Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
OTL - Logfile mit eigenartigen Zeilen

OTL - Logfile mit eigenartigen Zeilen


Log-Analyse und Auswertung: OTL - Logfile mit eigenartigen Zeilen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 28.01.2012, 20:47   #1
Martin_Oskar
 
OTL - Logfile mit eigenartigen Zeilen - Standard

OTL - Logfile mit eigenartigen Zeilen


Einen schönen guten Abend liebes Trojaner - Board Team!

Habe heute routinemäßig einen OTL - Scan gemacht. Sonderbar am Ergebnis sind die asiatischen Zeichen in der Zeile O1 - Hosts. Das waren enorm viele. Die meisten hab ich weggelöscht.

Der Scan mit SUPERAntiSpyware hat "nur" ein paar Cookies ergeben.

Code:
ATTFilter
OTL logfile created on: 28.01.2012 20:13:42 - Run 7
OTL by OldTimer - Version 3.2.31.0    
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,38 Gb Available Physical Memory | 59,51% Memory free
7,99 Gb Paging File | 6,23 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 343,94 Gb Free Space | 73,86% Space Free | Partition Type: NTFS
Drive F: | 457,95 Gb Total Space | 245,57 Gb Free Space | 53,62% Space Free | Partition Type: NTFS
 
Computer Name: FAR | User Name: cat | Logged in as 
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- C:\Programme\iTunesHelper.exe
PRC - [2011.12.24 14:29:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\cat\Downloads\Viren-killer\OTL.exe
PRC - [2011.11.28 19:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2011.07.29 10:30:30 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2011.07.29 10:30:28 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2011.07.29 10:30:28 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.04.02 09:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2009.07.20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.08 19:55:28 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011.11.01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.10.05 03:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011.06.22 10:46:12 | 000,434,016 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2009.07.20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009.11.04 16:45:14 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.07.29 10:30:30 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011.07.29 10:30:28 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010.04.05 20:55:01 | 000,116,104 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009.07.20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.11.28 18:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011.11.28 18:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011.11.28 18:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011.11.28 18:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011.11.28 18:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011.11.28 18:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011.10.03 15:41:58 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.20 12:35:26 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.09.01 09:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010.08.24 19:29:04 | 000,054,272 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stppp.sys -- (stppp)
DRV:64bit: - [2010.08.24 19:29:04 | 000,047,616 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\st330.sys -- (ST330)
DRV:64bit: - [2010.08.24 19:29:04 | 000,024,576 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stbus.sys -- (STBUS)
DRV:64bit: - [2010.08.16 15:31:18 | 000,019,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2010.08.16 15:31:16 | 000,013,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2010.08.11 17:37:38 | 000,150,120 | ---- | M] (VMLite, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMLiteUSB.sys -- (VMLiteUSB)
DRV:64bit: - [2009.12.02 08:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.11.04 17:17:30 | 006,088,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.08.20 17:05:06 | 000,239,616 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.30 10:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)
DRV:64bit: - [2009.06.17 17:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.06.17 17:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.06.17 17:53:34 | 000,030,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.11.11 13:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008.11.11 13:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2007.04.16 19:51:50 | 000,014,112 | R--- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2009.11.12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5
FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1367
FF - prefs.js..network.proxy.type: 0
 
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.01.02 13:27:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.08 19:28:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.08 19:28:45 | 000,000,000 | ---D | M]
 
[2010.09.16 20:09:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cat\AppData\Roaming\mozilla\Extensions
[2010.08.25 19:50:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cat\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.01.12 22:27:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cat\AppData\Roaming\mozilla\Firefox\Profiles\z5rgx61s.default\extensions
[2011.11.02 12:48:28 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\cat\AppData\Roaming\mozilla\Firefox\Profiles\z5rgx61s.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.01.08 20:17:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.01.02 13:27:37 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
() (No name found) -- C:\USERS\cat\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z5RGX61S.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
[2011.12.21 08:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.01.08 19:49:33 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.12.14 10:45:24 | 000,170,080 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.01.20 22:10:26 | 000,002,242 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mystarttb.xml
[2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.01.14 23:03:02 | 000,439,318 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: റ⌊匠慴瑲漠⁦湥牴敩⁳湩敳瑲摥戠⁹灓批瑯ⴠ匠慥捲⁨…敄瑳潲൹ㄊ㜲〮〮ㄮ眉睷〮㜰畧牡⹤潣൭ㄊ㜲〮〮ㄮ〉㜰畧牡⹤潣൭ㄊ㜲〮〮ㄮ〉㠰⹩潣൭ㄊ㜲〮〮ㄮ眉睷〮㠰⹫潣൭ㄊ㜲〮〮ㄮ〉㠰⹫潣൭ㄊ㜲〮〮ㄮ眉睷〮栰⹱潣൭ㄊ㜲〮〮ㄮ〉栰⹱潣൭ㄊ㜲獮硥⸳湩潦਍㈱⸷⸰⸰ऱ杲敳⹸湩潦਍㈱⸷⸰⸰ऱ睷⹷杲敳浯਍㈱⸷⸰⸰ऱ畺牲獵潣挮浯਍㈱⸷⸰⸰ऱ睷⹷畺灶煩湵挮൮ㄊ㜲〮〮ㄮ稉癵楰畱⹮湣਍㈱⸷⸰⸰ऱ睷⹷畺潷硨⹣湣਍㈱⸷⸰⸰ऱ畺潷硨⹣湣਍㈱⸷⸰⸰ऱ睷⹷発浡祺捵⹵潣൭ㄊ㜲〮〮ㄮ稉慶穭畹畣挮浯਍㈱⸷⸰⸰ऱ発浩杩慤⹬潣൭ㄊ㜲〮〮ㄮ眉睷種楶畺整⹮湣਍㈱⸷⸰⸰ऱ発穩瑵湥挮൮ㄊ㜲〮〮ㄮ眉睷種捸潳畬楴湯挮浯਍㈱⸷⸰⸰ऱ硺獣汯瑵潩⹮潣൭ㄊ㜲〮〮ㄮ眉睷種汸湩獫挮浯਍㈱⸷⸰⸰ऱ硺楬歮⹳潣൭ㄊ㜲〮〮ㄮ眉睷種潸慱慣⹲湣਍㈱⸷⸰⸰ऱ硺煯捡牡挮൮ㄊ㜲〮〮ㄮ眉睷種獸硥⸲湩潦਍㈱⸷⸰⸰ऱ硺敳㉸椮普൯ㄊ㜲〮〮ㄮ稉批湡稭捯牯氭癥瑩慲挮浯਍‣桔獩氠獩⁴獩䌠灯特杩瑨㈠〰ⴰ〲㠰匠晡牥丠瑥潷歲湩⁧楌業整൤ㄊ㜲〮〮ㄮ琉楣杭挮浯਍㈱⸷⸰⸰ऱ睷⹷捴浩⹧潣൭ㄊ㜲〮〮ㄮ眉摩敧獴琮楣杭挮浯਍㈱⸷⸰⸰ऱ睷⹷畹瑯扵⹥湩潦਍㈱⸷⸰⸰ऱ畹瑯扵⹥湩潦਍‣湅⁤景攠瑮楲獥椠獮牥整⁤祢匠祰潢⁴*敓牡档☠䐠獥牴祯਍
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll (Simple Adblock)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\cat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Outlook 2007.lnk = C:\Windows\Installer\{90120000-001A-0000-0000-0000000FF1CE}\outicon.exe ()
O4 - Startup: C:\Users\cat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\cat\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\cat\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: blank ([]about in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.1)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB9E4593-4E2F-405E-8380-37F8AAFDCC2B}: DhcpNameServer = 10.0.0.138 10.0.0.138
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.28 19:06:24 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\cat\Desktop\OTL.exe
[2012.01.27 13:44:16 | 000,000,000 | ---D | C] -- C:\Users\cat\AppData\Roaming\Nitro PDF
[2012.01.27 13:44:06 | 000,028,968 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon2.dll
[2012.01.27 13:44:06 | 000,017,192 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalui2.dll
[2012.01.27 13:44:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro PDF
[2012.01.27 13:43:00 | 000,000,000 | ---D | C] -- C:\Users\cat\AppData\Roaming\Downloaded Installations
[2012.01.22 17:09:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.01.22 17:09:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Plugins
[2012.01.22 17:09:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunesHelper.Resources
[2012.01.22 17:08:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.01.22 17:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.01.22 17:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\CD Configuration
[2012.01.22 16:02:13 | 000,737,280 | ---- | C] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2012.01.22 15:36:44 | 000,000,000 | ---D | C] -- C:\Users\cat\AppData\Roaming\IDMComp
[2012.01.22 15:21:50 | 000,000,000 | ---D | C] -- C:\Users\cat\AppData\Roaming\MAGIX
[2012.01.22 15:21:36 | 000,000,000 | ---D | C] -- C:\Users\cat\AppData\Local\Xara
[2012.01.22 15:21:07 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2012.01.22 15:20:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012.01.22 12:47:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Anti-phishing Domain Advisor
[2012.01.22 12:46:53 | 000,000,000 | ---D | C] -- C:\Users\cat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AceHTML Freeware
[2012.01.16 17:22:16 | 000,293,736 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesOutlookAddIn.dll
[2012.01.16 17:22:12 | 000,421,736 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesHelper.exe
[2012.01.16 17:22:12 | 000,403,304 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesAdmin.dll
[2012.01.16 17:22:12 | 000,156,520 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesHelper.dll
[2012.01.16 17:22:08 | 009,777,000 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes.exe
[2012.01.16 17:22:04 | 020,868,968 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes.dll
[2012.01.16 17:22:02 | 003,035,520 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_dsp.dll
[2012.01.16 17:22:02 | 000,803,200 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_sdkmanager.dll
[2012.01.16 17:22:02 | 000,287,104 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_submit.dll
[2012.01.16 17:22:02 | 000,246,144 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_musicid.dll
[2012.01.15 16:36:13 | 000,000,000 | ---D | C] -- C:\Users\cat\AppData\Roaming\FTPRush
[2012.01.15 16:35:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FTPRush
[2012.01.15 16:35:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FTPRush
[2012.01.15 11:02:41 | 000,000,000 | ---D | C] -- C:\Users\cat\AppData\Roaming\Webocton - Scriptly
[2012.01.15 11:02:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webocton - Scriptly
[2012.01.15 11:02:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Webocton - Scriptly
[2012.01.13 18:11:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Staff-FTP
[2012.01.13 18:11:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Staff-FTP
[2012.01.12 18:42:52 | 000,000,000 | ---D | C] -- C:\Users\cat\AppData\Roaming\aon
[2012.01.10 20:01:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Application Compatibility Toolkit
[2012.01.10 20:00:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Compatibility Toolkit
[2012.01.08 20:09:42 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.01.08 19:55:09 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2012.01.08 19:50:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.01.08 19:40:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes.Resources
[2012.01.08 19:37:38 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.01.08 19:37:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012.01.08 19:28:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.01.08 19:28:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012.01.08 19:18:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012.01.08 19:11:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2012.01.08 10:24:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.01.07 22:35:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange
[2012.01.07 22:35:15 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[2012.01.05 22:55:10 | 001,917,952 | ---- | C] (AVAST Software) -- C:\Users\cat\aswMBR-avast-standalone.exe
[2012.01.05 14:37:32 | 000,000,000 | ---D | C] -- C:\Users\cat\AppData\Local\CrashDumps
[2012.01.02 15:23:30 | 000,000,000 | ---D | C] -- C:\Windows\rundll16.exe
[2012.01.02 15:23:30 | 000,000,000 | ---D | C] -- C:\Windows\logo1_.exe
[2012.01.02 15:23:30 | 000,000,000 | ---D | C] -- C:\Windows\logo_1.exe
[2012.01.02 15:18:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MicroWorld
[2012.01.02 10:38:50 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012.01.02 10:38:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012.01.02 10:38:49 | 000,304,472 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.01.02 10:38:43 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012.01.02 10:38:42 | 000,591,192 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.01.02 10:38:42 | 000,058,712 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.01.02 10:38:40 | 000,256,960 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012.01.02 10:38:40 | 000,066,904 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.01.02 10:38:28 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.01.02 10:38:28 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.01.02 10:38:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.01.02 10:38:22 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.01.01 23:02:28 | 000,000,000 | ---D | C] -- C:\Users\cat\AppData\Roaming\Process Hacker 2
[2012.01.01 22:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
[2012.01.01 22:57:06 | 000,000,000 | ---D | C] -- C:\Program Files\Process Hacker 2
[2011.12.31 16:19:19 | 000,033,800 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\pavboot64.sys
[2011.12.31 16:19:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2011.11.14 20:16:44 | 000,112,488 | ---- | C] (Apple Inc.) -- C:\Program Files\ITDetector.ocx
[2010.12.18 12:13:48 | 000,581,632 | ---- | C] (Joshua F. Madison) -- C:\Program Files (x86)\convert.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.28 20:02:03 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.28 19:06:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\cat\Desktop\OTL.exe
[2012.01.28 19:02:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.28 17:34:12 | 000,015,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.28 17:34:12 | 000,015,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.28 17:31:19 | 001,621,084 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.28 17:31:19 | 000,700,130 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.01.28 17:31:19 | 000,654,842 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.28 17:31:19 | 000,148,926 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.01.28 17:31:19 | 000,121,714 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.28 17:26:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.28 17:26:23 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.27 20:04:20 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012.01.22 22:24:58 | 000,474,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.01.22 17:09:30 | 000,001,652 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.01.22 15:59:41 | 000,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2012.01.16 17:22:02 | 003,035,520 | ---- | M] (Gracenote, Inc.) -- C:\Program Files\gnsdk_dsp.dll
[2012.01.16 17:22:02 | 000,803,200 | ---- | M] (Gracenote, Inc.) -- C:\Program Files\gnsdk_sdkmanager.dll
[2012.01.16 17:22:02 | 000,287,104 | ---- | M] (Gracenote, Inc.) -- C:\Program Files\gnsdk_submit.dll
[2012.01.16 17:22:02 | 000,246,144 | ---- | M] (Gracenote, Inc.) -- C:\Program Files\gnsdk_musicid.dll
[2012.01.14 23:03:02 | 000,439,318 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012.01.08 19:28:40 | 000,001,805 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.01.08 19:11:44 | 000,001,066 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.01.08 11:55:39 | 000,439,191 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120114-230302.backup
[2012.01.08 10:40:07 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.01.05 22:35:54 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120108-115539.backup
[2012.01.05 16:57:53 | 001,598,042 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.01.03 19:04:25 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.01.03 18:50:07 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.01.02 16:34:35 | 000,000,000 | ---- | M] () -- C:\Users\cat\defogger_reenable
[2012.01.02 16:17:21 | 000,211,454 | ---- | M] () -- C:\Users\cat\Documents\pinfect.zip
[2012.01.02 15:22:28 | 000,000,056 | ---- | M] () -- C:\Windows\Lic.xxx
[2011.12.30 10:35:04 | 000,001,470 | ---- | M] () -- C:\Users\cat\gsview64.ini
[2011.12.29 22:31:42 | 000,439,132 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.15868362
 
========== Files Created - No Company Name ==========
 
[2012.01.22 17:09:30 | 000,001,652 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.01.22 15:11:30 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\GkSui20.EXE
[2012.01.08 19:28:40 | 000,001,805 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.01.08 19:11:44 | 000,001,066 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.01.08 19:11:44 | 000,001,029 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2012.01.03 18:17:52 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.01.02 16:34:35 | 000,000,000 | ---- | C] () -- C:\Users\cat\defogger_reenable
[2012.01.02 10:38:40 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011.12.26 11:02:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.12.26 11:02:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.12.26 11:02:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.12.26 11:02:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.12.22 20:14:12 | 000,010,518 | -HS- | C] () -- C:\Users\cat\AppData\Local\646hyr31lgmd1fce0lu2n3u153o0h283acbm30t411qh4
[2011.12.22 20:14:12 | 000,010,518 | -HS- | C] () -- C:\ProgramData\646hyr31lgmd1fce0lu2n3u153o0h283acbm30t411qh4
[2011.11.14 20:15:32 | 000,064,083 | ---- | C] () -- C:\Program Files\Acknowledgements.rtf
[2011.10.29 09:13:55 | 000,000,000 | ---- | C] () -- C:\Users\cat\AppData\Local\{17C31DA2-6021-4613-97E5-6A47257A8935}
[2011.05.21 19:12:27 | 000,000,549 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2011.01.24 20:12:14 | 000,000,042 | ---- | C] () -- C:\Windows\oodjobd.INI
[2011.01.15 13:47:55 | 000,000,107 | ---- | C] () -- C:\Windows\IfoEdit.INI
[2010.12.18 12:14:26 | 000,001,158 | ---- | C] () -- C:\Program Files (x86)\convert - Verknüpfung.lnk
[2010.10.04 19:54:49 | 000,000,038 | ---- | C] () -- C:\Windows\pbMv.INI
[2010.09.25 19:16:47 | 000,000,052 | ---- | C] () -- C:\Windows\Pex.INI
[2010.09.25 19:08:49 | 000,000,322 | ---- | C] () -- C:\Windows\Ulead32.ini
[2010.09.24 21:00:39 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.09.24 19:15:12 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2010.09.22 18:43:49 | 000,005,056 | ---- | C] () -- C:\ProgramData\drctchbl.xvi
[2010.09.22 18:43:49 | 000,004,110 | ---- | C] () -- C:\ProgramData\xqkcebzs.dik
[2010.09.16 20:08:56 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.09.03 18:08:15 | 000,000,000 | ---- | C] () -- C:\Windows\acehtml6.ini
[2010.08.28 21:36:08 | 000,005,120 | ---- | C] () -- C:\Users\cat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.26 19:05:56 | 001,598,042 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.08.25 23:42:34 | 000,000,760 | ---- | C] () -- C:\Users\cat\AppData\Roaming\setup_ldm.iss
[2010.08.25 18:08:51 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.08.25 18:08:51 | 000,000,088 | RHS- | C] () -- C:\ProgramData\DDCF76E620.sys
[2010.08.25 17:34:32 | 000,014,848 | ---- | C] () -- C:\Users\cat\AppData\Roaming\Settings.cfg
[2010.08.24 21:25:15 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010.08.24 19:04:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.08.27 08:04:12 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.04.27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
 
========== LOP Check ==========
 
[2012.01.12 18:42:52 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\aon
[2012.01.02 21:46:09 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\Autodesk
[2011.12.23 20:52:23 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\BitDefender
[2011.01.15 13:08:19 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\Broad Intelligence
[2010.09.24 19:15:20 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\Canneverbe Limited
[2010.09.23 18:15:49 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\CocoonSoftware
[2012.01.27 13:43:00 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\Downloaded Installations
[2011.11.12 20:08:16 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\dvdisaster
[2011.10.23 17:52:11 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\DVDVideoSoft
[2011.10.23 17:52:07 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.08.31 17:08:44 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\Dynamic
[2011.11.12 21:08:40 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\EAC
[2010.08.25 17:34:31 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\EmailNotifier
[2011.01.18 20:06:44 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\flightgear.org
[2010.10.23 16:38:49 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\FreeFLVConverter
[2012.01.15 16:41:09 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\FTPRush
[2010.09.24 21:14:57 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\GlarySoft
[2011.05.03 18:10:26 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\gom
[2010.09.26 14:48:27 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\Hornil
[2012.01.22 13:03:15 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\IrfanView
[2011.08.21 17:52:19 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\Jens Lorek
[2011.11.03 18:24:56 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\Leadertech
[2012.01.22 15:21:53 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\MAGIX
[2010.12.19 10:15:08 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\mirkes.de
[2010.08.24 21:21:35 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\mquadr.at
[2012.01.27 13:44:16 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\Nitro PDF
[2010.08.25 20:13:17 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\OpenOffice.org
[2010.09.16 19:32:35 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\Opera
[2012.01.28 17:39:16 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\PhotoLine
[2012.01.01 23:02:28 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\Process Hacker 2
[2011.05.21 19:12:28 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\ScanSoft
[2010.08.31 17:09:22 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\SiteClasses
[2010.08.31 17:31:42 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\Sites
[2010.08.27 12:10:33 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\SoftGrid Client
[2011.01.15 13:44:49 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\TeamViewer
[2011.12.22 22:23:42 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\TestApp
[2010.10.02 17:06:13 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\TubeBox
[2011.03.03 19:50:31 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\uk.co.planetside
[2010.08.31 20:11:15 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\Visicom Media
[2012.01.15 11:02:42 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\Webocton - Scriptly
[2011.10.23 17:48:07 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\Xilisoft
[2011.01.15 13:34:16 | 000,000,000 | ---D | M] -- C:\Users\cat\AppData\Roaming\XMedia Recode
[2012.01.08 15:42:17 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 893 bytes -> C:\Users\cat\Documents\51D10EAC-00000EE3.eml:OECustomProperty

< End of report >
Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 01/28/2012 at 08:31 PM

Application Version : 5.0.1142

Core Rules Database Version : 8178
Trace Rules Database Version: 5990

Scan type       : Quick Scan
Total Scan Time : 00:06:11

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 719
Memory threats detected   : 0
Registry items scanned    : 31327
Registry threats detected : 0
File items scanned        : 12439
File threats detected     : 100

Adware.Tracking Cookie
	C:\Users\cat\AppData\Roaming\Microsoft\Windows\Cookies\TL1U9CP0.txt [ /www.counter.gd ]
	C:\Users\cat\AppData\Roaming\Microsoft\Windows\Cookies\EIH3O1IH.txt [ /de.sitestat.com ]
	C:\Users\cat\AppData\Roaming\Microsoft\Windows\Cookies\P4RMH0SK.txt [ /ad.yieldmanager.com ]
	C:\Users\cat\AppData\Roaming\Microsoft\Windows\Cookies\UHGWZY8B.txt [ /pub.visicommedia.com ]
	C:\Users\cat\AppData\Roaming\Microsoft\Windows\Cookies\PZA9CYT9.txt [ /imrworldwide.com ]
	C:\Users\cat\AppData\Roaming\Microsoft\Windows\Cookies\8FL78BTI.txt [ /adx.chip.de ]
	C:\Users\cat\AppData\Roaming\Microsoft\Windows\Cookies\16LYPS8W.txt [ /www.qsstats.com ]
	C:\Users\cat\AppData\Roaming\Microsoft\Windows\Cookies\SG0AW95Y.txt [ /software.visicommedia.com ]
	C:\Users\cat\AppData\Roaming\Microsoft\Windows\Cookies\PFEJ472O.txt [ /www.qsstats.com ]
	C:\Users\cat\AppData\Roaming\Microsoft\Windows\Cookies\MEI2HS41.txt [ /visicommedia.com ]
	C:\Users\cat\AppData\Roaming\Microsoft\Windows\Cookies\JRJ2NW09.txt [ /count.primawebtools.de ]
	C:\Users\cat\AppData\Roaming\Microsoft\Windows\Cookies\LMKZA6MM.txt [ /xiti.com ]
	C:\Users\cat\AppData\Roaming\Microsoft\Windows\Cookies\FWD4KD6P.txt [ /ad3.adfarm1.adition.com ]
	C:\Users\cat\AppData\Roaming\Microsoft\Windows\Cookies\IK9Q8X1V.txt [ /www.googleadservices.com ]
	C:\Users\cat\AppData\Roaming\Microsoft\Windows\Cookies\Q4O6FTYK.txt [ /de.sitestat.com ]
	C:\Users\cat\AppData\Roaming\Microsoft\Windows\Cookies\PRMV4115.txt [ /www.googleadservices.com ]
	C:\Users\cat\AppData\Roaming\Microsoft\Windows\Cookies\3DI4KWVE.txt [ /count.asnetworks.de ]
	C:\Users\cat\AppData\Roaming\Microsoft\Windows\Cookies\5PO5HN49.txt [ /amazon-adsystem.com ]
	C:\Users\cat\AppData\Roaming\Microsoft\Windows\Cookies\GUGA3EE1.txt [ /asknetag.112.2o7.net ]
	C:\Users\cat\AppData\Roaming\Microsoft\Windows\Cookies\FE0ITLFG.txt [ /ads.proz.com ]
	C:\Users\cat\AppData\Roaming\Microsoft\Windows\Cookies\L4X1G212.txt [ /yahoogroups.112.2o7.net ]
	C:\Users\cat\AppData\Roaming\Microsoft\Windows\Cookies\X02PA5JD.txt [ /adfarm1.adition.com ]
	C:\Users\cat\AppData\Roaming\Microsoft\Windows\Cookies\39MD68X2.txt [ /legolas-media.com ]
	C:\Users\cat\AppData\Roaming\Microsoft\Windows\Cookies\FRQHWVL2.txt [ /findix.com ]
	C:\Users\cat\AppData\Roaming\Microsoft\Windows\Cookies\J4U5HY4E.txt [ /trafficmp.com ]
	C:\Users\cat\AppData\Roaming\Microsoft\Windows\Cookies\GVI1XKIQ.txt [ /banner.testberichte.de ]
	C:\Users\cat\AppData\Roaming\Microsoft\Windows\Cookies\QARNNU9C.txt [ /gfi.122.2o7.net ]
	C:\Users\cat\AppData\Roaming\Microsoft\Windows\Cookies\T0QOYAMD.txt [ /dmtracker.com ]
	C:\Users\cat\AppData\Roaming\Microsoft\Windows\Cookies\SJ34R0HV.txt [ /webmasterplan.com ]
	C:\Users\cat\AppData\Roaming\Microsoft\Windows\Cookies\6TTU55NW.txt [ /serving-sys.com ]
	C:\Users\cat\AppData\Roaming\Microsoft\Windows\Cookies\QQ636BFV.txt [ /o1.qnsr.com ]
	C:\Users\cat\AppData\Roaming\Microsoft\Windows\Cookies\CWHEC2NE.txt [ /www.etracker.de ]
	C:\Users\cat\AppData\Roaming\Microsoft\Windows\Cookies\BU1KFIWZ.txt [ /qnsr.com ]
	C:\Users\cat\AppData\Roaming\Microsoft\Windows\Cookies\F9QVEZ94.txt [ /invitemedia.com ]
	C:\Users\cat\AppData\Roaming\Microsoft\Windows\Cookies\YT1SR6G8.txt [ /livestat.derstandard.at ]
	C:\Users\cat\AppData\Roaming\Microsoft\Windows\Cookies\Y9H5AAKT.txt [ /www.googleadservices.com ]
	C:\Users\cat\AppData\Roaming\Microsoft\Windows\Cookies\CBC1G0DV.txt [ /www.mediamarkt.at ]
	C:\Users\cat\AppData\Roaming\Microsoft\Windows\Cookies\C2JTJPCI.txt [ /tracking.mlsat02.de ]
	C:\Users\cat\AppData\Roaming\Microsoft\Windows\Cookies\EIRN70G9.txt [ /stat.onestat.com ]
	C:\Users\cat\AppData\Roaming\Microsoft\Windows\Cookies\JSUUOD0P.txt [ /gmeurope.112.2o7.net ]
	C:\Users\cat\AppData\Roaming\Microsoft\Windows\Cookies\E6TOAQMK.txt [ /diegesundheitsexperten.com ]
	C:\Users\cat\AppData\Roaming\Microsoft\Windows\Cookies\TW5WF5TU.txt [ /microsoftsto.112.2o7.net ]
	C:\Users\cat\AppData\Roaming\Microsoft\Windows\Cookies\JZ6KCNYQ.txt [ /e-2dj6wjmyqmdpgep.stats.esomniture.com ]
	C:\Users\cat\AppData\Roaming\Microsoft\Windows\Cookies\YTU139KI.txt [ /kaspersky.122.2o7.net ]
	C:\Users\cat\AppData\Roaming\Microsoft\Windows\Cookies\3PHXDVXP.txt [ /wlw.122.2o7.net ]
	C:\Users\cat\AppData\Roaming\Microsoft\Windows\Cookies\5NO1FY5O.txt [ /de.sitestat.com ]
	C:\Users\cat\AppData\Roaming\Microsoft\Windows\Cookies\RYLI8ZK9.txt [ /ad.hyperactive.de ]
	C:\USERS\cat\AppData\Roaming\Microsoft\Windows\Cookies\Low\WA73MCMP.txt [ Cookie:cat@zanox.com/ ]
	C:\USERS\cat\AppData\Roaming\Microsoft\Windows\Cookies\Low\I8AJWEZA.txt [ Cookie:cat@track.effiliation.com/servlet/ ]
	C:\USERS\cat\AppData\Roaming\Microsoft\Windows\Cookies\Low\CCMNFMVC.txt [ Cookie:cat@revsci.net/ ]
	C:\USERS\cat\AppData\Roaming\Microsoft\Windows\Cookies\Low\5XY8Q4S8.txt [ Cookie:cat@ads.quartermedia.de/ ]
	C:\USERS\cat\AppData\Roaming\Microsoft\Windows\Cookies\Low\AJLSZSOS.txt [ Cookie:cat@adx.chip.de/ ]
	C:\USERS\cat\AppData\Roaming\Microsoft\Windows\Cookies\Low\8EZW6POO.txt [ Cookie:cat@eas.apm.emediate.eu/ ]
	C:\USERS\cat\AppData\Roaming\Microsoft\Windows\Cookies\Low\C86Y6T3Q.txt [ Cookie:cat@amazon-adsystem.com/ ]
	C:\USERS\cat\AppData\Roaming\Microsoft\Windows\Cookies\Low\H9XR5EJ6.txt [ Cookie:cat@track.effiliation.com/ ]
	C:\USERS\cat\AppData\Roaming\Microsoft\Windows\Cookies\Low\F8OLU6Y8.txt [ Cookie:cat@tracking.mlsat02.de/tmobile/ ]
	C:\USERS\cat\AppData\Roaming\Microsoft\Windows\Cookies\Low\0BNQ2HJO.txt [ Cookie:cat@clickfuse.com/ ]
	C:\USERS\cat\AppData\Roaming\Microsoft\Windows\Cookies\Low\WHPH6UHV.txt [ Cookie:cat@im.banner.t-online.de/ ]
	C:\USERS\cat\AppData\Roaming\Microsoft\Windows\Cookies\Low\N74XAUQ5.txt [ Cookie:cat@collective-media.net/ ]
	C:\USERS\cat\AppData\Roaming\Microsoft\Windows\Cookies\Low\FAZ22OOD.txt [ Cookie:cat@legolas-media.com/ ]
	C:\USERS\cat\AppData\Roaming\Microsoft\Windows\Cookies\Low\LGZV20VK.txt [ Cookie:cat@liveperson.net/ ]
	C:\USERS\cat\AppData\Roaming\Microsoft\Windows\Cookies\Low\3E94O9ER.txt [ Cookie:cat@count.primawebtools.de/ ]
	C:\USERS\cat\AppData\Roaming\Microsoft\Windows\Cookies\Low\9VQCJH4U.txt [ Cookie:cat@xiti.com/ ]
	C:\USERS\cat\AppData\Roaming\Microsoft\Windows\Cookies\Low\HS83NB91.txt [ Cookie:cat@liveperson.net/hc/61298727 ]
	C:\USERS\cat\Cookies\TL1U9CP0.txt [ Cookie:cat@www.counter.gd/ ]
	C:\USERS\cat\Cookies\EIH3O1IH.txt [ Cookie:cat@de.sitestat.com/idgcom-de/pcwelt/ ]
	C:\USERS\cat\Cookies\P4RMH0SK.txt [ Cookie:cat@ad.yieldmanager.com/ ]
	C:\USERS\cat\Cookies\8FL78BTI.txt [ Cookie:cat@adx.chip.de/ ]
	C:\USERS\cat\Cookies\16LYPS8W.txt [ Cookie:cat@www.qsstats.com/dcs3h4t8400000kvxm3q670wa_4v4y ]
	C:\USERS\cat\Cookies\SG0AW95Y.txt [ Cookie:cat@software.visicommedia.com/ ]
	C:\USERS\cat\Cookies\PFEJ472O.txt [ Cookie:cat@www.qsstats.com/ ]
	C:\USERS\cat\Cookies\MEI2HS41.txt [ Cookie:cat@visicommedia.com/ ]
	C:\USERS\cat\Cookies\JRJ2NW09.txt [ Cookie:cat@count.primawebtools.de/ ]
	C:\USERS\cat\Cookies\LMKZA6MM.txt [ Cookie:cat@xiti.com/ ]
	C:\USERS\cat\Cookies\3DI4KWVE.txt [ Cookie:cat@count.asnetworks.de/ ]
	C:\USERS\cat\Cookies\5PO5HN49.txt [ Cookie:cat@amazon-adsystem.com/ ]
	C:\USERS\cat\Cookies\L4X1G212.txt [ Cookie:cat@yahoogroups.112.2o7.net/ ]
	C:\USERS\cat\Cookies\39MD68X2.txt [ Cookie:cat@legolas-media.com/ ]
	C:\USERS\cat\Cookies\FRQHWVL2.txt [ Cookie:cat@findix.com/ ]
	C:\USERS\cat\Cookies\J4U5HY4E.txt [ Cookie:cat@trafficmp.com/ ]
	C:\USERS\cat\Cookies\QARNNU9C.txt [ Cookie:cat@gfi.122.2o7.net/ ]
	C:\USERS\cat\Cookies\T0QOYAMD.txt [ Cookie:cat@dmtracker.com/ ]
	C:\USERS\cat\Cookies\QQ636BFV.txt [ Cookie:cat@o1.qnsr.com/ ]
	C:\USERS\cat\Cookies\CWHEC2NE.txt [ Cookie:cat@www.etracker.de/ ]
	C:\USERS\cat\Cookies\BU1KFIWZ.txt [ Cookie:cat@qnsr.com/ ]
	C:\USERS\cat\Cookies\YT1SR6G8.txt [ Cookie:cat@livestat.derstandard.at/ ]
	C:\USERS\cat\Cookies\CBC1G0DV.txt [ Cookie:cat@www.mediamarkt.at/ ]
	C:\USERS\cat\Cookies\C2JTJPCI.txt [ Cookie:cat@tracking.mlsat02.de/tmobile/ ]
	C:\USERS\cat\Cookies\EIRN70G9.txt [ Cookie:cat@stat.onestat.com/ ]
	C:\USERS\cat\Cookies\JSUUOD0P.txt [ Cookie:cat@gmeurope.112.2o7.net/ ]
	C:\USERS\cat\Cookies\E6TOAQMK.txt [ Cookie:cat@diegesundheitsexperten.com/ ]
	C:\USERS\cat\Cookies\TW5WF5TU.txt [ Cookie:cat@microsoftsto.112.2o7.net/ ]
	C:\USERS\cat\Cookies\JZ6KCNYQ.txt [ Cookie:cat@e-2dj6wjmyqmdpgep.stats.esomniture.com/ ]
	C:\USERS\cat\Cookies\YTU139KI.txt [ Cookie:cat@kaspersky.122.2o7.net/ ]
	C:\USERS\cat\Cookies\3PHXDVXP.txt [ Cookie:cat@wlw.122.2o7.net/ ]
	C:\USERS\cat\Cookies\5NO1FY5O.txt [ Cookie:cat@de.sitestat.com/otto-eu/at/ ]
	C:\USERS\MRBOJANGLES\AppData\Roaming\Microsoft\Windows\Cookies\QNUDEYN7.txt [ Cookie:mr@c.atdmt.com/ ]
	C:\USERS\MRBOJANGLES\AppData\Roaming\Microsoft\Windows\Cookies\O6L0FSK8.txt [ Cookie:mr@atdmt.com/ ]
	C:\USERS\MRBOJANGLES\Cookies\QNUDEYN7.txt [ Cookie:mr@c.atdmt.com/ ]
	C:\USERS\MRBOJANGLES\Cookies\O6L0FSK8.txt [ Cookie:mr@atdmt.com/ ]
Vielen Dank für die Unterstützung und viele Grüße,
Martin.

Alt 28.01.2012, 21:36   #2
Martin_Oskar
 
OTL - Logfile mit eigenartigen Zeilen - Standard

OTL - Logfile mit eigenartigen Zeilen


Guten Abend,

scheinbar macht das der Spybot beim Immunisieren. Ist der Inhalt vom Host File. Hab schon nachgefragt ob das normal ist. Mal sehen was die dazu sagen.

Viele Grüße,
Martin.
__________________
Antwort

Themen zu OTL - Logfile mit eigenartigen Zeilen
64-bit, alternate, antivirus, application/pdf, application/pdf:, avast, bho, bonjour, canon, cdburnerxp, detected, email, explorer, explorer.exe, firefox, format, home, ics, intranet, logfile, microsoft, mystart, nodrives, plug-in, programme, realtek, registry, rundll, safer networking, scan, secunia psi, security, software, studio, superantispyware, thomson, tracker, trojaner, version=1.0, windows, winlogon


« Weißer Bildschirm - Es besteht noch keine Internetverbindung | Habe Trojaner Gen-Cryptor[Egun] gefunden »


Ähnliche Themen: OTL - Logfile mit eigenartigen Zeilen


  1. Windows 7 Home Premium: Cursor springt in Zeilen umher / Fenster nicht minimierbar
    Plagegeister aller Art und deren Bekämpfung - 11.10.2014 (7)
  2. Auf eigenartigen Link geglickt - Ddos-Attacke
    Log-Analyse und Auswertung - 22.08.2014 (11)
  3. GVU logfile
    Log-Analyse und Auswertung - 16.04.2014 (9)
  4. Weißer Bildschirm - Taskmanager mit Polizeihinweis - bis zum Logfile alles durchgespielt - möchte nun logfile posten
    Log-Analyse und Auswertung - 04.09.2013 (17)
  5. Programm gesucht das Zeilen ausliest
    Alles rund um Windows - 04.01.2011 (8)
  6. Texteditor => Zeilen markieren
    Alles rund um Mac OSX & Linux - 09.08.2010 (10)
  7. Probleme trotz beseitigung von trojan.Zbot und Trojan.Downloader, OTL Logfile, MalwareByte Logfile!
    Plagegeister aller Art und deren Bekämpfung - 28.07.2010 (10)
  8. Logfile auswerten bzw. Logfile posten
    Mülltonne - 30.12.2008 (0)
  9. logfile
    Mülltonne - 18.04.2008 (0)
  10. LogFile
    Mülltonne - 05.10.2007 (0)
  11. Logfile
    Log-Analyse und Auswertung - 01.09.2007 (1)
  12. Cursor spring in Zeilen- VIRUS?
    Mülltonne - 01.04.2007 (0)
  13. Logfile
    Log-Analyse und Auswertung - 05.03.2007 (6)
  14. Fragen zu 7 Zeilen
    Log-Analyse und Auswertung - 09.04.2005 (2)
  15. Logfile Ok ?
    Log-Analyse und Auswertung - 16.11.2004 (2)
  16. Logfile
    Log-Analyse und Auswertung - 20.10.2004 (6)
  17. LogFile
    Plagegeister aller Art und deren Bekämpfung - 14.10.2004 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema OTL - Logfile mit eigenartigen Zeilen - Einen schönen guten Abend liebes Trojaner - Board Team! Habe heute routinemäßig einen OTL - Scan gemacht. Sonderbar am Ergebnis sind die asiatischen Zeichen in der Zeile O1 - Hosts. - OTL - Logfile mit eigenartigen Zeilen...
Archiv
Du betrachtest: OTL - Logfile mit eigenartigen Zeilen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55