Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Und noch ein BKA-Trojaner

Und noch ein BKA-Trojaner


Log-Analyse und Auswertung: Und noch ein BKA-Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 07.08.2011, 14:36   #1
Chumps
 
Und noch ein BKA-Trojaner - Standard

Und noch ein BKA-Trojaner


Hallo, habe auch den anscheinend weit verbreiteten BKA Trojaner. Heute Nacht gegen 4 Uhr kam der Screen, nach dem Neustart auch noch. Abgesicherter Modus funktionierte ohne Probleme.

Nach einer Systemrücksetzung funktioniert jetzt wieder alles einwandfrei, ich bezweifel allerdings, dass dies so bleibt, und hab trotzdem mal OTL durchlaufen lassen, vllt ist der Trojaner ja noch irgendwo.
Danke schonmal.





OTL logfile created on: 07.08.2011 14:05:32 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = D:\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,25 Gb Total Physical Memory | 1,80 Gb Available Physical Memory | 55,28% Memory free
6,71 Gb Paging File | 5,18 Gb Available in Paging File | 77,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 76,00 Gb Total Space | 5,68 Gb Free Space | 7,47% Space Free | Partition Type: NTFS
Drive D: | 511,38 Gb Total Space | 24,52 Gb Free Space | 4,80% Space Free | Partition Type: NTFS

Computer Name: DITTMER-PC | User Name: dittmer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - D:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Programme\Pando Networks\Media Booster\PMB.exe ()
PRC - D:\Program Files\Picasa3\PicasaPhotoViewer.exe (Google Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\Air Mouse\Air Mouse\Air Mouse.exe ()
PRC - C:\ProgramData\TVersity\Media Server\MediaServer.exe ()
PRC - C:\Windows\vVX1000.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - D:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - D:\Program Files\Nero 9\InCD\InCDSrv.exe (Nero AG)
PRC - D:\Program Files\Nero 9\InCD\NBHRegInCDSrv.exe (Nero AG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
PRC - C:\Windows\System32\rstrui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\System32\libusbd-nt.exe (hxxp://libusb-win32.sourceforge.net)


========== Modules (SafeList) ==========

MOD - D:\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (SPService) -- File not found
SRV - (Nero BackItUp Scheduler 4.0) -- File not found
SRV - (TVersityMediaServer) -- C:\ProgramData\TVersity\Media Server\MediaServer.exe ()
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (InCDSrv) -- D:\Program Files\Nero 9\InCD\InCDSrv.exe (Nero AG)
SRV - (NeroRegInCDSrv) -- D:\Program Files\Nero 9\InCD\NBHRegInCDSrv.exe (Nero AG)
SRV - (Usmsycl) -- C:\Windows\System32\drivers\ataport.sys (Microsoft Corporation)
SRV - (TestHandler) -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (FSCLBaseUpdaterService) -- C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe ()
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (UPnPService) -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
SRV - (libusbd) -- C:\Windows\System32\libusbd-nt.exe (hxxp://libusb-win32.sourceforge.net)


========== Driver Services (SafeList) ==========

DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (VX1000) -- C:\Windows\System32\drivers\VX1000.sys (Microsoft Corporation)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (InCDFs) -- C:\Windows\System32\drivers\InCDFs.sys (Nero AG)
DRV - (InCDPass) -- C:\Windows\System32\drivers\InCDPass.sys (Nero AG)
DRV - (InCDRec) -- C:\Windows\System32\drivers\InCDRec.sys (Nero AG)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (ahcix86s) -- C:\Windows\system32\drivers\ahcix86s.sys (AMD Technologies Inc.)
DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (X4HSX32Ex) -- C:\Programme\Metaboli Player\X4HSX32Ex.sys (Exent Technologies Ltd.)
DRV - (RxFilter) -- C:\Windows\System32\drivers\RxFilter.sys (Sonic Solutions)
DRV - (libusb0) -- C:\Windows\System32\drivers\libusb0.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\1105221932\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://buchholz-top-fahrschule.de/"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.21.0
FF - prefs.js..extensions.enabledItems: {76C80A11-FAD4-406c-8246-F5ED4F9367B5}:0.1.6
FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.6.6
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: gutscheinmieze@synatix-gmbh.de:1.03
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..network.proxy.http: "109.235.49.143"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.type: 0

FF - user.js..browser.search.selectedEngine: "foxsearch"
FF - user.js..browser.search.order.1: "foxsearch"
FF - user.js..browser.search.defaultenginename: "foxsearch"
FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Program Files\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: c:\Program Files\Sony\Media Go\npmediago.dll (Sony Creative Software Inc)
FF - HKLM\Software\MozillaPlugins\@thrixxx.com/WebLaunch: C:\Program Files\thriXXX\WebLaunch\Binaries\npWebLaunch.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\dittmer\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@thrixxx.com/WebLaunch: C:\Program Files\thriXXX\WebLaunch\Binaries\npWebLaunch.dll ( )
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme [2011.07.13 18:15:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.08 18:17:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.08 18:17:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme [2011.07.13 18:15:08 | 000,000,000 | ---D | M]

[2009.03.06 03:15:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dittmer\AppData\Roaming\mozilla\Extensions
[2011.07.20 22:58:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dittmer\AppData\Roaming\mozilla\Firefox\Profiles\ce8qmtiq.default\extensions
[2009.09.02 15:43:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\dittmer\AppData\Roaming\mozilla\Firefox\Profiles\ce8qmtiq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.06.20 19:50:48 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\dittmer\AppData\Roaming\mozilla\Firefox\Profiles\ce8qmtiq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.07.29 22:25:17 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\dittmer\AppData\Roaming\mozilla\Firefox\Profiles\ce8qmtiq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009.08.26 05:53:29 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\dittmer\AppData\Roaming\mozilla\Firefox\Profiles\ce8qmtiq.default\extensions\battlefieldheroespatcher@ea.com
[2011.01.05 21:41:34 | 000,000,000 | ---D | M] (Gutscheinmieze) -- C:\Users\dittmer\AppData\Roaming\mozilla\Firefox\Profiles\ce8qmtiq.default\extensions\gutscheinmieze@synatix-gmbh.de
[2011.08.07 13:57:49 | 000,000,000 | ---D | M] ("Nero Toolbar") -- C:\Users\dittmer\AppData\Roaming\mozilla\Firefox\Profiles\ce8qmtiq.default\extensions\toolbar@ask.com
[2011.08.04 00:52:15 | 000,000,950 | ---- | M] () -- C:\Users\dittmer\AppData\Roaming\Mozilla\Firefox\Profiles\ce8qmtiq.default\searchplugins\icqplugin-1.xml
[2011.06.20 19:56:46 | 000,001,056 | ---- | M] () -- C:\Users\dittmer\AppData\Roaming\Mozilla\Firefox\Profiles\ce8qmtiq.default\searchplugins\icqplugin.xml
[2009.08.07 05:39:21 | 000,002,134 | ---- | M] () -- C:\Users\dittmer\AppData\Roaming\Mozilla\Firefox\Profiles\ce8qmtiq.default\searchplugins\n-romsuche.xml
[2009.09.18 00:49:42 | 000,002,010 | ---- | M] () -- C:\Users\dittmer\AppData\Roaming\Mozilla\Firefox\Profiles\ce8qmtiq.default\searchplugins\romulation-rom-search.xml
[2011.08.05 22:59:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.11.14 22:50:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.08.05 22:59:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2009.08.26 08:19:10 | 000,000,000 | ---D | M] (Yummy CONDUIT Player) -- C:\Programme\Mozilla Firefox\extensions\YPlayer@yummy.net
File not found (No name found) --
[2009.08.23 04:54:36 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2010.11.14 22:50:58 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.08.05 22:59:58 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.07.13 18:15:08 | 000,000,000 | ---D | M] (FaceTheme - Change your Facebook layout!) -- C:\PROGRAM FILES\OBJECT\FACETHEME
() (No name found) -- C:\USERS\DITTMER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CE8QMTIQ.DEFAULT\EXTENSIONS\{76C80A11-FAD4-406C-8246-F5ED4F9367B5}.XPI
() (No name found) -- C:\USERS\DITTMER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CE8QMTIQ.DEFAULT\EXTENSIONS\{B749FC7C-E949-447F-926C-3F4EED6ACCFE}.XPI
() (No name found) -- C:\USERS\DITTMER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CE8QMTIQ.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2006.09.21 18:29:00 | 000,135,227 | ---- | M] (Exent Technologies Ltd.) -- C:\Program Files\mozilla firefox\plugins\npExentCtl.dll
[2010.03.19 10:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll
[2006.08.09 12:16:08 | 000,030,408 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npWebLaunch.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.01.05 21:41:34 | 000,000,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\foxsearch.src
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Facetheme) - {cbc5b60a-aa4d-45f6-84c2-d086f320299a} - C:\Programme\Object\bho_project.dll (InternetEngine)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\1105221932\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\dittmer\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\dittmer\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\ApcMain.exe (Ascentive)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [wmupdater] File not found
O4 - HKCU..\Run: [{3BEEA621-37E1-0A23-10A5-DB67BE56BC33}] File not found
O4 - HKCU..\Run: [4E3E0230AEBB4E96] C:\Recycle.Bin\Recycle.Bin.exe (Macromedia, Inc.)
O4 - HKCU..\Run: [aauakf5] File not found
O4 - HKCU..\Run: [aavl5] File not found
O4 - HKCU..\Run: [affvv] File not found
O4 - HKCU..\Run: [afl3l] File not found
O4 - HKCU..\Run: [AirVideoServer] C:\Programme\AirVideoServer\AirVideoServer.exe ()
O4 - HKCU..\Run: [appkaa] File not found
O4 - HKCU..\Run: [aqgvvqq] File not found
O4 - HKCU..\Run: [aqql1f] File not found
O4 - HKCU..\Run: [aqqla] File not found
O4 - HKCU..\Run: [avkkffa] File not found
O4 - HKCU..\Run: [avvfkvf] File not found
O4 - HKCU..\Run: [avvqll] File not found
O4 - HKCU..\Run: [blllqbl] File not found
O4 - HKCU..\Run: [cleansweep.exe] File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ddjdd2j] File not found
O4 - HKCU..\Run: [ddsii5n] File not found
O4 - HKCU..\Run: [ddtjj] File not found
O4 - HKCU..\Run: [disd1s] File not found
O4 - HKCU..\Run: [disniyt] File not found
O4 - HKCU..\Run: [disy4s] File not found
O4 - HKCU..\Run: [dydyd] File not found
O4 - HKCU..\Run: [dyoytoo] File not found
O4 - HKCU..\Run: [Exetender] C:\Program Files\Metaboli Player\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKCU..\Run: [extensionx.exe] File not found
O4 - HKCU..\Run: [ggbvvq0] File not found
O4 - HKCU..\Run: [gqbvqg] File not found
O4 - HKCU..\Run: [hhmxhh] File not found
O4 - HKCU..\Run: [hmhhwm] File not found
O4 - HKCU..\Run: [hschsc] File not found
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [iisdxsi] File not found
O4 - HKCU..\Run: [ininxii] File not found
O4 - HKCU..\Run: [jjee98] File not found
O4 - HKCU..\Run: [kpzukk] File not found
O4 - HKCU..\Run: [laavvq] File not found
O4 - HKCU..\Run: [laqffa] File not found
O4 - HKCU..\Run: [lbbww] File not found
O4 - HKCU..\Run: [lggbq] File not found
O4 - HKCU..\Run: [mcrmrr] File not found
O4 - HKCU..\Run: [mhhmhxx] File not found
O4 - HKCU..\Run: [mxhss] File not found
O4 - HKCU..\Run: [niyyss] File not found
O4 - HKCU..\Run: [nninyi] File not found
O4 - HKCU..\Run: [nnyiid] File not found
O4 - HKCU..\Run: [nsxs1] File not found
O4 - HKCU..\Run: [ooeuo] File not found
O4 - HKCU..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [qaqql] File not found
O4 - HKCU..\Run: [qfvva2] File not found
O4 - HKCU..\Run: [qlffa] File not found
O4 - HKCU..\Run: [qqfvva2] File not found
O4 - HKCU..\Run: [qqllgaa] File not found
O4 - HKCU..\Run: [qqvlq] File not found
O4 - HKCU..\Run: [qqwgq] File not found
O4 - HKCU..\Run: [qvqqfaa] File not found
O4 - HKCU..\Run: [rhmxrrm] File not found
O4 - HKCU..\Run: [rrhxxc] File not found
O4 - HKCU..\Run: [rrwrhh] File not found
O4 - HKCU..\Run: [scmmh] File not found
O4 - HKCU..\Run: [tdojd] File not found
O4 - HKCU..\Run: [tejte] File not found
O4 - HKCU..\Run: [tyjdyo] File not found
O4 - HKCU..\Run: [tyyeoyz] File not found
O4 - HKCU..\Run: [userinit] File not found
O4 - HKCU..\Run: [vavllfv] File not found
O4 - HKCU..\Run: [vqffk] File not found
O4 - HKCU..\Run: [vvfvvaf] File not found
O4 - HKCU..\Run: [vvkka] File not found
O4 - HKCU..\Run: [vvqggbq] File not found
O4 - HKCU..\Run: [vvqq9] File not found
O4 - HKCU..\Run: [vvqqvq1] File not found
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [wllg0] File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKCU..\Run: [wwqggbq] File not found
O4 - HKCU..\Run: [yejoyt] File not found
O4 - HKCU..\Run: [yooj5] File not found
O4 - HKCU..\Run: [yootydo] File not found
O4 - HKCU..\Run: [ytnd0d] File not found
O4 - HKCU..\Run: [yyodd] File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - File not found
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\MPK\MPK.exe) - File not found
O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-3070096142-6784784981-779092690-5225\rundll32.exe) - C:\RECYCLER\S-1-5-21-3070096142-6784784981-779092690-5225\ [2010.07.22 00:22:50 | 000,000,000 | RHSD | M]
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-3680809491-6281274103-558693237-4450\yv8g67.exe) - File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-3070096142-6784784981-779092690-5225\rundll32.exe) - C:\RECYCLER\S-1-5-21-3070096142-6784784981-779092690-5225\ [2010.07.22 00:22:50 | 000,000,000 | RHSD | M]
O24 - Desktop WallPaper: C:\Users\dittmer\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\dittmer\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3a099e31-da53-11de-90a6-0021859a80ec}\Shell\AutoRun\command - "" = system32/rundll.exe
O33 - MountPoints2\{3a099e31-da53-11de-90a6-0021859a80ec}\Shell\explore\command - "" = system32/rundll.exe
O33 - MountPoints2\{3a099e31-da53-11de-90a6-0021859a80ec}\Shell\open\command - "" = system32/rundll.exe
O33 - MountPoints2\{5a8a99f2-9f2a-11de-8c37-0021859a80ec}\Shell - "" = AutoRun
O33 - MountPoints2\{5a8a99f2-9f2a-11de-8c37-0021859a80ec}\Shell\AutoRun\command - "" = K:\autorun.exe
O33 - MountPoints2\{5a8aaa24-9f2a-11de-8c37-0021859a80ec}\Shell - "" = AutoRun
O33 - MountPoints2\{5a8aaa24-9f2a-11de-8c37-0021859a80ec}\Shell\AutoRun\command - "" = M:\autorun.exe
O33 - MountPoints2\{5a8aaa98-9f2a-11de-8c37-0021859a80ec}\Shell - "" = AutoRun
O33 - MountPoints2\{5a8aaa98-9f2a-11de-8c37-0021859a80ec}\Shell\AutoRun\command - "" = N:\autorun.exe
O33 - MountPoints2\{6751ba77-c436-11de-963c-0021859a80ec}\Shell\AutoRun\command - "" = P:\system32/rundll.exe
O33 - MountPoints2\{6751ba77-c436-11de-963c-0021859a80ec}\Shell\explore\command - "" = P:\system32/rundll.exe
O33 - MountPoints2\{6751ba77-c436-11de-963c-0021859a80ec}\Shell\open\command - "" = P:\system32/rundll.exe
O33 - MountPoints2\{73ad8e24-e721-11de-b4e3-0021859a80ec}\Shell\AutoRun\command - "" = .\Docs\print.exe
O33 - MountPoints2\{73ad8e24-e721-11de-b4e3-0021859a80ec}\Shell\explore\command - "" = .\\\\Docs/print.exe
O33 - MountPoints2\{73ad8e24-e721-11de-b4e3-0021859a80ec}\Shell\open\command - "" = Docs////print.exe
O33 - MountPoints2\{8e13cfe7-1e4f-11df-b2fe-0021859a80ec}\Shell\AutoRun\command - "" = .\Docs\print.exe
O33 - MountPoints2\{8e13cfe7-1e4f-11df-b2fe-0021859a80ec}\Shell\explore\command - "" = P:\
O33 - MountPoints2\{8e13cfe7-1e4f-11df-b2fe-0021859a80ec}\Shell\open\command - "" = Docs////print.exe
O33 - MountPoints2\{adcfe563-098b-11de-9d43-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{adcfe563-098b-11de-9d43-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{ba6ba536-8ed9-11de-8a48-0021859a80ec}\Shell\AutoRun\command - "" = system32/rundll.exe
O33 - MountPoints2\{ba6ba536-8ed9-11de-8a48-0021859a80ec}\Shell\explore\command - "" = system32/rundll.exe
O33 - MountPoints2\{ba6ba536-8ed9-11de-8a48-0021859a80ec}\Shell\open\command - "" = system32/rundll.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.08.05 23:00:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.08.05 22:59:56 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.08.05 22:59:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.08.05 22:59:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.07.31 23:48:39 | 000,000,000 | ---D | C] -- C:\Users\dittmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ghostscript
[2011.07.31 23:48:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ghostscript
[2011.07.31 23:48:27 | 000,000,000 | ---D | C] -- C:\Program Files\gs
[2011.07.31 23:42:48 | 000,000,000 | ---D | C] -- C:\Users\dittmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Blender
[2011.07.31 23:42:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Blender
[2011.07.31 23:42:48 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Blender
[2011.07.28 18:52:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
[2011.07.28 18:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ballance
[2011.07.25 17:08:57 | 000,000,000 | ---D | C] -- C:\Users\dittmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
[2011.07.19 21:09:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software2000
[2011.07.19 21:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\Software2000
[2011.07.19 20:20:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011.07.17 08:21:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011.07.17 08:09:15 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2011.07.17 08:09:13 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011.07.17 08:09:12 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011.07.17 08:03:36 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2011.07.17 08:01:43 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011.07.17 08:01:43 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2011.07.17 08:01:43 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2011.07.17 08:00:12 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2011.07.17 08:00:11 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2011.07.17 07:58:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2011.07.17 07:56:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011.07.17 07:56:35 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011.07.17 07:56:35 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011.07.17 07:56:35 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011.07.17 07:56:34 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011.07.17 07:56:34 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011.07.17 07:56:33 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011.07.17 07:56:33 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011.07.17 07:56:33 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011.07.17 07:56:33 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011.07.17 07:56:33 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011.07.17 07:56:25 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011.07.17 07:56:25 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011.07.17 07:56:25 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011.07.17 07:56:25 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011.07.17 07:56:25 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011.07.17 07:49:10 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.07.17 07:49:10 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.07.17 07:49:10 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.07.17 07:49:10 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.07.17 07:49:10 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.07.17 07:49:09 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.07.17 07:49:09 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.07.17 07:49:09 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.07.17 07:49:09 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.07.17 07:49:08 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.07.17 07:49:08 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.07.17 07:49:07 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.07.17 07:49:07 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.07.17 07:49:07 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.07.17 07:49:07 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.07.17 07:49:07 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.07.17 07:49:07 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.07.17 07:46:44 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2011.07.17 07:46:44 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2011.07.17 07:46:44 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2011.07.17 07:46:44 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2011.07.17 07:46:44 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2011.07.17 07:46:44 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2011.07.17 07:46:43 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2011.07.17 07:46:43 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2011.07.17 07:46:43 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2011.07.17 07:43:21 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2011.07.17 07:39:28 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2011.07.17 07:38:39 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.07.17 07:37:39 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.07.17 07:37:39 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2011.07.17 07:37:39 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.07.17 07:37:17 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011.07.17 07:37:16 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011.07.17 07:37:13 | 003,548,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.07.17 07:37:12 | 003,600,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.07.17 07:35:53 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.07.17 07:35:53 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.07.17 07:35:24 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011.07.17 07:35:22 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.07.17 07:35:22 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.07.17 07:35:18 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2011.07.17 07:35:02 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011.07.17 07:34:36 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2011.07.17 07:34:36 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2011.07.17 07:34:36 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2011.07.17 07:34:18 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2011.07.17 07:34:17 | 002,042,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.07.17 07:34:16 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2011.07.17 07:33:31 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011.07.17 07:33:31 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011.07.17 07:33:30 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2011.07.17 07:32:47 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2011.07.17 07:32:47 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2011.07.17 07:32:24 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2011.07.17 07:31:38 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2011.07.17 07:31:38 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2011.07.17 07:31:21 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2011.07.17 07:30:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.07.17 07:30:13 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2011.07.17 07:30:12 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.07.17 07:30:12 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011.07.17 07:30:12 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011.07.17 07:30:12 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011.07.17 07:30:09 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2011.07.17 07:28:45 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2011.07.17 07:28:45 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2011.07.17 07:28:45 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2011.07.17 07:28:45 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2011.07.17 07:27:21 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2011.07.13 18:16:45 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll
[2011.07.13 18:16:45 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\i420vfw.dll
[2011.07.13 18:15:32 | 000,000,000 | ---D | C] -- C:\Users\dittmer\AppData\Local\OpenCandy
[2011.07.13 18:15:15 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2011.07.13 18:15:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © - by eRightSoft
[2011.07.13 18:15:08 | 000,000,000 | ---D | C] -- C:\Program Files\Object
[2011.07.10 17:09:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Oberon Games
[2011.07.10 17:09:04 | 000,000,000 | ---D | C] -- C:\Users\dittmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oberon Media
[2011.07.10 17:09:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oberon Media
[2011.07.10 17:09:02 | 000,000,000 | ---D | C] -- C:\Program Files\GamesBar
[2011.07.10 17:08:58 | 000,000,000 | ---D | C] -- C:\Program Files\Oberon Media
[2011.07.10 17:08:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Oberon Media

========== Files - Modified Within 30 Days ==========

[2011.08.07 13:56:04 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.08.07 13:56:04 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.08.07 13:56:04 | 000,122,636 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.08.07 13:56:04 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.08.07 13:49:59 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.08.07 13:49:33 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.07 13:49:32 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.07 13:49:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.07 02:50:41 | 000,001,356 | ---- | M] () -- C:\Users\dittmer\AppData\Local\d3d9caps.dat
[2011.08.06 23:07:12 | 000,107,195 | ---- | M] () -- C:\Users\dittmer\Desktop\jhipo.JPG
[2011.08.06 19:11:31 | 000,087,281 | ---- | M] () -- C:\Users\dittmer\Desktop\jpoj.JPG
[2011.08.06 19:09:17 | 000,056,261 | ---- | M] () -- C:\Users\dittmer\Desktop\jpj.JPG
[2011.08.06 19:06:06 | 000,074,954 | ---- | M] () -- C:\Users\dittmer\Desktop\lnoip.JPG
[2011.08.06 19:04:03 | 000,244,437 | ---- | M] () -- C:\Users\dittmer\Desktop\dij.JPG
[2011.08.06 18:28:47 | 000,071,836 | ---- | M] () -- C:\Users\dittmer\Desktop\be cool.jpg
[2011.08.06 16:12:30 | 000,043,729 | ---- | M] () -- C:\Users\dittmer\Desktop\broa.JPG
[2011.08.06 00:46:00 | 000,053,760 | ---- | M] () -- C:\Users\dittmer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.06 00:36:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.05 17:26:41 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2011.08.05 10:15:09 | 000,040,920 | ---- | M] () -- C:\Users\dittmer\Desktop\picdump-11-08-05-123.jpg
[2011.08.05 10:13:58 | 000,050,691 | ---- | M] () -- C:\Users\dittmer\Desktop\picdump-11-08-05-106.jpg
[2011.08.02 15:42:45 | 000,047,735 | ---- | M] () -- C:\Users\dittmer\Desktop\5822.jpg
[2011.08.02 15:40:55 | 000,040,621 | ---- | M] () -- C:\Users\dittmer\Desktop\85th.jpg
[2011.08.02 15:37:37 | 000,035,146 | ---- | M] () -- C:\Users\dittmer\Desktop\58th.jpg
[2011.08.02 15:35:47 | 000,063,061 | ---- | M] () -- C:\Users\dittmer\Desktop\49th.jpg
[2011.08.02 15:34:50 | 000,029,238 | ---- | M] () -- C:\Users\dittmer\Desktop\41th.jpg
[2011.08.02 15:33:50 | 000,331,810 | ---- | M] () -- C:\Users\dittmer\Desktop\34th.jpg
[2011.08.02 15:32:34 | 000,087,823 | ---- | M] () -- C:\Users\dittmer\Desktop\21th.jpg
[2011.07.31 23:51:04 | 044,698,949 | ---- | M] () -- C:\.pdf
[2011.07.31 23:50:32 | 000,000,043 | ---- | M] () -- C:\Windows\gswin32.ini
[2011.07.31 23:42:48 | 000,000,841 | ---- | M] () -- C:\Users\dittmer\Desktop\PDF Blender.lnk
[2011.07.29 14:45:52 | 000,055,876 | ---- | M] () -- C:\Users\dittmer\Desktop\picdump-11-07-29-120.jpg
[2011.07.28 18:52:19 | 000,000,659 | ---- | M] () -- C:\Users\Public\Desktop\Ballance.lnk
[2011.07.25 23:48:54 | 000,127,607 | ---- | M] () -- C:\Users\dittmer\Desktop\1418a91355.gif
[2011.07.25 17:08:57 | 000,000,312 | ---- | M] () -- C:\Users\dittmer\Desktop\Curse Client.appref-ms
[2011.07.25 14:48:56 | 000,042,649 | ---- | M] () -- C:\Users\dittmer\Desktop\jj.JPG
[2011.07.23 13:51:28 | 000,052,386 | ---- | M] () -- C:\Users\dittmer\Desktop\picdump-10-07-22-044.jpg
[2011.07.21 17:34:42 | 000,052,791 | ---- | M] () -- C:\Users\dittmer\Desktop\5812.jpg
[2011.07.20 11:29:37 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.07.20 11:29:36 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.07.19 21:09:07 | 000,000,596 | ---- | M] () -- C:\Users\Public\Desktop\Pizza Syndicate.lnk
[2011.07.19 20:24:04 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D9340780-93AB-4B8E-AAE2-6DB96F575BB6}.job
[2011.07.19 20:23:50 | 000,299,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.07.17 21:52:00 | 000,041,075 | ---- | M] () -- C:\Users\dittmer\Desktop\lod.JPG
[2011.07.13 18:17:42 | 283,544,572 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.07.11 13:05:50 | 000,040,871 | ---- | M] () -- C:\Users\dittmer\Desktop\859 euro fahrschule.JPG
[2011.07.10 22:52:09 | 000,092,323 | ---- | M] () -- C:\Users\dittmer\Desktop\5762.jpg

========== Files Created - No Company Name ==========

[2011.08.06 23:07:10 | 000,107,195 | ---- | C] () -- C:\Users\dittmer\Desktop\jhipo.JPG
[2011.08.06 19:11:28 | 000,087,281 | ---- | C] () -- C:\Users\dittmer\Desktop\jpoj.JPG
[2011.08.06 19:09:15 | 000,056,261 | ---- | C] () -- C:\Users\dittmer\Desktop\jpj.JPG
[2011.08.06 19:06:03 | 000,074,954 | ---- | C] () -- C:\Users\dittmer\Desktop\lnoip.JPG
[2011.08.06 19:04:00 | 000,244,437 | ---- | C] () -- C:\Users\dittmer\Desktop\dij.JPG
[2011.08.06 18:28:47 | 000,071,836 | ---- | C] () -- C:\Users\dittmer\Desktop\be cool.jpg
[2011.08.06 16:12:27 | 000,043,729 | ---- | C] () -- C:\Users\dittmer\Desktop\broa.JPG
[2011.08.05 10:15:09 | 000,040,920 | ---- | C] () -- C:\Users\dittmer\Desktop\picdump-11-08-05-123.jpg
[2011.08.05 10:13:58 | 000,050,691 | ---- | C] () -- C:\Users\dittmer\Desktop\picdump-11-08-05-106.jpg
[2011.08.02 15:42:45 | 000,047,735 | ---- | C] () -- C:\Users\dittmer\Desktop\5822.jpg
[2011.08.02 15:40:55 | 000,040,621 | ---- | C] () -- C:\Users\dittmer\Desktop\85th.jpg
[2011.08.02 15:37:37 | 000,035,146 | ---- | C] () -- C:\Users\dittmer\Desktop\58th.jpg
[2011.08.02 15:35:47 | 000,063,061 | ---- | C] () -- C:\Users\dittmer\Desktop\49th.jpg
[2011.08.02 15:34:50 | 000,029,238 | ---- | C] () -- C:\Users\dittmer\Desktop\41th.jpg
[2011.08.02 15:33:50 | 000,331,810 | ---- | C] () -- C:\Users\dittmer\Desktop\34th.jpg
[2011.08.02 15:32:34 | 000,087,823 | ---- | C] () -- C:\Users\dittmer\Desktop\21th.jpg
[2011.07.31 23:50:32 | 044,698,949 | ---- | C] () -- C:\.pdf
[2011.07.31 23:50:32 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini
[2011.07.31 23:42:48 | 000,000,841 | ---- | C] () -- C:\Users\dittmer\Desktop\PDF Blender.lnk
[2011.07.29 14:45:52 | 000,055,876 | ---- | C] () -- C:\Users\dittmer\Desktop\picdump-11-07-29-120.jpg
[2011.07.28 18:52:19 | 000,000,659 | ---- | C] () -- C:\Users\Public\Desktop\Ballance.lnk
[2011.07.25 23:48:54 | 000,127,607 | ---- | C] () -- C:\Users\dittmer\Desktop\1418a91355.gif
[2011.07.25 17:08:57 | 000,000,312 | ---- | C] () -- C:\Users\dittmer\Desktop\Curse Client.appref-ms
[2011.07.25 14:48:53 | 000,042,649 | ---- | C] () -- C:\Users\dittmer\Desktop\jj.JPG
[2011.07.23 13:51:28 | 000,052,386 | ---- | C] () -- C:\Users\dittmer\Desktop\picdump-10-07-22-044.jpg
[2011.07.21 17:34:42 | 000,052,791 | ---- | C] () -- C:\Users\dittmer\Desktop\5812.jpg
[2011.07.19 21:09:07 | 000,000,596 | ---- | C] () -- C:\Users\Public\Desktop\Pizza Syndicate.lnk
[2011.07.17 21:51:58 | 000,041,075 | ---- | C] () -- C:\Users\dittmer\Desktop\lod.JPG
[2011.07.17 08:21:31 | 000,001,247 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2011.07.17 07:56:26 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011.07.17 07:56:26 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011.07.17 07:56:26 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011.07.13 18:16:45 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2011.07.13 18:15:15 | 000,121,344 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.ax
[2011.07.13 18:15:15 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll
[2011.07.11 13:05:48 | 000,040,871 | ---- | C] () -- C:\Users\dittmer\Desktop\859 euro fahrschule.JPG
[2011.07.10 22:52:09 | 000,092,323 | ---- | C] () -- C:\Users\dittmer\Desktop\5762.jpg
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.03.22 21:14:52 | 000,080,384 | ---- | C] () -- C:\Windows\gamedelete.exe
[2011.01.25 16:07:33 | 000,017,778 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011.01.10 14:37:07 | 000,109,484 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010.12.07 23:40:56 | 000,033,792 | ---- | C] () -- C:\Windows\System32\drivers\libusb0.sys
[2010.06.02 04:26:09 | 000,000,012 | ---- | C] () -- C:\Users\dittmer\AppData\Roaming\vqdlkr.dat
[2010.06.02 04:26:05 | 000,000,004 | ---- | C] () -- C:\Users\dittmer\AppData\Roaming\avdrn.dat
[2010.01.20 02:13:54 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009.12.23 16:22:20 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.12.10 07:46:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.12.09 14:05:25 | 000,000,174 | ---- | C] () -- C:\Users\dittmer\AppData\Local\rahistory.xml
[2009.11.27 15:55:43 | 000,307,200 | ---- | C] () -- C:\Windows\System32\AscSQLite.dll
[2009.11.20 00:08:40 | 000,090,624 | ---- | C] () -- C:\Windows\VSUNINST.EXE
[2009.11.13 18:38:47 | 000,290,816 | ---- | C] () -- C:\Windows\System32\decdll.dll
[2009.09.30 14:11:11 | 000,000,214 | ---- | C] () -- C:\Users\dittmer\AppData\Roaming\default.rss
[2009.09.28 01:08:05 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.09.24 16:47:58 | 000,000,181 | ---- | C] () -- C:\Windows\WININIT.INI
[2009.08.31 08:23:43 | 000,000,565 | ---- | C] () -- C:\Windows\Sierra.ini
[2009.08.30 20:20:07 | 000,044,544 | ---- | C] () -- C:\Windows\System32\Gif89.dll
[2009.08.26 09:08:51 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.08.26 09:08:50 | 000,022,328 | ---- | C] () -- C:\Users\dittmer\AppData\Roaming\PnkBstrK.sys
[2009.08.26 09:08:36 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009.08.26 09:08:34 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2009.08.26 09:08:34 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009.08.26 08:20:04 | 000,000,068 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2009.08.26 08:19:07 | 000,352,648 | ---- | C] () -- C:\Windows\System32\SysCheck2.dll
[2009.08.22 23:00:19 | 000,001,356 | ---- | C] () -- C:\Users\dittmer\AppData\Local\d3d9caps.dat
[2009.08.22 21:10:42 | 000,000,000 | ---- | C] () -- C:\Users\dittmer\AppData\Roaming\bcrypt.html
[2009.08.16 16:04:25 | 000,040,960 | R--- | C] () -- C:\Windows\System32\psfind.dll
[2009.08.14 13:41:34 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.08.14 13:41:33 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.08.13 21:53:54 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009.06.28 13:39:39 | 000,119,475 | ---- | C] () -- C:\Windows\hpqins00.dat
[2009.06.26 18:21:02 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
[2009.03.08 09:13:12 | 000,160,154 | ---- | C] () -- C:\Windows\hpoins14.dat
[2009.03.06 01:21:10 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.03.05 18:24:24 | 000,053,760 | ---- | C] () -- C:\Users\dittmer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.03.05 18:03:06 | 000,008,704 | ---- | C] () -- C:\Windows\System32\vidccleaner.exe
[2009.03.05 18:02:35 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.03.05 18:02:35 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.03.05 17:05:36 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini
[2008.09.25 14:33:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.09.25 14:25:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2008.09.25 14:25:58 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.09.25 14:22:15 | 000,014,640 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2008.09.25 14:22:01 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008.09.25 14:18:03 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.09.25 14:18:02 | 000,174,820 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.09.25 14:18:02 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.09.25 14:18:02 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2008.09.25 14:18:02 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008.09.25 14:18:01 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008.09.25 13:53:02 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008.09.25 13:53:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.04.25 15:23:38 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2008.01.21 09:15:58 | 000,618,204 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,122,636 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.09.20 03:14:41 | 000,002,000 | ---- | C] () -- C:\Windows\hpomdl14.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,299,368 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,586,980 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,101,052 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.10.21 00:58:52 | 000,090,112 | ---- | C] () -- C:\Windows\System32\vspxvfw.dll
[2005.09.01 16:20:46 | 000,524,288 | ---- | C] () -- C:\Windows\System32\vspxcore.dll
[2002.09.18 00:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:364682BC
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:4F636E25

< End of report >

Alt 09.08.2011, 13:20   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Und noch ein BKA-Trojaner - Standard

Und noch ein BKA-Trojaner


Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________

__________________
Antwort

Themen zu Und noch ein BKA-Trojaner
alternate, antivir, avg, avira, bho, bonjour, cdburnerxp, conduit, desktop, error, euro, firefox, format, google, google earth, helper, home, libusb0.sys, logfile, mozilla, object, pando media booster, performance, picasa, plug-in, realtek, recycle.bin, registry, rundll, scan, sched.exe, security, security scan, server, software, sptd.sys, staropen, start menu, super, version=1.0, vista


« BKA Trojaner richtig entfernt? | BKA Trojaner nicht richtig entfernt »

Ähnliche Themen: Und noch ein BKA-Trojaner


  1. Pop up-gvu trojaner noch auf dem pc?
    Plagegeister aller Art und deren Bekämpfung - 10.01.2015 (10)
  2. Mein PC läuft nur noch sehr langsam, nicht mal AVIRA funktiomiert noch. Woran kann das liegen?
    Plagegeister aller Art und deren Bekämpfung - 29.10.2013 (5)
  3. Noch ein GVU Trojaner
    Plagegeister aller Art und deren Bekämpfung - 12.04.2013 (25)
  4. Und noch ein GVU-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 21.07.2012 (3)
  5. BKA/GVU Trojaner noch da?
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (3)
  6. GVU Trojaner - Was noch zu tun ist
    Plagegeister aller Art und deren Bekämpfung - 26.06.2012 (3)
  7. BKA Trojaner 3.04 Systemwiederherstellung aktiviert noch Reste vom Trojaner vorhanden ?
    Log-Analyse und Auswertung - 09.04.2012 (22)
  8. Noch ein BKA Trojaner in XP
    Plagegeister aller Art und deren Bekämpfung - 09.08.2011 (6)
  9. Trojaner noch da? C Laufwerk noch unsichtbar
    Log-Analyse und Auswertung - 16.05.2011 (11)
  10. Trojaner noch da?
    Log-Analyse und Auswertung - 24.03.2011 (1)
  11. Trojaner noch da?
    Plagegeister aller Art und deren Bekämpfung - 09.03.2011 (11)
  12. Trojaner nach Formatierung immer noch vorhanden- Trojaner auf externer HD?
    Plagegeister aller Art und deren Bekämpfung - 30.12.2009 (11)
  13. Trojaner noch auf dem PC?
    Log-Analyse und Auswertung - 05.12.2009 (1)
  14. Trojaner noch da?
    Log-Analyse und Auswertung - 19.11.2009 (1)
  15. Trojaner noch da?
    Plagegeister aller Art und deren Bekämpfung - 15.09.2007 (2)
  16. Ist der Trojaner noch da?
    Plagegeister aller Art und deren Bekämpfung - 23.05.2007 (3)
  17. Trojaner noch da?
    Log-Analyse und Auswertung - 02.05.2007 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Und noch ein BKA-Trojaner - Hallo, habe auch den anscheinend weit verbreiteten BKA Trojaner. Heute Nacht gegen 4 Uhr kam der Screen, nach dem Neustart auch noch. Abgesicherter Modus funktionierte ohne Probleme. Nach einer Systemrücksetzung - Und noch ein BKA-Trojaner...
Archiv
Du betrachtest: Und noch ein BKA-Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129