| |
| |||||||
Log-Analyse und Auswertung: Virus oder Exploit der sich per Audioübertragung bemerkbar machtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
07.05.2011, 10:15
| #1 |
| |  Virus oder Exploit der sich per Audioübertragung bemerkbar macht Hallo, ich glaube ich habe einen Virus oder einen Exploit auf dem Rechner. Bemerkbar gemacht hat er sich vor allem dadurch, dass plötzlich eine Becks-Werbung ("Wer sagt, dass eine Wohnung Wände braucht...")im Hintergrund läuft und danach Stimmen wie aus einer Radiosendung oder TV-Sendung zu hören sind. Außerdem kommen immer Skript-Fehler für Seiten die ich nicht aufrufe. Die Fehlermeldungen beziehen sich auf den Internet Explorer, den ich nicht nutze. Manchmal kommt auch ein Fenster mit dem Inhalt "Thank you for Visiting this Site" obwohl ich z.B. gar keine Seiten aufgerufen hab. Google Chrome ging mir kaputt, Opera ebenso und der Firefox leitet öfters mal auf Seiten weiter, die ich gar nicht aufgerufen hab. Malwarebytes Anti-Malware hab ich durchlaufen lassen. Einmal den Quick Scan und einmal den kompletten. Hat aber nix gebracht, weil ich diese Becks-Werbung schon wieder gehört hab. |
|
07.05.2011, 11:39
| #2 |
| | Virus oder Exploit der sich per Audioübertragung bemerkbar macht Das Problem besteht weiterhin. Deshalb hier der OTL-Scan.
__________________Bei Datei-Alter hab ich 30 Tage eingestellt. Soll ich das nochmal erweitern? Ich hab auch noch mal eine ältere Panda Cloud-Scan-Datei angehängt. Vielen Dank im Voraus hier das OTL-LogOTL Logfile: Code:
ATTFilter OTL logfile created on: 07.05.2011 12:29:14 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\XX\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,04 Gb Total Space | 2,04 Gb Free Space | 1,42% Space Free | Partition Type: NTFS Drive D: | 140,50 Gb Total Space | 4,10 Gb Free Space | 2,92% Space Free | Partition Type: NTFS Computer Name: XX | User Name: XX | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.05.07 12:22:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe PRC - [2011.05.01 22:05:49 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.03.30 15:06:16 | 002,860,800 | ---- | M] (Emsi Software GmbH) -- C:\Programme\Emsisoft Anti-Malware\a2service.exe PRC - [2011.03.21 23:10:00 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2011.03.04 14:36:11 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.03.04 14:36:11 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.02.24 15:36:15 | 000,423,232 | ---- | M] (Panda Security, S.L.) -- C:\Programme\Panda Security\Panda Cloud Antivirus\PSUNMain.exe PRC - [2010.12.20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe PRC - [2010.12.16 18:25:17 | 000,456,000 | ---- | M] (Panda Security, S.L.) -- C:\Programme\Panda Security\Panda Cloud Antivirus\PSANToManager.exe PRC - [2010.12.16 18:19:34 | 000,140,608 | ---- | M] (Panda Security, S.L.) -- C:\Programme\Panda Security\Panda Cloud Antivirus\PSANHost.exe PRC - [2010.10.16 13:42:38 | 000,792,680 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.03.28 21:11:34 | 006,831,360 | ---- | M] (Foxit Software Company) -- C:\Programme\Foxit Software\Foxit Reader\Foxit Reader.exe PRC - [2008.12.13 23:29:42 | 000,204,800 | -H-- | M] (Realtek Semiconductor Corp.) -- C:\Users\Mark\AppData\Local\Temp\RtkBtMnt.exe PRC - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2008.08.04 01:02:20 | 000,036,352 | ---- | M] () -- C:\Programme\Winamp\winampa.exe PRC - [2008.08.01 10:51:42 | 000,405,504 | ---- | M] (Acer Inc.) -- C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe PRC - [2008.07.20 11:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008.06.11 23:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe PRC - [2008.06.02 10:25:40 | 000,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe PRC - [2008.05.14 17:05:30 | 000,500,784 | -H-- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe PRC - [2008.05.07 10:19:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.03.25 16:25:06 | 000,050,952 | ---- | M] (UPEK Inc.) -- C:\Programme\Common Files\SPBA\upeksvr.exe PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.10 18:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\RS_Service.exe PRC - [2007.12.06 16:15:28 | 000,110,592 | -H-- | M] () -- C:\ACER\Mobility Center\MobilityService.exe PRC - [2006.11.02 14:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe ========== Modules (SafeList) ========== MOD - [2011.05.07 12:22:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe MOD - [2011.04.12 19:52:31 | 000,213,696 | ---- | M] (Emsi Software GmbH) -- C:\Programme\Emsisoft Anti-Malware\a2hooks32.dll MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011.05.01 22:05:49 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.04.26 22:42:57 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.03.30 15:06:16 | 002,860,800 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware) SRV - [2011.03.04 14:36:11 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.12.16 18:19:34 | 000,140,608 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain) SRV - [2009.04.21 13:59:02 | 002,869,760 | -H-- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Stopped] -- C:\Windows\System32\hasplms.exe -- (hasplms) SRV - [2009.01.20 15:28:43 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2008.07.20 11:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2008.06.02 10:25:40 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2008.05.14 17:05:30 | 000,500,784 | -H-- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.10 18:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2007.12.06 16:15:28 | 000,110,592 | -H-- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) ========== Driver Services (SafeList) ========== DRV - [2011.03.04 16:11:12 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.03.04 14:36:34 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.02.20 21:30:06 | 000,073,728 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc) DRV - [2010.12.16 18:10:41 | 000,113,736 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINProt.sys -- (PSINProt) DRV - [2010.12.16 18:10:36 | 000,111,176 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINProc.sys -- (PSINProc) DRV - [2010.12.16 18:10:30 | 000,126,536 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\PSINKNC.sys -- (PSINKNC) DRV - [2010.12.16 18:10:25 | 000,099,400 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINFile.sys -- (PSINFile) DRV - [2010.12.16 18:10:20 | 000,141,384 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINAflt.sys -- (PSINAflt) DRV - [2010.10.16 20:55:00 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010.09.07 22:08:56 | 000,123,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2010.09.05 12:25:22 | 000,041,928 | ---- | M] (Emsi Software GmbH) [File_System | System | Running] -- C:\Programme\Emsisoft Anti-Malware\a2dix86.sys -- (a2injectiondriver) DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.05.05 09:40:32 | 000,011,776 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Programme\Emsisoft Anti-Malware\a2util32.sys -- (a2util) DRV - [2009.03.13 12:55:28 | 000,586,752 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock) DRV - [2009.03.13 12:55:28 | 000,020,480 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb) DRV - [2009.03.13 12:55:26 | 000,238,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp) DRV - [2009.01.16 13:42:28 | 000,352,256 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge) DRV - [2008.12.13 17:26:25 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2008.07.30 07:51:30 | 000,277,736 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11) DRV - [2008.05.19 18:23:00 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E) DRV - [2008.05.05 03:05:00 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2007.10.19 00:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007.07.23 16:12:44 | 000,046,336 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshhl.sys -- (akshhl) DRV - [2007.03.28 07:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir) DRV - [2007.02.28 20:55:48 | 000,092,032 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2007.01.26 08:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2007.01.21 18:42:52 | 000,009,472 | ---- | M] (Resplendence Software Projects Sp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\rspsc.sys -- (RSPSC) DRV - [2005.08.18 01:00:00 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\Lavalys\EVEREST Home Edition\kerneld.wnt -- (EverestDriver) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1008&m=aspire_6930g IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1008&m=aspire_6930g IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1008&m=aspire_6930g IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1008&m=aspire_6930g IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2 IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.23.0 FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2 FF - prefs.js..extensions.enabledItems: {000F1EA4-5E08-4564-A29B-29076F63A37A}:1.0.3.126 FF - prefs.js..extensions.enabledItems: extension@virtusdesigns.com:3.6.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.7 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 8118 FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1" FF - prefs.js..network.proxy.socks: "127.0.0.1" FF - prefs.js..network.proxy.socks_port: 9050 FF - prefs.js..network.proxy.socks_remote_dns: true FF - prefs.js..network.proxy.ssl: "127.0.0.1" FF - prefs.js..network.proxy.ssl_port: 8118 FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.03.13 12:30:23 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.03.13 12:30:23 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.06 21:17:37 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.06 21:16:46 | 000,000,000 | ---D | M] [2009.01.10 09:33:03 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\mozilla\Extensions [2011.05.07 12:28:04 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\4jdkmx90.default\extensions [2010.09.25 16:41:42 | 000,000,000 | -H-D | M] () -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\4jdkmx90.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A} [2010.04.29 22:26:38 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\4jdkmx90.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.12.19 18:37:14 | 000,000,000 | -H-D | M] (Aero Fox XL) -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\4jdkmx90.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66} [2011.05.07 12:28:03 | 000,000,000 | -H-D | M] (Adblock Plus) -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\4jdkmx90.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.04.29 22:27:04 | 000,000,000 | -H-D | M] (Torbutton) -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\4jdkmx90.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca} [2010.07.07 14:40:28 | 000,000,000 | -H-D | M] (Battlefield Heroes Updater) -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\4jdkmx90.default\extensions\battlefieldheroespatcher@ea.com [2010.12.19 18:37:20 | 000,000,000 | -H-D | M] (Virtus Search Opt-in) -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\4jdkmx90.default\extensions\extension@virtusdesigns.com [2011.05.07 12:28:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\4jdkmx90.default\extensions\staged [2010.12.19 18:37:20 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\4jdkmx90.default\extensions\extension@virtusdesigns.com\chrome [2010.12.19 18:37:14 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\4jdkmx90.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions [2009.05.13 17:38:10 | 000,002,414 | -H-- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4jdkmx90.default\searchplugins\sueddeutschede.xml [2011.02.08 14:52:29 | 000,001,330 | -H-- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4jdkmx90.default\searchplugins\wikipedia-en.xml [2010.01.30 16:51:03 | 000,002,214 | -H-- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4jdkmx90.default\searchplugins\wikipedia-english.xml [2009.01.12 01:18:04 | 000,002,108 | -H-- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4jdkmx90.default\searchplugins\youtube-videosuche.xml [2011.05.06 21:17:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.05.05 13:53:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.16 17:59:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.12.15 10:48:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} File not found (No name found) -- [2008.12.13 17:13:18 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2009.03.25 21:23:45 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009.08.31 12:01:29 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009.12.02 01:05:00 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010.04.02 16:12:01 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [2010.05.05 13:53:37 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.16 17:59:06 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.12.15 10:48:34 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.04.14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll [2011.05.06 05:20:25 | 000,472,808 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2009.03.28 21:11:34 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PSUNMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation) O4 - Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Mark\AppData\Roaming\Dropbox\bin\Dropbox.exe () O4 - Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html () O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AutorunsDisabled: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O20 - Winlogon\Notify\spba: DllName - C:\Program Files\Common Files\SPBA\homefus2.dll - C:\Programme\Common Files\SPBA\homefus2.dll (UPEK Inc.) O24 - Desktop WallPaper: C:\Users\Mark\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Mark\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{18b79d72-1d7b-11e0-9c46-00238b1c36d4}\Shell\AutoRun\command - "" = E:\Menu.exe O33 - MountPoints2\{1fe587fb-1824-11e0-9267-00238b1c36d4}\Shell - "" = AutoRun O33 - MountPoints2\{1fe587fb-1824-11e0-9267-00238b1c36d4}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\{527a51c6-50b1-11e0-99ac-00238b1c36d4}\Shell - "" = AutoRun O33 - MountPoints2\{527a51c6-50b1-11e0-99ac-00238b1c36d4}\Shell\AutoRun\command - "" = K:\start.exe O33 - MountPoints2\{7855f996-def6-11dd-9fec-00238b1c36d4}\Shell - "" = AutoRun O33 - MountPoints2\{7855f996-def6-11dd-9fec-00238b1c36d4}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{7855f9af-def6-11dd-9fec-00238b1c36d4}\Shell - "" = AutoRun O33 - MountPoints2\{7855f9af-def6-11dd-9fec-00238b1c36d4}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{96f5c6b6-4a93-11e0-bffe-00238b1c36d4}\Shell - "" = AutoRun O33 - MountPoints2\{96f5c6b6-4a93-11e0-bffe-00238b1c36d4}\Shell\AutoRun\command - "" = J:\SETUP.EXE O33 - MountPoints2\{98406c43-c92e-11dd-9210-00238b1c36d4}\Shell - "" = AutoRun O33 - MountPoints2\{98406c43-c92e-11dd-9210-00238b1c36d4}\Shell\AutoRun\command - "" = G:\SETUP.EXE O33 - MountPoints2\{a948e6f9-4765-11df-be0b-00238b1c36d4}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MUSIKCOMPUTER.vbs O33 - MountPoints2\{b20e6fd2-3c1a-11de-9363-00238b1c36d4}\Shell\AutoRun\command - "" = I:\Qpbsjg.eXE O33 - MountPoints2\{b20e6fd2-3c1a-11de-9363-00238b1c36d4}\Shell\OPEN\CoMMaND - "" = I:\QpBsJg.EXE O33 - MountPoints2\{d1b4a504-cec3-11dd-9e56-00238b1c36d4}\Shell - "" = AutoRun O33 - MountPoints2\{d1b4a504-cec3-11dd-9e56-00238b1c36d4}\Shell\AutoRun\command - "" = E:\SETUP.EXE O33 - MountPoints2\{d7f7ee36-ceca-11dd-912f-00238b1c36d4}\Shell - "" = AutoRun O33 - MountPoints2\{d7f7ee36-ceca-11dd-912f-00238b1c36d4}\Shell\AutoRun\command - "" = H:\SETUP.EXE O33 - MountPoints2\{f2d4a955-6a12-11de-837f-00238b1c36d4}\Shell\AutoRun\command - "" = Recycler\S-1-5-21-725345543-1958367476-839522115-1003.exe O33 - MountPoints2\{f2d4a955-6a12-11de-837f-00238b1c36d4}\Shell\open\Command - "" = Recycler\S-1-5-21-725345543-1958367476-839522115-1003.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.05.07 12:22:03 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe [2011.05.06 05:31:18 | 000,000,000 | ---D | C] -- C:\Users\Mark\Desktop\MSM [2011.05.06 05:21:06 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.05.06 05:21:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.05.06 05:21:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.05.06 05:18:44 | 000,886,560 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Mark\Desktop\jxpiinstall.exe [2011.05.05 12:23:40 | 000,000,000 | -HSD | C] -- C:\found.000 [2011.05.05 00:12:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.05.05 00:12:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.05.05 00:12:45 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.05.02 15:57:11 | 000,000,000 | ---D | C] -- C:\Users\Mark\Desktop\Küche [2011.04.26 23:02:53 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Panda Security [2011.04.26 23:02:18 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Panda Cloud Antivirus [2011.04.26 23:02:11 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\SurfSecret Privacy Suite [2011.04.26 23:01:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Cloud Antivirus [2011.04.26 23:01:14 | 000,000,000 | ---D | C] -- C:\Programme\Panda Security [2011.04.26 23:01:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security [2011.04.16 11:11:46 | 000,000,000 | -H-D | C] -- C:\Users\Mark\AppData\Roaming\Opera [2011.04.16 11:11:46 | 000,000,000 | -H-D | C] -- C:\Users\Mark\AppData\Local\Opera [2011.04.16 11:11:37 | 000,000,000 | ---D | C] -- C:\Programme\Opera [2011.04.14 19:13:09 | 000,000,000 | -H-D | C] -- C:\Users\Mark\AppData\Roaming\Avira [2011.04.14 11:46:39 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.14 11:46:38 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.14 11:46:25 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.14 11:46:23 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.14 11:46:12 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.14 11:45:53 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.04.14 11:45:53 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.14 11:45:52 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.14 11:45:52 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.14 11:45:51 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.04.14 11:45:51 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2011.04.14 11:45:43 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.14 11:45:37 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.14 11:45:36 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2008.07.22 10:01:25 | 000,049,152 | -H-- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.05.07 12:28:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.05.07 12:22:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe [2011.05.07 10:57:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.07 10:57:44 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.07 10:57:44 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.06 21:19:19 | 000,000,852 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.05.06 21:09:17 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.05.06 21:08:53 | 3215,839,232 | -HS- | M] () -- C:\hiberfil.sys [2011.05.06 08:37:54 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.05.06 05:20:19 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.05.06 05:20:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.05.06 05:20:17 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.05.06 05:18:50 | 000,886,560 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Mark\Desktop\jxpiinstall.exe [2011.05.05 00:12:50 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.02 23:59:54 | 000,012,640 | ---- | M] () -- C:\Users\Mark\Desktop\Analyse Preiserhöhung 2011.ods [2011.05.02 13:26:14 | 000,130,461 | ---- | M] () -- C:\Users\Mark\Desktop\S%2BU-Bahn_ABC_0105_2011.pdf [2011.05.02 12:15:02 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.05.02 12:15:02 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.05.02 12:15:02 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.05.02 12:15:02 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.26 23:01:38 | 000,000,264 | ---- | M] () -- C:\Windows\System32\PSUNCpl.dat [2011.04.23 14:30:55 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2011.04.23 03:06:59 | 000,017,408 | -H-- | M] () -- C:\Users\Mark\AppData\Local\WebpageIcons.db [2011.04.21 01:49:51 | 000,043,520 | -H-- | M] () -- C:\Windows\System32\CmdLineExt03.dll [2011.04.16 11:11:44 | 000,001,620 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk [2011.04.16 10:52:05 | 000,324,864 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.05.06 21:19:18 | 000,000,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.05.06 21:19:18 | 000,000,852 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.05.05 00:12:50 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.02 14:04:58 | 000,012,640 | ---- | C] () -- C:\Users\Mark\Desktop\Analyse Preiserhöhung 2011.ods [2011.05.02 13:26:13 | 000,130,461 | ---- | C] () -- C:\Users\Mark\Desktop\S%2BU-Bahn_ABC_0105_2011.pdf [2011.04.26 23:01:38 | 000,000,264 | ---- | C] () -- C:\Windows\System32\PSUNCpl.dat [2011.04.16 11:11:44 | 000,001,632 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk [2011.04.16 11:11:44 | 000,001,620 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk [2011.03.14 00:52:34 | 000,116,224 | -H-- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2011.03.10 00:39:17 | 000,043,520 | -H-- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2011.03.10 00:33:38 | 000,031,302 | -H-- | C] () -- C:\Windows\DIIUnin.dat [2010.09.07 14:28:40 | 000,001,109 | -H-- | C] () -- C:\Windows\Stars.ini [2010.06.27 16:02:14 | 000,017,408 | -H-- | C] () -- C:\Users\Mark\AppData\Local\WebpageIcons.db [2010.02.19 01:35:51 | 000,000,000 | -H-- | C] () -- C:\Windows\PowerReg.dat [2010.02.18 19:48:26 | 000,056,832 | -H-- | C] () -- C:\Windows\System32\IYVU9_32.DLL [2010.02.18 18:26:33 | 000,000,023 | -H-- | C] () -- C:\Windows\civnet.ini [2010.02.18 18:09:10 | 000,000,334 | -H-- | C] () -- C:\Windows\civ.ini [2010.01.29 01:30:43 | 000,000,256 | -H-- | C] () -- C:\Windows\System32\pool.bin [2009.12.05 15:30:52 | 000,000,307 | -H-- | C] () -- C:\Windows\doom3.ini [2009.11.21 16:43:19 | 002,427,248 | -H-- | C] () -- C:\Windows\System32\pbsvc_heroes.exe [2009.09.11 11:03:03 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.11 11:03:03 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.09.11 11:02:07 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.04.22 00:19:06 | 000,172,173 | -H-- | C] () -- C:\Windows\System32\xlive.dll.cat [2009.04.20 11:48:16 | 000,000,980 | -H-- | C] () -- C:\Windows\eReg.dat [2009.04.16 19:34:47 | 000,137,960 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2009.02.27 21:47:33 | 000,138,056 | -H-- | C] () -- C:\Users\Mark\AppData\Roaming\PnkBstrK.sys [2009.02.27 21:47:19 | 000,235,248 | -H-- | C] () -- C:\Windows\System32\PnkBstrB.exe [2009.02.27 21:47:17 | 000,075,064 | -H-- | C] () -- C:\Windows\System32\PnkBstrA.exe [2009.02.27 21:47:16 | 002,373,712 | -H-- | C] () -- C:\Windows\System32\pbsvc.exe [2009.02.19 12:11:03 | 000,000,010 | -H-- | C] () -- C:\Windows\popcinfo.dat [2009.02.08 03:37:50 | 000,000,164 | -H-- | C] () -- C:\Windows\S3D.ini [2009.01.09 18:54:22 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\yz5ybcv.dll [2009.01.09 18:54:22 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\t6j5gdb.dll [2009.01.09 18:54:22 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\qjucyzl.dll [2009.01.09 18:54:22 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\oag2i1f.dll [2009.01.09 18:54:22 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\ip6jgjt.dll [2009.01.09 18:54:21 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\mtsaprb.dll [2009.01.09 18:54:21 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\iizg60c.dll [2009.01.09 18:54:21 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\h3j2dhx.dll [2009.01.09 18:54:21 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\dui2j0t.dll [2009.01.09 18:54:19 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\we8fmmv.dll [2009.01.09 18:54:19 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\a26zruq.dll [2009.01.09 18:54:18 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\x3qil9f.dll [2009.01.09 18:54:18 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\qeevd27.dll [2009.01.09 18:54:18 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\pthgzll.dll [2009.01.09 18:54:15 | 000,001,025 | -H-- | C] () -- C:\Windows\System32\idixz3f.dll [2009.01.09 18:54:15 | 000,000,204 | -H-- | C] () -- C:\Windows\System32\ynmj2qi.dll [2009.01.09 18:54:13 | 000,001,025 | -H-- | C] () -- C:\Windows\System32\grcauth2.dll [2009.01.09 18:54:13 | 000,001,025 | -H-- | C] () -- C:\Windows\System32\grcauth1.dll [2009.01.09 18:54:13 | 000,000,100 | -H-- | C] () -- C:\Windows\System32\prsgrc.dll [2009.01.09 18:54:10 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\hjyl1xp.dll [2009.01.07 20:24:20 | 000,000,130 | -H-- | C] () -- C:\Users\Mark\AppData\Roaming\wklnhst.dat [2008.12.23 14:02:22 | 000,000,061 | -H-- | C] () -- C:\Windows\wininit.ini [2008.12.20 23:16:29 | 000,000,313 | -H-- | C] () -- C:\Windows\CoDUO.INI [2008.12.20 22:57:51 | 000,000,713 | -H-- | C] () -- C:\Windows\CoD.INI [2008.12.17 22:53:33 | 000,000,273 | -H-- | C] () -- C:\Windows\game.ini [2008.12.16 03:59:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.12.13 19:45:01 | 000,001,025 | -H-- | C] () -- C:\Windows\System32\sysprs7.dll [2008.12.13 19:45:01 | 000,000,341 | -H-- | C] () -- C:\Windows\System32\lsprst7.dll [2008.12.13 19:42:12 | 000,001,024 | -H-- | C] () -- C:\Windows\System32\clauth2.dll [2008.12.13 19:42:12 | 000,001,024 | -H-- | C] () -- C:\Windows\System32\clauth1.dll [2008.12.13 19:42:12 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\ssprs.dll [2008.12.13 19:42:12 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\nsprs.dll [2008.12.13 18:50:08 | 000,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys [2008.12.13 18:47:33 | 000,176,456 | -H-- | C] () -- C:\ProgramData\nvModes.001 [2008.12.13 18:23:24 | 000,176,456 | -H-- | C] () -- C:\ProgramData\nvModes.dat [2008.12.13 17:59:13 | 000,001,356 | -H-- | C] () -- C:\Users\Mark\AppData\Local\d3d9caps.dat [2008.12.13 17:05:41 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat [2008.12.13 16:46:26 | 000,088,064 | -H-- | C] () -- C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.10.28 15:00:51 | 000,626,688 | -H-- | C] () -- C:\Windows\Image.dll [2008.10.28 15:00:51 | 000,200,704 | -H-- | C] () -- C:\Windows\PLFSetI.exe [2008.10.28 15:00:51 | 000,000,036 | -H-- | C] () -- C:\Windows\PidList.ini [2008.10.28 14:48:01 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2008.07.30 12:19:21 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.07.30 04:13:17 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll [2008.07.30 04:13:17 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll [2008.07.30 03:47:56 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll [2008.07.30 03:42:04 | 000,487,424 | -H-- | C] () -- C:\Windows\System32\INT15.dll [2008.07.30 03:25:14 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2008.07.30 03:25:14 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2008.07.30 03:25:14 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2008.07.30 03:25:14 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2008.01.21 09:15:58 | 000,618,442 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,122,842 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.08.29 16:55:38 | 000,081,920 | -H-- | C] () -- C:\Windows\System32\sw2_ttls_manager.exe [2007.01.26 08:32:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,324,864 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,587,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,101,250 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.11.14 14:56:00 | 001,802,240 | -H-- | C] () -- C:\Windows\System32\lcppn21.dll [2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2009.02.08 22:02:56 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\Ableton [2008.12.14 13:38:18 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\Acer [2008.07.30 04:10:28 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\Acer GameZone Console [2009.03.14 00:37:43 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\Canneverbe_Limited [2009.07.19 21:11:53 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\Canon [2009.12.27 23:12:45 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\Coopnet [2008.12.13 18:03:06 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\DAEMON Tools [2008.12.13 18:04:29 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\DAEMON Tools Lite [2009.01.18 19:15:09 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\DAEMON Tools Pro [2010.08.09 16:24:13 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\DL [2011.05.06 21:32:06 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\Dropbox [2009.03.28 21:12:15 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\Foxit [2011.01.10 23:48:42 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\gtk-2.0 [2009.04.20 11:37:25 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\Hyperz [2010.07.09 11:51:01 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\ICQ [2010.01.30 20:21:48 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\IrfanView [2011.01.13 04:06:57 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\JonDo [2010.02.19 01:43:00 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\Leadertech [2010.02.07 20:55:48 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\Mobipocket [2009.03.09 19:10:30 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\OpenOffice.org [2011.04.16 11:11:46 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\Opera [2011.04.26 23:02:53 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Panda Security [2010.02.06 15:24:28 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\ProtectDisc [2009.05.22 00:58:13 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\Red Alert 3 [2010.10.09 19:12:31 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\Research In Motion [2008.12.14 14:03:19 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\SPORE [2011.04.26 23:02:11 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\SurfSecret Privacy Suite [2010.08.26 12:50:04 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\Template [2011.03.20 13:15:25 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\uTorrent [2009.02.04 02:03:42 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\WebCam Recorder [2008.12.20 23:23:08 | 000,000,334 | -H-- | M] () -- C:\Windows\Tasks\ezpxivlt.job [2011.05.06 08:37:54 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:B623B5B8 < End of report > |
|
07.05.2011, 15:26
| #3 |
| /// Malware-holic   | Virus oder Exploit der sich per Audioübertragung bemerkbar macht hi,
__________________dabei ist das doch nen gutes bier, was du nur hast :-) ne spaß bei seite. bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ |
|
09.05.2011, 00:07
| #4 |
| | Virus oder Exploit der sich per Audioübertragung bemerkbar macht Oha dankeschön. Das Problem scheint sich geklärt zu haben. mfg bucky |
|
09.05.2011, 10:11
| #5 |
| /// Malware-holic | Virus oder Exploit der sich per Audioübertragung bemerkbar macht machst du onlinebanking einkäufe oder sonst was wichtiges mit dem pc? (privat oder beruflich)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Virus oder Exploit der sich per Audioübertragung bemerkbar macht |
| anti-malware, exploit, explorer, fehlermeldungen, fenster, firefox, gen, google, google chrome, hintergrund, hören, inhalt, interne, internet, internet explorer, kaputt, leitet, opera, plötzlich, quick, scan, seite, seiten, stimme, stimmen, this, virus |
Linear-Darstellung
