| |
| |||||||
Log-Analyse und Auswertung: jashla.exe wieder daWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
22.08.2011, 23:48
| #1 |
 |  jashla.exe wieder da Hallo, habe vor ca. 3-4 Tagen den Trojaner auf dem PC gehabt. Habe mein PC dann wieder zum laufen bekommen. Allerdings war der Trojaner heute wieder auf meinen PC. Wie kann ich diesen Trojaner ganz los werden ? Wo es das erstemal passiert ist. Habe ich Windows im abgesicherten Modus gestartet. Und habe die Datei unter C/User/**/App*Roaming gelöscht. Habe anschließen in der Registrie nach der Datei gesucht wo ich sie ebenfalls gelöscht habe. Nun scheind es wieder von vorne los zu gehen. Habe heute wieder das gleiche gemacht. Aber ich denke bei meiner Methode wird er sicherlich wieder kommen. Gibt es eine möglichkeit ohne den PC komplett neu aufsetzten zu müssen ? Ich habe hier im Forum dauernt was von OTL gelesen. Ich habe es mal gemacht, allerdings weiß ich nicht was das ist  Hier der Log: Code:
ATTFilter OTL logfile created on: 23.08.2011 00:34:27 - Run 1 OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Horst\Downloads 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,99 Gb Total Physical Memory | 2,72 Gb Available Physical Memory | 68,11% Memory free 7,98 Gb Paging File | 6,44 Gb Available in Paging File | 80,66% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 99,90 Gb Total Space | 45,79 Gb Free Space | 45,84% Space Free | Partition Type: NTFS Drive D: | 450,00 Gb Total Space | 401,16 Gb Free Space | 89,15% Space Free | Partition Type: NTFS Drive E: | 381,51 Gb Total Space | 381,41 Gb Free Space | 99,97% Space Free | Partition Type: NTFS Drive G: | 931,51 Gb Total Space | 704,51 Gb Free Space | 75,63% Space Free | Partition Type: NTFS Computer Name: HORST-PC | User Name: Horst | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.08.23 00:33:43 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Horst\Downloads\OTL.exe PRC - [2011.08.17 17:52:51 | 000,912,344 | ---- | M] (Mozilla Corporation) -- D:\WWW\Mozilla Firefox\firefox.exe PRC - [2011.08.02 17:30:46 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Spiele\Steam\Steam.exe PRC - [2011.07.21 12:08:02 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.04.21 07:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.01.01 18:35:40 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2010.12.07 12:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2010.09.06 19:56:38 | 000,247,096 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe PRC - [2010.05.05 17:56:06 | 000,251,392 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe PRC - [2010.04.27 15:41:26 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe PRC - [2007.12.19 12:58:24 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe ========== Modules (No Company Name) ========== MOD - [2011.08.17 17:52:52 | 001,000,920 | ---- | M] () -- D:\WWW\Mozilla Firefox\js3250.dll MOD - [2011.08.03 10:58:46 | 000,447,904 | ---- | M] () -- D:\Tools\EslWire\inGame32.dll MOD - [2011.08.02 22:13:37 | 014,401,832 | ---- | M] () -- D:\Spiele\Steam\bin\libcef.dll MOD - [2011.08.02 22:13:35 | 000,190,248 | ---- | M] () -- D:\Spiele\Steam\bin\chromehtml.dll MOD - [2011.08.02 22:13:33 | 000,091,432 | ---- | M] () -- D:\Spiele\Steam\bin\avutil-50.dll MOD - [2011.08.02 22:13:31 | 000,155,432 | ---- | M] () -- D:\Spiele\Steam\bin\avformat-52.dll MOD - [2011.08.02 22:13:29 | 000,914,216 | ---- | M] () -- D:\Spiele\Steam\bin\avcodec-52.dll MOD - [2010.06.03 13:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2010.05.05 17:56:06 | 000,251,392 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe MOD - [2010.04.27 15:41:26 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.05.13 17:14:58 | 000,415,616 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\cFosSpeed\spd.exe -- (cFosSpeedS) SRV:64bit: - [2010.10.27 04:51:36 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2011.08.03 10:58:52 | 000,168,864 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\WireHelpSvc.exe -- (WireHelpSvc) SRV - [2011.07.21 12:08:02 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.05.13 19:01:57 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.01.01 18:35:40 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010.12.07 12:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2010.09.06 19:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.10.25 12:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Büro\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2007.05.31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.08.03 14:12:34 | 000,161,184 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC) DRV:64bit: - [2011.07.21 12:11:10 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.07.21 12:11:09 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.07.06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.05.13 17:15:02 | 001,633,664 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cfosspeed6.sys -- (cFosSpeed) cFosSpeed for faster Internet connections (NDIS 6) DRV:64bit: - [2011.02.18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.01.18 20:25:36 | 000,007,808 | ---- | M] (SweetLow) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidusbf.sys -- (hidusbf) DRV:64bit: - [2010.10.27 06:00:14 | 008,012,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2010.10.27 06:00:14 | 008,012,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.10.27 04:14:22 | 000,287,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.09.24 14:46:32 | 000,116,752 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2010.05.06 11:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010.03.31 03:58:04 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010.03.23 16:37:34 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\danew.sys -- (danewFltr) DRV:64bit: - [2010.03.10 17:19:32 | 000,020,456 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz133_x64.sys -- (cpuz133) DRV:64bit: - [2010.02.12 21:30:26 | 000,145,360 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2009.12.22 01:54:00 | 001,308,160 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CM10864.sys -- (USBPNPA) DRV:64bit: - [2009.12.21 21:50:00 | 000,007,552 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vHidDev.sys -- (vhidmini) DRV:64bit: - [2009.11.05 22:35:45 | 000,034,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64k.sys -- (Point64) DRV:64bit: - [2009.08.10 15:25:32 | 000,047,104 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CYUSB.sys -- (CYUSB) DRV:64bit: - [2009.07.18 14:18:48 | 000,109,480 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.22 16:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.09.17 15:14:00 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64) DRV:64bit: - [2008.06.27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs) DRV:64bit: - [2008.03.20 17:59:00 | 000,011,904 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\salmosa.sys -- (salmosa) DRV:64bit: - [2006.11.10 15:08:58 | 000,030,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ATITool64.sys -- (ATITool) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2007.02.07 20:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0F 8C F3 F7 E5 88 CA 01 [binary data] IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: eafo3fflauncher@ea.com:1.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.2.1 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.2.1 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Musik\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\searchpredict@speedbit.com: C:\Program Files (x86)\SearchPredict\PRFireFox FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files (x86)\SpeedBit Video Downloader\SPFireFox FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: D:\WWW)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: D:\WWW)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Components: D:\WWW\Mozilla Firefox\components [2011.08.17 17:52:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Plugins: D:\WWW\Mozilla Firefox\plugins [2011.08.17 17:52:53 | 000,000,000 | ---D | M] [2009.12.30 02:23:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Horst\AppData\Roaming\mozilla\Extensions [2011.08.22 23:38:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Horst\AppData\Roaming\mozilla\Firefox\Profiles\5e1sner9.default\extensions [2011.03.01 20:42:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Horst\AppData\Roaming\mozilla\Firefox\Profiles\5e1sner9.default\extensions\{0329E7D6-6F54-462D-93F6-F5C3118BADF2} [2011.03.01 22:52:29 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Horst\AppData\Roaming\mozilla\Firefox\Profiles\5e1sner9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.05.07 16:42:42 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Horst\AppData\Roaming\mozilla\Firefox\Profiles\5e1sner9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.03.01 22:52:30 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Horst\AppData\Roaming\mozilla\Firefox\Profiles\5e1sner9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.06.26 21:00:15 | 000,000,000 | ---D | M] (FIFA Online Web Launcher) -- C:\Users\Horst\AppData\Roaming\mozilla\Firefox\Profiles\5e1sner9.default\extensions\eafo3fflauncher@ea.com [2011.03.01 22:52:31 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Horst\AppData\Roaming\mozilla\Firefox\Profiles\5e1sner9.default\extensions\engine@conduit.com [2011.01.04 19:22:07 | 000,002,059 | ---- | M] () -- C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\5e1sner9.default\searchplugins\daemon-search.xml [2011.08.18 18:24:05 | 000,000,950 | ---- | M] () -- C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\5e1sner9.default\searchplugins\icqplugin-1.xml [2010.12.10 00:04:21 | 000,000,950 | ---- | M] () -- C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\5e1sner9.default\searchplugins\icqplugin-2.xml [2010.09.09 17:44:15 | 000,000,950 | ---- | M] () -- C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\5e1sner9.default\searchplugins\icqplugin-3.xml [2010.09.17 16:45:17 | 000,000,950 | ---- | M] () -- C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\5e1sner9.default\searchplugins\icqplugin-4.xml [2010.10.22 18:33:55 | 000,000,950 | ---- | M] () -- C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\5e1sner9.default\searchplugins\icqplugin-5.xml [2010.10.30 16:08:30 | 000,000,950 | ---- | M] () -- C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\5e1sner9.default\searchplugins\icqplugin-6.xml [2010.06.21 17:35:24 | 000,001,042 | ---- | M] () -- C:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\5e1sner9.default\searchplugins\icqplugin.xml O1 HOSTS File: ([2011.08.04 19:20:52 | 000,002,988 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 hxxp://www.adobeereg.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 192.150.18.108 O1 - Hosts: 127.0.0.1 activate.adobe.com:443 O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 www.adobeereg.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 192.150.18.108 O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 www.adobeereg.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 33 more lines... O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Büro\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [cFosSpeed] C:\Programme\cFosSpeed\cfosspeed.exe (cFos Software GmbH) O4:64bit: - HKLM..\Run: [Cm108Sound] C:\Windows\Syswow64\cm108.dll (C-Media Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe () O4 - HKLM..\Run: [GrooveMonitor] D:\Büro\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Tools\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [ESL Wire] D:\Tools\EslWire\wire.exe (Turtle Entertainment GmbH) O4 - HKCU..\Run: [Steam] D:\Spiele\Steam\steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Horst\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Horst\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Büro\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Büro\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - Reg Error: Key error. File not found O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Büro\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Büro\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{a8f57eeb-f53e-11de-a570-406186298329}\Shell - "" = AutoRun O33 - MountPoints2\{a8f57eeb-f53e-11de-a570-406186298329}\Shell\AutoRun\command - "" = H:\Setup.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.08.21 20:52:28 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.08.14 23:34:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.NET [2011.08.14 23:32:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerStars.NET [2011.08.14 14:23:10 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\Avira [2011.08.14 14:20:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.08.14 14:20:36 | 000,123,784 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.08.14 14:20:35 | 000,088,288 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011.08.14 14:20:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.08.14 14:20:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2011.08.13 17:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cFosSpeed Traffic Shaping [2011.08.13 17:07:21 | 001,633,664 | ---- | C] (cFos Software GmbH) -- C:\Windows\SysNative\drivers\cfosspeed6.sys [2011.08.13 17:07:21 | 000,000,000 | ---D | C] -- C:\Program Files\cFosSpeed [2011.08.13 15:56:49 | 000,000,000 | ---D | C] -- C:\Users\Horst\AppData\Roaming\Malwarebytes [2011.08.13 15:56:44 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.08.13 15:56:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.08.13 15:56:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.08.13 15:56:41 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.08.13 15:56:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.08.11 19:47:59 | 000,000,000 | ---D | C] -- C:\Users\Horst\Desktop\CS_backup [2011.08.05 17:54:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.08.05 17:54:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.07.28 15:41:52 | 000,000,000 | ---D | C] -- C:\Users\Horst\riotsGamesLogs [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.08.23 00:35:44 | 001,648,378 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.08.23 00:35:44 | 000,710,110 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.08.23 00:35:44 | 000,663,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.08.23 00:35:44 | 000,153,202 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.08.23 00:35:44 | 000,125,252 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.08.23 00:34:45 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.08.23 00:34:45 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.08.23 00:29:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.08.23 00:28:58 | 3214,237,696 | -HS- | M] () -- C:\hiberfil.sys [2011.08.21 20:57:21 | 000,036,004 | ---- | M] () -- C:\Users\Horst\Documents\cc_20110821_205716.reg [2011.08.21 15:46:19 | 000,008,293 | ---- | M] () -- C:\Windows\Cm108.ini.imi [2011.08.14 23:34:28 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.net.lnk [2011.08.14 14:20:48 | 000,002,076 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.08.13 16:30:26 | 000,001,131 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.08.13 16:13:08 | 000,009,878 | ---- | M] () -- C:\Users\Horst\Documents\cc_20110813_161306.reg [2011.08.13 15:50:13 | 003,094,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.08.12 17:29:59 | 000,335,853 | ---- | M] () -- C:\Users\Horst\Desktop\IMG_0294_OldPhoto_17.jpg [2011.08.12 17:12:48 | 001,695,492 | ---- | M] () -- C:\Users\Horst\Desktop\IMG_0294.JPG [2011.08.05 17:54:20 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.08.04 17:59:03 | 000,000,615 | ---- | M] () -- C:\Users\Public\Desktop\ESL Wire.lnk [2011.08.03 14:12:34 | 000,161,184 | ---- | M] (<Turtle Entertainment>) -- C:\Windows\SysNative\drivers\ESLWireACD.sys [2011.08.03 10:58:52 | 000,168,864 | ---- | M] () -- C:\Program Files\Common Files\WireHelpSvc.exe [2011.07.31 20:23:14 | 000,076,629 | ---- | M] () -- C:\Users\Horst\Desktop\mo_270x360.jpg [2011.07.31 13:50:36 | 000,004,011 | ---- | M] () -- C:\Users\Horst\Desktop\muppaklein.jpg [2011.07.29 13:32:05 | 000,114,510 | ---- | M] () -- C:\Users\Horst\Desktop\muppa_B&w_1.jpg [2011.07.29 13:23:27 | 000,088,838 | ---- | M] () -- C:\Users\Horst\Desktop\muppa.jpg [2011.07.24 16:26:53 | 082,961,803 | ---- | M] () -- C:\Users\Horst\Desktop\5.dem [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.08.21 20:57:18 | 000,036,004 | ---- | C] () -- C:\Users\Horst\Documents\cc_20110821_205716.reg [2011.08.20 19:45:31 | 082,961,803 | ---- | C] () -- C:\Users\Horst\Desktop\5.dem [2011.08.14 23:34:28 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.net.lnk [2011.08.14 14:20:48 | 000,002,076 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.08.13 16:13:07 | 000,009,878 | ---- | C] () -- C:\Users\Horst\Documents\cc_20110813_161306.reg [2011.08.13 15:56:44 | 000,001,131 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.08.12 17:29:59 | 000,335,853 | ---- | C] () -- C:\Users\Horst\Desktop\IMG_0294_OldPhoto_17.jpg [2011.08.12 17:26:45 | 001,695,492 | ---- | C] () -- C:\Users\Horst\Desktop\IMG_0294.JPG [2011.08.11 19:41:34 | 000,497,671 | ---- | C] () -- C:\Users\Horst\Desktop\background.jpg [2011.08.05 17:54:20 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.07.31 20:23:13 | 000,076,629 | ---- | C] () -- C:\Users\Horst\Desktop\mo_270x360.jpg [2011.07.31 13:48:53 | 000,004,011 | ---- | C] () -- C:\Users\Horst\Desktop\muppaklein.jpg [2011.07.29 13:32:05 | 000,114,510 | ---- | C] () -- C:\Users\Horst\Desktop\muppa_B&w_1.jpg [2011.07.29 13:23:25 | 000,088,838 | ---- | C] () -- C:\Users\Horst\Desktop\muppa.jpg [2011.07.12 18:12:14 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix108.dll [2011.07.12 18:12:14 | 000,000,259 | ---- | C] () -- C:\Windows\Cm108.ini.cfl [2011.07.12 18:12:11 | 000,008,293 | ---- | C] () -- C:\Windows\Cm108.ini.imi [2011.07.12 18:12:11 | 000,002,029 | ---- | C] () -- C:\Windows\Cm108.ini.cfg [2011.07.12 18:12:10 | 000,001,320 | ---- | C] () -- C:\Windows\cm108.ini [2011.07.05 21:02:38 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe [2011.06.07 19:17:37 | 000,000,061 | ---- | C] () -- C:\Windows\SysWow64\SYSVCPDRV.SYS [2011.01.01 00:00:09 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2010.12.31 03:22:35 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2010.12.29 21:16:26 | 000,000,093 | ---- | C] () -- C:\Users\Horst\AppData\Local\fusioncache.dat [2010.11.21 19:20:27 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.10.24 12:48:28 | 000,013,510 | ---- | C] () -- C:\Users\Horst\AppData\Roaming\PStrip.bko [2010.10.24 12:46:20 | 000,013,510 | ---- | C] () -- C:\Users\Horst\AppData\Roaming\PStrip.bk! [2010.10.24 12:46:13 | 000,013,510 | ---- | C] () -- C:\Users\Horst\AppData\Roaming\PStrip.bak [2010.10.23 21:34:29 | 000,013,510 | ---- | C] () -- C:\Users\Horst\AppData\Roaming\PStrip.ini [2010.10.23 21:29:04 | 000,000,062 | ---- | C] () -- C:\Windows\wininit.ini [2010.10.14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.09.11 01:42:30 | 000,280,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.09.11 01:42:25 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010.08.09 19:58:56 | 000,200,920 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2010.06.16 19:35:21 | 000,001,151 | -H-- | C] () -- C:\Windows\_cm108.ini [2010.04.11 18:23:57 | 001,674,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009.12.31 14:48:56 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\prospeed_bmp2jpg.dll [2009.12.30 12:36:04 | 000,106,496 | ---- | C] () -- C:\Windows\Vmix.dll [2009.12.30 02:40:55 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2008.02.07 11:05:18 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\hppatusg01.dll [2007.04.27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll < End of report > Ich hoffe ihr könnt mir helfen. Habe auch noch mal antivir und malware durchlaufen lassen. Haben aber beide nichts mehr gefunden. |
| Themen zu jashla.exe wieder da |
| .com, adblock, antivir, autorun, avira, bho, conduit, converter, desktop, downloader, error, firefox, format, google, helper, jashla.exe, langs, logfile, mozilla, mp3, musik, plug-in, realtek, registry, scan, senden, server, software, start menu, trojaner, version=1.0, webcheck, windows |
Baum-Darstellung