| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: sshjnas.dll VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.02.2011, 14:34
| #31 |
 |  sshjnas.dll Virus hier die otl.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 09.02.2011 14:26:50 - Run 4 OTL by OldTimer - Version 3.2.20.6 Folder = c:\Users\****\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18999) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 582,63 Gb Total Space | 499,58 Gb Free Space | 85,75% Space Free | Partition Type: NTFS Drive D: | 13,54 Gb Total Space | 1,86 Gb Free Space | 13,75% Space Free | Partition Type: NTFS Computer Name: ****-PC | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.01.26 16:55:30 | 000,602,624 | ---- | M] (OldTimer Tools) -- c:\Users\****\Downloads\OTL.exe PRC - [2010.12.13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2010.12.13 08:39:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.12.13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2010.09.16 21:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe PRC - [2010.08.30 10:44:20 | 000,111,928 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe PRC - [2010.07.27 13:40:55 | 000,237,224 | ---- | M] () -- C:\Program Files (x86)\RealDesktop Toolbar\RealDesktopSvc.exe PRC - [2010.04.25 18:59:24 | 002,937,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe PRC - [2010.03.08 18:30:54 | 000,194,048 | ---- | M] (Telefónica I+D) -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe PRC - [2009.11.20 10:17:12 | 000,434,176 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe PRC - [2009.10.11 09:45:22 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe PRC - [2008.07.09 14:43:14 | 000,131,072 | ---- | M] (AccSys GmbH) -- C:\Program Files (x86)\Common Files\AccSys\AccVSSvc.exe ========== Modules (SafeList) ========== MOD - [2011.01.26 16:55:30 | 000,602,624 | ---- | M] (OldTimer Tools) -- c:\Users\****\Downloads\OTL.exe MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2008.05.14 23:03:34 | 000,887,808 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility) SRV - [2011.01.12 14:03:37 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.12.13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.12.13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.07.27 13:40:55 | 000,237,224 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealDesktop Toolbar\RealDesktopSvc.exe -- (RealDesktop Toolbar Helper) SRV - [2010.03.08 18:30:54 | 000,194,048 | ---- | M] (Telefónica I+D) [Auto | Running] -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc) SRV - [2010.02.10 18:07:00 | 003,458,548 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc) SRV - [2009.08.24 12:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service) SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.07.09 14:43:14 | 000,131,072 | ---- | M] (AccSys GmbH) [Auto | Running] -- C:\Program Files (x86)\Common Files\AccSys\AccVSSvc.exe -- (accvssvc) SRV - [2008.02.03 11:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc) ========== Driver Services (SafeList) ========== DRV:64bit: - [2010.12.13 08:40:21 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb) DRV:64bit: - [2010.12.13 08:40:21 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt) DRV:64bit: - [2009.10.01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009.03.25 16:48:00 | 000,153,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018mdm.sys -- (s1018mdm) DRV:64bit: - [2009.03.25 16:48:00 | 000,146,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) DRV:64bit: - [2009.03.25 16:48:00 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) DRV:64bit: - [2009.03.25 16:48:00 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018obex.sys -- (s1018obex) DRV:64bit: - [2009.03.25 16:48:00 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM) DRV:64bit: - [2009.03.25 16:48:00 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) DRV:64bit: - [2009.03.25 16:48:00 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018mdfl.sys -- (s1018mdfl) DRV:64bit: - [2008.11.18 16:27:10 | 000,118,016 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\gtstusbser_64.sys -- (gtstusbser_64) DRV:64bit: - [2008.05.14 23:49:44 | 004,436,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag) DRV:64bit: - [2007.06.29 13:48:06 | 000,039,424 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys -- (AmdLLD64) DRV:64bit: - [2006.09.18 22:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV - [2008.11.18 16:27:10 | 000,118,016 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\gtstusbser_64.sys -- (gtstusbser_64) DRV - [2005.01.03 16:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Home IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = Home IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = Home IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Home IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.5.8.6 FF - prefs.js..extensions.enabledItems: realdesktop@realdesktop.com:1.7 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.1.0.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009.03.28 09:58:14 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.21 16:44:10 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.01.26 15:03:12 | 000,000,000 | ---D | M] [2010.01.05 09:43:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions [2011.02.08 17:25:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions [2010.04.27 17:48:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.02.02 14:20:19 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.08.06 11:08:33 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.04.13 18:11:32 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2010.10.20 13:04:29 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2010.03.16 10:42:56 | 000,000,927 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\conduit.xml [2011.02.03 18:56:22 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-1.xml [2010.10.24 20:04:48 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-10.xml [2010.10.30 08:01:36 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-11.xml [2010.12.21 18:42:26 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-12.xml [2010.03.25 12:35:00 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-2.xml [2010.04.04 13:04:46 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-3.xml [2010.04.15 11:51:07 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-4.xml [2010.07.12 13:13:12 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-5.xml [2010.07.22 19:11:44 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-6.xml [2010.07.27 21:02:41 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-7.xml [2010.09.09 09:05:34 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-8.xml [2010.09.20 16:25:09 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-9.xml [2010.05.12 17:40:48 | 000,001,042 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin.xml [2010.10.20 13:04:07 | 000,003,915 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\sweetim.xml [2011.02.02 14:20:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.01.24 00:12:00 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.09.22 13:36:26 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011.01.26 15:03:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2010.07.11 19:42:30 | 000,000,000 | ---D | M] (Real Desktop Toolbar) -- C:\Program Files (x86)\mozilla firefox\extensions\realdesktop@realdesktop.com [2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2009.04.08 03:06:28 | 000,122,880 | ---- | M] (AB) -- C:\Program Files (x86)\mozilla firefox\plugins\NPOP7PlugIn.dll [2010.04.25 18:59:24 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\mozilla firefox\plugins\npPandoWebInst.dll [2010.07.03 12:36:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.07.03 12:36:47 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.07.03 12:36:48 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.02.09 14:19:42 | 000,002,772 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\RealDesktop.xml [2011.02.09 14:19:42 | 000,002,754 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\RealDesktop.xml.bak [2010.07.03 12:36:48 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.07.03 12:36:48 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.) O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Real Desktop Toolbar) - {4C350B19-6CA1-4569-B14C-296D8D653009} - C:\Program Files (x86)\RealDesktop Toolbar\realdesktoptb.dll (RealDesktop) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (no name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found. O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Real Desktop Toolbar) - {4C350B19-6CA1-4569-B14C-296D8D653009} - C:\Program Files (x86)\RealDesktop Toolbar\realdesktoptb.dll (RealDesktop) O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [o2DSLConnectionManager] C:\Program Files (x86)\DSL Connection Manager\o2DSLConnectionManager.exe (AccSys GmbH) O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB) O4 - HKCU..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation) O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [WMPNSCFG] File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html () O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.) O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.250.99 193.189.244.205 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 30 Days ========== [2011.02.06 17:56:19 | 000,000,000 | R--D | C] -- C:\Users\****\Desktop\Garrys Mod [2011.02.02 14:20:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.4 [2011.02.02 14:19:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.4 [2011.01.30 11:22:41 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011.01.30 11:16:42 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2011.01.30 10:59:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2011.01.30 09:58:30 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\WinRAR [2011.01.30 09:58:30 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2011.01.30 09:58:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2011.01.30 09:58:26 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR [2011.01.29 23:18:45 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011.01.29 23:18:45 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011.01.29 23:18:44 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011.01.29 23:18:39 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.01.29 23:18:20 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.01.26 18:14:23 | 000,000,000 | ---D | C] -- C:\_OTL [2011.01.26 16:43:31 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\bereinigung [2011.01.26 16:31:26 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes [2011.01.26 16:31:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.01.26 16:31:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.01.26 16:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.01.26 16:31:15 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.01.26 16:31:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.01.26 15:03:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2011.01.19 18:54:56 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2011.01.19 16:51:04 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Avira [2011.01.17 18:14:06 | 000,000,000 | ---D | C] -- C:\ProgramData\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC} [2011.01.17 18:13:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activation Assistant for the 2007 Microsoft Office suites [2011.01.17 18:13:38 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Seven Zip [2011.01.17 18:13:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2011.01.17 18:11:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2011.01.17 18:11:42 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2011.01.17 18:10:20 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office [2011.01.17 18:06:53 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Microsoft Help [2011.01.17 18:06:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2011.01.17 18:06:24 | 000,000,000 | R--D | C] -- C:\MSOCache [2011.01.14 16:31:44 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\.minecraft ========== Files - Modified Within 30 Days ========== [2011.02.09 14:19:57 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.02.09 14:19:26 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.02.09 14:19:26 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.02.09 14:19:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.02.08 19:38:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.02.08 18:09:35 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0F185AB9-B531-44FD-B108-644E5495223C}.job [2011.02.08 15:06:11 | 001,460,240 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.02.08 15:06:11 | 000,632,718 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.02.08 15:06:11 | 000,599,406 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.02.08 15:06:11 | 000,130,244 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.02.08 15:06:11 | 000,106,884 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.02.08 15:02:43 | 000,005,120 | ---- | M] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.02.05 14:40:34 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2011.02.02 14:20:32 | 000,001,665 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.4.lnk [2011.01.30 10:03:52 | 000,000,488 | ---- | M] () -- C:\Users\****\AppData\Roaming\wklnhst.dat [2011.01.26 17:25:16 | 000,000,000 | ---- | M] () -- C:\Users\****\defogger_reenable [2011.01.26 16:48:46 | 000,000,680 | ---- | M] () -- C:\Users\****\AppData\Local\d3d9caps.dat [2011.01.26 16:31:20 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.01.26 14:17:30 | 000,000,000 | ---- | M] () -- C:\Users\****\AppData\Local\Rdedokoxaxedako.bin [2011.01.20 20:14:51 | 000,000,120 | ---- | M] () -- C:\Users\****\AppData\Local\Mtano.dat [2011.01.20 05:56:26 | 000,334,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.01.17 18:14:04 | 000,002,210 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Office – 60-Tage-Testversion.lnk ========== Files Created - No Company Name ========== [2011.02.02 14:20:32 | 000,001,665 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.4.lnk [2011.01.29 23:18:45 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011.01.29 23:18:45 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011.01.29 23:18:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.01.29 23:18:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.01.29 23:18:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.01.26 17:25:16 | 000,000,000 | ---- | C] () -- C:\Users\****\defogger_reenable [2011.01.26 16:48:21 | 000,000,680 | ---- | C] () -- C:\Users\****\AppData\Local\d3d9caps.dat [2011.01.26 16:31:20 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.01.20 20:14:51 | 000,000,120 | ---- | C] () -- C:\Users\****\AppData\Local\Mtano.dat [2011.01.20 20:14:51 | 000,000,000 | ---- | C] () -- C:\Users\****\AppData\Local\Rdedokoxaxedako.bin [2011.01.17 18:14:04 | 000,002,210 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Office – 60-Tage-Testversion.lnk [2011.01.07 17:09:40 | 000,001,078 | ---- | C] () -- C:\Windows\disney.ini [2011.01.07 17:09:38 | 000,000,175 | ---- | C] () -- C:\Windows\disneysy.ini [2010.12.05 14:48:32 | 000,028,160 | ---- | C] () -- C:\Windows\SysWow64\localuid.dll [2010.12.04 16:53:36 | 003,254,976 | ---- | C] () -- C:\Users\****\AppData\Local\dd_vcredistMSI47BA.txt [2010.12.04 16:53:32 | 000,012,490 | ---- | C] () -- C:\Users\****\AppData\Local\dd_vcredistUI47BA.txt [2010.05.08 10:13:19 | 000,429,170 | ---- | C] () -- C:\Users\****\AppData\Local\dd_vcredistMSI7D79.txt [2010.05.08 10:13:18 | 000,011,192 | ---- | C] () -- C:\Users\****\AppData\Local\dd_vcredistUI7D79.txt [2010.01.19 20:35:04 | 000,439,726 | ---- | C] () -- C:\Users\****\AppData\Local\dd_vcredistMSI14D8.txt [2010.01.19 20:35:03 | 000,082,666 | ---- | C] () -- C:\Users\****\AppData\Local\dd_vcredistUI14D8.txt [2010.01.01 14:11:24 | 002,729,472 | ---- | C] () -- C:\Windows\SysWow64\fun_avcodec.dll [2009.10.15 19:26:15 | 000,005,120 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.10.06 13:51:56 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009.10.06 13:50:31 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.09.28 17:28:08 | 000,419,556 | ---- | C] () -- C:\Users\****\AppData\Local\dd_vcredistMSI08C2.txt [2009.09.28 17:28:08 | 000,035,698 | ---- | C] () -- C:\Users\****\AppData\Local\dd_vcredistUI08C2.txt [2009.09.28 17:03:53 | 000,001,572 | ---- | C] () -- C:\Windows\Mobile Partner Manager.INI [2009.06.18 15:55:18 | 000,056,320 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll [2009.06.18 15:12:13 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll [2009.01.20 13:17:53 | 000,000,488 | ---- | C] () -- C:\Users\****\AppData\Roaming\wklnhst.dat [2008.11.20 21:45:30 | 000,042,320 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll [2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2008.09.12 21:06:31 | 000,003,569 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2008.09.12 20:44:13 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll [2008.09.12 20:44:13 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll [2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini ========== LOP Check ========== [2011.02.08 14:21:23 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\.minecraft [2010.06.28 14:13:06 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Atari [2010.08.06 11:08:33 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers [2010.11.01 16:33:36 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Football Superstars [2011.02.09 14:26:24 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ICQ [2010.06.28 14:12:18 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Leadertech [2009.01.02 14:16:09 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Magic Academy [2009.05.09 18:29:44 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\PlayFirst [2010.01.19 20:46:55 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Sony [2010.01.19 20:35:44 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Sony Setup [2011.01.06 19:30:47 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\SPORE Creature Creator [2010.05.14 12:40:57 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Telefónica [2009.01.20 13:18:52 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Template [2010.08.30 21:40:26 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Unity [2009.01.02 13:52:28 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\WildTangent [2009.11.20 17:56:48 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\WinBatch [2011.02.08 19:48:14 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.02.08 18:09:35 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{0F185AB9-B531-44FD-B108-644E5495223C}.job ========== Purity Check ========== < End of report > |
|
09.02.2011, 14:34
| #32 |
| | sshjnas.dll Virus hier die otl.txt:
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 09.02.2011 14:26:50 - Run 4 OTL by OldTimer - Version 3.2.20.6 Folder = c:\Users\****\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18999) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 582,63 Gb Total Space | 499,58 Gb Free Space | 85,75% Space Free | Partition Type: NTFS Drive D: | 13,54 Gb Total Space | 1,86 Gb Free Space | 13,75% Space Free | Partition Type: NTFS Computer Name: ****-PC | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.01.26 16:55:30 | 000,602,624 | ---- | M] (OldTimer Tools) -- c:\Users\****\Downloads\OTL.exe PRC - [2010.12.13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2010.12.13 08:39:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.12.13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2010.09.16 21:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe PRC - [2010.08.30 10:44:20 | 000,111,928 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe PRC - [2010.07.27 13:40:55 | 000,237,224 | ---- | M] () -- C:\Program Files (x86)\RealDesktop Toolbar\RealDesktopSvc.exe PRC - [2010.04.25 18:59:24 | 002,937,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe PRC - [2010.03.08 18:30:54 | 000,194,048 | ---- | M] (Telefónica I+D) -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe PRC - [2009.11.20 10:17:12 | 000,434,176 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe PRC - [2009.10.11 09:45:22 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe PRC - [2008.07.09 14:43:14 | 000,131,072 | ---- | M] (AccSys GmbH) -- C:\Program Files (x86)\Common Files\AccSys\AccVSSvc.exe ========== Modules (SafeList) ========== MOD - [2011.01.26 16:55:30 | 000,602,624 | ---- | M] (OldTimer Tools) -- c:\Users\****\Downloads\OTL.exe MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2008.05.14 23:03:34 | 000,887,808 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility) SRV - [2011.01.12 14:03:37 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.12.13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.12.13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.07.27 13:40:55 | 000,237,224 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealDesktop Toolbar\RealDesktopSvc.exe -- (RealDesktop Toolbar Helper) SRV - [2010.03.08 18:30:54 | 000,194,048 | ---- | M] (Telefónica I+D) [Auto | Running] -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc) SRV - [2010.02.10 18:07:00 | 003,458,548 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc) SRV - [2009.08.24 12:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service) SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.07.09 14:43:14 | 000,131,072 | ---- | M] (AccSys GmbH) [Auto | Running] -- C:\Program Files (x86)\Common Files\AccSys\AccVSSvc.exe -- (accvssvc) SRV - [2008.02.03 11:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc) ========== Driver Services (SafeList) ========== DRV:64bit: - [2010.12.13 08:40:21 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb) DRV:64bit: - [2010.12.13 08:40:21 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt) DRV:64bit: - [2009.10.01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009.03.25 16:48:00 | 000,153,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018mdm.sys -- (s1018mdm) DRV:64bit: - [2009.03.25 16:48:00 | 000,146,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) DRV:64bit: - [2009.03.25 16:48:00 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) DRV:64bit: - [2009.03.25 16:48:00 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018obex.sys -- (s1018obex) DRV:64bit: - [2009.03.25 16:48:00 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM) DRV:64bit: - [2009.03.25 16:48:00 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) DRV:64bit: - [2009.03.25 16:48:00 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018mdfl.sys -- (s1018mdfl) DRV:64bit: - [2008.11.18 16:27:10 | 000,118,016 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\gtstusbser_64.sys -- (gtstusbser_64) DRV:64bit: - [2008.05.14 23:49:44 | 004,436,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag) DRV:64bit: - [2007.06.29 13:48:06 | 000,039,424 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys -- (AmdLLD64) DRV:64bit: - [2006.09.18 22:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV - [2008.11.18 16:27:10 | 000,118,016 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\gtstusbser_64.sys -- (gtstusbser_64) DRV - [2005.01.03 16:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Home IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = Home IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = Home IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Home IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.5.8.6 FF - prefs.js..extensions.enabledItems: realdesktop@realdesktop.com:1.7 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.1.0.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009.03.28 09:58:14 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.21 16:44:10 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.01.26 15:03:12 | 000,000,000 | ---D | M] [2010.01.05 09:43:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions [2011.02.08 17:25:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions [2010.04.27 17:48:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.02.02 14:20:19 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.08.06 11:08:33 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.04.13 18:11:32 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2010.10.20 13:04:29 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2010.03.16 10:42:56 | 000,000,927 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\conduit.xml [2011.02.03 18:56:22 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-1.xml [2010.10.24 20:04:48 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-10.xml [2010.10.30 08:01:36 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-11.xml [2010.12.21 18:42:26 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-12.xml [2010.03.25 12:35:00 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-2.xml [2010.04.04 13:04:46 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-3.xml [2010.04.15 11:51:07 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-4.xml [2010.07.12 13:13:12 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-5.xml [2010.07.22 19:11:44 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-6.xml [2010.07.27 21:02:41 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-7.xml [2010.09.09 09:05:34 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-8.xml [2010.09.20 16:25:09 | 000,000,950 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-9.xml [2010.05.12 17:40:48 | 000,001,042 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin.xml [2010.10.20 13:04:07 | 000,003,915 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\sweetim.xml [2011.02.02 14:20:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.01.24 00:12:00 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.09.22 13:36:26 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011.01.26 15:03:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2010.07.11 19:42:30 | 000,000,000 | ---D | M] (Real Desktop Toolbar) -- C:\Program Files (x86)\mozilla firefox\extensions\realdesktop@realdesktop.com [2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2009.04.08 03:06:28 | 000,122,880 | ---- | M] (AB) -- C:\Program Files (x86)\mozilla firefox\plugins\NPOP7PlugIn.dll [2010.04.25 18:59:24 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\mozilla firefox\plugins\npPandoWebInst.dll [2010.07.03 12:36:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.07.03 12:36:47 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.07.03 12:36:48 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.02.09 14:19:42 | 000,002,772 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\RealDesktop.xml [2011.02.09 14:19:42 | 000,002,754 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\RealDesktop.xml.bak [2010.07.03 12:36:48 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.07.03 12:36:48 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.) O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Real Desktop Toolbar) - {4C350B19-6CA1-4569-B14C-296D8D653009} - C:\Program Files (x86)\RealDesktop Toolbar\realdesktoptb.dll (RealDesktop) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (no name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found. O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Real Desktop Toolbar) - {4C350B19-6CA1-4569-B14C-296D8D653009} - C:\Program Files (x86)\RealDesktop Toolbar\realdesktoptb.dll (RealDesktop) O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [o2DSLConnectionManager] C:\Program Files (x86)\DSL Connection Manager\o2DSLConnectionManager.exe (AccSys GmbH) O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB) O4 - HKCU..\Run: [Steam] c:\program files (x86)\steam\steam.exe (Valve Corporation) O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [WMPNSCFG] File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html () O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.) O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.250.99 193.189.244.205 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 30 Days ========== [2011.02.06 17:56:19 | 000,000,000 | R--D | C] -- C:\Users\****\Desktop\Garrys Mod [2011.02.02 14:20:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.4 [2011.02.02 14:19:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.4 [2011.01.30 11:22:41 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011.01.30 11:16:42 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2011.01.30 10:59:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2011.01.30 09:58:30 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\WinRAR [2011.01.30 09:58:30 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2011.01.30 09:58:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2011.01.30 09:58:26 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR [2011.01.29 23:18:45 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011.01.29 23:18:45 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011.01.29 23:18:44 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011.01.29 23:18:39 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.01.29 23:18:20 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.01.26 18:14:23 | 000,000,000 | ---D | C] -- C:\_OTL [2011.01.26 16:43:31 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\bereinigung [2011.01.26 16:31:26 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes [2011.01.26 16:31:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.01.26 16:31:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.01.26 16:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.01.26 16:31:15 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.01.26 16:31:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.01.26 15:03:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2011.01.19 18:54:56 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2011.01.19 16:51:04 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Avira [2011.01.17 18:14:06 | 000,000,000 | ---D | C] -- C:\ProgramData\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC} [2011.01.17 18:13:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activation Assistant for the 2007 Microsoft Office suites [2011.01.17 18:13:38 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Seven Zip [2011.01.17 18:13:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2011.01.17 18:11:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2011.01.17 18:11:42 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2011.01.17 18:10:20 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office [2011.01.17 18:06:53 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Microsoft Help [2011.01.17 18:06:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2011.01.17 18:06:24 | 000,000,000 | R--D | C] -- C:\MSOCache [2011.01.14 16:31:44 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\.minecraft ========== Files - Modified Within 30 Days ========== [2011.02.09 14:19:57 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.02.09 14:19:26 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.02.09 14:19:26 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.02.09 14:19:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.02.08 19:38:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.02.08 18:09:35 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0F185AB9-B531-44FD-B108-644E5495223C}.job [2011.02.08 15:06:11 | 001,460,240 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.02.08 15:06:11 | 000,632,718 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.02.08 15:06:11 | 000,599,406 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.02.08 15:06:11 | 000,130,244 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.02.08 15:06:11 | 000,106,884 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.02.08 15:02:43 | 000,005,120 | ---- | M] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.02.05 14:40:34 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2011.02.02 14:20:32 | 000,001,665 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.4.lnk [2011.01.30 10:03:52 | 000,000,488 | ---- | M] () -- C:\Users\****\AppData\Roaming\wklnhst.dat [2011.01.26 17:25:16 | 000,000,000 | ---- | M] () -- C:\Users\****\defogger_reenable [2011.01.26 16:48:46 | 000,000,680 | ---- | M] () -- C:\Users\****\AppData\Local\d3d9caps.dat [2011.01.26 16:31:20 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.01.26 14:17:30 | 000,000,000 | ---- | M] () -- C:\Users\****\AppData\Local\Rdedokoxaxedako.bin [2011.01.20 20:14:51 | 000,000,120 | ---- | M] () -- C:\Users\****\AppData\Local\Mtano.dat [2011.01.20 05:56:26 | 000,334,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.01.17 18:14:04 | 000,002,210 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Office – 60-Tage-Testversion.lnk ========== Files Created - No Company Name ========== [2011.02.02 14:20:32 | 000,001,665 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.4.lnk [2011.01.29 23:18:45 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011.01.29 23:18:45 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011.01.29 23:18:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.01.29 23:18:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.01.29 23:18:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.01.26 17:25:16 | 000,000,000 | ---- | C] () -- C:\Users\****\defogger_reenable [2011.01.26 16:48:21 | 000,000,680 | ---- | C] () -- C:\Users\****\AppData\Local\d3d9caps.dat [2011.01.26 16:31:20 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.01.20 20:14:51 | 000,000,120 | ---- | C] () -- C:\Users\****\AppData\Local\Mtano.dat [2011.01.20 20:14:51 | 000,000,000 | ---- | C] () -- C:\Users\****\AppData\Local\Rdedokoxaxedako.bin [2011.01.17 18:14:04 | 000,002,210 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Office – 60-Tage-Testversion.lnk [2011.01.07 17:09:40 | 000,001,078 | ---- | C] () -- C:\Windows\disney.ini [2011.01.07 17:09:38 | 000,000,175 | ---- | C] () -- C:\Windows\disneysy.ini [2010.12.05 14:48:32 | 000,028,160 | ---- | C] () -- C:\Windows\SysWow64\localuid.dll [2010.12.04 16:53:36 | 003,254,976 | ---- | C] () -- C:\Users\****\AppData\Local\dd_vcredistMSI47BA.txt [2010.12.04 16:53:32 | 000,012,490 | ---- | C] () -- C:\Users\****\AppData\Local\dd_vcredistUI47BA.txt [2010.05.08 10:13:19 | 000,429,170 | ---- | C] () -- C:\Users\****\AppData\Local\dd_vcredistMSI7D79.txt [2010.05.08 10:13:18 | 000,011,192 | ---- | C] () -- C:\Users\****\AppData\Local\dd_vcredistUI7D79.txt [2010.01.19 20:35:04 | 000,439,726 | ---- | C] () -- C:\Users\****\AppData\Local\dd_vcredistMSI14D8.txt [2010.01.19 20:35:03 | 000,082,666 | ---- | C] () -- C:\Users\****\AppData\Local\dd_vcredistUI14D8.txt [2010.01.01 14:11:24 | 002,729,472 | ---- | C] () -- C:\Windows\SysWow64\fun_avcodec.dll [2009.10.15 19:26:15 | 000,005,120 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.10.06 13:51:56 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009.10.06 13:50:31 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.09.28 17:28:08 | 000,419,556 | ---- | C] () -- C:\Users\****\AppData\Local\dd_vcredistMSI08C2.txt [2009.09.28 17:28:08 | 000,035,698 | ---- | C] () -- C:\Users\****\AppData\Local\dd_vcredistUI08C2.txt [2009.09.28 17:03:53 | 000,001,572 | ---- | C] () -- C:\Windows\Mobile Partner Manager.INI [2009.06.18 15:55:18 | 000,056,320 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll [2009.06.18 15:12:13 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll [2009.01.20 13:17:53 | 000,000,488 | ---- | C] () -- C:\Users\****\AppData\Roaming\wklnhst.dat [2008.11.20 21:45:30 | 000,042,320 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll [2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2008.09.12 21:06:31 | 000,003,569 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2008.09.12 20:44:13 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll [2008.09.12 20:44:13 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll [2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini ========== LOP Check ========== [2011.02.08 14:21:23 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\.minecraft [2010.06.28 14:13:06 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Atari [2010.08.06 11:08:33 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers [2010.11.01 16:33:36 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Football Superstars [2011.02.09 14:26:24 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ICQ [2010.06.28 14:12:18 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Leadertech [2009.01.02 14:16:09 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Magic Academy [2009.05.09 18:29:44 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\PlayFirst [2010.01.19 20:46:55 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Sony [2010.01.19 20:35:44 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Sony Setup [2011.01.06 19:30:47 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\SPORE Creature Creator [2010.05.14 12:40:57 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Telefónica [2009.01.20 13:18:52 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Template [2010.08.30 21:40:26 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Unity [2009.01.02 13:52:28 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\WildTangent [2009.11.20 17:56:48 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\WinBatch [2011.02.08 19:48:14 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.02.08 18:09:35 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{0F185AB9-B531-44FD-B108-644E5495223C}.job ========== Purity Check ========== < End of report > |
|
09.02.2011, 18:37
| #33 |
| /// Malwareteam   | sshjnas.dll Virus Logfile ist sauber
__________________ Hier noch die letzten paar Schritte zur Säuberung Deines Rechners. Schritt 1 Systemwiederherstellungpunkte leeren Windows +E Taste drücken --> Rechtsklick über Laufwerk C --> Eigenschaften --> Bereinigen --> weitere Optionen --> Systemwiederherstellung und Schattenkopien bereinigen. Schritt 2 Tool CleanUp Starte bitte die OTL.exe. Klicke nun auf den Bereinigung Button. Dies wird die meisten Tools und Logfiles entfernen. Sollte denoch etwas bestehen bleiben, bitte manuell entfernen sowie den Papierkorb leeren. Schritt 3 Automatische Updates Sehen wir nach ob die Updates für Windows sich automatisch downloaden. Das ist der beste Weg um all die Sicherheits- Patches und Fixes zu erhalten. Windows + R Taste drücken. Kopiere nun folgenden Text in die Kommandozeile RunDll32.exe shell32.dll,Control_RunDLL wscui.cpl und klicke auf OK. Stelle sicher das die automatischen Updates aktiviert sind. Schritt 4 Um Dich für die Zukunft vor weiteren Infizierungen zu schützen empfehle ich Dir noch ein paar Programme.
Schritt 5 Tipps für sicheres Surfen Das sind meine Vorschläge. Verwende einen alternativen Browser statt den IE. Ich empfehle Mozilla Firefox. Für Firefox gibt es verschiedenste AddOns um sicher durch das WWW zu kommen.
Don'ts
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen. Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann. |
|
10.02.2011, 11:37
| #34 |
| | sshjnas.dll Virus ähm was sind temporäre internetdateien und bei mir auf vista kommt des net mit =systemwiederherstellung und schattenkopien bereinigen |
|
10.02.2011, 19:10
| #36 |
| | sshjnas.dll Virus okay alles klar es ist alles gut geloffen alles so gemacht wie du es gesagt hast thx. Gruß Marci |
|
| Themen zu sshjnas.dll Virus |
| arten, assembly, beim starten, c:\windows, das angegebene modul wurde nicht gefunden, fehlermeldung, gefunde, laden, modul, nicht gefunden, protected, sshnas.dll, starte, starten, system, system32, version, virus, windows |
Linear-Darstellung
