_00005f2f.dmp
[2011.07.23 09:38:42 | 000,682,507 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_23_09_38_42_00006640.dmp
[2011.07.22 20:23:25 | 000,674,625 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_22_20_23_25_0000a4d6.dmp
[2011.07.22 19:58:50 | 000,677,347 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_22_19_58_50_000056e5.dmp
[2011.07.21 18:10:19 | 000,674,093 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_21_18_10_19_000056f5.dmp
[2011.07.19 07:54:18 | 000,682,673 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_19_07_54_18_00005456.dmp
[2011.07.18 21:41:14 | 000,675,385 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_18_21_41_14_00005d8a.dmp
[2011.07.18 20:58:26 | 000,682,116 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_18_20_58_26_00005965.dmp
[2011.07.18 18:27:07 | 000,673,122 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_18_18_27_07_00005704.dmp
[2011.07.17 18:56:42 | 000,679,637 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_17_18_56_42_00009c2f.dmp
[2011.07.17 12:08:39 | 000,001,880 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2011.07.17 12:08:39 | 000,001,859 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2011.07.17 12:08:39 | 000,001,838 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2011.07.17 09:42:54 | 000,676,376 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_17_09_42_54_00009bf0.dmp
[2011.07.17 09:38:30 | 000,672,769 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_17_09_38_30_0000538b.dmp
[2011.07.17 09:31:14 | 000,672,851 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_17_09_31_14_00005263.dmp
[2011.07.17 09:08:28 | 000,672,211 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_17_09_08_28_000060a5.dmp
[2011.07.17 00:03:35 | 000,676,399 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_17_00_03_35_00006ef7.dmp
[2011.07.16 23:55:39 | 000,679,556 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_16_23_55_39_00007712.dmp
[2011.07.16 23:50:45 | 000,671,711 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_16_23_50_45_000072de.dmp
[2011.07.16 23:29:20 | 000,675,763 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_16_23_29_20_0000533d.dmp
[2011.07.16 19:40:14 | 000,674,679 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_16_19_40_14_00005188.dmp
[2011.07.16 19:11:40 | 000,677,919 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_16_19_11_40_0000952d.dmp
[2011.07.16 18:56:17 | 000,673,634 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_16_18_56_17_0000a968.dmp
[2011.07.16 18:45:32 | 000,674,487 | ---- | C] () -- C:\Windows\System32\AAWService__2011_07_16_18_45_32_00007d88.dmp
[2011.04.21 22:53:54 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.04.21 22:53:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.04.21 22:53:54 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.04.21 22:53:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.04.21 22:53:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.04.21 22:38:47 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011.04.21 20:28:55 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.04.21 20:28:55 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011.04.05 22:10:18 | 000,393,256 | ---- | C] () -- C:\Windows\System32\CNQ4809N.DAT
[2010.12.05 11:27:04 | 025,989,120 | ---- | C] () -- C:\Users\*******\AppData\Local\AuGTU.mp4
[2010.10.17 13:31:26 | 065,169,605 | ---- | C] () -- C:\Program Files\altu.flv
[2010.05.15 18:35:36 | 000,056,320 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[2010.05.13 18:04:27 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2010.04.18 10:44:54 | 000,003,584 | ---- | C] () -- C:\Users\*******\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.01 18:34:49 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.03.30 01:46:29 | 000,237,568 | ---- | C] () -- C:\Windows\System32\rmc_rtspdl.dll
[2010.03.30 00:15:54 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.03.29 21:27:29 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.03.03 02:00:00 | 001,449,935 | ---- | C] () -- C:\Windows\System32\ffmpegmt.dll
[2010.03.03 02:00:00 | 000,882,688 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.03.03 02:00:00 | 000,336,384 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2010.03.03 02:00:00 | 000,324,096 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2010.03.03 02:00:00 | 000,248,320 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2010.03.03 02:00:00 | 000,216,576 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2010.03.03 02:00:00 | 000,169,984 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2010.03.03 02:00:00 | 000,151,552 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2010.03.03 02:00:00 | 000,145,408 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2010.03.03 02:00:00 | 000,121,856 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2010.03.03 02:00:00 | 000,116,736 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2010.03.03 02:00:00 | 000,097,792 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2010.01.10 07:44:49 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.01.08 10:39:19 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2010.01.08 10:05:02 | 000,149,504 | ---- | C] () -- C:\Windows\unwise32_setup.exe
[2010.01.08 10:05:02 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2010.01.08 09:57:53 | 000,013,224 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE3.DAT
[2010.01.07 10:22:31 | 000,007,648 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll
[2010.01.07 10:22:31 | 000,000,480 | ---- | C] () -- C:\Windows\11317231_001416BE_ca.bin
[2010.01.07 10:22:31 | 000,000,480 | ---- | C] () -- C:\Windows\11317231_001316BE_ca.bin
[2010.01.07 10:22:31 | 000,000,480 | ---- | C] () -- C:\Windows\11317231_001216BE_ca.bin
[2009.12.03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.12.03 00:50:04 | 000,041,808 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2009.12.03 00:50:00 | 000,330,344 | ---- | C] () -- C:\Windows\System32\easyUpdatusAPIU.dll
[2009.11.14 20:37:08 | 000,154,112 | ---- | C] () -- C:\Windows\System32\ts.dll
[2009.11.14 20:33:40 | 000,357,888 | ---- | C] () -- C:\Windows\System32\gdsmux.exe
[2009.11.14 20:33:38 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2009.11.14 20:11:50 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll
[2009.11.14 20:11:42 | 000,150,016 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2009.11.14 20:11:42 | 000,141,824 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2009.11.14 20:11:40 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2009.11.14 20:11:40 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll
[2009.11.14 20:11:38 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll
[2009.11.14 20:11:36 | 000,136,704 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe
[2009.11.14 20:11:36 | 000,113,152 | ---- | C] () -- C:\Windows\System32\dsmux.exe
[2009.11.14 20:11:32 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2009.11.14 20:11:32 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2009.10.29 12:20:42 | 008,824,824 | ---- | C] () -- C:\Windows\System32\drivers\NWTransLib.sys
[2009.10.29 12:20:38 | 000,022,392 | ---- | C] () -- C:\Windows\System32\drivers\NW1950.sys
[2009.08.11 23:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\System32\ac3config.exe
[2009.08.03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.07.14 10:47:43 | 000,655,284 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,129,824 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,471,264 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,616,866 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,106,048 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.06.07 18:24:04 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.01.11 00:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll
[2008.12.19 17:15:58 | 004,338,246 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2008.12.17 19:41:18 | 000,884,237 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2008.12.17 19:22:58 | 000,093,184 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2008.12.17 19:22:48 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008.12.17 19:17:34 | 000,239,247 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2008.12.17 18:59:54 | 000,560,802 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.06.04 06:53:14 | 000,026,624 | ---- | C] () -- C:\Windows\System32\sst3cl3.dll
[2007.10.13 11:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini
[2006.11.02 18:10:16 | 000,080,912 | ---- | C] () -- C:\Windows\System32\sherlock2.exe
[2004.10.03 19:50:54 | 000,129,024 | ---- | C] () -- C:\Windows\System32\ff_mpeg2enc.dll
 
========== LOP Check ==========
 
[2010.10.31 15:57:43 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\calibre
[2011.04.05 22:20:39 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Canon
[2010.04.12 18:39:24 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\CD-LabelPrint
[2011.07.10 23:34:48 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\DAEMON Tools Lite
[2011.06.12 18:08:09 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Dropbox
[2011.01.24 00:24:04 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\GrabPro
[2011.07.18 20:59:34 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Gyyqo
[2010.10.02 17:07:58 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\ICQ
[2011.01.24 00:36:37 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Orbit
[2011.07.16 19:41:56 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\PowerCinema
[2011.01.23 20:00:33 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\ProgSense
[2011.07.17 12:45:09 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Sasa
[2010.03.31 16:53:54 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\TomTom
[2010.09.19 17:47:05 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\TrueCrypt
[2011.06.28 21:38:31 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.06.09 22:22:32 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011.07.17 09:25:08 | 000,000,000 | ---D | M] -- C:\AULOGS
[2010.03.29 17:21:22 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.01.23 20:00:33 | 000,000,000 | ---D | M] -- C:\Downloads
[2010.01.08 09:32:52 | 000,000,000 | ---D | M] -- C:\Intel
[2010.03.29 21:11:59 | 000,000,000 | R--D | M] -- C:\MSOCache
[2011.08.12 23:33:29 | 000,000,000 | ---D | M] -- C:\Program Files
[2011.07.27 18:26:49 | 000,000,000 | ---D | M] -- C:\ProgramData
[2010.03.29 17:21:22 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.04.26 21:24:18 | 000,000,000 | ---D | M] -- C:\Qoobox
[2010.03.29 17:21:22 | 000,000,000 | ---D | M] -- C:\Recovery
[2011.08.11 22:34:43 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.07.16 19:42:38 | 000,000,000 | R--D | M] -- C:\Users
[2011.08.13 09:44:14 | 000,000,000 | ---D | M] -- C:\Windows
[2011.04.25 17:05:32 | 000,000,000 | ---D | M] -- C:\_OTL
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\ERDNT\cache\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-08-11 20:38:55
 
<           >

< End of report >
GMER.txt:
Code:
ATTFilter
GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-08-13 09:36:22
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD10 rev.80.0
Running: g2m3e4r.exe; Driver: C:\Users\*******\AppData\Local\Temp\fwldapoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKey + 13D1                                                                         83293349 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                832CCD52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE            peauth.sys                                                                                            9E36DBEC 111 Bytes  JMP 4666CA22 

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\BTHUSB \Device\00000090                                                                       bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device          \Driver\BTHUSB \Device\00000090                                                                       bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device          \Driver\BTHUSB \Device\00000092                                                                       bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device          \Driver\BTHUSB \Device\00000092                                                                       bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device          \Driver\ACPI_HAL \Device\0000004d                                                                     halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3a14f3d                           
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3a15499                           
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd6033cb2                           
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                   0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                   0
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                0xA2 0xC4 0x49 0xF4 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3a14f3d (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3a15499 (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd6033cb2 (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                       0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                       0
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                    0xA2 0xC4 0x49 0xF4 ...
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System                                                 
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OOSAFEERASE04.00.00.01MSWINDOWS                 0DCA2D38AAC82F9F01ADBA02A26CA80B243744DB67F39D5C2552B2957B163C93D291408F77FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CBA7FD869164D6794BA7FD869164D67944DC90C7E176435D7B5884736BF660771E6ECE2E676DBF6615D3516A2E81587361B530287B0EB3174CB9DB73ED93807A228050085B34FADDA386087557B1727F5E048C48C4A2AE8BEBB7DBCAA5C0CC63944E896A62765277959A4F545BBDB918A0513B00C7CF38165998BCBBF9E7F12F39E17CD6F8426752C8EB65F18DA74BD3462423ACF947E751A6DCFEB032B9188968BADE34731F97A681AEFD437BCD17239C889E85F95E51293B4763940BF271BE753732A5ACA2D6EA6B04FFE4E79CACDE3F9BFD78934A9788DDDCEE506508892363450841920F25DE37DF596D05E194080AEDF3561D9AE1F464ECC34A801E3884D5ED2EE3735DF27211EA9E9716BDB0DE01008C5BCA33ACF005B097D3FAE46EB05F6A974AD416D7EE124D45B2B5594CF5C3EFB61B46379A802D4BEADA3E7A70032972C37382FF86CAE1706E1B904AAF2C9CCA170A820791B16F74EC3F46C5EDA30CCD06C569EC34C95EFED86209568380AC085F4B990306D8BF93CD698B526E7E097365CCB6474CDA61DE16921597BB47B1754024F2474B7B5022E0

---- Files - GMER 1.0.15 ----

File            C:\Windows\assembly\NativeImages_v2.0.50727_32\index677.dat                                           0 bytes
File            C:\Windows\assembly\NativeImages_v2.0.50727_32\index678.dat                                           0 bytes
File            C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4C8A.tmp                                       0 bytes

---- EOF - GMER 1.0.15 ----

 

Themen zu Bundespolizei Trojaner entfernt - Systembereinigung erfolgreich?
ad-aware, antivir, avira, bingbar, bonjour, c:\windows\system32\rundll32.exe, canon, defender, error, explorer, firefox, format, hilfe!!, home, index, locker, logfile, mahmud.exe, mbamservice.exe, mozilla, nodrives, nvlddmkm.sys, plug-in, realtek, registry, rundll, scan, software, sptd.sys, start menu, system, taskmanager, trojaner, windows


« TR/EyeStye.N.313 + JAVA/Dldr.Tharra.G gefunden... Was ist zu tun? | Logfiles (Vermutung Botnetzwerk oder ähnliches) »


Ähnliche Themen: Bundespolizei Trojaner entfernt - Systembereinigung erfolgreich?


  1. Bikiniland Trojaner erfolgreich entfernt?
    Log-Analyse und Auswertung - 12.02.2015 (9)
  2. Windows 7 & BKA Trojaner 1.18 -> Nur teilweise erfolgreich entfernt
    Plagegeister aller Art und deren Bekämpfung - 03.02.2015 (5)
  3. BKA Trojaner erfolgreich entfernt ! Langsames Hochfahren und Spiel nicht mehr Spielbar!
    Plagegeister aller Art und deren Bekämpfung - 01.12.2012 (0)
  4. GVU erfolgreich entfernt?
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (5)
  5. Bundespolizei-Trojaner erfolgreich(?) entfernt mit MalwareB. l Echtzeitschutz nicht mehr aktivierbar
    Plagegeister aller Art und deren Bekämpfung - 21.08.2012 (31)
  6. GVU Trojaner erfolgreich entfernt?
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (9)
  7. GVU-Trojaner erfolgreich entfernt?! Und jetzt?!
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (2)
  8. Windows Update Trojaner erfolgreich entfernt, viele Dateien sind gesperrt, was nun ?
    Log-Analyse und Auswertung - 16.06.2012 (3)
  9. Habe den Virus mit der Bundespolizei erfolgreich entfernt..... Aber bin ich sicher?
    Plagegeister aller Art und deren Bekämpfung - 09.08.2011 (1)
  10. Bundespolizei-Virus erfolgreich entfernt
    Plagegeister aller Art und deren Bekämpfung - 07.08.2011 (2)
  11. AntiVir meldete verschiedene Trojaner - habe ich sie erfolgreich entfernt?
    Plagegeister aller Art und deren Bekämpfung - 13.12.2010 (19)
  12. trojaner, erfolgreich entfernt?
    Log-Analyse und Auswertung - 10.01.2010 (7)
  13. Trojaner erfolgreich entfernt?
    Plagegeister aller Art und deren Bekämpfung - 18.11.2009 (8)
  14. Keylogger erfolgreich entfernt??
    Log-Analyse und Auswertung - 14.10.2009 (4)
  15. Trojaner und Rootkit erfolgreich entfernt???
    Log-Analyse und Auswertung - 24.03.2009 (0)
  16. Trojaner erfolgreich entfernt (wenn auch sehr mühsam)
    Log-Analyse und Auswertung - 23.01.2006 (2)
  17. Trojaner drop.agent erfolgreich entfernt? Hijack Logfile
    Log-Analyse und Auswertung - 08.05.2005 (7)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Bundespolizei Trojaner entfernt - Systembereinigung erfolgreich? - Hallo zusammen, auch bei mir hat der Bundespolizei Trojaner zugeschlagen. Konnte mit Taskmanager einen Win7 Neustart im abgesicherten Modus erzwingen und mit Malwarebytes entfernen. Logs im Anhang. OTL und GMER - Bundespolizei Trojaner entfernt - Systembereinigung erfolgreich?...
Archiv
Du betrachtest: Bundespolizei Trojaner entfernt - Systembereinigung erfolgreich? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19