Windows gesperrt! Zahlungsaufforderung

Freeda77 · 26.12.2011, 15:58

Hallo.

Beim Start meines Windows 7 kommt ein schwarzer Bildschirm wo ich nur auf bezahlen klicken kann.

Habe mir Malwarebytes geladen Eset und OTL.

werde gleich die Logfiles posten.

Habe zwar keine ahnung von dem Ganzen aber hab mir die anderen Threads durchgelesen.

Freeda77 · 26.12.2011, 16:26

Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 911122602

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

26.12.2011 16:25:57
mbam-log-2011-12-26 (16-25-45).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 297923
Laufzeit: 55 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\opera.exe (Trojan.Ransom) -> Value: opera.exe -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\lena\AppData\Roaming\Opera\Opera\opera.exe (Trojan.Ransom) -> No action taken.
c:\Users\lena\AppData\Local\Temp\kna0.6372081864325603.exe (Trojan.Downloader) -> No action taken.
c:\Users\lena\AppData\Local\Temp\~!#CB4F.tmp (Trojan.Ransom) -> No action taken.
c:\Users\lena\AppData\LocalLow\Sun\Java\deployment\cache\6.0\2\71d0802-323d8fcc (Trojan.Downloader) -> No action taken.

Freeda77 · 26.12.2011, 16:29

Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 911122602

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

26.12.2011 16:28:34
mbam-log-2011-12-26 (16-28-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 297923
Laufzeit: 55 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\opera.exe (Trojan.Ransom) -> Value: opera.exe -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\lena\AppData\Roaming\Opera\Opera\opera.exe (Trojan.Ransom) -> Quarantined and deleted successfully.
c:\Users\lena\AppData\Local\Temp\kna0.6372081864325603.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\lena\AppData\Local\Temp\~!#CB4F.tmp (Trojan.Ransom) -> Quarantined and deleted successfully.
c:\Users\lena\AppData\LocalLow\Sun\Java\deployment\cache\6.0\2\71d0802-323d8fcc (Trojan.Downloader) -> Quarantined and deleted successfully.

Freeda77 · 26.12.2011, 17:36

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 12/26/2011 5:15:44 PM - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\lena\Desktop
 Starter Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1015.24 Mb Total Physical Memory | 322.89 Mb Available Physical Memory | 31.80% Memory free
1.99 Gb Paging File | 1.11 Gb Available in Paging File | 55.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 80.00 Gb Total Space | 30.77 Gb Free Space | 38.46% Space Free | Partition Type: NTFS
Drive D: | 59.03 Gb Total Space | 0.01 Gb Free Space | 0.01% Space Free | Partition Type: NTFS
Drive E: | 1.89 Gb Total Space | 0.43 Gb Free Space | 22.88% Space Free | Partition Type: FAT
Drive F: | 27.49 Gb Total Space | 27.14 Gb Free Space | 98.71% Space Free | Partition Type: FAT32
 
Computer Name: LENA-PC | User Name: lena | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/12/26 16:34:29 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\lena\Desktop\OTL(2).exe
PRC - [2011/06/15 16:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/17 17:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 17:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2011/01/05 09:18:50 | 000,133,432 | ---- | M] (ICQ, LLC.) -- C:\Program Files\ICQ7.0\ICQ.exe
PRC - [2010/05/14 10:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010/01/03 17:07:48 | 000,246,520 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2009/09/12 00:34:12 | 001,488,128 | ---- | M] (O&O Software GmbH) -- C:\Program Files\OO Software\Defrag\oodag.exe
PRC - [2009/09/12 00:34:00 | 002,524,416 | ---- | M] (O&O Software GmbH) -- C:\Program Files\OO Software\Defrag\oodtray.exe
PRC - [2009/09/11 09:34:38 | 000,750,008 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
PRC - [2009/09/11 04:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
PRC - [2009/08/19 01:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe
PRC - [2009/08/11 23:28:08 | 000,407,040 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
PRC - [2009/07/21 13:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/20 10:47:14 | 000,083,240 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
PRC - [2009/07/14 02:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\windows\System32\wbem\WMIADAP.EXE
PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/05/13 15:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 12:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/12/26 14:56:40 | 000,849,368 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/08/17 17:53:48 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/05/28 21:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
MOD - [2011/01/05 09:18:56 | 000,733,184 | ---- | M] () -- C:\Program Files\ICQ7.0\MDb.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/07/07 18:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 16:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/01/03 17:07:48 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009/09/12 00:34:12 | 001,488,128 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (O&O Defrag)
SRV - [2009/08/19 01:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)
SRV - [2009/07/21 13:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/05/13 15:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011/12/26 15:17:33 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/12/07 20:49:25 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/10/05 16:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/27 08:06:46 | 000,051,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV - [2009/07/20 10:29:00 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2009/07/14 01:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/05/11 09:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 09:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Asus | MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = ASUS Eee Family | Easy to Learn, Work and Play [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = ASUS Eee Family | Easy to Learn, Work and Play [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1351351
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT1351351&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 49
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.1.2
FF - prefs.js..extensions.enabledItems: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c}:3.7.0.6
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.1.2&q="
FF - prefs.js..network.proxy.http: "192.168.0.254"
FF - prefs.js..network.proxy.http_port: 805
FF - prefs.js..network.proxy.type: 4
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\lena\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\lena\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/26 14:56:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/26 14:56:42 | 000,000,000 | ---D | M]
 
[2009/11/25 12:36:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lena\AppData\Roaming\mozilla\Extensions
[2011/12/26 17:10:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lena\AppData\Roaming\mozilla\Firefox\Profiles\reanm411.default\extensions
[2011/11/22 18:54:52 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\lena\AppData\Roaming\mozilla\Firefox\Profiles\reanm411.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011/09/27 19:09:45 | 000,000,000 | ---D | M] (Softonic Deutsch Community Toolbar) -- C:\Users\lena\AppData\Roaming\mozilla\Firefox\Profiles\reanm411.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}
[2009/11/26 21:20:46 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\lena\AppData\Roaming\mozilla\Firefox\Profiles\reanm411.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/02/06 13:17:35 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\lena\AppData\Roaming\mozilla\Firefox\Profiles\reanm411.default\extensions\engine@conduit.com
[2010/01/20 11:15:16 | 000,000,935 | ---- | M] () -- C:\Users\lena\AppData\Roaming\Mozilla\Firefox\Profiles\reanm411.default\searchplugins\conduit.xml
[2011/12/26 15:06:58 | 000,000,950 | ---- | M] () -- C:\Users\lena\AppData\Roaming\Mozilla\Firefox\Profiles\reanm411.default\searchplugins\icqplugin-1.xml
[2011/03/06 16:06:43 | 000,000,950 | ---- | M] () -- C:\Users\lena\AppData\Roaming\Mozilla\Firefox\Profiles\reanm411.default\searchplugins\icqplugin-10.xml
[2011/03/08 14:16:48 | 000,000,950 | ---- | M] () -- C:\Users\lena\AppData\Roaming\Mozilla\Firefox\Profiles\reanm411.default\searchplugins\icqplugin-11.xml
[2011/03/30 18:21:37 | 000,000,950 | ---- | M] () -- C:\Users\lena\AppData\Roaming\Mozilla\Firefox\Profiles\reanm411.default\searchplugins\icqplugin-12.xml
[2011/05/04 19:59:48 | 000,000,950 | ---- | M] () -- C:\Users\lena\AppData\Roaming\Mozilla\Firefox\Profiles\reanm411.default\searchplugins\icqplugin-13.xml
[2011/06/27 11:04:38 | 000,000,950 | ---- | M] () -- C:\Users\lena\AppData\Roaming\Mozilla\Firefox\Profiles\reanm411.default\searchplugins\icqplugin-14.xml
[2011/08/20 18:00:39 | 000,000,950 | ---- | M] () -- C:\Users\lena\AppData\Roaming\Mozilla\Firefox\Profiles\reanm411.default\searchplugins\icqplugin-15.xml
[2011/09/11 20:30:41 | 000,000,950 | ---- | M] () -- C:\Users\lena\AppData\Roaming\Mozilla\Firefox\Profiles\reanm411.default\searchplugins\icqplugin-16.xml
[2011/09/13 20:06:57 | 000,000,950 | ---- | M] () -- C:\Users\lena\AppData\Roaming\Mozilla\Firefox\Profiles\reanm411.default\searchplugins\icqplugin-17.xml
[2011/10/01 12:32:47 | 000,000,950 | ---- | M] () -- C:\Users\lena\AppData\Roaming\Mozilla\Firefox\Profiles\reanm411.default\searchplugins\icqplugin-18.xml
[2011/11/10 20:57:35 | 000,000,950 | ---- | M] () -- C:\Users\lena\AppData\Roaming\Mozilla\Firefox\Profiles\reanm411.default\searchplugins\icqplugin-19.xml
[2010/04/27 11:17:59 | 000,000,950 | ---- | M] () -- C:\Users\lena\AppData\Roaming\Mozilla\Firefox\Profiles\reanm411.default\searchplugins\icqplugin-2.xml
[2011/12/26 14:57:03 | 000,000,950 | ---- | M] () -- C:\Users\lena\AppData\Roaming\Mozilla\Firefox\Profiles\reanm411.default\searchplugins\icqplugin-20.xml
[2010/06/29 16:36:12 | 000,000,950 | ---- | M] () -- C:\Users\lena\AppData\Roaming\Mozilla\Firefox\Profiles\reanm411.default\searchplugins\icqplugin-3.xml
[2010/08/08 18:12:17 | 000,000,950 | ---- | M] () -- C:\Users\lena\AppData\Roaming\Mozilla\Firefox\Profiles\reanm411.default\searchplugins\icqplugin-4.xml
[2010/08/15 16:47:24 | 000,000,950 | ---- | M] () -- C:\Users\lena\AppData\Roaming\Mozilla\Firefox\Profiles\reanm411.default\searchplugins\icqplugin-5.xml
[2010/09/27 08:37:47 | 000,000,950 | ---- | M] () -- C:\Users\lena\AppData\Roaming\Mozilla\Firefox\Profiles\reanm411.default\searchplugins\icqplugin-6.xml
[2010/09/27 08:42:49 | 000,000,950 | ---- | M] () -- C:\Users\lena\AppData\Roaming\Mozilla\Firefox\Profiles\reanm411.default\searchplugins\icqplugin-7.xml
[2010/12/22 19:11:39 | 000,000,950 | ---- | M] () -- C:\Users\lena\AppData\Roaming\Mozilla\Firefox\Profiles\reanm411.default\searchplugins\icqplugin-8.xml
[2010/12/22 19:17:59 | 000,000,950 | ---- | M] () -- C:\Users\lena\AppData\Roaming\Mozilla\Firefox\Profiles\reanm411.default\searchplugins\icqplugin-9.xml
[2011/10/31 15:43:36 | 000,000,168 | ---- | M] () -- C:\Users\lena\AppData\Roaming\Mozilla\Firefox\Profiles\reanm411.default\searchplugins\icqplugin.gif
[2011/10/31 15:43:36 | 000,000,618 | ---- | M] () -- C:\Users\lena\AppData\Roaming\Mozilla\Firefox\Profiles\reanm411.default\searchplugins\icqplugin.src
[2010/03/31 18:42:21 | 000,000,955 | ---- | M] () -- C:\Users\lena\AppData\Roaming\Mozilla\Firefox\Profiles\reanm411.default\searchplugins\icqplugin.xml
[2011/12/26 15:06:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/08/17 17:48:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/08/17 17:47:51 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/11 20:30:11 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/09/11 20:30:11 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/09/11 20:30:11 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/09/11 20:30:11 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/09/11 20:30:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - Extension: VKontakte Tools = C:\Users\lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\efiplaenbpdemncgfglodeehhnfilgaa\2.7.4.234\
 
O1 HOSTS File: ([2009/12/08 22:33:00 | 000,361,621 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	Anti Spyware | Cash Advance | Debt Consolidation | Insurance | Cell Phones at 0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123haustiereundmehr.com
O1 - Hosts: 12429 more lines...
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [EEESplendidAR] C:\Program Files\ASUS\EPC\EeeSplendid\AutoRun.exe ()
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKCU..\Run: [EPSON S22 Series] C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIGEE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O4 - Startup: C:\Users\lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{182779C6-8C0E-42B6-9948-5800338E8FED}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D37A2909-2AB6-4C86-B44D-64206A1BF78C}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/12/14 11:00:22 | 000,008,192 | ---- | M] (Microsoft) - F:\AutoOff.exe -- [ FAT32 ]
O32 - AutoRun File - [2010/12/14 10:33:52 | 000,000,078 | ---- | M] () - F:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/12/26 16:34:26 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\lena\Desktop\OTL(2).exe
[2011/12/26 15:47:23 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\lena\Desktop\OTL.exe
[2011/12/26 15:17:12 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/12/26 15:16:51 | 000,000,000 | ---D | C] -- C:\Users\lena\AppData\Roaming\Malwarebytes
[2011/12/26 15:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/12/26 15:16:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/26 15:16:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/26 15:16:22 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011/12/26 15:16:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/26 15:15:27 | 002,322,184 | ---- | C] (ESET) -- C:\Users\lena\Desktop\esetsmartinstaller_enu.exe
[2011/12/26 15:08:34 | 009,852,544 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\lena\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/23 12:30:06 | 000,000,000 | ---D | C] -- C:\Users\lena\AppData\Roaming\Opera
[2011/12/19 10:10:18 | 000,000,000 | ---D | C] -- C:\Users\lena\Desktop\sozi Fr Groß
[2011/12/14 23:38:50 | 000,000,000 | ---D | C] -- C:\Users\lena\Desktop\referate fos 12
[2011/12/07 13:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011/12/02 17:43:15 | 000,000,000 | ---D | C] -- C:\Users\lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XMind
[2011/12/02 17:43:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMind
[2011/12/02 17:42:47 | 000,000,000 | ---D | C] -- C:\Users\lena\Application Data
[2011/12/02 17:41:53 | 000,000,000 | ---D | C] -- C:\Program Files\XMind
[2011/12/02 17:30:03 | 000,000,000 | ---D | C] -- C:\Users\lena\AppData\Local\{30CD70D3-9EBA-4E1E-8C2B-34AE86533BD9}
[2009/08/19 21:30:53 | 000,035,624 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[2009/08/14 10:00:08 | 000,013,880 | ---- | C] ( ) -- C:\windows\System32\drivers\kbfiltr.sys
 
========== Files - Modified Within 30 Days ==========
 
[2011/12/26 17:28:17 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/26 17:25:09 | 000,001,116 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3385448419-3188484945-2173884198-1000UA.job
[2011/12/26 17:16:08 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2011/12/26 17:16:08 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/12/26 17:16:08 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2011/12/26 17:16:08 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/12/26 17:13:42 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/26 17:13:42 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/26 17:12:31 | 000,001,414 | ---- | M] () -- C:\Users\lena\Desktop\Registry kostenlos entrümpeln!.lnk
[2011/12/26 17:05:50 | 000,001,090 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/26 17:04:46 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/12/26 17:04:40 | 798,416,896 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/26 17:04:40 | 002,102,940 | ---- | M] () -- C:\windows\System32\oodbs.lor
[2011/12/26 16:34:29 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\lena\Desktop\OTL(2).exe
[2011/12/26 15:47:26 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\lena\Desktop\OTL.exe
[2011/12/26 15:17:33 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/12/26 15:16:30 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/26 15:15:41 | 002,322,184 | ---- | M] (ESET) -- C:\Users\lena\Desktop\esetsmartinstaller_enu.exe
[2011/12/26 15:08:42 | 009,852,544 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\lena\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/25 23:09:47 | 000,000,262 | ---- | M] () -- C:\windows\tasks\RegClean Pro_DEFAULT.job
[2011/12/24 14:31:52 | 000,000,000 | ---- | M] () -- C:\Users\lena\AppData\Local\{5648D7DE-9D87-4CF5-95B1-4B93C54DE85B}
[2011/12/23 12:36:29 | 000,000,000 | ---- | M] () -- C:\Users\lena\AppData\Local\{826C3ECA-149F-4997-BF5D-6AE27F1014DB}
[2011/12/22 06:15:26 | 000,001,064 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3385448419-3188484945-2173884198-1000Core.job
[2011/12/20 14:04:41 | 000,016,882 | ---- | M] () -- C:\Users\lena\AppData\Roaming\wklnhst.dat
[2011/12/15 08:07:38 | 000,351,440 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/12/07 13:13:01 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2011/12/07 13:13:01 | 000,001,810 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/12/02 17:43:15 | 000,000,923 | ---- | M] () -- C:\Users\lena\Desktop\XMind.lnk
[2011/11/30 09:44:57 | 000,000,270 | ---- | M] () -- C:\windows\tasks\RegClean Pro_UPDATES.job
 
========== Files Created - No Company Name ==========
 
[2011/12/26 15:16:30 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/24 14:31:52 | 000,000,000 | ---- | C] () -- C:\Users\lena\AppData\Local\{5648D7DE-9D87-4CF5-95B1-4B93C54DE85B}
[2011/12/23 12:36:29 | 000,000,000 | ---- | C] () -- C:\Users\lena\AppData\Local\{826C3ECA-149F-4997-BF5D-6AE27F1014DB}
[2011/12/02 17:43:15 | 000,000,923 | ---- | C] () -- C:\Users\lena\Desktop\XMind.lnk
[2011/05/23 14:51:33 | 000,000,000 | ---- | C] () -- C:\Users\lena\AppData\Local\{FCA1288D-FC42-44B0-8981-E5E7FF49C7FF}
[2010/02/15 13:20:04 | 000,016,882 | ---- | C] () -- C:\Users\lena\AppData\Roaming\wklnhst.dat
[2010/01/17 13:12:15 | 000,000,425 | ---- | C] () -- C:\windows\BRWMARK.INI
[2010/01/17 13:10:47 | 000,000,050 | ---- | C] () -- C:\windows\System32\bridf08b.dat
[2010/01/17 13:10:36 | 000,106,496 | ---- | C] () -- C:\windows\System32\BrMuSNMP.dll
[2009/11/25 22:42:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/20 05:42:43 | 000,219,136 | ---- | C] () -- C:\windows\System32\AsusService.exe
[2009/08/20 05:42:43 | 000,021,864 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini
[2009/08/19 21:18:56 | 000,013,931 | ---- | C] () -- C:\windows\System32\RaCoInst.dat
[2009/08/19 19:18:55 | 000,000,712 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat
[2009/08/19 19:18:55 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat
[2009/07/26 02:28:45 | 000,654,166 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2009/07/26 02:28:45 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2009/07/26 02:28:45 | 000,130,006 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2009/07/26 02:28:45 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 05:33:53 | 000,351,440 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,616,008 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,106,388 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2011/12/23 07:40:42 | 000,000,000 | ---D | M] -- C:\Users\lena\AppData\Roaming\ICQ
[2011/08/17 17:58:35 | 000,000,000 | ---D | M] -- C:\Users\lena\AppData\Roaming\OpenOffice.org
[2011/12/23 12:30:06 | 000,000,000 | ---D | M] -- C:\Users\lena\AppData\Roaming\Opera
[2009/11/25 13:16:13 | 000,000,000 | ---D | M] -- C:\Users\lena\AppData\Roaming\streamripper
[2011/08/17 07:13:54 | 000,000,000 | ---D | M] -- C:\Users\lena\AppData\Roaming\Systweak
[2011/09/07 12:56:39 | 000,000,000 | ---D | M] -- C:\Users\lena\AppData\Roaming\Template
[2011/12/25 23:09:47 | 000,000,262 | ---- | M] () -- C:\windows\Tasks\RegClean Pro_DEFAULT.job
[2011/11/30 09:44:57 | 000,000,270 | ---- | M] () -- C:\windows\Tasks\RegClean Pro_UPDATES.job
[2011/12/26 17:05:29 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:B88E99C8
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:AB689DEA

< End of report >

--- --- ---

Freeda77 · 26.12.2011, 17:37

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 12/26/2011 5:15:44 PM - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\lena\Desktop
 Starter Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1015.24 Mb Total Physical Memory | 322.89 Mb Available Physical Memory | 31.80% Memory free
1.99 Gb Paging File | 1.11 Gb Available in Paging File | 55.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 80.00 Gb Total Space | 30.77 Gb Free Space | 38.46% Space Free | Partition Type: NTFS
Drive D: | 59.03 Gb Total Space | 0.01 Gb Free Space | 0.01% Space Free | Partition Type: NTFS
Drive E: | 1.89 Gb Total Space | 0.43 Gb Free Space | 22.88% Space Free | Partition Type: FAT
Drive F: | 27.49 Gb Total Space | 27.14 Gb Free Space | 98.71% Space Free | Partition Type: FAT32
 
Computer Name: LENA-PC | User Name: lena | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/12/26 16:34:29 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\lena\Desktop\OTL(2).exe
PRC - [2011/06/15 16:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/17 17:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 17:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2011/01/05 09:18:50 | 000,133,432 | ---- | M] (ICQ, LLC.) -- C:\Program Files\ICQ7.0\ICQ.exe
PRC - [2010/05/14 10:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010/01/03 17:07:48 | 000,246,520 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2009/09/12 00:34:12 | 001,488,128 | ---- | M] (O&O Software GmbH) -- C:\Program Files\OO Software\Defrag\oodag.exe
PRC - [2009/09/12 00:34:00 | 002,524,416 | ---- | M] (O&O Software GmbH) -- C:\Program Files\OO Software\Defrag\oodtray.exe
PRC - [2009/09/11 09:34:38 | 000,750,008 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
PRC - [2009/09/11 04:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
PRC - [2009/08/19 01:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe
PRC - [2009/08/11 23:28:08 | 000,407,040 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
PRC - [2009/07/21 13:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/20 10:47:14 | 000,083,240 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
PRC - [2009/07/14 02:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\windows\System32\wbem\WMIADAP.EXE
PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/05/13 15:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 12:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/12/26 14:56:40 | 000,849,368 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/08/17 17:53:48 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/05/28 21:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
MOD - [2011/01/05 09:18:56 | 000,733,184 | ---- | M] () -- C:\Program Files\ICQ7.0\MDb.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/07/07 18:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 16:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/01/03 17:07:48 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009/09/12 00:34:12 | 001,488,128 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (O&O Defrag)
SRV - [2009/08/19 01:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)
SRV - [2009/07/21 13:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/05/13 15:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011/12/26 15:17:33 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/12/07 20:49:25 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/10/05 16:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/27 08:06:46 | 000,051,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV - [2009/07/20 10:29:00 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2009/07/14 01:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/05/11 09:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 09:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Asus | MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = ASUS Eee Family | Easy to Learn, Work and Play [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = ASUS Eee Family | Easy to Learn, Work and Play [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1351351
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT1351351&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 49
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.1.2
FF - prefs.js..extensions.enabledItems: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c}:3.7.0.6
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.1.2&q="
FF - prefs.js..network.proxy.http: "192.168.0.254"
FF - prefs.js..network.proxy.http_port: 805
FF - prefs.js..network.proxy.type: 4
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\lena\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\lena\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/26 14:56:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/26 14:56:42 | 000,000,000 | ---D | M]
 
[2009/11/25 12:36:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lena\AppData\Roaming\mozilla\Extensions
[2011/12/26 17:10:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lena\AppData\Roaming\mozilla\Firefox\Profiles\reanm411.default\extensions
[2011/11/22 18:54:52 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\lena\AppData\Roaming\mozilla\Firefox\Profiles\reanm411.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011/09/27 19:09:45 | 000,000,000 | ---D | M] (Softonic Deutsch Community Toolbar) -- C:\Users\lena\AppData\Roaming\mozilla\Firefox\Profiles\reanm411.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}
[2009/11/26 21:20:46 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\lena\AppData\Roaming\mozilla\Firefox\Profiles\reanm411.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/02/06 13:17:35 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\lena\AppData\Roaming\mozilla\Firefox\Profiles\reanm411.default\extensions\engine@conduit.com
[2010/01/20 11:15:16 | 000,000,935 | ---- | M] () -- C:\Users\lena\AppData\Roaming\Mozilla\Firefox\Profiles\reanm411.default\searchplugins\conduit.xml
[2011/12/26 15:06:58 | 000,000,950 | ---- | M] () -- C:\Users\lena\AppData\Roaming\Mozilla\Firefox\Profiles\reanm411.default\searchplugins\icqplugin-1.xml
[2011/03/06 16:06:43 | 000,000,950 | ---- | M] () -- C:\Users\lena\AppData\Roaming\Mozilla\Firefox\Profiles\reanm411.default\searchplugins\icqplugin-10.xml
[2011/03/08 14:16:48 | 000,000,950 | ---- | M] () -- C:\Users\lena\AppData\Roaming\Mozilla\Firefox\Profiles\reanm411.default\searchplugins\icqplugin-11.xml
[2011/03/30 18:21:37 | 000,000,950 | ---- | M] () -- C:\Users\lena\AppData\Roaming\Mozilla\Firefox\Profiles\reanm411.default\searchplugins\icqplugin-12.xml
[2011/05/04 19:59:48 | 000,000,950 | ---- | M] () -- C:\Users\lena\AppData\Roaming\Mozilla\Firefox\Profiles\reanm411.default\searchplugins\icqplugin-13.xml
[2011/06/27 11:04:38 | 000,000,950 | ---- | M] () -- C:\Users\lena\AppData\Roaming\Mozilla\Firefox\Profiles\reanm411.default\searchplugins\icqplugin-14.xml
[2011/08/20 18:00:39 | 000,000,950 | ---- | M] () -- C:\Users\lena\AppData\Roaming\Mozilla\Firefox\Profiles\reanm411.default\searchplugins\icqplugin-15.xml
[2011/09/11 20:30:41 | 000,000,950 | ---- | M] () -- C:\Users\lena\AppData\Roaming\Mozilla\Firefox\Profiles\reanm411.default\searchplugins\icqplugin-16.xml
[2011/09/13 20:06:57 | 000,000,950 | ---- | M] () -- C:\Users\lena\AppData\Roaming\Mozilla\Firefox\Profiles\reanm411.default\searchplugins\icqplugin-17.xml
[2011/10/01 12:32:47 | 000,000,950 | ---- | M] () -- C:\Users\lena\AppData\Roaming\Mozilla\Firefox\Profiles\reanm411.default\searchplugins\icqplugin-18.xml
[2011/11/10 20:57:35 | 000,000,950 | ---- | M] () -- C:\Users\lena\AppData\Roaming\Mozilla\Firefox\Profiles\reanm411.default\searchplugins\icqplugin-19.xml
[2010/04/27 11:17:59 | 000,000,950 | ---- | M] () -- C:\Users\lena\AppData\Roaming\Mozilla\Firefox\Profiles\reanm411.default\searchplugins\icqplugin-2.xml
[2011/12/26 14:57:03 | 000,000,950 | ---- | M] () -- C:\Users\lena\AppData\Roaming\Mozilla\Firefox\Profiles\reanm411.default\searchplugins\icqplugin-20.xml
[2010/06/29 16:36:12 | 000,000,950 | ---- | M] () -- C:\Users\lena\AppData\Roaming\Mozilla\Firefox\Profiles\reanm411.default\searchplugins\icqplugin-3.xml
[2010/08/08 18:12:17 | 000,000,950 | ---- | M] () -- C:\Users\lena\AppData\Roaming\Mozilla\Firefox\Profiles\reanm411.default\searchplugins\icqplugin-4.xml
[2010/08/15 16:47:24 | 000,000,950 | ---- | M] () -- C:\Users\lena\AppData\Roaming\Mozilla\Firefox\Profiles\reanm411.default\searchplugins\icqplugin-5.xml
[2010/09/27 08:37:47 | 000,000,950 | ---- | M] () -- C:\Users\lena\AppData\Roaming\Mozilla\Firefox\Profiles\reanm411.default\searchplugins\icqplugin-6.xml
[2010/09/27 08:42:49 | 000,000,950 | ---- | M] () -- C:\Users\lena\AppData\Roaming\Mozilla\Firefox\Profiles\reanm411.default\searchplugins\icqplugin-7.xml
[2010/12/22 19:11:39 | 000,000,950 | ---- | M] () -- C:\Users\lena\AppData\Roaming\Mozilla\Firefox\Profiles\reanm411.default\searchplugins\icqplugin-8.xml
[2010/12/22 19:17:59 | 000,000,950 | ---- | M] () -- C:\Users\lena\AppData\Roaming\Mozilla\Firefox\Profiles\reanm411.default\searchplugins\icqplugin-9.xml
[2011/10/31 15:43:36 | 000,000,168 | ---- | M] () -- C:\Users\lena\AppData\Roaming\Mozilla\Firefox\Profiles\reanm411.default\searchplugins\icqplugin.gif
[2011/10/31 15:43:36 | 000,000,618 | ---- | M] () -- C:\Users\lena\AppData\Roaming\Mozilla\Firefox\Profiles\reanm411.default\searchplugins\icqplugin.src
[2010/03/31 18:42:21 | 000,000,955 | ---- | M] () -- C:\Users\lena\AppData\Roaming\Mozilla\Firefox\Profiles\reanm411.default\searchplugins\icqplugin.xml
[2011/12/26 15:06:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/08/17 17:48:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/08/17 17:47:51 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/11 20:30:11 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/09/11 20:30:11 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/09/11 20:30:11 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/09/11 20:30:11 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/09/11 20:30:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - Extension: VKontakte Tools = C:\Users\lena\AppData\Local\Google\Chrome\User Data\Default\Extensions\efiplaenbpdemncgfglodeehhnfilgaa\2.7.4.234\
 
O1 HOSTS File: ([2009/12/08 22:33:00 | 000,361,621 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	Scan | Free Anti Virus | Bitdefender | Malware | Avast | Avg | Spyware Removal | Adware at 0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123haustiereundmehr.com
O1 - Hosts: 12429 more lines...
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [EEESplendidAR] C:\Program Files\ASUS\EPC\EeeSplendid\AutoRun.exe ()
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKCU..\Run: [EPSON S22 Series] C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIGEE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O4 - Startup: C:\Users\lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{182779C6-8C0E-42B6-9948-5800338E8FED}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D37A2909-2AB6-4C86-B44D-64206A1BF78C}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/12/14 11:00:22 | 000,008,192 | ---- | M] (Microsoft) - F:\AutoOff.exe -- [ FAT32 ]
O32 - AutoRun File - [2010/12/14 10:33:52 | 000,000,078 | ---- | M] () - F:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/12/26 16:34:26 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\lena\Desktop\OTL(2).exe
[2011/12/26 15:47:23 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\lena\Desktop\OTL.exe
[2011/12/26 15:17:12 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/12/26 15:16:51 | 000,000,000 | ---D | C] -- C:\Users\lena\AppData\Roaming\Malwarebytes
[2011/12/26 15:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/12/26 15:16:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/26 15:16:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/26 15:16:22 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011/12/26 15:16:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/26 15:15:27 | 002,322,184 | ---- | C] (ESET) -- C:\Users\lena\Desktop\esetsmartinstaller_enu.exe
[2011/12/26 15:08:34 | 009,852,544 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\lena\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/23 12:30:06 | 000,000,000 | ---D | C] -- C:\Users\lena\AppData\Roaming\Opera
[2011/12/19 10:10:18 | 000,000,000 | ---D | C] -- C:\Users\lena\Desktop\sozi Fr Groß
[2011/12/14 23:38:50 | 000,000,000 | ---D | C] -- C:\Users\lena\Desktop\referate fos 12
[2011/12/07 13:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011/12/02 17:43:15 | 000,000,000 | ---D | C] -- C:\Users\lena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XMind
[2011/12/02 17:43:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMind
[2011/12/02 17:42:47 | 000,000,000 | ---D | C] -- C:\Users\lena\Application Data
[2011/12/02 17:41:53 | 000,000,000 | ---D | C] -- C:\Program Files\XMind
[2011/12/02 17:30:03 | 000,000,000 | ---D | C] -- C:\Users\lena\AppData\Local\{30CD70D3-9EBA-4E1E-8C2B-34AE86533BD9}
[2009/08/19 21:30:53 | 000,035,624 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[2009/08/14 10:00:08 | 000,013,880 | ---- | C] ( ) -- C:\windows\System32\drivers\kbfiltr.sys
 
========== Files - Modified Within 30 Days ==========
 
[2011/12/26 17:28:17 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/26 17:25:09 | 000,001,116 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3385448419-3188484945-2173884198-1000UA.job
[2011/12/26 17:16:08 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2011/12/26 17:16:08 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/12/26 17:16:08 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2011/12/26 17:16:08 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/12/26 17:13:42 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/26 17:13:42 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/26 17:12:31 | 000,001,414 | ---- | M] () -- C:\Users\lena\Desktop\Registry kostenlos entrümpeln!.lnk
[2011/12/26 17:05:50 | 000,001,090 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/26 17:04:46 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/12/26 17:04:40 | 798,416,896 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/26 17:04:40 | 002,102,940 | ---- | M] () -- C:\windows\System32\oodbs.lor
[2011/12/26 16:34:29 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\lena\Desktop\OTL(2).exe
[2011/12/26 15:47:26 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\lena\Desktop\OTL.exe
[2011/12/26 15:17:33 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/12/26 15:16:30 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/26 15:15:41 | 002,322,184 | ---- | M] (ESET) -- C:\Users\lena\Desktop\esetsmartinstaller_enu.exe
[2011/12/26 15:08:42 | 009,852,544 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\lena\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/25 23:09:47 | 000,000,262 | ---- | M] () -- C:\windows\tasks\RegClean Pro_DEFAULT.job
[2011/12/24 14:31:52 | 000,000,000 | ---- | M] () -- C:\Users\lena\AppData\Local\{5648D7DE-9D87-4CF5-95B1-4B93C54DE85B}
[2011/12/23 12:36:29 | 000,000,000 | ---- | M] () -- C:\Users\lena\AppData\Local\{826C3ECA-149F-4997-BF5D-6AE27F1014DB}
[2011/12/22 06:15:26 | 000,001,064 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3385448419-3188484945-2173884198-1000Core.job
[2011/12/20 14:04:41 | 000,016,882 | ---- | M] () -- C:\Users\lena\AppData\Roaming\wklnhst.dat
[2011/12/15 08:07:38 | 000,351,440 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/12/07 13:13:01 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2011/12/07 13:13:01 | 000,001,810 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/12/02 17:43:15 | 000,000,923 | ---- | M] () -- C:\Users\lena\Desktop\XMind.lnk
[2011/11/30 09:44:57 | 000,000,270 | ---- | M] () -- C:\windows\tasks\RegClean Pro_UPDATES.job
 
========== Files Created - No Company Name ==========
 
[2011/12/26 15:16:30 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/24 14:31:52 | 000,000,000 | ---- | C] () -- C:\Users\lena\AppData\Local\{5648D7DE-9D87-4CF5-95B1-4B93C54DE85B}
[2011/12/23 12:36:29 | 000,000,000 | ---- | C] () -- C:\Users\lena\AppData\Local\{826C3ECA-149F-4997-BF5D-6AE27F1014DB}
[2011/12/02 17:43:15 | 000,000,923 | ---- | C] () -- C:\Users\lena\Desktop\XMind.lnk
[2011/05/23 14:51:33 | 000,000,000 | ---- | C] () -- C:\Users\lena\AppData\Local\{FCA1288D-FC42-44B0-8981-E5E7FF49C7FF}
[2010/02/15 13:20:04 | 000,016,882 | ---- | C] () -- C:\Users\lena\AppData\Roaming\wklnhst.dat
[2010/01/17 13:12:15 | 000,000,425 | ---- | C] () -- C:\windows\BRWMARK.INI
[2010/01/17 13:10:47 | 000,000,050 | ---- | C] () -- C:\windows\System32\bridf08b.dat
[2010/01/17 13:10:36 | 000,106,496 | ---- | C] () -- C:\windows\System32\BrMuSNMP.dll
[2009/11/25 22:42:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/20 05:42:43 | 000,219,136 | ---- | C] () -- C:\windows\System32\AsusService.exe
[2009/08/20 05:42:43 | 000,021,864 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini
[2009/08/19 21:18:56 | 000,013,931 | ---- | C] () -- C:\windows\System32\RaCoInst.dat
[2009/08/19 19:18:55 | 000,000,712 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat
[2009/08/19 19:18:55 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat
[2009/07/26 02:28:45 | 000,654,166 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2009/07/26 02:28:45 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2009/07/26 02:28:45 | 000,130,006 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2009/07/26 02:28:45 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 05:33:53 | 000,351,440 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,616,008 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,106,388 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2011/12/23 07:40:42 | 000,000,000 | ---D | M] -- C:\Users\lena\AppData\Roaming\ICQ
[2011/08/17 17:58:35 | 000,000,000 | ---D | M] -- C:\Users\lena\AppData\Roaming\OpenOffice.org
[2011/12/23 12:30:06 | 000,000,000 | ---D | M] -- C:\Users\lena\AppData\Roaming\Opera
[2009/11/25 13:16:13 | 000,000,000 | ---D | M] -- C:\Users\lena\AppData\Roaming\streamripper
[2011/08/17 07:13:54 | 000,000,000 | ---D | M] -- C:\Users\lena\AppData\Roaming\Systweak
[2011/09/07 12:56:39 | 000,000,000 | ---D | M] -- C:\Users\lena\AppData\Roaming\Template
[2011/12/25 23:09:47 | 000,000,262 | ---- | M] () -- C:\windows\Tasks\RegClean Pro_DEFAULT.job
[2011/11/30 09:44:57 | 000,000,270 | ---- | M] () -- C:\windows\Tasks\RegClean Pro_UPDATES.job
[2011/12/26 17:05:29 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:B88E99C8
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:AB689DEA

< End of report >

--- --- ---

Schaf · 27.12.2011, 17:25

Die Maleware ist ganz einfach gestrickt! Um wieder auf dein Windows zu kommen musst du lediglich die "Kna0.XXXXXXXXXXXX.exe" aus den Autostart löschen!

Je nach System: - im abgesicherten Modus hochfahren
- wenn du einen 2. Bildschirm hast über die Windows-Taste
+ E (für den Explorer) und den Dateipfad manuell aufrufen
oder R (Ausführen) -> "msconfig" eingeben -> Autostart

Zudem existiert noch eine "Kna0.XXXXXXXXXX.exe.html" in den TEMP-Files des IE! Die auf jedenfall auch vernichten!

MfG Schaf

Windows gesperrt! Zahlungsaufforderung

Log-Analyse und Auswertung: Windows gesperrt! Zahlungsaufforderung