Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Auch mich hat der "Bundespolizei Trojaner" erwischt

Auch mich hat der "Bundespolizei Trojaner" erwischt


Plagegeister aller Art und deren Bekämpfung: Auch mich hat der "Bundespolizei Trojaner" erwischt

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 16.12.2011, 11:34   #1
Aliencook
 
Auch mich hat der "Bundespolizei Trojaner" erwischt - Standard

Auch mich hat der "Bundespolizei Trojaner" erwischt


Hallo,

auch mich hat gerade der "Bundespolizei Trojaner" erwischt.
Habe auf einen DL link in einem Forum geklickt und dann hat sich auch prompt avira gemeldet. Ob es rechtzeitig war kann ich nicht sagen, kurz nach der Avira Meldung kamen die Ukash PopUps mit der bekannten Zahlungsaufforderung.
Durch atrg+alt+entf -> herunterfahren und das abbrechen des herunterfahrens konnte ich zumindest meinen Desktop wieder "entsperren". Task Manager war in der registry disabled, habe ich schon wieder enabled und nach mir nicht bekannten prozessen gesucht, aber nichts gefunden.
Was auch mekrwürdig ist: Programme welche ich minimiere werden nicht in die Taskleiste minimiert sondern bleiben darüber hängen.
Hier mal das Avira Ereignis:
Code:
ATTFilter
16.12.2011 11:00 [Echtzeit Scanner] Malware gefunden
      In der Datei 
      'C:\Users\Flosi\AppData\Local\Mozilla\Firefox\Profiles\817vm644.default\Cache\7\
      4F\91A55d01'
      wurde ein Virus oder unerwünschtes Programm 'EXP/Pidief.aif' [exploit] gefunden.
      Ausgeführte Aktion: Übergeben an Scanner
Avira läuft gerade durch.

Und hier noch die OTL Log:
Code:
ATTFilter
OTL logfile created on: 16.12.2011 11:15:06 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Flosi\Desktop
64bit-Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 51,34% Memory free
8,22 Gb Paging File | 6,02 Gb Available in Paging File | 73,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,17 Gb Total Space | 182,26 Gb Free Space | 30,57% Space Free | Partition Type: NTFS
 
Computer Name: HÖLLENBOCK2 | User Name: Flosi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2011.12.16 11:14:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Flosi\Desktop\OTL.exe
PRC - [2011.12.06 13:14:11 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.11.24 05:59:00 | 002,348,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2011.11.09 18:15:50 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.10.25 10:52:31 | 000,490,448 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\program files (x86)\avira\antivir desktop\avscan.exe
PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.10.11 13:59:36 | 000,306,128 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\program files (x86)\avira\antivir desktop\avcenter.exe
PRC - [2011.07.06 18:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.03.04 11:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\explorer.exe
PRC - [2009.03.06 11:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\SysWOW64\atashost.exe
PRC - [2009.02.10 17:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
PRC - [2008.04.04 18:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
PRC - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2006.07.23 16:55:10 | 001,585,152 | ---- | M] () -- C:\Program Files (x86)\Multimedia Keyboard Driver\PS2USBKbdDrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.11.09 18:15:49 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.10.11 13:59:51 | 000,398,288 | ---- | M] () -- C:\program files (x86)\avira\antivir desktop\sqlite3.dll
MOD - [2011.09.27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2006.07.23 16:55:10 | 001,585,152 | ---- | M] () -- C:\Program Files (x86)\Multimedia Keyboard Driver\PS2USBKbdDrv.exe
MOD - [2006.03.14 08:46:40 | 000,041,078 | ---- | M] () -- C:\Program Files (x86)\Multimedia Keyboard Driver\keydll.dll
MOD - [2004.04.25 09:27:46 | 000,429,568 | ---- | M] () -- C:\Program Files (x86)\Multimedia Keyboard Driver\DLLMKKBD.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.10.12 15:11:48 | 000,094,992 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2010.05.10 22:17:21 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2008.12.15 18:17:42 | 000,069,632 | ---- | M] (Tablet Driver) [Auto | Running] -- C:\Windows\SysNative\Drivers\WTSRV.EXE -- (WinTabService)
SRV:64bit: - [2008.07.29 12:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2011.12.06 13:14:11 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.11.24 05:59:00 | 002,348,864 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.10.10 13:54:27 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.07.06 18:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.05.15 20:25:00 | 004,264,632 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2011.03.04 11:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.04.11 07:28:20 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009.04.11 07:28:20 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009.04.11 07:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.06 11:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\atashost.exe -- (atashost)
SRV - [2009.02.10 17:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC)
SRV - [2009.01.18 16:26:14 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.09.29 12:19:18 | 000,222,720 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2008.09.10 12:31:46 | 000,159,232 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2008.06.13 04:05:48 | 001,539,224 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskNetSrv.exe -- (Autodesk Network Licensing Service)
SRV - [2008.04.04 18:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Service)
SRV - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.09 11:35:53 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.07.06 18:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.05.10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.03.04 11:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.06.23 08:21:34 | 000,318,568 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2010.02.08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.11.04 08:02:05 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.10.01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.07.12 18:21:11 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2009.07.12 18:21:11 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.11.16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\dne64x.sys -- (DNE)
DRV:64bit: - [2008.09.08 14:36:26 | 000,020,992 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\UCTblHid.sys -- (UCTblHid)
DRV:64bit: - [2008.06.27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008.04.22 08:53:36 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys -- (ENTECH64)
DRV:64bit: - [2008.03.13 08:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2007.06.07 17:15:36 | 000,028,672 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\PTSimBus.sys -- (PTSimBus)
DRV:64bit: - [2007.04.23 15:28:40 | 000,014,336 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\PTSimHid.sys -- (PTSimHid)
DRV:64bit: - [2007.04.16 14:14:42 | 000,028,160 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\TClass2k.sys -- (TClass2k)
DRV:64bit: - [2007.03.20 15:14:42 | 000,325,376 | ---- | M] (AfaTech                  ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\AF15BDA.sys -- (AF15BDA)
DRV - [2011.10.12 15:11:44 | 000,157,824 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2011.08.11 11:57:11 | 000,045,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Game\SoftnyxGame\GunboundIS\Gun64.sys -- (Gun)
DRV - [2008.09.29 12:21:34 | 000,040,480 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\nvoclk64.sys -- (NVR0Dev)
DRV - [2008.09.10 12:28:50 | 000,040,992 | ---- | M] (NVidia Corp.) [Kernel | Auto | Running] -- C:\Windows\nvflsh64.sys -- (NVR0FLASHDev)
DRV - [2005.01.04 01:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 26 68 BA CC 14 9A CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: exif_viewer@mozilla.doslash.org:1.60
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16
FF - prefs.js..network.proxy.backup.ftp: "117.6.132.78"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: "117.6.132.78"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "117.6.132.78"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "130.245.191.60"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "213.186.122.27"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.8a: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.09 18:15:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.08 19:22:41 | 000,000,000 | ---D | M]
 
[2009.04.05 10:17:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Flosi\AppData\Roaming\mozilla\Extensions
[2011.12.15 14:09:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Flosi\AppData\Roaming\mozilla\Firefox\Profiles\817vm644.default\extensions
[2010.09.17 18:28:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Flosi\AppData\Roaming\mozilla\Firefox\Profiles\817vm644.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.05.14 22:40:39 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Flosi\AppData\Roaming\mozilla\Firefox\Profiles\817vm644.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2011.11.18 16:18:05 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Flosi\AppData\Roaming\mozilla\Firefox\Profiles\817vm644.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.10.14 19:45:16 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Flosi\AppData\Roaming\mozilla\Firefox\Profiles\817vm644.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.11.10 14:41:31 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Flosi\AppData\Roaming\mozilla\Firefox\Profiles\817vm644.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.02.14 09:29:49 | 000,003,070 | ---- | M] () -- C:\Users\Flosi\AppData\Roaming\Mozilla\Firefox\Profiles\817vm644.default\searchplugins\dotlan-evemaps.xml
[2009.01.10 16:16:22 | 000,002,298 | ---- | M] () -- C:\Users\Flosi\AppData\Roaming\Mozilla\Firefox\Profiles\817vm644.default\searchplugins\lastfm.xml
[2010.03.13 12:55:39 | 000,001,340 | ---- | M] () -- C:\Users\Flosi\AppData\Roaming\Mozilla\Firefox\Profiles\817vm644.default\searchplugins\wikipedia-en.xml
[2009.01.10 13:09:05 | 000,002,109 | ---- | M] () -- C:\Users\Flosi\AppData\Roaming\Mozilla\Firefox\Profiles\817vm644.default\searchplugins\youtube-videosuche.xml
[2011.11.12 11:46:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.11.12 11:46:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\FLOSI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\817VM644.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\FLOSI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\817VM644.DEFAULT\EXTENSIONS\ADMIN@PROXY-LISTEN.DE.XPI
() (No name found) -- C:\USERS\FLOSI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\817VM644.DEFAULT\EXTENSIONS\EXIF_VIEWER@MOZILLA.DOSLASH.ORG.XPI
[2011.11.09 18:15:50 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.06 15:10:27 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.06 15:10:27 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.06 15:10:27 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.06 15:10:27 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.06 15:10:27 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.06 15:10:27 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.12.15 13:45:00 | 000,000,825 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WireLessKeyboard] "C:\Program Files (x86)\Multimedia Keyboard Driver\StartAutorun.exe" PS2USBKbdDrv.exe File not found
O4 - HKCU..\Run: [AdobeBridge]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Flosi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Flosi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}  (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6FB02D1-2539-422B-8200-E1FFE47C89FE}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Flosi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Flosi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.04.12 21:12:05 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{35d9a3d3-5353-11de-87d5-0021855ad6e3}\Shell - "" = AutoRun
O33 - MountPoints2\{35d9a3d3-5353-11de-87d5-0021855ad6e3}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{5845dbf0-dfc4-11dd-affd-0021855ad6e3}\Shell - "" = AutoRun
O33 - MountPoints2\{5845dbf0-dfc4-11dd-affd-0021855ad6e3}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{92b69db6-a148-11de-9000-0021855ad6e3}\Shell - "" = AutoRun
O33 - MountPoints2\{92b69db6-a148-11de-9000-0021855ad6e3}\Shell\AutoRun\command - "" = G:\CDCheck.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.16 11:14:11 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Flosi\Desktop\OTL.exe
[2011.12.15 20:38:40 | 000,000,000 | ---D | C] -- C:\Users\Flosi\AppData\Roaming\OpenRocket
[2011.12.15 13:54:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS5
[2011.12.15 13:30:56 | 000,000,000 | ---D | C] -- C:\Users\Flosi\Desktop\CS5
[2011.12.14 16:54:14 | 000,000,000 | ---D | C] -- C:\Users\Flosi\Desktop\WeTransfer-4U22ZqX6
[2011.12.14 12:23:44 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.12.14 12:23:44 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.12.14 12:23:43 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.12.14 12:23:43 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011.12.14 12:23:43 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011.12.14 12:23:43 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.12.14 12:23:42 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011.12.14 12:23:42 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011.12.14 12:23:41 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011.12.14 12:23:40 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011.12.14 12:23:40 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.12.14 12:22:41 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011.12.14 12:22:39 | 000,559,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011.12.14 12:22:39 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011.12.13 21:20:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.12.13 21:19:42 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.12.13 21:19:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.12.03 21:55:37 | 000,000,000 | ---D | C] -- C:\Users\Flosi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2011.12.03 21:20:27 | 009,622,848 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2011.12.03 21:20:26 | 025,432,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2011.12.03 21:20:26 | 019,348,800 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2011.12.03 21:20:24 | 025,137,472 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2011.12.03 21:20:24 | 017,498,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2011.12.03 21:20:24 | 014,854,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2011.12.03 21:20:24 | 007,974,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2011.12.03 21:20:24 | 005,868,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2011.12.03 21:20:24 | 002,660,160 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2011.12.03 21:20:24 | 002,506,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2011.12.03 21:20:24 | 002,374,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2011.12.03 21:20:24 | 002,206,016 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2011.12.03 21:20:24 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011.12.03 21:20:24 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011.12.02 17:40:01 | 000,000,000 | ---D | C] -- C:\Users\Flosi\AppData\Roaming\GeoSetter
[2011.12.02 17:39:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GeoSetter
[2011.12.02 17:39:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GeoSetter
[2011.12.02 17:39:02 | 000,000,000 | ---D | C] -- C:\Users\Flosi\AppData\Roaming\DesktopIconForAmazon
[2011.11.28 19:33:14 | 000,000,000 | ---D | C] -- C:\Users\Flosi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LinuxLive USB Creator
[2011.11.28 19:33:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LinuxLive USB Creator
[2011.11.24 20:53:18 | 000,000,000 | ---D | C] -- C:\Users\Flosi\Desktop\USB backup
[2011.11.23 10:42:28 | 000,000,000 | ---D | C] -- C:\Users\Flosi\Desktop\Patch loc data
[2011.11.23 10:42:08 | 000,000,000 | ---D | C] -- C:\Users\Flosi\Desktop\normal data
[2011.11.22 12:07:17 | 000,000,000 | ---D | C] -- C:\Users\Flosi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Multimedia Keyboard Driver
[2011.11.22 12:07:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multimedia Keyboard Driver
[2011.11.22 12:07:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Multimedia Keyboard Driver
[2011.11.22 12:06:25 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2011.11.18 16:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.11.16 19:53:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[9 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.16 11:25:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B6D55616-76B3-442B-9F39-95B122CAFEC6}.job
[2011.12.16 11:25:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6822381E-1764-44AD-B5BA-E635967EB7D8}.job
[2011.12.16 11:14:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Flosi\Desktop\OTL.exe
[2011.12.16 11:00:58 | 000,000,858 | ---- | M] () -- C:\Users\Flosi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wpbt0.dll.lnk
[2011.12.16 10:48:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.16 10:26:35 | 000,051,366 | ---- | M] () -- C:\Users\Flosi\Desktop\Grundplan-Layout2 (2).pdf
[2011.12.16 09:38:47 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.16 09:38:46 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.16 09:38:46 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.16 09:38:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.15 22:41:49 | 000,099,998 | ---- | M] () -- C:\Users\Flosi\Desktop\Urkunde Lena.jpg
[2011.12.15 22:40:30 | 004,383,981 | ---- | M] () -- C:\Users\Flosi\Desktop\Urkunde Lena.pdf
[2011.12.15 22:40:03 | 008,265,632 | ---- | M] () -- C:\Users\Flosi\Desktop\Urkunde Lena.psd
[2011.12.15 22:11:27 | 000,539,426 | ---- | M] () -- C:\Users\Flosi\Desktop\Untitled-1.jpg
[2011.12.15 14:56:44 | 000,155,522 | ---- | M] () -- C:\Users\Flosi\Desktop\Illu test2.pdf
[2011.12.15 14:36:40 | 000,055,668 | ---- | M] () -- C:\Users\Flosi\Desktop\Illu test.pdf
[2011.12.15 13:47:23 | 000,001,766 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2011.12.14 21:05:17 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011.12.14 21:05:17 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.12.14 18:29:13 | 000,181,760 | ---- | M] () -- C:\Users\Flosi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.14 16:58:31 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011.12.14 16:53:57 | 018,493,630 | ---- | M] () -- C:\Users\Flosi\Desktop\WeTransfer-4U22ZqX6.zip
[2011.12.14 15:06:10 | 249,452,294 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.12.14 12:34:33 | 004,914,888 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.12.13 21:20:19 | 000,001,694 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.12.13 18:38:44 | 006,556,382 | ---- | M] () -- C:\Users\Flosi\Desktop\UP_uebung6.pdf
[2011.12.13 18:34:04 | 026,247,427 | ---- | M] () -- C:\Users\Flosi\Desktop\Urbanpot_copy.pdf
[2011.12.13 18:31:07 | 031,683,318 | ---- | M] () -- C:\Users\Flosi\Desktop\Urbanpot_.pdf
[2011.12.12 17:12:45 | 000,989,062 | ---- | M] () -- C:\Users\Flosi\Desktop\Untitled 1.c4d
[2011.12.12 17:12:35 | 000,216,181 | ---- | M] () -- C:\Users\Flosi\Desktop\Untitled 1.jpg
[2011.12.12 16:08:47 | 000,929,925 | ---- | M] () -- C:\Users\Flosi\Desktop\Planausschnitt Graz.jpg
[2011.12.11 15:55:20 | 000,162,010 | ---- | M] () -- C:\Users\Flosi\Desktop\comptinedunautreete.pdf
[2011.12.09 17:18:38 | 001,895,753 | ---- | M] () -- C:\Users\Flosi\Desktop\RealSizeOfHooks.pdf
[2011.12.09 11:35:53 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.12.07 21:57:21 | 142,974,844 | ---- | M] () -- C:\Users\Flosi\Desktop\GRAZSued.pdf
[2011.12.07 18:11:44 | 003,469,724 | ---- | M] () -- C:\Users\Flosi\Desktop\Planausschnitt Graz.pdf
[2011.12.07 16:15:14 | 000,874,644 | ---- | M] () -- C:\acadminidump.dmp
[2011.12.06 13:14:11 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.12.03 21:55:37 | 000,000,514 | ---- | M] () -- C:\Users\Flosi\Desktop\Fraps.lnk
[2011.12.01 10:34:13 | 050,371,842 | ---- | M] () -- C:\Users\Flosi\Desktop\Farbschema SP.psd
[2011.12.01 10:33:56 | 009,731,258 | ---- | M] () -- C:\Users\Flosi\Desktop\Farbschema SP.pdf
[2011.12.01 10:19:56 | 000,052,103 | ---- | M] () -- C:\Users\Flosi\Desktop\GRUNDPLAN GRAZ-REININGHAUS (Acad2010)-Layout3.pdf
[2011.12.01 09:54:29 | 000,051,673 | ---- | M] () -- C:\Users\Flosi\Desktop\GRUNDPLAN GRAZ-REININGHAUS (Acad2010)-Layout2.pdf
[2011.11.29 21:22:16 | 005,597,970 | ---- | M] () -- C:\Users\Flosi\Desktop\2011WS_Übung5_SP-2.pdf
[2011.11.29 21:22:07 | 008,178,325 | ---- | M] () -- C:\Users\Flosi\Desktop\2011WS_Übung5_SP-1.pdf
[2011.11.29 13:07:24 | 000,324,486 | ---- | M] () -- C:\Users\Flosi\Desktop\googleearth.jpg
[2011.11.24 05:59:00 | 025,432,384 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2011.11.24 05:59:00 | 025,137,472 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2011.11.24 05:59:00 | 019,348,800 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2011.11.24 05:59:00 | 017,498,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2011.11.24 05:59:00 | 017,474,368 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2011.11.24 05:59:00 | 014,854,464 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2011.11.24 05:59:00 | 009,622,848 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2011.11.24 05:59:00 | 007,974,208 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2011.11.24 05:59:00 | 007,677,248 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2011.11.24 05:59:00 | 005,868,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2011.11.24 05:59:00 | 002,660,160 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2011.11.24 05:59:00 | 002,506,048 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2011.11.24 05:59:00 | 002,403,136 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2011.11.24 05:59:00 | 002,374,464 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2011.11.24 05:59:00 | 002,206,016 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2011.11.24 05:59:00 | 002,095,424 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2011.11.24 05:59:00 | 001,726,272 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2011.11.24 05:59:00 | 001,466,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2011.11.24 05:59:00 | 000,068,928 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011.11.24 05:59:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011.11.24 05:59:00 | 000,007,653 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2011.11.24 03:47:47 | 006,004,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2011.11.24 03:41:24 | 003,028,800 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2011.11.24 03:38:53 | 002,562,368 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2011.11.24 03:38:44 | 000,118,080 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2011.11.24 03:38:44 | 000,063,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2011.11.22 11:56:12 | 000,000,786 | ---- | M] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
[2011.11.18 16:50:11 | 000,002,115 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.11.16 19:53:55 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[9 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.16 11:00:58 | 000,000,858 | ---- | C] () -- C:\Users\Flosi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wpbt0.dll.lnk
[2011.12.16 10:26:34 | 000,051,366 | ---- | C] () -- C:\Users\Flosi\Desktop\Grundplan-Layout2 (2).pdf
[2011.12.15 22:40:56 | 000,099,998 | ---- | C] () -- C:\Users\Flosi\Desktop\Urkunde Lena.jpg
[2011.12.15 22:40:20 | 004,383,981 | ---- | C] () -- C:\Users\Flosi\Desktop\Urkunde Lena.pdf
[2011.12.15 22:40:02 | 008,265,632 | ---- | C] () -- C:\Users\Flosi\Desktop\Urkunde Lena.psd
[2011.12.15 22:11:15 | 000,539,426 | ---- | C] () -- C:\Users\Flosi\Desktop\Untitled-1.jpg
[2011.12.15 14:39:32 | 000,155,522 | ---- | C] () -- C:\Users\Flosi\Desktop\Illu test2.pdf
[2011.12.15 14:36:33 | 000,055,668 | ---- | C] () -- C:\Users\Flosi\Desktop\Illu test.pdf
[2011.12.15 13:53:46 | 000,000,904 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2011.12.14 16:53:48 | 018,493,630 | ---- | C] () -- C:\Users\Flosi\Desktop\WeTransfer-4U22ZqX6.zip
[2011.12.13 21:20:19 | 000,001,694 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.12.13 18:38:41 | 006,556,382 | ---- | C] () -- C:\Users\Flosi\Desktop\UP_uebung6_FRaabe.pdf
[2011.12.13 18:33:50 | 026,247,427 | ---- | C] () -- C:\Users\Flosi\Desktop\Urbanpot_copy.pdf
[2011.12.12 17:28:13 | 031,683,318 | ---- | C] () -- C:\Users\Flosi\Desktop\Urbanpot_.pdf
[2011.12.12 17:12:44 | 000,989,062 | ---- | C] () -- C:\Users\Flosi\Desktop\Untitled 1.c4d
[2011.12.12 17:12:35 | 000,216,181 | ---- | C] () -- C:\Users\Flosi\Desktop\Untitled 1.jpg
[2011.12.12 16:08:45 | 000,929,925 | ---- | C] () -- C:\Users\Flosi\Desktop\Planausschnitt Graz.jpg
[2011.12.11 21:49:09 | 000,089,046 | ---- | C] () -- C:\Users\Flosi\Desktop\160_2006-01-22_Wolters_Pilsener.jpg
[2011.12.11 15:55:19 | 000,162,010 | ---- | C] () -- C:\Users\Flosi\Desktop\comptinedunautreete.pdf
[2011.12.09 17:18:37 | 001,895,753 | ---- | C] () -- C:\Users\Flosi\Desktop\RealSizeOfHooks.pdf
[2011.12.07 21:40:34 | 142,974,844 | ---- | C] () -- C:\Users\Flosi\Desktop\GRAZSued.pdf
[2011.12.07 19:42:36 | 249,452,294 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.12.07 16:15:07 | 000,874,644 | ---- | C] () -- C:\acadminidump.dmp
[2011.12.07 13:12:18 | 003,469,724 | ---- | C] () -- C:\Users\Flosi\Desktop\Planausschnitt Graz.pdf
[2011.12.03 21:55:37 | 000,000,514 | ---- | C] () -- C:\Users\Flosi\Desktop\Fraps.lnk
[2011.12.01 10:34:10 | 050,371,842 | ---- | C] () -- C:\Users\Flosi\Desktop\Farbschema SP.psd
[2011.12.01 10:33:53 | 009,731,258 | ---- | C] () -- C:\Users\Flosi\Desktop\Farbschema SP.pdf
[2011.12.01 10:19:50 | 000,052,103 | ---- | C] () -- C:\Users\Flosi\Desktop\GRUNDPLAN GRAZ-REININGHAUS (Acad2010)-Layout3.pdf
[2011.11.29 21:22:11 | 005,597,970 | ---- | C] () -- C:\Users\Flosi\Desktop\2011WS_Übung5_SP-2.pdf
[2011.11.29 21:21:56 | 008,178,325 | ---- | C] () -- C:\Users\Flosi\Desktop\2011WS_Übung5_SP-1.pdf
[2011.11.29 16:01:45 | 000,051,673 | ---- | C] () -- C:\Users\Flosi\Desktop\GRUNDPLAN GRAZ-REININGHAUS (Acad2010)-Layout2.pdf
[2011.11.29 13:07:24 | 000,324,486 | ---- | C] () -- C:\Users\Flosi\Desktop\googleearth.jpg
[2011.11.22 11:56:12 | 000,000,786 | ---- | C] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
[2011.11.18 16:50:11 | 000,002,115 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.11.07 18:53:44 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.10.29 16:39:35 | 000,011,284 | ---- | C] () -- C:\Users\Flosi\AppData\Roaming\TheHunterSettings_live.bin
[2011.10.29 16:38:08 | 000,000,043 | ---- | C] () -- C:\Users\Flosi\AppData\Roaming\TheHunterSettings_live.cfg
[2011.10.19 18:22:30 | 000,001,766 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011.10.07 16:16:30 | 000,962,560 | ---- | C] () -- C:\Windows\tesseract.exe
[2011.08.17 18:38:45 | 000,001,024 | ---- | C] () -- C:\Users\Flosi\AppData\Roaming\ctfmon.exe
[2011.06.12 10:08:10 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2011.06.12 10:07:59 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\nvTextureToolsUtil.dll
[2011.06.12 10:07:59 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nvISWOW64.dll
[2011.06.01 08:15:17 | 000,000,152 | ---- | C] () -- C:\ProgramData\~45211384r
[2011.06.01 08:15:17 | 000,000,136 | ---- | C] () -- C:\ProgramData\~45211384
[2011.06.01 08:15:14 | 000,000,336 | ---- | C] () -- C:\ProgramData\45211384
[2011.05.21 08:23:34 | 000,000,144 | ---- | C] () -- C:\ProgramData\~40361720r
[2011.05.21 08:23:33 | 000,000,120 | ---- | C] () -- C:\ProgramData\~40361720
[2011.05.21 08:23:31 | 000,000,344 | ---- | C] () -- C:\ProgramData\40361720
[2011.05.10 18:26:35 | 000,270,848 | ---- | C] () -- C:\Windows\UNWISE32.EXE
[2011.05.03 19:39:34 | 000,088,891 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011.03.28 10:25:42 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2010.11.27 21:51:48 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010.11.27 21:51:48 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.11.27 21:51:46 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.11.27 21:51:46 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.11.27 21:51:45 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.08.26 12:23:01 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
[2010.07.15 14:54:56 | 000,137,356 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.03.18 09:15:57 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010.03.18 09:15:35 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010.03.18 09:15:13 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010.02.13 09:37:20 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2009.12.20 20:58:40 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2009.10.10 19:36:39 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009.10.06 19:47:25 | 000,002,423 | ---- | C] () -- C:\Windows\WININIT.INI
[2009.08.23 22:31:48 | 000,000,008 | RHS- | C] () -- C:\ProgramData\D0DEECAEF1.sys
[2009.08.23 14:26:02 | 002,374,658 | ---- | C] () -- C:\Program Files (x86)\2sbvrr5.gif
[2009.04.05 10:23:47 | 000,181,760 | ---- | C] () -- C:\Users\Flosi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.05 10:23:47 | 000,001,460 | ---- | C] () -- C:\Users\Flosi\AppData\Local\d3d9caps64.dat
[2009.04.05 10:23:47 | 000,000,680 | ---- | C] () -- C:\Users\Flosi\AppData\Local\d3d9caps.dat
[2009.02.22 13:04:44 | 000,000,000 | ---- | C] () -- C:\Windows\plugin.ini
[2009.02.02 18:09:08 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009.02.02 18:09:07 | 000,794,408 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2009.02.02 18:09:07 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009.01.18 16:45:17 | 000,003,415 | ---- | C] () -- C:\Windows\Tablet5500x4000.ini
[2009.01.18 16:41:17 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lhtool.exe
[2009.01.11 21:32:00 | 001,576,398 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.01.10 15:34:22 | 000,000,336 | ---- | C] () -- C:\Windows\game.ini
[2009.01.08 16:28:57 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008.01.21 03:47:53 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006.11.02 16:30:41 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.09.19 05:22:32 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\LPubRay.dll
[2006.09.09 16:28:52 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\glut32.dll
[1999.07.07 01:00:00 | 000,000,006 | RHS- | C] () -- C:\ProgramData\D81EDBF9-D167-4011-B77D-211DF920EB80
 
< End of report >

Für Hilfe bedanke ich mich schonmal im Voraus!

Habe mal Malwarebytes durchlaufen lassen, hat tatsächlich 2 Sachen gefunden,
hier der Logfile:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
 
Datenbank Version: 7622
 
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
 
16.12.2011 12:12:55
mbam-log-2011-12-16 (12-12-55).txt
 
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 232866
Laufzeit: 20 Minute(n), 8 Sekunde(n)
 
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2
 
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
 
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateien:
c:\Users\Flosi\AppData\Roaming\ctfmon.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\Flosi\AppData\Local\Temp\wpbt0.dll (Exploit.Drop) -> Quarantined and deleted successfully.
Avira läuft immernoch..

Alt 16.12.2011, 13:44   #2
Aliencook
 
Auch mich hat der "Bundespolizei Trojaner" erwischt - Standard

Auch mich hat der "Bundespolizei Trojaner" erwischt


So, nach einem Neustart scheint das problem behoben, die Taskleiste funktioniert wieder normal, und Malwarebytes findet nichts mehr.
Bin mir allerdings nicht sicher ob damit jetzt alles entfernt ist
__________________
Antwort

Themen zu Auch mich hat der "Bundespolizei Trojaner" erwischt
appdata, avira, avira meldung, cache, canon, code, datei, desktop, exp/pidief.aif, exploit, exploit.drop, firefox, forum, google earth, herunterfahren, langs, launch, link, malware, meldung, mozilla, nvidia update, plug-in, popups, programme, prozesse, registry, scan, studio, tablet, task manager, taskleiste, trojan.agent.ge, trojaner, unerwünschtes programm, version=1.0, virus, visual studio


« Internet über W-Lan langsam, aber über LAN schnell | Aus Sicherheitsgründen ist Windows gesperrt, zahlen sie.... »


Ähnliche Themen: Auch mich hat der "Bundespolizei Trojaner" erwischt


  1. BKA Trojaner hat auch mich erwischt .
    Log-Analyse und Auswertung - 25.10.2014 (5)
  2. Bitte auch um Hilfe bei "Browse to save".. es macht mich wahnsinnig...
    Plagegeister aller Art und deren Bekämpfung - 18.07.2013 (2)
  3. GVU Trojaner - Mich hat es auch erwischt!
    Plagegeister aller Art und deren Bekämpfung - 13.01.2013 (21)
  4. Auch mich aht der GVU Trojaner erwischt
    Plagegeister aller Art und deren Bekämpfung - 03.01.2013 (2)
  5. GVU-Trojaner ... hat mich auch erwischt :(
    Plagegeister aller Art und deren Bekämpfung - 01.01.2013 (9)
  6. GVU-Trojaner hat mich auch erwischt
    Plagegeister aller Art und deren Bekämpfung - 22.10.2012 (7)
  7. Mich hats auch erwischt....Bundespolizei - Computer wurde gesperrt
    Plagegeister aller Art und deren Bekämpfung - 09.08.2012 (5)
  8. Bundespolizei Gruppe 5.2 Trojaner hat mich erwischt
    Log-Analyse und Auswertung - 02.08.2012 (2)
  9. Trojaner "Betriebssystemsperrung" durch Bundespolizei - auch mich hats erwischt
    Plagegeister aller Art und deren Bekämpfung - 18.03.2012 (5)
  10. Bundespolizei Trojaner hat mich erwischt!!
    Plagegeister aller Art und deren Bekämpfung - 14.03.2012 (13)
  11. Virus "System-Check" hat mich erwischt
    Log-Analyse und Auswertung - 06.02.2012 (11)
  12. Trojaner "Mediashiftig" - leider hat es mich auch erwischt...
    Plagegeister aller Art und deren Bekämpfung - 30.12.2011 (7)
  13. Bundespolizei-Virus: mich hat es auch erwischt!
    Log-Analyse und Auswertung - 23.11.2011 (12)
  14. Bundespolizei Trojaner hat mich erwischt
    Plagegeister aller Art und deren Bekämpfung - 15.08.2011 (5)
  15. Nu hat es mich auch erwischt! trojaner
    Plagegeister aller Art und deren Bekämpfung - 10.09.2005 (6)
  16. "about: blank" mich hat es auch erwischt
    Log-Analyse und Auswertung - 27.12.2004 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Auch mich hat der "Bundespolizei Trojaner" erwischt - Hallo, auch mich hat gerade der "Bundespolizei Trojaner" erwischt. Habe auf einen DL link in einem Forum geklickt und dann hat sich auch prompt avira gemeldet. Ob es rechtzeitig war - Auch mich hat der "Bundespolizei Trojaner" erwischt...
Archiv
Du betrachtest: Auch mich hat der "Bundespolizei Trojaner" erwischt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131