Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Trojaerfund und zwei Hijackereinträge

Trojaerfund und zwei Hijackereinträge


Log-Analyse und Auswertung: Trojaerfund und zwei Hijackereinträge

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 22.12.2010, 20:32   #1
schikum
 
Trojaerfund und zwei Hijackereinträge - Standard

Trojaerfund und zwei Hijackereinträge


Hallo
Nachdem mein Spyware einen Trojaner entdeckte (opachki.ru), habe ich nun auch noch malware laufenlassen, welche mir die zwei Hijacker-Einträge aufdeckte. Den Trojaner hab ich gelöscht und die Einträge sind noch in Quarantäne. Ich weiss natürlich nicht, wie lange die Dinger schon wirkten, und auch nicht was. Auffallend ist nur, dass sich der WLAN öfters abhängt, jedoch unregelmässig.
Ich habe die Logfiles hier:
malware:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5363

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

22.12.2010 19:42:30
mbam-log-2010-12-22 (19-42-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 310031
Laufzeit: 1 Stunde(n), 21 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (hxxp://www.helpmeopen.com/?n=app&ext=%s) Good: (hxxp://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


OTL:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 22.12.2010 19:52:37 - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000807 | Country: *** | Language: DES | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 41.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 141.62 Gb Free Space | 47.51% Space Free | Partition Type: NTFS
 
Computer Name: PAPI-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Downloads\OTL.exe File not found
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (ntcdrdrv) -- C:\Windows\System32\DRIVERS\ntcdrdrv.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (FXDrv32) -- D:\FXDrv32.sys File not found
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (bbcap) -- C:\Windows\System32\drivers\bbcap.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (irsir) -- C:\Windows\System32\drivers\irsir.sys (Microsoft Corporation)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (RT73) -- C:\Windows\System32\drivers\Dr71WU.sys (Ralink Technology Corp.)
DRV - (Ph3xIB32) -- C:\Windows\System32\drivers\Ph3xIB32.sys (Philips Semiconductors GmbH)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (RTLWUSB) -- C:\Windows\System32\drivers\RTL8187.sys (Realtek Semiconductor Corporation )
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.stegcomputer.ch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.imesh.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://bazonline.ch/schweiz/"
FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}:2.6.8
FF - prefs.js..extensions.enabledItems: {28D35620-51D9-11DE-9D13-2DB156D89593}:3.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.1
FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.12.20 20:13:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.11 21:42:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.22 17:38:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.10 13:56:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.12.22 17:38:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.12.20 20:13:23 | 000,000,000 | ---D | M]
 
[2010.09.08 08:34:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.09.08 08:34:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.12.22 12:11:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n2jr1rrn.default\extensions
[2010.04.28 06:46:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Papi\AppData\Roaming\mozilla\Firefox\Profiles\n2jr1rrn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.08.28 20:38:30 | 000,000,000 | ---D | M] (MediaBar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n2jr1rrn.default\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593}
[2010.11.11 15:03:24 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n2jr1rrn.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2010.10.26 07:42:17 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n2jr1rrn.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.11.11 13:56:37 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n2jr1rrn.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2010.12.21 16:12:00 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n2jr1rrn.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2009.03.15 18:59:06 | 000,000,682 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\n2jr1rrn.default\searchplugins\ask.xml
[2009.07.18 00:02:48 | 000,002,456 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\n2jr1rrn.default\searchplugins\iMeshWebSearch.xml
[2010.11.11 16:45:53 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.05.13 23:19:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.11.11 16:45:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.11.11 16:45:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2009.03.03 16:31:22 | 000,162,072 | ---- | M] (Tracker Software Products Ltd.) -- C:\Programme\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
[2010.07.25 22:00:30 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.25 22:00:30 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.07.18 00:02:48 | 000,002,456 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\iMeshWebSearch.xml
[2010.07.25 22:00:30 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.25 22:00:30 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.25 22:00:30 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.08.25 15:26:47 | 000,414,821 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.123topsearch.com
O1 - Hosts: 127.0.0.1    123topsearch.com
O1 - Hosts: 127.0.0.1    www.132.com
O1 - Hosts: 127.0.0.1    132.com
O1 - Hosts: 127.0.0.1    www.136136.net
O1 - Hosts: 127.0.0.1    136136.net
O1 - Hosts: 127.0.0.1    www.163ns.com
O1 - Hosts: 14325 more lines...
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Programme\iMeshMediabarTb\iMeshMediaBarDx.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Programme\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Programme\iMeshMediabarTb\iMeshMediaBarDx.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [avast5] C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Save YouTube Video - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Programme\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5bd54afb-6337-11df-9be0-0018e726c5db}\Shell\AutoRun\command - "" = J:\installer.exe -- File not found
O33 - MountPoints2\{700bc62d-6c16-11df-826d-0018e726c5db}\Shell\AutoRun\command - "" = J:\installer.exe -- File not found
O33 - MountPoints2\{918fd52b-6400-11df-ba96-0018e726c5db}\Shell\AutoRun\command - "" = J:\installer.exe -- File not found
O33 - MountPoints2\{f180735f-df73-11df-a8c2-0018e726c5db}\Shell\AutoRun\command - "" = J:\installer.exe -- File not found
O33 - MountPoints2\{f87c457f-e7f9-11de-9cd0-0018e726c5db}\Shell\AutoRun\command - "" = I:\Launcher.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.22 19:48:51 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.12.20 20:48:53 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2010.12.20 20:48:52 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2010.12.20 20:48:51 | 000,567,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2010.12.20 20:24:12 | 000,038,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2010.12.20 20:13:59 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.12.20 20:12:28 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2010.12.20 20:11:58 | 000,000,000 | ---D | C] -- C:\Programme\PC Connectivity Solution
[2010.12.20 20:06:05 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaInstallerCache
[2010.12.15 11:44:50 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.15 11:43:54 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.15 11:43:54 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.15 11:43:54 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.15 11:43:26 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.15 11:43:25 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.12.15 11:43:25 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.12.15 11:43:25 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.12.15 11:42:32 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.12.15 11:42:28 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.12.15 11:42:27 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.12.15 11:42:27 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.12.15 11:42:27 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.12.15 11:42:27 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.12.15 11:42:26 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.12.15 11:42:26 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.12.15 11:42:26 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.12.15 11:42:26 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.12.15 11:42:26 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.12.15 11:42:26 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.12.15 11:42:26 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.12.15 11:42:26 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.12.15 11:42:26 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010.12.15 11:42:26 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.12.15 11:42:25 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.12.15 11:41:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.12.09 20:07:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Blueberry
[2010.12.04 13:11:31 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\276_chanukkalieder 3-1
[2010.12.04 11:47:52 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\chanukka1
[2010.12.02 07:39:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc
[2010.11.24 21:54:05 | 000,000,000 | ---D | C] -- C:\Programme\PhotoFiltre
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.22 19:55:00 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2010.12.22 19:48:54 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Papi\Desktop\OTL.exe
[2010.12.22 19:47:23 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.12.22 19:46:26 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.12.22 19:46:23 | 000,000,031 | ---- | M] () -- C:\Windows\System32\bbcap.err
[2010.12.22 19:45:05 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.12.22 19:45:04 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job
[2010.12.22 19:44:25 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.22 19:44:25 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.22 19:44:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.22 19:44:13 | 2136,137,728 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.22 19:01:10 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2010.12.22 18:00:04 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2010.12.22 17:43:24 | 000,001,374 | ---- | M] () -- C:\Users\***\Documents\cc_20101222_174319.reg
[2010.12.22 17:36:53 | 000,000,536 | ---- | M] () -- C:\Users\***\Documents\cc_20101222_173649.reg
[2010.12.22 17:36:25 | 000,019,622 | ---- | M] () -- C:\Users\***\Documents\cc_20101222_173618.reg
[2010.12.22 15:38:15 | 000,018,944 | ---- | M] () -- C:\Users\***\Desktop\Finanzblatt Tabitha.xlr
[2010.12.22 15:38:15 | 000,002,272 | ---- | M] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2010.12.20 20:49:43 | 000,146,944 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.20 20:34:46 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2010.12.20 20:34:45 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010.12.20 19:53:13 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.12.20 19:53:13 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.12.20 19:53:13 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.12.20 19:53:13 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.12.16 19:38:41 | 000,434,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.09 22:00:37 | 2375,922,974 | ---- | M] () -- C:\Users\***\Desktop\Tierfilm.fbr
[2010.12.07 11:18:21 | 000,000,821 | ---- | M] () -- C:\Users\***\Desktop\HhDez10.lnk
[2010.12.05 22:03:48 | 002,716,939 | ---- | M] () -- C:\Users\***\Desktop\traum yaschuah.wma
[2010.11.24 21:54:06 | 000,000,845 | ---- | M] () -- C:\Users\***\Desktop\PhotoFiltre.lnk
[2010.11.23 11:02:05 | 000,753,363 | ---- | M] () -- C:\Users\***\Desktop\ADNT-ARAM-Vaterunser.gif
 
========== Files Created - No Company Name ==========
 
[2010.12.22 17:43:22 | 000,001,374 | ---- | C] () -- C:\Users\***\Documents\cc_20101222_174319.reg
[2010.12.22 17:36:51 | 000,000,536 | ---- | C] () -- C:\Users\***\Documents\cc_20101222_173649.reg
[2010.12.22 17:36:22 | 000,019,622 | ---- | C] () -- C:\Users\***\Documents\cc_20101222_173618.reg
[2010.12.22 17:13:20 | 000,000,312 | ---- | C] () -- C:\Windows\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2010.12.22 11:59:55 | 000,018,944 | ---- | C] () -- C:\Users\***\Desktop\Finanzblatt Tabitha.xlr
[2010.12.20 20:34:46 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2010.12.20 20:34:45 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010.12.20 20:24:31 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2010.12.09 22:01:02 | 2375,922,974 | ---- | C] () -- C:\Users\***\Desktop\Tierfilm.fbr
[2010.12.07 11:18:21 | 000,000,821 | ---- | C] () -- C:\Users\***\Desktop\HhDez10.lnk
[2010.12.05 22:03:47 | 002,716,939 | ---- | C] () -- C:\Users\***\Desktop\traum yaschuah.wma
[2010.11.24 21:54:06 | 000,000,845 | ---- | C] () -- C:\Users\***\Desktop\PhotoFiltre.lnk
[2010.11.23 11:02:03 | 000,753,363 | ---- | C] () -- C:\Users\***\Desktop\ADNT-ARAM-Vaterunser.gif
[2010.11.15 03:07:02 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.06.03 18:56:40 | 000,000,278 | ---- | C] () -- C:\Users\***\AppData\Roaming\burnaware.ini
[2010.06.02 12:16:44 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010.05.13 22:59:27 | 000,000,061 | ---- | C] () -- C:\Windows\wininit.ini
[2010.03.04 21:31:41 | 000,025,600 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db
[2009.10.23 14:20:02 | 000,001,024 | ---- | C] () -- C:\ProgramData\1pdfdec.dll
[2009.10.23 14:19:59 | 000,000,048 | ---- | C] () -- C:\Windows\System32\pdfutil.ini
[2009.09.11 12:40:01 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.27 19:32:48 | 000,076,407 | ---- | C] () -- C:\Users\***\AppData\Roaming\Smiley.ico
[2009.06.28 10:40:13 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009.06.13 20:52:15 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2008.08.27 19:00:09 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.08.27 12:48:43 | 000,002,272 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2008.08.26 18:26:27 | 000,146,944 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.07.04 11:44:57 | 000,196,096 | ---- | C] () -- C:\Windows\System32\MACD32.DLL
[2008.07.04 11:44:57 | 000,138,752 | ---- | C] () -- C:\Windows\System32\MASE32.DLL
[2008.07.04 11:44:57 | 000,136,192 | ---- | C] () -- C:\Windows\System32\MAMC32.DLL
[2008.07.04 11:44:57 | 000,057,856 | ---- | C] () -- C:\Windows\System32\MASD32.DLL
[2008.07.04 11:44:57 | 000,027,648 | ---- | C] () -- C:\Windows\System32\MA32.DLL
[2008.02.11 18:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
========== LOP Check ==========
 
[2010.05.21 15:25:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Alpen 3D Online
[2010.12.09 22:01:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Blueberry
[2010.06.06 16:11:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2010.12.20 20:53:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2010.06.02 12:48:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2009.02.04 16:00:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DreamChess
[2010.11.14 22:20:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2010.06.06 13:59:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FinalBurner AudioCD Ripper
[2010.05.29 16:58:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FinalMediaPlayer
[2010.12.09 16:54:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\foobar2000
[2009.03.15 17:15:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit
[2010.06.03 20:37:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InfraRecorder
[2010.05.13 23:30:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LogSys
[2010.06.21 00:23:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mresreg
[2010.01.15 17:03:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NASA
[2010.02.01 19:42:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2009.03.15 16:19:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2010.09.14 19:54:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Paltalk
[2009.12.13 16:33:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2010.06.21 00:36:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoFiltre
[2010.08.18 15:19:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoScape
[2009.10.20 11:13:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PixelPlanet
[2008.08.27 12:54:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template
[2010.09.08 08:34:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2010.12.22 19:45:04 | 000,000,416 | ---- | M] () -- C:\Windows\Tasks\PCConfidential.job
[2010.12.22 19:43:18 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.12.22 19:55:00 | 000,000,434 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 837 bytes -> C:\Users\Papi\Desktop\Obama gegen judisches Jerusalem.eml:OECustomProperty
@Alternate Data Stream - 777 bytes -> C:\Users\Papi\Desktop\Obama gegn Jerusalem.eml:OECustomProperty
 
< End of report >
--- --- ---


Extras:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 22.12.2010 19:52:37 - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000807 | Country: *** | Language: DES | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 41.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 141.62 Gb Free Space | 47.51% Space Free | Partition Type: NTFS
 
Computer Name: PAPI-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Downloads\OTL.exe File not found
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (ntcdrdrv) -- C:\Windows\System32\DRIVERS\ntcdrdrv.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (FXDrv32) -- D:\FXDrv32.sys File not found
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (bbcap) -- C:\Windows\System32\drivers\bbcap.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (irsir) -- C:\Windows\System32\drivers\irsir.sys (Microsoft Corporation)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (RT73) -- C:\Windows\System32\drivers\Dr71WU.sys (Ralink Technology Corp.)
DRV - (Ph3xIB32) -- C:\Windows\System32\drivers\Ph3xIB32.sys (Philips Semiconductors GmbH)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (RTLWUSB) -- C:\Windows\System32\drivers\RTL8187.sys (Realtek Semiconductor Corporation )
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.stegcomputer.ch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.imesh.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://bazonline.ch/schweiz/"
FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}:2.6.8
FF - prefs.js..extensions.enabledItems: {28D35620-51D9-11DE-9D13-2DB156D89593}:3.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.1
FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.12.20 20:13:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.11 21:42:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.22 17:38:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.10 13:56:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.12.22 17:38:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.12.20 20:13:23 | 000,000,000 | ---D | M]
 
[2010.09.08 08:34:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.09.08 08:34:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.12.22 12:11:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n2jr1rrn.default\extensions
[2010.04.28 06:46:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Papi\AppData\Roaming\mozilla\Firefox\Profiles\n2jr1rrn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.08.28 20:38:30 | 000,000,000 | ---D | M] (MediaBar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n2jr1rrn.default\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593}
[2010.11.11 15:03:24 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n2jr1rrn.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2010.10.26 07:42:17 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n2jr1rrn.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.11.11 13:56:37 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n2jr1rrn.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2010.12.21 16:12:00 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\n2jr1rrn.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2009.03.15 18:59:06 | 000,000,682 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\n2jr1rrn.default\searchplugins\ask.xml
[2009.07.18 00:02:48 | 000,002,456 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\n2jr1rrn.default\searchplugins\iMeshWebSearch.xml
[2010.11.11 16:45:53 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.05.13 23:19:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.11.11 16:45:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.11.11 16:45:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2009.03.03 16:31:22 | 000,162,072 | ---- | M] (Tracker Software Products Ltd.) -- C:\Programme\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
[2010.07.25 22:00:30 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.25 22:00:30 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.07.18 00:02:48 | 000,002,456 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\iMeshWebSearch.xml
[2010.07.25 22:00:30 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.25 22:00:30 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.25 22:00:30 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.08.25 15:26:47 | 000,414,821 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.123topsearch.com
O1 - Hosts: 127.0.0.1    123topsearch.com
O1 - Hosts: 127.0.0.1    www.132.com
O1 - Hosts: 127.0.0.1    132.com
O1 - Hosts: 127.0.0.1    www.136136.net
O1 - Hosts: 127.0.0.1    136136.net
O1 - Hosts: 127.0.0.1    www.163ns.com
O1 - Hosts: 14325 more lines...
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Programme\iMeshMediabarTb\iMeshMediaBarDx.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Programme\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Programme\iMeshMediabarTb\iMeshMediaBarDx.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [avast5] C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Programme\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Save YouTube Video - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Programme\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5bd54afb-6337-11df-9be0-0018e726c5db}\Shell\AutoRun\command - "" = J:\installer.exe -- File not found
O33 - MountPoints2\{700bc62d-6c16-11df-826d-0018e726c5db}\Shell\AutoRun\command - "" = J:\installer.exe -- File not found
O33 - MountPoints2\{918fd52b-6400-11df-ba96-0018e726c5db}\Shell\AutoRun\command - "" = J:\installer.exe -- File not found
O33 - MountPoints2\{f180735f-df73-11df-a8c2-0018e726c5db}\Shell\AutoRun\command - "" = J:\installer.exe -- File not found
O33 - MountPoints2\{f87c457f-e7f9-11de-9cd0-0018e726c5db}\Shell\AutoRun\command - "" = I:\Launcher.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.22 19:48:51 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.12.20 20:48:53 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2010.12.20 20:48:52 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2010.12.20 20:48:51 | 000,567,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2010.12.20 20:24:12 | 000,038,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2010.12.20 20:13:59 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.12.20 20:12:28 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2010.12.20 20:11:58 | 000,000,000 | ---D | C] -- C:\Programme\PC Connectivity Solution
[2010.12.20 20:06:05 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaInstallerCache
[2010.12.15 11:44:50 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.15 11:43:54 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.15 11:43:54 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.15 11:43:54 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.15 11:43:26 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.15 11:43:25 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.12.15 11:43:25 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.12.15 11:43:25 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.12.15 11:42:32 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.12.15 11:42:28 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.12.15 11:42:27 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.12.15 11:42:27 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.12.15 11:42:27 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.12.15 11:42:27 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.12.15 11:42:26 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.12.15 11:42:26 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.12.15 11:42:26 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.12.15 11:42:26 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.12.15 11:42:26 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.12.15 11:42:26 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.12.15 11:42:26 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.12.15 11:42:26 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.12.15 11:42:26 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010.12.15 11:42:26 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.12.15 11:42:25 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.12.15 11:41:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.12.09 20:07:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Blueberry
[2010.12.04 13:11:31 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\276_chanukkalieder 3-1
[2010.12.04 11:47:52 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\chanukka1
[2010.12.02 07:39:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc
[2010.11.24 21:54:05 | 000,000,000 | ---D | C] -- C:\Programme\PhotoFiltre
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.22 19:55:00 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2010.12.22 19:48:54 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Papi\Desktop\OTL.exe
[2010.12.22 19:47:23 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.12.22 19:46:26 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.12.22 19:46:23 | 000,000,031 | ---- | M] () -- C:\Windows\System32\bbcap.err
[2010.12.22 19:45:05 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.12.22 19:45:04 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job
[2010.12.22 19:44:25 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.22 19:44:25 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.22 19:44:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.22 19:44:13 | 2136,137,728 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.22 19:01:10 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2010.12.22 18:00:04 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2010.12.22 17:43:24 | 000,001,374 | ---- | M] () -- C:\Users\***\Documents\cc_20101222_174319.reg
[2010.12.22 17:36:53 | 000,000,536 | ---- | M] () -- C:\Users\***\Documents\cc_20101222_173649.reg
[2010.12.22 17:36:25 | 000,019,622 | ---- | M] () -- C:\Users\***\Documents\cc_20101222_173618.reg
[2010.12.22 15:38:15 | 000,018,944 | ---- | M] () -- C:\Users\***\Desktop\Finanzblatt Tabitha.xlr
[2010.12.22 15:38:15 | 000,002,272 | ---- | M] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2010.12.20 20:49:43 | 000,146,944 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.20 20:34:46 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2010.12.20 20:34:45 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010.12.20 19:53:13 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.12.20 19:53:13 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.12.20 19:53:13 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.12.20 19:53:13 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.12.16 19:38:41 | 000,434,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.09 22:00:37 | 2375,922,974 | ---- | M] () -- C:\Users\***\Desktop\Tierfilm.fbr
[2010.12.07 11:18:21 | 000,000,821 | ---- | M] () -- C:\Users\***\Desktop\HhDez10.lnk
[2010.12.05 22:03:48 | 002,716,939 | ---- | M] () -- C:\Users\***\Desktop\traum yaschuah.wma
[2010.11.24 21:54:06 | 000,000,845 | ---- | M] () -- C:\Users\***\Desktop\PhotoFiltre.lnk
[2010.11.23 11:02:05 | 000,753,363 | ---- | M] () -- C:\Users\***\Desktop\ADNT-ARAM-Vaterunser.gif
 
========== Files Created - No Company Name ==========
 
[2010.12.22 17:43:22 | 000,001,374 | ---- | C] () -- C:\Users\***\Documents\cc_20101222_174319.reg
[2010.12.22 17:36:51 | 000,000,536 | ---- | C] () -- C:\Users\***\Documents\cc_20101222_173649.reg
[2010.12.22 17:36:22 | 000,019,622 | ---- | C] () -- C:\Users\***\Documents\cc_20101222_173618.reg
[2010.12.22 17:13:20 | 000,000,312 | ---- | C] () -- C:\Windows\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2010.12.22 11:59:55 | 000,018,944 | ---- | C] () -- C:\Users\***\Desktop\Finanzblatt Tabitha.xlr
[2010.12.20 20:34:46 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2010.12.20 20:34:45 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010.12.20 20:24:31 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2010.12.09 22:01:02 | 2375,922,974 | ---- | C] () -- C:\Users\***\Desktop\Tierfilm.fbr
[2010.12.07 11:18:21 | 000,000,821 | ---- | C] () -- C:\Users\***\Desktop\HhDez10.lnk
[2010.12.05 22:03:47 | 002,716,939 | ---- | C] () -- C:\Users\***\Desktop\traum yaschuah.wma
[2010.11.24 21:54:06 | 000,000,845 | ---- | C] () -- C:\Users\***\Desktop\PhotoFiltre.lnk
[2010.11.23 11:02:03 | 000,753,363 | ---- | C] () -- C:\Users\***\Desktop\ADNT-ARAM-Vaterunser.gif
[2010.11.15 03:07:02 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.06.03 18:56:40 | 000,000,278 | ---- | C] () -- C:\Users\***\AppData\Roaming\burnaware.ini
[2010.06.02 12:16:44 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010.05.13 22:59:27 | 000,000,061 | ---- | C] () -- C:\Windows\wininit.ini
[2010.03.04 21:31:41 | 000,025,600 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db
[2009.10.23 14:20:02 | 000,001,024 | ---- | C] () -- C:\ProgramData\1pdfdec.dll
[2009.10.23 14:19:59 | 000,000,048 | ---- | C] () -- C:\Windows\System32\pdfutil.ini
[2009.09.11 12:40:01 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.27 19:32:48 | 000,076,407 | ---- | C] () -- C:\Users\***\AppData\Roaming\Smiley.ico
[2009.06.28 10:40:13 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009.06.13 20:52:15 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2008.08.27 19:00:09 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.08.27 12:48:43 | 000,002,272 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2008.08.26 18:26:27 | 000,146,944 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.07.04 11:44:57 | 000,196,096 | ---- | C] () -- C:\Windows\System32\MACD32.DLL
[2008.07.04 11:44:57 | 000,138,752 | ---- | C] () -- C:\Windows\System32\MASE32.DLL
[2008.07.04 11:44:57 | 000,136,192 | ---- | C] () -- C:\Windows\System32\MAMC32.DLL
[2008.07.04 11:44:57 | 000,057,856 | ---- | C] () -- C:\Windows\System32\MASD32.DLL
[2008.07.04 11:44:57 | 000,027,648 | ---- | C] () -- C:\Windows\System32\MA32.DLL
[2008.02.11 18:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
========== LOP Check ==========
 
[2010.05.21 15:25:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Alpen 3D Online
[2010.12.09 22:01:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Blueberry
[2010.06.06 16:11:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2010.12.20 20:53:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2010.06.02 12:48:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2009.02.04 16:00:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DreamChess
[2010.11.14 22:20:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2010.06.06 13:59:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FinalBurner AudioCD Ripper
[2010.05.29 16:58:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FinalMediaPlayer
[2010.12.09 16:54:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\foobar2000
[2009.03.15 17:15:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit
[2010.06.03 20:37:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InfraRecorder
[2010.05.13 23:30:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LogSys
[2010.06.21 00:23:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mresreg
[2010.01.15 17:03:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NASA
[2010.02.01 19:42:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2009.03.15 16:19:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2010.09.14 19:54:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Paltalk
[2009.12.13 16:33:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2010.06.21 00:36:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoFiltre
[2010.08.18 15:19:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoScape
[2009.10.20 11:13:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PixelPlanet
[2008.08.27 12:54:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template
[2010.09.08 08:34:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2010.12.22 19:45:04 | 000,000,416 | ---- | M] () -- C:\Windows\Tasks\PCConfidential.job
[2010.12.22 19:43:18 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.12.22 19:55:00 | 000,000,434 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 837 bytes -> C:\Users\Papi\Desktop\Obama gegen judisches Jerusalem.eml:OECustomProperty
@Alternate Data Stream - 777 bytes -> C:\Users\Papi\Desktop\Obama gegn Jerusalem.eml:OECustomProperty
 
< End of report >
--- --- ---
Danke für das Reinschauen.

PS: Wann ist denn der Platz aufgebraucht, von wegen Zippen?

 

Themen zu Trojaerfund und zwei Hijackereinträge
.dll, adobe, alternate, antivirus, askbar, avast, avast!, bho, bonjour, canon, corp./icp, defender, desktop, error, explorer, firefox, firefox.exe, format, google, hijacker.application, home, home premium, hxxp://shell.windows.com/fileassoc/%04x/xml/redir.asp?ext=%s, location, malware, mozilla, mozilla thunderbird, mp3, nvlddmkm.sys, nvstor.sys, oldtimer, otl.exe, plug-in, programdata, realtek, registry, safer networking, scan, searchplugins, software, sptd.sys, spyware, tracker, trojaner, vista, wlan


« Backdoor.Shark.ast | Trojan.downloader/ Malwarebyte findet ihn als scr-Datei »


Ähnliche Themen: Trojaerfund und zwei Hijackereinträge


  1. Zwei Antivierenprogramme
    Antiviren-, Firewall- und andere Schutzprogramme - 03.10.2014 (4)
  2. Zwei selstsame emails...
    Plagegeister aller Art und deren Bekämpfung - 27.02.2013 (4)
  3. Zwei Trojaner an Board...
    Plagegeister aller Art und deren Bekämpfung - 31.01.2013 (17)
  4. Zwei OTL-Logs prüfen
    Log-Analyse und Auswertung - 23.10.2012 (7)
  5. zwei Fehlermeldungen RUNDLL
    Alles rund um Windows - 17.11.2010 (44)
  6. zwei Trojaner - TR/ATRAPS.Gen
    Log-Analyse und Auswertung - 05.10.2009 (10)
  7. POPUPS ale zwei Minuten
    Plagegeister aller Art und deren Bekämpfung - 24.12.2008 (1)
  8. Zwei Trojaner gefunden
    Log-Analyse und Auswertung - 10.12.2008 (14)
  9. Zwei Fragen
    Diskussionsforum - 26.08.2007 (6)
  10. zwei probs mit escan
    Plagegeister aller Art und deren Bekämpfung - 17.05.2007 (8)
  11. zwei rote bei der Auswertung
    Log-Analyse und Auswertung - 02.11.2006 (18)
  12. Zwei Xp-Versionen auf der Festplatte
    Alles rund um Windows - 21.04.2006 (5)
  13. zwei Acaunts?
    Alles rund um Windows - 06.01.2006 (17)
  14. Zwei Trojaner gefunden - was nun?
    Plagegeister aller Art und deren Bekämpfung - 12.11.2005 (23)
  15. zwei probleme
    Log-Analyse und Auswertung - 05.03.2005 (6)
  16. zwei Festplatten Geschwindigkeit
    Netzwerk und Hardware - 23.03.2004 (10)
  17. zwei virenscanner parallel!??
    Plagegeister aller Art und deren Bekämpfung - 06.02.2004 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojaerfund und zwei Hijackereinträge - Hallo Nachdem mein Spyware einen Trojaner entdeckte (opachki.ru), habe ich nun auch noch malware laufenlassen, welche mir die zwei Hijacker-Einträge aufdeckte. Den Trojaner hab ich gelöscht und die Einträge sind - Trojaerfund und zwei Hijackereinträge...
Archiv
Du betrachtest: Trojaerfund und zwei Hijackereinträge auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131