Bundespolizei/GVU Trojaner nach Besuch auf Pornoseite

Boby23 · 19.06.2012, 14:55

Hallo liebes Trojaner-Board Team,

ein Freund hat mich heute Morgen recht aufgelöst angerufen, dass er beim Surfen auf youporn eine Warnung angeklickt hätte und nun sein Bildschirm über die ganze Seite eine Warnung der GVU und eines Bundesamtes (aus Screenshots von anderen Betroffenen nehme ich an des BFI) mit einer Zahlungsaufforderung zeigen würde.
Ich hab ihm dann erstmal gesagt, dass er nichts zahlen soll und mir den Rechner vorbei bringen.

Ich habe das Wlan Modul deaktiviert und der Computer startet normal, ohne die "Bundespolizei" Warnung.

Auf dem Computer ist Avira installiert, dass aber im Überwachungsmodus keine Viren meldet. Einen Scan habe ich nicht laufen lassen, um etwaige Logfiles nicht zu verfälschen.

Wenn ich versuche den Taskmanager über strg+alt+entfernen zu öffnen schließt er sich sofort wieder.

Entsprechend Eurer Bitte habe ich bisher nichts weiter unternommen und verfasse einen neuen Post.

Die Logfiles sind im Anhang.

vielen Dank schonmal für Eure Hilfe,
Boby23

OTL Log:

Zitat:

OTL logfile created on: 19.06.2012 11:49:10 - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = G:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,87 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 58,48% Memory free
3,72 Gb Paging File | 2,95 Gb Available in Paging File | 79,23% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 93,15 Gb Total Space | 53,42 Gb Free Space | 57,34% Space Free | Partition Type: NTFS
Drive E: | 139,73 Gb Total Space | 139,66 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
Drive G: | 3,91 Gb Total Space | 3,90 Gb Free Space | 99,62% Space Free | Partition Type: FAT32

Computer Name: NOTEBOOK | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.06.19 11:39:10 | 000,595,968 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
PRC - [2012.06.19 11:38:44 | 000,050,477 | ---- | M] () -- G:\Defogger.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Dropbox\bin\Dropbox.exe
PRC - [2012.05.08 19:28:51 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 19:28:50 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 19:28:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 19:28:50 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.11.30 09:00:24 | 003,512,832 | ---- | M] (sw4you, Siegfried Weckmann) -- C:\Programme\Hardcopy\hardcopy.exe
PRC - [2011.03.24 08:11:25 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Programme\Freecorder\FLVSrvc.exe
PRC - [2010.05.14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2008.05.02 12:48:05 | 000,033,136 | ---- | M] () -- C:\WINDOWS\ASScrPro.exe
PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.01.29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007.09.12 18:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007.08.03 12:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2007.07.19 15:41:12 | 000,049,520 | ---- | M] () -- C:\Programme\ASUS\ASUS Live Update\ALU.exe
PRC - [2007.07.19 12:18:48 | 000,778,240 | ---- | M] () -- C:\Program Files\P4P\P4P.exe
PRC - [2007.07.12 10:25:28 | 000,225,280 | ---- | M] () -- C:\Programme\ATK Hotkey\HControl.exe
PRC - [2007.07.10 17:33:58 | 000,106,496 | ---- | M] () -- C:\Programme\ATK Hotkey\WDC.exe
PRC - [2007.07.10 10:59:56 | 000,851,968 | ---- | M] (ATK) -- C:\Programme\ASUS\Splendid\ACMON.exe
PRC - [2007.07.05 16:53:44 | 001,040,384 | ---- | M] () -- C:\Programme\Wireless Console 2\wcourier.exe
PRC - [2007.07.03 10:48:02 | 007,708,672 | ---- | M] () -- C:\Programme\ATKOSD2\ATKOSD2.exe
PRC - [2007.06.28 11:31:38 | 000,079,136 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
PRC - [2007.06.21 14:07:02 | 000,999,792 | ---- | M] (ASUSTek Computer Inc.) -- C:\Programme\ASUS\Asus MultiFrame\MultiFrame.exe
PRC - [2007.06.20 12:49:10 | 000,451,872 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe
PRC - [2007.05.23 16:56:14 | 002,420,736 | ---- | M] () -- C:\Programme\ATK Hotkey\ATKOSD.exe
PRC - [2007.05.08 16:24:20 | 000,054,840 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
PRC - [2007.05.03 17:42:56 | 000,376,921 | ---- | M] (Atheros Communications, Inc.) -- C:\Programme\Atheros\ACU.exe
PRC - [2007.05.03 17:42:38 | 000,364,629 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2007.04.19 08:42:34 | 000,024,576 | R--- | M] (Syntek America Inc.) -- C:\WINDOWS\system32\StkCSrv.exe
PRC - [2007.04.17 13:39:42 | 000,077,824 | ---- | M] () -- C:\Programme\ATK Hotkey\KBFiltr.exe
PRC - [2007.01.16 16:13:14 | 000,106,496 | ---- | M] (ASUS) -- C:\WINDOWS\system32\ASUSTPE.exe
PRC - [2006.11.22 19:31:26 | 000,630,784 | R--- | M] (Motorola Inc.) -- C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2006.11.02 08:27:32 | 000,061,440 | ---- | M] (ASUSTeK Computer INC.) -- C:\Programme\ASUS\ATK Media\DMedia.exe
PRC - [2006.07.26 18:01:06 | 000,090,112 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
PRC - [2005.07.06 15:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\WINDOWS\system32\ACEngSvr.exe

========== Modules (No Company Name) ==========

MOD - [2012.06.19 11:38:44 | 000,050,477 | ---- | M] () -- G:\Defogger.exe
MOD - [2012.06.19 09:42:48 | 000,229,368 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Temp\wpbt0.dll
MOD - [2012.06.15 19:32:38 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012.06.15 06:23:11 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012.06.15 06:22:44 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012.06.15 06:21:58 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2012.05.11 15:34:39 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.11 15:31:35 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012.05.11 15:31:23 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012.05.11 15:31:17 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012.05.11 15:30:59 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012.05.08 19:28:51 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011.11.28 16:28:57 | 002,921,472 | ---- | M] () -- C:\Programme\Hardcopy\HcDllS.dll
MOD - [2011.10.31 08:00:46 | 000,052,224 | ---- | M] () -- C:\Programme\Hardcopy\HcDLL2_31_Win32.dll
MOD - [2010.09.30 10:14:19 | 000,055,296 | ---- | M] () -- C:\Programme\Hardcopy\hardcopy_03.dll
MOD - [2008.05.02 18:28:29 | 001,671,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2589.34579__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dl l
MOD - [2008.05.02 18:28:29 | 000,225,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2589.34534__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2008.05.02 18:28:29 | 000,184,320 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2589.34592__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2008.05.02 18:28:29 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2589.34570__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2008.05.02 18:28:29 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2589.34591__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll
MOD - [2008.05.02 18:28:29 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2589.34555__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime. dll
MOD - [2008.05.02 18:28:28 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2589.34808__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2008.05.02 18:28:28 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2589.34761__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2008.05.02 18:28:28 | 000,015,360 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2589.34693__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dl l
MOD - [2008.05.02 18:28:27 | 000,483,328 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2589.34851__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2008.05.02 18:28:27 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2560.26010__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2008.05.02 18:28:27 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2008.05.02 18:28:26 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.2560.25961__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2008.05.02 18:28:26 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2560.25971__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2008.05.02 18:28:26 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2537.29860__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2008.05.02 18:28:26 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2560.26012__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2008.05.02 18:28:26 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.2560.25959__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2008.05.02 18:28:26 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2560.26040__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2008.05.02 18:28:26 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2560.25964__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2008.05.02 18:28:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2560.25982__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2008.05.02 18:28:26 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2560.25968__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2008.05.02 18:28:26 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.2560.25974__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2008.05.02 18:28:26 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2560.26001__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2008.05.02 18:28:26 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.2560.26002__90ba9c70f846762e\DEM.OS.dll
MOD - [2008.05.02 18:28:26 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.2560.25997__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2008.05.02 18:28:26 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2531.19989__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2008.05.02 18:28:26 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2008.05.02 18:28:25 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2560.26001__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2008.05.02 18:28:25 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2560.25988__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll
MOD - [2008.05.02 18:28:25 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2560.26000__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2008.05.02 18:28:25 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2560.25986__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2008.05.02 18:28:25 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2560.25987__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dl l
MOD - [2008.05.02 18:28:24 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2560.25982__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2008.05.02 18:28:24 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.2560.26001__90ba9c70f846762e\APM.Foundation.dll
MOD - [2008.05.02 18:28:24 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Foundation\2.0.2560.25960__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2008.05.02 18:28:24 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2531.19989__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2008.05.02 18:28:24 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2560.25970__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2008.05.02 18:28:18 | 000,110,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2589.34827_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll
MOD - [2008.05.02 18:28:17 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2589.34878__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2008.05.02 18:28:16 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.2589.34834__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2008.05.02 18:28:16 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2589.34833__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2008.05.02 18:28:16 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2560.25964__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2008.05.02 18:28:16 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2560.25982__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2008.05.02 18:28:15 | 000,466,944 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2589.34565__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2008.05.02 18:28:15 | 000,389,120 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2589.34827__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2008.05.02 18:28:15 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2589.34533__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2008.05.02 18:28:15 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2560.25980__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2008.05.02 18:28:15 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2560.26010__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2008.05.02 18:28:15 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2560.25966__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2008.05.02 18:28:14 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.2589.34533__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2008.05.02 18:28:14 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2560.25970__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2008.05.02 18:28:14 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2008.05.02 18:28:14 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2560.26004__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2008.05.02 18:28:14 | 000,019,968 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.2589.34834__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2008.05.02 18:28:13 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.2589.34532__90ba9c70f846762e\AEM.Server.dll
MOD - [2008.05.02 15:08:06 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.05.02 15:08:02 | 000,430,080 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2008.05.02 12:48:05 | 000,033,136 | ---- | M] () -- C:\WINDOWS\ASScrPro.exe
MOD - [2007.08.03 12:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
MOD - [2007.07.19 15:41:12 | 000,049,520 | ---- | M] () -- C:\Programme\ASUS\ASUS Live Update\ALU.exe
MOD - [2007.07.19 12:18:48 | 000,778,240 | ---- | M] () -- C:\Program Files\P4P\P4P.exe
MOD - [2007.07.12 10:25:28 | 000,225,280 | ---- | M] () -- C:\Programme\ATK Hotkey\HControl.exe
MOD - [2007.07.10 17:33:58 | 000,106,496 | ---- | M] () -- C:\Programme\ATK Hotkey\WDC.exe
MOD - [2007.07.09 22:48:38 | 000,009,216 | ---- | M] () -- C:\Programme\ASUS\Splendid\GLCDdll.dll
MOD - [2007.07.05 16:53:44 | 001,040,384 | ---- | M] () -- C:\Programme\Wireless Console 2\wcourier.exe
MOD - [2007.07.03 10:48:02 | 007,708,672 | ---- | M] () -- C:\Programme\ATKOSD2\ATKOSD2.exe
MOD - [2007.06.21 14:04:02 | 000,040,960 | ---- | M] () -- C:\Programme\ASUS\Asus MultiFrame\HookTitle.dll
MOD - [2007.06.05 11:59:08 | 000,147,456 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\SPDISKEX.dll
MOD - [2007.05.23 16:56:14 | 002,420,736 | ---- | M] () -- C:\Programme\ATK Hotkey\ATKOSD.exe
MOD - [2007.04.17 13:39:42 | 000,077,824 | ---- | M] () -- C:\Programme\ATK Hotkey\KBFiltr.exe
MOD - [2007.02.16 17:40:42 | 005,521,408 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\LightScribe\QtGui4.dll
MOD - [2007.02.16 17:40:40 | 001,466,368 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\LightScribe\QtCore4.dll
MOD - [2007.01.10 14:22:38 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2006.11.22 19:31:30 | 000,065,536 | R--- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56ita.dll
MOD - [2006.11.22 19:31:30 | 000,065,536 | R--- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56esp.dll
MOD - [2006.11.22 19:31:30 | 000,065,536 | R--- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56brz.dll
MOD - [2006.11.22 19:31:30 | 000,053,248 | R--- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56kor.dll
MOD - [2006.11.22 19:31:28 | 000,065,536 | R--- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56ger.dll
MOD - [2006.11.22 19:31:28 | 000,065,536 | R--- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56fra.dll
MOD - [2006.11.22 19:31:28 | 000,065,536 | R--- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56dnk.dll
MOD - [2006.11.22 19:31:28 | 000,057,344 | R--- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56jpn.dll
MOD - [2006.11.22 19:31:28 | 000,053,248 | R--- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56cht.dll
MOD - [2006.11.22 19:31:28 | 000,053,248 | R--- | M] () -- C:\Programme\Motorola\SMSERIAL\sm56chs.dll
MOD - [2006.10.25 15:37:52 | 000,045,056 | ---- | M] () -- C:\Programme\ASUS\ATK Media\GERString.dll
MOD - [2006.08.31 19:46:32 | 000,176,235 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2006.04.04 10:24:24 | 000,036,864 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\ghadmi.dll
MOD - [2005.08.29 15:24:22 | 000,081,920 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spnbacpi.dll
MOD - [2005.04.07 19:25:46 | 000,077,824 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmemory.dll
MOD - [2004.05.27 18:13:10 | 000,057,344 | ---- | M] () -- C:\Programme\ATK Hotkey\CMSSC.DLL
MOD - [2003.11.28 02:11:04 | 000,135,168 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spos.dll
MOD - [2003.09.09 16:08:00 | 000,049,152 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spdmi.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSvcHst.exe /h ccCommon -- (LiveUpdate Notice Ex)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.05.09 15:48:25 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.08 19:28:51 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 19:28:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2008.01.29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007.09.12 18:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007.09.12 18:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007.08.03 12:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2007.06.28 11:31:38 | 000,079,136 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2007.06.01 10:21:30 | 000,271,920 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007.05.03 17:42:38 | 000,364,629 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2007.04.19 08:42:34 | 000,024,576 | R--- | M] (Syntek America Inc.) [Auto | Running] -- C:\WINDOWS\system32\StkCSrv.exe -- (StkSSrv)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012.05.08 19:28:51 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 19:28:51 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.12.15 16:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.05.15 17:21:16 | 000,385,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008.04.03 05:03:08 | 001,333,152 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2007.08.21 18:50:54 | 000,030,208 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l251x86.sys -- (AtcL002)
DRV - [2007.08.03 14:26:22 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2007.06.06 12:40:26 | 001,260,672 | R--- | M] (Syntek) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\StkCMini.sys -- (StkCMini)
DRV - [2007.05.02 19:00:58 | 000,546,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007.03.28 19:52:18 | 000,057,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007.02.02 17:03:24 | 001,975,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007.01.24 20:08:40 | 000,005,632 | R--- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2006.12.14 17:11:58 | 000,007,680 | R--- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.22 19:35:00 | 000,982,272 | R--- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2006.11.03 11:32:30 | 004,394,496 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1060933
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Programme\Freecorder\prxtbFre0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Programme\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{3033788F-09F7-43B7-B227-88C3E7C46706}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC--ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.09.06 21:56:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.03.27 15:47:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.05.10 21:01:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.09.06 21:56:46 | 000,000,000 | ---D | M]

[2008.07.13 20:55:21 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Extensions
[2012.05.30 22:24:58 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\x5shmjnh.default\extensions
[2012.05.30 22:24:58 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\x5shmjnh.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2010.05.17 21:44:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\x5shmjnh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.12.08 18:27:40 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\x5shmjnh.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
[2012.05.20 10:38:27 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\x5shmjnh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.01.01 21:40:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.01.01 21:40:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2012.01.01 21:40:47 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\RÃ¶CKELEIN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\X5SHMJNH.DEFAULT\EXTENSIONS\{33E0DAA6-3AF3-D8B5-6752-10E949C61516}
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\RÃ¶CKELEIN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\X5SHMJNH.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI
File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\RÃ¶CKELEIN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\X5SHMJNH.DEFAULT\EXTENSIONS\YTVDW@PGPORT.COM.XPI
[2012.03.27 15:47:46 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2010.07.19 15:10:42 | 000,423,656 | ---- | M] (Oracle) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2012.03.27 15:47:27 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.27 15:47:27 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.03.27 15:47:27 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.27 15:47:27 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.27 15:47:27 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.27 15:47:26 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Dokumente und Einstellungen\R\u00F6ckelein\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Programme\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.6 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Programme\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Complitly plugin for chrome = C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\

O1 HOSTS File: ([2006.02.28 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Programme\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Programme\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Programme\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Programme\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Programme\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Programme\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Programme\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O4 - HKLM..\Run: [ACMON] C:\Programme\ASUS\Splendid\ACMON.exe (ATK)
O4 - HKLM..\Run: [ACU] C:\Programme\Atheros\ACU.exe (Atheros Communications, Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\WINDOWS\ASScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Live Update] C:\Programme\ASUS\ASUS Live Update\ALU.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\ASScrPro.exe ()
O4 - HKLM..\Run: [ASUSTPE] C:\WINDOWS\system32\ASUSTPE.exe (ASUS)
O4 - HKLM..\Run: [ATKHOTKEY] C:\Programme\ATK Hotkey\Hcontrol.exe ()
O4 - HKLM..\Run: [ATKMEDIA] C:\Programme\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [ATKOSD2] C:\Programme\ATKOSD2\ATKOSD2.exe ()
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Programme\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [HP Software Update] C:\Programme\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [PowerForPhone] C:\Program Files\P4P\P4P.exe ()
O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe File not found
O4 - HKLM..\Run: [WAHRIG.digital Launcher] C:\Programme\Bertelsmann\WAHRIG.digital\wahrig.exe ()
O4 - HKLM..\Run: [Wireless Console 2] C:\Programme\Wireless Console 2\wcourier.exe ()
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [MultiFrame] C:\Programme\ASUS\Asus MultiFrame\MultiFrame.exe (ASUSTek Computer Inc.)
O4 - HKCU..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\xxx\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\xxx\Startmenü\Programme\Autostart\Hardcopy.LNK = C:\Programme\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1209725006318 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1209724983396 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC--ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D45CAF7-E55A-48DB-AEB8-C98DE18251FE}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.05.02 18:10:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{578223b2-f966-11df-8864-0015af6af353}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{578223b2-f966-11df-8864-0015af6af353}\Shell\AutoRun\command - "" = G:\solchains\\\solos.exe
O33 - MountPoints2\{578223b2-f966-11df-8864-0015af6af353}\Shell\explore\command - "" = G:\solchains\\\solos.exe
O33 - MountPoints2\{578223b2-f966-11df-8864-0015af6af353}\Shell\Install\command - "" = G:\solchains\\\solos.exe
O33 - MountPoints2\{578223b2-f966-11df-8864-0015af6af353}\Shell\open\command - "" = G:\solchains\\\solos.exe
O33 - MountPoints2\{762647be-8c09-11df-8791-0015af6af353}\Shell\AutoRun\command - "" = G:\start.html
O33 - MountPoints2\{bf2e30e2-4bde-11dd-838d-0015af6af353}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bf2e30e2-4bde-11dd-838d-0015af6af353}\Shell\AutoRun\command - "" = solchains\\\solos.exe
O33 - MountPoints2\{bf2e30e2-4bde-11dd-838d-0015af6af353}\Shell\explore\command - "" = solchains\\\solos.exe
O33 - MountPoints2\{bf2e30e2-4bde-11dd-838d-0015af6af353}\Shell\Install\command - "" = solchains\\\solos.exe
O33 - MountPoints2\{bf2e30e2-4bde-11dd-838d-0015af6af353}\Shell\open\command - "" = solchains\\\solos.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.06.19 10:15:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Malwarebytes
[2012.06.19 10:10:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.06.19 10:10:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.06.19 10:10:01 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.06.19 10:10:01 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.06.07 07:53:59 | 000,000,000 | ---D | C] -- C:\Programme\Dropbox
[2012.05.29 18:31:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Desktop\Bilder Schule
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.06.19 12:05:01 | 000,002,760 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\DME-SETTINGS.xml
[2012.06.19 12:05:01 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\DMEPeriodicTask.job
[2012.06.19 11:58:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.06.19 11:54:01 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.19 11:48:16 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\defogger_reenable
[2012.06.19 10:15:16 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.19 10:15:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.06.19 10:13:43 | 004,503,728 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0tbpw.pad
[2012.06.19 10:10:04 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.19 09:42:51 | 000,001,610 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Startmenü\Programme\Autostart\ctfmon.lnk
[2012.06.15 19:27:28 | 000,270,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.06.15 06:22:17 | 000,448,898 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.06.15 06:22:17 | 000,432,784 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.06.15 06:22:17 | 000,080,338 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.06.15 06:22:17 | 000,067,740 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.06.15 06:14:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.06.12 09:00:15 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
[2012.06.08 15:10:22 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.06.07 07:54:11 | 000,001,050 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Startmenü\Programme\Autostart\Dropbox.lnk
[2012.06.07 07:53:39 | 000,001,050 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Dropbox.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.06.19 11:48:16 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\defogger_reenable
[2012.06.19 10:10:04 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.19 09:42:51 | 000,001,610 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Startmenü\Programme\Autostart\ctfmon.lnk
[2012.06.19 09:42:50 | 004,503,728 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0tbpw.pad
[2012.02.15 18:39:54 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.05.06 19:57:35 | 000,000,992 | ---- | C] () -- C:\WINDOWS\hpomdl40.dat.temp
[2010.12.15 11:28:19 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010.09.06 21:47:21 | 000,219,888 | ---- | C] () -- C:\WINDOWS\hpoins40.dat
[2010.09.06 21:47:20 | 000,000,992 | ---- | C] () -- C:\WINDOWS\hpomdl40.dat
[2010.08.12 21:07:48 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

========== LOP Check ==========

[2010.09.30 21:48:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe
[2008.11.17 09:54:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MSScanAppDataDir
[2008.11.17 09:55:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SSScanAppDataDir
[2011.10.29 02:54:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2009.08.22 13:28:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Bertelsmann
[2011.12.08 18:27:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Complitly
[2012.06.19 10:15:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Dropbox
[2012.06.19 10:17:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\PriceGong
[2010.10.17 19:42:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\TeamViewer
[2012.06.19 12:05:01 | 000,000,300 | ---- | M] () -- C:\WINDOWS\Tasks\DMEPeriodicTask.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:24051EFF

< End of report >

Bundespolizei/GVU Trojaner nach Besuch auf Pornoseite

Plagegeister aller Art und deren Bekämpfung: Bundespolizei/GVU Trojaner nach Besuch auf Pornoseite

Bundespolizei/GVU Trojaner nach Besuch auf Pornoseite

Ähnliche Themen: Bundespolizei/GVU Trojaner nach Besuch auf Pornoseite