Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
BMI Raubkopie Trojaner

BMI Raubkopie Trojaner


Log-Analyse und Auswertung: BMI Raubkopie Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 16.05.2012, 23:03   #1
marcinmarcin
 
BMI Raubkopie Trojaner - Standard

BMI Raubkopie Trojaner


Hallo alle zusammen!

Ich habe das Forum bereits durchstöbert und konnte einige ähnliche Themen finden, allerdings führten diese zu keiner Lösung in meinem Fall.

Folgendes: Beim Surfem im Net habe ich auf einmal einen Weißen Bildschirm von BMI ich hätte Raubkopien auf meinem Rechner, auch ich habe sofort die WLAN Verbindung getrennt.
Nun kann ich mich zwar am Rechner anmelden allerdings erscheint immer dieser weiße Bildschirm mit den zwei Zeilen: Connection could not be established und dann die deutsche Übersetzung dazu.

Ich hoffe ihr könnt mir weiter helfen, außerdem würde ich gerne wissen wie die chancen stehen, dass der Rechner wieder läuft?

ich habe bereits eine OTL File erstellt weil ich im abgesicherten Modus arbeiten kann, diese sieht folgendermaßen aus:

OTL logfile created on: 16.05.2012 23:42:50 - Run 3
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Hase
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

3,49 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 85,94% Memory free
6,98 Gb Paging File | 6,50 Gb Available in Paging File | 93,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1346,17 Gb Total Space | 1147,50 Gb Free Space | 85,24% Space Free | Partition Type: NTFS
Drive D: | 50,00 Gb Total Space | 0,00 Gb Free Space | 0,01% Space Free | Partition Type: NTFS
Drive E: | 3,39 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: HASE-PC | User Name: Hase | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.05.16 22:44:40 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Hase\OTL.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012.03.15 18:52:56 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2012.01.24 13:50:46 | 000,168,864 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\WireHelpSvc.exe -- (WireHelpSvc)
SRV:64bit: - [2011.10.14 02:44:36 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011.10.13 22:30:42 | 000,204,288 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012.05.16 17:06:09 | 000,530,216 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.05.05 12:24:09 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.05 10:40:36 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.03.15 18:26:27 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2012.03.15 14:40:33 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.02.29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.31 09:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.01.31 09:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.09.28 02:47:38 | 000,025,824 | ---- | M] (Memeo) [Auto | Stopped] -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006.12.21 07:30:02 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2006.08.22 01:00:20 | 000,316,992 | ---- | M] (SafeNet, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.04.27 10:24:12 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.31 09:56:33 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.01.31 09:56:33 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.01.24 13:50:38 | 000,147,472 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC)
DRV:64bit: - [2011.10.18 02:40:50 | 000,093,712 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.10.13 23:37:28 | 010,496,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.10.13 21:52:48 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.09.29 18:30:34 | 000,646,248 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.09.16 17:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.08.17 22:44:46 | 000,053,376 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011.07.15 22:53:54 | 000,214,144 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011.07.15 22:53:54 | 000,096,896 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011.06.16 21:08:26 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011.06.16 21:08:24 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011.06.01 04:17:34 | 000,848,384 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192cu.sys -- (RTL8192cu)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.08 11:53:38 | 000,025,528 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ESLvnic.sys -- (ESLvnic1)
DRV:64bit: - [2010.11.25 15:59:00 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.11 02:11:00 | 001,924,096 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2010.09.23 22:03:06 | 000,129,008 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2010.02.18 19:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.06.27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008.03.14 07:56:46 | 000,073,136 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.08.14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {7C5F2ED6-4662-4CDC-9673-190C429C530C}
IE - HKCU\..\SearchScopes\{7C5F2ED6-4662-4CDC-9673-190C429C530C}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNF_enDE393
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.at"
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.05 10:40:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012.03.13 16:46:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hase\AppData\Roaming\mozilla\Extensions
[2012.05.15 20:30:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hase\AppData\Roaming\mozilla\Firefox\Profiles\21rhj0q6.default\extensions
[2012.03.16 12:15:15 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Hase\AppData\Roaming\mozilla\Firefox\Profiles\21rhj0q6.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.06 23:07:38 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Hase\AppData\Roaming\mozilla\Firefox\Profiles\21rhj0q6.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2012.05.15 20:30:01 | 000,000,000 | ---D | M] ("RewardsArcade") -- C:\Users\Hase\AppData\Roaming\mozilla\Firefox\Profiles\21rhj0q6.default\extensions\crossriderapp498@crossrider.com
[2012.03.13 16:46:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.05.05 10:40:36 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.16 13:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.16 12:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.16 13:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.16 13:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.16 13:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.16 13:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2012.03.14 11:56:50 | 000,001,298 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (RewardsArcade) - {11111111-1111-1111-1111-110011041198} - C:\Program Files (x86)\RewardsArcade\RewardsArcade.dll (215 Apps)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [AdobeBridge] C:\Program Files (x86)\Adobe\Adobe Bridge CS4\Bridge.exe (Adobe Systems, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Microsoft] C:\Users\Hase\AppData\Roaming\Game.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [ZZChw4ZycSefR9n] C:\Users\Hase\AppData\Roaming\BSI.bund.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Hase\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Hase\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O9:64bit: - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9 - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9 - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1668BC16-EFDE-423B-B335-3CAA6A8DF01A}: DhcpNameServer = 212.186.211.21 195.34.133.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C6D8BA7-9744-43B3-A128-92839419E727}: DhcpNameServer = 212.186.211.21 195.34.133.21
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.10.08 12:21:18 | 001,795,440 | R--- | M] () - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2006.03.02 18:58:48 | 000,000,047 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{9fa967be-6cc8-11e1-aa5d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9fa967be-6cc8-11e1-aa5d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2010.10.08 12:21:18 | 001,795,440 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.05.16 23:06:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.05.16 23:02:49 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Hase\OTL.exe
[2012.05.13 10:10:12 | 000,000,000 | ---D | C] -- C:\Users\Hase\Hochzeit
[2012.05.13 09:59:31 | 000,000,000 | ---D | C] -- C:\Users\Hase\Desktop\Ronni Zubau
[2012.05.13 09:56:23 | 000,000,000 | ---D | C] -- C:\Users\Hase\Hist Museum
[2012.05.11 02:31:51 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.05.11 02:31:50 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.05.11 02:31:49 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.05.11 02:31:48 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.05.10 18:32:31 | 000,000,000 | ---D | C] -- C:\Users\Hase\Desktop\Zeichnen
[2012.05.09 21:14:57 | 000,000,000 | ---D | C] -- C:\Users\Hase\AppData\Local\Diagnostics
[2012.05.09 10:56:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG2100 series
[2012.05.09 10:56:24 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2012.05.09 10:56:21 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2012.05.09 10:56:04 | 000,385,536 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMLMAQ.DLL
[2012.05.09 10:55:34 | 000,373,248 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNC_AQL.dll
[2012.05.09 10:55:34 | 000,323,584 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNC_AQL.dll
[2012.05.09 10:55:34 | 000,302,080 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNC_AQC.dll
[2012.05.09 10:55:34 | 000,114,688 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNC_AQU.dll
[2012.05.09 10:55:34 | 000,112,128 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNC_AQI.dll
[2012.05.09 10:55:34 | 000,017,920 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNHMCA6.dll
[2012.05.09 10:55:34 | 000,015,872 | ---- | C] (CANON INC.) -- C:\Windows\SysWow64\CNHMCA.dll
[2012.05.05 10:40:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.05.05 10:40:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.04.27 22:45:08 | 000,000,000 | ---D | C] -- C:\Users\Hase\Desktop\UNI
[2012.04.27 22:43:14 | 000,000,000 | ---D | C] -- C:\Users\Hase\Desktop\FILME
[2012.04.27 10:37:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2012.04.27 10:37:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2012.04.27 10:28:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2012.04.27 10:24:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012.04.27 10:24:12 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012.04.27 10:24:09 | 000,000,000 | ---D | C] -- C:\Users\Hase\AppData\Roaming\DAEMON Tools Lite
[2012.04.27 10:24:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2012.04.27 10:22:57 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2012.04.18 01:23:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASGvis, LLC
[2012.04.18 01:23:31 | 000,000,000 | ---D | C] -- C:\ProgramData\ASGvis
[2012.04.18 01:21:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Flamingo 1.1
[2012.04.18 01:17:22 | 000,000,000 | ---D | C] -- C:\ProgramData\TSplines
[2012.04.18 01:15:50 | 000,000,000 | ---D | C] -- C:\Users\Hase\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\T-Splines for Rhino
[2012.04.18 01:15:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\T-Splines for Rhino
[2012.04.18 01:15:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\T-Splines for Rhino
[2012.04.18 01:09:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rhinoceros 4.0
[2012.04.18 01:06:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rhinoceros 3.0
[2012.04.18 01:05:50 | 000,000,000 | ---D | C] -- C:\ProgramData\McNeel
[2012.04.18 01:02:45 | 000,724,992 | ---- | C] (Robert McNeel & Associates) -- C:\Windows\SysWow64\RhinoShExt.dll
[2012.04.18 01:02:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McNeel Shared
[2012.04.18 01:02:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rhinoceros 3.0
[2012.04.18 00:58:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SafeNet Sentinel
[2012.04.18 00:58:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel
[2012.04.18 00:57:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rhinoceros 4.0
[2012.04.18 00:56:36 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2012.04.17 08:03:34 | 000,000,000 | R--D | C] -- C:\Users\Hase\Searches
[1 C:\Users\Hase\Desktop\*.tmp files -> C:\Users\Hase\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.05.16 23:36:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.16 23:36:50 | 2812,383,232 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.16 23:16:52 | 000,017,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.16 23:16:52 | 000,017,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.16 23:14:30 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.16 23:14:30 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.05.16 23:14:30 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.16 23:14:30 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.05.16 23:14:30 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.16 22:44:40 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Hase\OTL.exe
[2012.05.16 22:22:31 | 000,231,936 | ---- | M] () -- C:\Users\Hase\AppData\Roaming\Game.exe
[2012.05.16 22:22:31 | 000,231,936 | ---- | M] () -- C:\Users\Hase\AppData\Roaming\BSI.bund.exe
[2012.05.16 21:24:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.16 10:43:21 | 000,507,916 | ---- | M] () -- C:\Users\Hase\Desktop\2012-05-16 10.32.29.jpg
[2012.05.14 13:28:20 | 000,049,478 | ---- | M] () -- C:\Users\Hase\Desktop\Zeit_Räume-publication-guidelines_students_II.pdf
[2012.05.11 10:40:48 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.05.11 08:13:55 | 005,766,327 | ---- | M] () -- C:\Users\Hase\Desktop\Michael Jackson-Whatever Happens.mp3
[2012.05.11 03:28:17 | 003,106,736 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.10 18:20:10 | 006,754,364 | ---- | M] () -- C:\Users\Hase\Desktop\Michael Jackson - Whatever Happens (Les Twins Remix).mp3
[2012.05.09 11:12:51 | 000,897,025 | ---- | M] () -- C:\Users\Hase\Desktop\Rechnung Strom- & Gaszähler.pdf
[2012.05.09 11:06:45 | 000,003,527 | ---- | M] () -- C:\Users\Hase\Desktop\SCANNEN.lnk
[2012.05.05 12:24:08 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.05.05 12:24:08 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.05.05 12:24:06 | 008,744,608 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.05.02 10:25:41 | 001,647,276 | ---- | M] () -- C:\Users\Hase\Desktop\Cocker plakat.jpg
[2012.04.27 10:24:12 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[1 C:\Users\Hase\Desktop\*.tmp files -> C:\Users\Hase\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.05.16 22:22:36 | 000,231,936 | ---- | C] () -- C:\Users\Hase\AppData\Roaming\Game.exe
[2012.05.16 22:22:36 | 000,231,936 | ---- | C] () -- C:\Users\Hase\AppData\Roaming\BSI.bund.exe
[2012.05.16 10:34:08 | 000,507,916 | ---- | C] () -- C:\Users\Hase\Desktop\2012-05-16 10.32.29.jpg
[2012.05.14 13:28:20 | 000,049,478 | ---- | C] () -- C:\Users\Hase\Desktop\Zeit_Räume-publication-guidelines_students_II.pdf
[2012.05.11 10:40:48 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.05.11 08:14:14 | 005,766,327 | ---- | C] () -- C:\Users\Hase\Desktop\Michael Jackson-Whatever Happens.mp3
[2012.05.10 22:20:25 | 006,754,364 | ---- | C] () -- C:\Users\Hase\Desktop\Michael Jackson - Whatever Happens (Les Twins Remix).mp3
[2012.05.09 11:12:49 | 000,897,025 | ---- | C] () -- C:\Users\Hase\Desktop\Rechnung Strom- & Gaszähler.pdf
[2012.05.09 11:06:45 | 000,003,527 | ---- | C] () -- C:\Users\Hase\Desktop\SCANNEN.lnk
[2012.05.09 10:55:34 | 000,063,744 | ---- | C] () -- C:\Windows\SysWow64\CNC1751D.TBL
[2012.05.09 10:55:34 | 000,063,744 | ---- | C] () -- C:\Windows\SysNative\CNC1751D.TBL
[2012.05.02 10:25:35 | 001,647,276 | ---- | C] () -- C:\Users\Hase\Desktop\Cocker plakat.jpg
[2012.04.18 01:24:13 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\BongoSDK.10.v40.dll
[2012.04.02 21:24:51 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe
[2012.03.13 23:35:57 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.03.13 23:35:57 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.03.13 23:35:56 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.03.13 23:35:53 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.03.13 17:08:57 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2012.02.10 19:50:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.02.10 19:39:39 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.10 19:39:38 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.02.10 19:39:38 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.10.14 02:53:18 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.10.14 02:53:02 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll

========== LOP Check ==========

[2012.03.15 15:51:20 | 000,000,000 | ---D | M] -- C:\Users\Hase\AppData\Roaming\Autodesk
[2012.05.15 08:06:33 | 000,000,000 | ---D | M] -- C:\Users\Hase\AppData\Roaming\Azureus
[2012.04.27 10:27:42 | 000,000,000 | ---D | M] -- C:\Users\Hase\AppData\Roaming\DAEMON Tools Lite
[2012.03.16 12:21:10 | 000,000,000 | ---D | M] -- C:\Users\Hase\AppData\Roaming\DVDVideoSoft
[2012.03.16 12:15:15 | 000,000,000 | ---D | M] -- C:\Users\Hase\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.03 11:39:31 | 000,000,000 | ---D | M] -- C:\Users\Hase\AppData\Roaming\FreePDF
[2012.04.28 22:29:15 | 000,000,000 | ---D | M] -- C:\Users\Hase\AppData\Roaming\TS3Client
[2012.04.03 11:44:09 | 000,000,000 | ---D | M] -- C:\Users\Hase\AppData\Roaming\Ubisoft
[2012.04.16 18:16:15 | 000,000,000 | ---D | M] -- C:\Users\Hase\AppData\Roaming\uTorrent
[2012.04.27 10:16:15 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

 

Themen zu BMI Raubkopie Trojaner
antivir, autorun, avira, bho, bildschirm, bmi-warnung, bsi.bund.exe, canon, converter, desktop, document, excel, firefox, flash player, format, ftp, helper, home, logfile, mozilla, mp3, plug-in, poweriso, raubkopie, realtek, registry, scan, searchscopes, server, software, trojane, trojaner, version=1.0, virus, windows, wlan, wlan verbindung


« Windows Verschlüsselungs-Trojaner / OTL log | Windows Verschlüsselungstrojaner extra.txt und otl.txt »


Ähnliche Themen: BMI Raubkopie Trojaner


  1. Problembericht <-> Raubkopie ??
    Alles rund um Windows - 20.11.2007 (5)
  2. raubkopie oder nicht?
    Alles rund um Windows - 10.02.2006 (7)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema BMI Raubkopie Trojaner - Hallo alle zusammen! Ich habe das Forum bereits durchstöbert und konnte einige ähnliche Themen finden, allerdings führten diese zu keiner Lösung in meinem Fall. Folgendes: Beim Surfem im Net habe - BMI Raubkopie Trojaner...
Archiv
Du betrachtest: BMI Raubkopie Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131