Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Virus oder Exploit der sich per Audioübertragung bemerkbar macht (https://www.trojaner-board.de/98773-virus-exploit-per-audiouebertragung-bemerkbar-macht.html)

Buckyfuller 07.05.2011 10:15

Virus oder Exploit der sich per Audioübertragung bemerkbar macht
 
Hallo,

ich glaube ich habe einen Virus oder einen Exploit auf dem Rechner. Bemerkbar gemacht hat er sich vor allem dadurch, dass plötzlich eine Becks-Werbung ("Wer sagt, dass eine Wohnung Wände braucht...")im Hintergrund läuft und danach Stimmen wie aus einer Radiosendung oder TV-Sendung zu hören sind. Außerdem kommen immer Skript-Fehler für Seiten die ich nicht aufrufe. Die Fehlermeldungen beziehen sich auf den Internet Explorer, den ich nicht nutze. Manchmal kommt auch ein Fenster mit dem Inhalt "Thank you for Visiting this Site" obwohl ich z.B. gar keine Seiten aufgerufen hab. Google Chrome ging mir kaputt, Opera ebenso und der Firefox leitet öfters mal auf Seiten weiter, die ich gar nicht aufgerufen hab.

Malwarebytes Anti-Malware hab ich durchlaufen lassen. Einmal den Quick Scan und einmal den kompletten. Hat aber nix gebracht, weil ich diese Becks-Werbung schon wieder gehört hab.

Buckyfuller 07.05.2011 11:39

Das Problem besteht weiterhin. Deshalb hier der OTL-Scan.

Bei Datei-Alter hab ich 30 Tage eingestellt. Soll ich das nochmal erweitern?



Ich hab auch noch mal eine ältere Panda Cloud-Scan-Datei angehängt.


Vielen Dank im Voraus


hier das OTL-LogOTL Logfile:
Code:

OTL logfile created on: 07.05.2011 12:29:14 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\XX\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 2,04 Gb Free Space | 1,42% Space Free | Partition Type: NTFS
Drive D: | 140,50 Gb Total Space | 4,10 Gb Free Space | 2,92% Space Free | Partition Type: NTFS
 
Computer Name: XX | User Name: XX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.05.07 12:22:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
PRC - [2011.05.01 22:05:49 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.30 15:06:16 | 002,860,800 | ---- | M] (Emsi Software GmbH) -- C:\Programme\Emsisoft Anti-Malware\a2service.exe
PRC - [2011.03.21 23:10:00 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.03.04 14:36:11 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.03.04 14:36:11 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.02.24 15:36:15 | 000,423,232 | ---- | M] (Panda Security, S.L.) -- C:\Programme\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
PRC - [2010.12.20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010.12.16 18:25:17 | 000,456,000 | ---- | M] (Panda Security, S.L.) -- C:\Programme\Panda Security\Panda Cloud Antivirus\PSANToManager.exe
PRC - [2010.12.16 18:19:34 | 000,140,608 | ---- | M] (Panda Security, S.L.) -- C:\Programme\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2010.10.16 13:42:38 | 000,792,680 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.28 21:11:34 | 006,831,360 | ---- | M] (Foxit Software Company) -- C:\Programme\Foxit Software\Foxit Reader\Foxit Reader.exe
PRC - [2008.12.13 23:29:42 | 000,204,800 | -H-- | M] (Realtek Semiconductor Corp.) -- C:\Users\Mark\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2008.08.04 01:02:20 | 000,036,352 | ---- | M] () -- C:\Programme\Winamp\winampa.exe
PRC - [2008.08.01 10:51:42 | 000,405,504 | ---- | M] (Acer Inc.) -- C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008.07.20 11:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008.06.11 23:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008.06.02 10:25:40 | 000,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008.05.14 17:05:30 | 000,500,784 | -H-- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008.05.07 10:19:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.03.25 16:25:06 | 000,050,952 | ---- | M] (UPEK Inc.) -- C:\Programme\Common Files\SPBA\upeksvr.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.10 18:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\RS_Service.exe
PRC - [2007.12.06 16:15:28 | 000,110,592 | -H-- | M] () -- C:\ACER\Mobility Center\MobilityService.exe
PRC - [2006.11.02 14:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.05.07 12:22:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
MOD - [2011.04.12 19:52:31 | 000,213,696 | ---- | M] (Emsi Software GmbH) -- C:\Programme\Emsisoft Anti-Malware\a2hooks32.dll
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.05.01 22:05:49 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.04.26 22:42:57 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.03.30 15:06:16 | 002,860,800 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2011.03.04 14:36:11 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.12.16 18:19:34 | 000,140,608 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2009.04.21 13:59:02 | 002,869,760 | -H-- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Stopped] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2009.01.20 15:28:43 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008.07.20 11:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008.06.02 10:25:40 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.05.14 17:05:30 | 000,500,784 | -H-- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.10 18:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2007.12.06 16:15:28 | 000,110,592 | -H-- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.03.04 16:11:12 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.03.04 14:36:34 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.02.20 21:30:06 | 000,073,728 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2010.12.16 18:10:41 | 000,113,736 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINProt.sys -- (PSINProt)
DRV - [2010.12.16 18:10:36 | 000,111,176 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINProc.sys -- (PSINProc)
DRV - [2010.12.16 18:10:30 | 000,126,536 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\PSINKNC.sys -- (PSINKNC)
DRV - [2010.12.16 18:10:25 | 000,099,400 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINFile.sys -- (PSINFile)
DRV - [2010.12.16 18:10:20 | 000,141,384 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINAflt.sys -- (PSINAflt)
DRV - [2010.10.16 20:55:00 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.09.07 22:08:56 | 000,123,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010.09.05 12:25:22 | 000,041,928 | ---- | M] (Emsi Software GmbH) [File_System | System | Running] -- C:\Programme\Emsisoft Anti-Malware\a2dix86.sys -- (a2injectiondriver)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.05 09:40:32 | 000,011,776 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Programme\Emsisoft Anti-Malware\a2util32.sys -- (a2util)
DRV - [2009.03.13 12:55:28 | 000,586,752 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock)
DRV - [2009.03.13 12:55:28 | 000,020,480 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb)
DRV - [2009.03.13 12:55:26 | 000,238,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp)
DRV - [2009.01.16 13:42:28 | 000,352,256 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008.12.13 17:26:25 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.07.30 07:51:30 | 000,277,736 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2008.05.19 18:23:00 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E)
DRV - [2008.05.05 03:05:00 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2007.10.19 00:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.07.23 16:12:44 | 000,046,336 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshhl.sys -- (akshhl)
DRV - [2007.03.28 07:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
DRV - [2007.02.28 20:55:48 | 000,092,032 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007.01.26 08:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2007.01.21 18:42:52 | 000,009,472 | ---- | M] (Resplendence Software Projects Sp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\rspsc.sys -- (RSPSC)
DRV - [2005.08.18 01:00:00 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\Lavalys\EVEREST Home Edition\kerneld.wnt -- (EverestDriver)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1008&m=aspire_6930g
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1008&m=aspire_6930g
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1008&m=aspire_6930g
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1008&m=aspire_6930g
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.23.0
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: {000F1EA4-5E08-4564-A29B-29076F63A37A}:1.0.3.126
FF - prefs.js..extensions.enabledItems: extension@virtusdesigns.com:3.6.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.7
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8118
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.03.13 12:30:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.03.13 12:30:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.06 21:17:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.06 21:16:46 | 000,000,000 | ---D | M]
 
[2009.01.10 09:33:03 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\mozilla\Extensions
[2011.05.07 12:28:04 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\4jdkmx90.default\extensions
[2010.09.25 16:41:42 | 000,000,000 | -H-D | M] () -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\4jdkmx90.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2010.04.29 22:26:38 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\4jdkmx90.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.12.19 18:37:14 | 000,000,000 | -H-D | M] (Aero Fox XL) -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\4jdkmx90.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2011.05.07 12:28:03 | 000,000,000 | -H-D | M] (Adblock Plus) -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\4jdkmx90.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.04.29 22:27:04 | 000,000,000 | -H-D | M] (Torbutton) -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\4jdkmx90.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010.07.07 14:40:28 | 000,000,000 | -H-D | M] (Battlefield Heroes Updater) -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\4jdkmx90.default\extensions\battlefieldheroespatcher@ea.com
[2010.12.19 18:37:20 | 000,000,000 | -H-D | M] (Virtus Search Opt-in) -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\4jdkmx90.default\extensions\extension@virtusdesigns.com
[2011.05.07 12:28:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\4jdkmx90.default\extensions\staged
[2010.12.19 18:37:20 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\4jdkmx90.default\extensions\extension@virtusdesigns.com\chrome
[2010.12.19 18:37:14 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\4jdkmx90.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2009.05.13 17:38:10 | 000,002,414 | -H-- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4jdkmx90.default\searchplugins\sueddeutschede.xml
[2011.02.08 14:52:29 | 000,001,330 | -H-- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4jdkmx90.default\searchplugins\wikipedia-en.xml
[2010.01.30 16:51:03 | 000,002,214 | -H-- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4jdkmx90.default\searchplugins\wikipedia-english.xml
[2009.01.12 01:18:04 | 000,002,108 | -H-- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\4jdkmx90.default\searchplugins\youtube-videosuche.xml
[2011.05.06 21:17:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.05.05 13:53:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.16 17:59:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.12.15 10:48:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
[2008.12.13 17:13:18 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009.03.25 21:23:45 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009.08.31 12:01:29 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009.12.02 01:05:00 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.04.02 16:12:01 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
[2010.05.05 13:53:37 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.16 17:59:06 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.12.15 10:48:34 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.04.14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2011.05.06 05:20:25 | 000,472,808 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2009.03.28 21:11:34 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PSUNMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Mark\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AutorunsDisabled: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\spba: DllName - C:\Program Files\Common Files\SPBA\homefus2.dll - C:\Programme\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\Mark\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mark\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{18b79d72-1d7b-11e0-9c46-00238b1c36d4}\Shell\AutoRun\command - "" = E:\Menu.exe
O33 - MountPoints2\{1fe587fb-1824-11e0-9267-00238b1c36d4}\Shell - "" = AutoRun
O33 - MountPoints2\{1fe587fb-1824-11e0-9267-00238b1c36d4}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{527a51c6-50b1-11e0-99ac-00238b1c36d4}\Shell - "" = AutoRun
O33 - MountPoints2\{527a51c6-50b1-11e0-99ac-00238b1c36d4}\Shell\AutoRun\command - "" = K:\start.exe
O33 - MountPoints2\{7855f996-def6-11dd-9fec-00238b1c36d4}\Shell - "" = AutoRun
O33 - MountPoints2\{7855f996-def6-11dd-9fec-00238b1c36d4}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{7855f9af-def6-11dd-9fec-00238b1c36d4}\Shell - "" = AutoRun
O33 - MountPoints2\{7855f9af-def6-11dd-9fec-00238b1c36d4}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{96f5c6b6-4a93-11e0-bffe-00238b1c36d4}\Shell - "" = AutoRun
O33 - MountPoints2\{96f5c6b6-4a93-11e0-bffe-00238b1c36d4}\Shell\AutoRun\command - "" = J:\SETUP.EXE
O33 - MountPoints2\{98406c43-c92e-11dd-9210-00238b1c36d4}\Shell - "" = AutoRun
O33 - MountPoints2\{98406c43-c92e-11dd-9210-00238b1c36d4}\Shell\AutoRun\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{a948e6f9-4765-11df-be0b-00238b1c36d4}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MUSIKCOMPUTER.vbs
O33 - MountPoints2\{b20e6fd2-3c1a-11de-9363-00238b1c36d4}\Shell\AutoRun\command - "" = I:\Qpbsjg.eXE
O33 - MountPoints2\{b20e6fd2-3c1a-11de-9363-00238b1c36d4}\Shell\OPEN\CoMMaND - "" = I:\QpBsJg.EXE
O33 - MountPoints2\{d1b4a504-cec3-11dd-9e56-00238b1c36d4}\Shell - "" = AutoRun
O33 - MountPoints2\{d1b4a504-cec3-11dd-9e56-00238b1c36d4}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{d7f7ee36-ceca-11dd-912f-00238b1c36d4}\Shell - "" = AutoRun
O33 - MountPoints2\{d7f7ee36-ceca-11dd-912f-00238b1c36d4}\Shell\AutoRun\command - "" = H:\SETUP.EXE
O33 - MountPoints2\{f2d4a955-6a12-11de-837f-00238b1c36d4}\Shell\AutoRun\command - "" = Recycler\S-1-5-21-725345543-1958367476-839522115-1003.exe
O33 - MountPoints2\{f2d4a955-6a12-11de-837f-00238b1c36d4}\Shell\open\Command - "" = Recycler\S-1-5-21-725345543-1958367476-839522115-1003.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.07 12:22:03 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
[2011.05.06 05:31:18 | 000,000,000 | ---D | C] -- C:\Users\Mark\Desktop\MSM
[2011.05.06 05:21:06 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.05.06 05:21:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.05.06 05:21:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.05.06 05:18:44 | 000,886,560 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Mark\Desktop\jxpiinstall.exe
[2011.05.05 12:23:40 | 000,000,000 | -HSD | C] -- C:\found.000
[2011.05.05 00:12:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.05 00:12:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.05.05 00:12:45 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.05.02 15:57:11 | 000,000,000 | ---D | C] -- C:\Users\Mark\Desktop\Küche
[2011.04.26 23:02:53 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Panda Security
[2011.04.26 23:02:18 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Panda Cloud Antivirus
[2011.04.26 23:02:11 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\SurfSecret Privacy Suite
[2011.04.26 23:01:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Cloud Antivirus
[2011.04.26 23:01:14 | 000,000,000 | ---D | C] -- C:\Programme\Panda Security
[2011.04.26 23:01:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2011.04.16 11:11:46 | 000,000,000 | -H-D | C] -- C:\Users\Mark\AppData\Roaming\Opera
[2011.04.16 11:11:46 | 000,000,000 | -H-D | C] -- C:\Users\Mark\AppData\Local\Opera
[2011.04.16 11:11:37 | 000,000,000 | ---D | C] -- C:\Programme\Opera
[2011.04.14 19:13:09 | 000,000,000 | -H-D | C] -- C:\Users\Mark\AppData\Roaming\Avira
[2011.04.14 11:46:39 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.14 11:46:38 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.14 11:46:25 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.14 11:46:23 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.14 11:46:12 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.14 11:45:53 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.04.14 11:45:53 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.14 11:45:52 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.14 11:45:52 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.14 11:45:51 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.14 11:45:51 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2011.04.14 11:45:43 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.14 11:45:37 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.14 11:45:36 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2008.07.22 10:01:25 | 000,049,152 | -H-- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.07 12:28:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.07 12:22:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
[2011.05.07 10:57:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.07 10:57:44 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.07 10:57:44 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.06 21:19:19 | 000,000,852 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.05.06 21:09:17 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.06 21:08:53 | 3215,839,232 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.06 08:37:54 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.05.06 05:20:19 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.05.06 05:20:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.05.06 05:20:17 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.05.06 05:18:50 | 000,886,560 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Mark\Desktop\jxpiinstall.exe
[2011.05.05 00:12:50 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.02 23:59:54 | 000,012,640 | ---- | M] () -- C:\Users\Mark\Desktop\Analyse Preiserhöhung 2011.ods
[2011.05.02 13:26:14 | 000,130,461 | ---- | M] () -- C:\Users\Mark\Desktop\S%2BU-Bahn_ABC_0105_2011.pdf
[2011.05.02 12:15:02 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.05.02 12:15:02 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.05.02 12:15:02 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.05.02 12:15:02 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.26 23:01:38 | 000,000,264 | ---- | M] () -- C:\Windows\System32\PSUNCpl.dat
[2011.04.23 14:30:55 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011.04.23 03:06:59 | 000,017,408 | -H-- | M] () -- C:\Users\Mark\AppData\Local\WebpageIcons.db
[2011.04.21 01:49:51 | 000,043,520 | -H-- | M] () -- C:\Windows\System32\CmdLineExt03.dll
[2011.04.16 11:11:44 | 000,001,620 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2011.04.16 10:52:05 | 000,324,864 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.05.06 21:19:18 | 000,000,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.05.06 21:19:18 | 000,000,852 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.05.05 00:12:50 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.02 14:04:58 | 000,012,640 | ---- | C] () -- C:\Users\Mark\Desktop\Analyse Preiserhöhung 2011.ods
[2011.05.02 13:26:13 | 000,130,461 | ---- | C] () -- C:\Users\Mark\Desktop\S%2BU-Bahn_ABC_0105_2011.pdf
[2011.04.26 23:01:38 | 000,000,264 | ---- | C] () -- C:\Windows\System32\PSUNCpl.dat
[2011.04.16 11:11:44 | 000,001,632 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2011.04.16 11:11:44 | 000,001,620 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2011.03.14 00:52:34 | 000,116,224 | -H-- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.03.10 00:39:17 | 000,043,520 | -H-- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2011.03.10 00:33:38 | 000,031,302 | -H-- | C] () -- C:\Windows\DIIUnin.dat
[2010.09.07 14:28:40 | 000,001,109 | -H-- | C] () -- C:\Windows\Stars.ini
[2010.06.27 16:02:14 | 000,017,408 | -H-- | C] () -- C:\Users\Mark\AppData\Local\WebpageIcons.db
[2010.02.19 01:35:51 | 000,000,000 | -H-- | C] () -- C:\Windows\PowerReg.dat
[2010.02.18 19:48:26 | 000,056,832 | -H-- | C] () -- C:\Windows\System32\IYVU9_32.DLL
[2010.02.18 18:26:33 | 000,000,023 | -H-- | C] () -- C:\Windows\civnet.ini
[2010.02.18 18:09:10 | 000,000,334 | -H-- | C] () -- C:\Windows\civ.ini
[2010.01.29 01:30:43 | 000,000,256 | -H-- | C] () -- C:\Windows\System32\pool.bin
[2009.12.05 15:30:52 | 000,000,307 | -H-- | C] () -- C:\Windows\doom3.ini
[2009.11.21 16:43:19 | 002,427,248 | -H-- | C] () -- C:\Windows\System32\pbsvc_heroes.exe
[2009.09.11 11:03:03 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.11 11:03:03 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.11 11:02:07 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.04.22 00:19:06 | 000,172,173 | -H-- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009.04.20 11:48:16 | 000,000,980 | -H-- | C] () -- C:\Windows\eReg.dat
[2009.04.16 19:34:47 | 000,137,960 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.02.27 21:47:33 | 000,138,056 | -H-- | C] () -- C:\Users\Mark\AppData\Roaming\PnkBstrK.sys
[2009.02.27 21:47:19 | 000,235,248 | -H-- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009.02.27 21:47:17 | 000,075,064 | -H-- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009.02.27 21:47:16 | 002,373,712 | -H-- | C] () -- C:\Windows\System32\pbsvc.exe
[2009.02.19 12:11:03 | 000,000,010 | -H-- | C] () -- C:\Windows\popcinfo.dat
[2009.02.08 03:37:50 | 000,000,164 | -H-- | C] () -- C:\Windows\S3D.ini
[2009.01.09 18:54:22 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\yz5ybcv.dll
[2009.01.09 18:54:22 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\t6j5gdb.dll
[2009.01.09 18:54:22 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\qjucyzl.dll
[2009.01.09 18:54:22 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\oag2i1f.dll
[2009.01.09 18:54:22 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\ip6jgjt.dll
[2009.01.09 18:54:21 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\mtsaprb.dll
[2009.01.09 18:54:21 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\iizg60c.dll
[2009.01.09 18:54:21 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\h3j2dhx.dll
[2009.01.09 18:54:21 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\dui2j0t.dll
[2009.01.09 18:54:19 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\we8fmmv.dll
[2009.01.09 18:54:19 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\a26zruq.dll
[2009.01.09 18:54:18 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\x3qil9f.dll
[2009.01.09 18:54:18 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\qeevd27.dll
[2009.01.09 18:54:18 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\pthgzll.dll
[2009.01.09 18:54:15 | 000,001,025 | -H-- | C] () -- C:\Windows\System32\idixz3f.dll
[2009.01.09 18:54:15 | 000,000,204 | -H-- | C] () -- C:\Windows\System32\ynmj2qi.dll
[2009.01.09 18:54:13 | 000,001,025 | -H-- | C] () -- C:\Windows\System32\grcauth2.dll
[2009.01.09 18:54:13 | 000,001,025 | -H-- | C] () -- C:\Windows\System32\grcauth1.dll
[2009.01.09 18:54:13 | 000,000,100 | -H-- | C] () -- C:\Windows\System32\prsgrc.dll
[2009.01.09 18:54:10 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\hjyl1xp.dll
[2009.01.07 20:24:20 | 000,000,130 | -H-- | C] () -- C:\Users\Mark\AppData\Roaming\wklnhst.dat
[2008.12.23 14:02:22 | 000,000,061 | -H-- | C] () -- C:\Windows\wininit.ini
[2008.12.20 23:16:29 | 000,000,313 | -H-- | C] () -- C:\Windows\CoDUO.INI
[2008.12.20 22:57:51 | 000,000,713 | -H-- | C] () -- C:\Windows\CoD.INI
[2008.12.17 22:53:33 | 000,000,273 | -H-- | C] () -- C:\Windows\game.ini
[2008.12.16 03:59:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.12.13 19:45:01 | 000,001,025 | -H-- | C] () -- C:\Windows\System32\sysprs7.dll
[2008.12.13 19:45:01 | 000,000,341 | -H-- | C] () -- C:\Windows\System32\lsprst7.dll
[2008.12.13 19:42:12 | 000,001,024 | -H-- | C] () -- C:\Windows\System32\clauth2.dll
[2008.12.13 19:42:12 | 000,001,024 | -H-- | C] () -- C:\Windows\System32\clauth1.dll
[2008.12.13 19:42:12 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\ssprs.dll
[2008.12.13 19:42:12 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\nsprs.dll
[2008.12.13 18:50:08 | 000,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys
[2008.12.13 18:47:33 | 000,176,456 | -H-- | C] () -- C:\ProgramData\nvModes.001
[2008.12.13 18:23:24 | 000,176,456 | -H-- | C] () -- C:\ProgramData\nvModes.dat
[2008.12.13 17:59:13 | 000,001,356 | -H-- | C] () -- C:\Users\Mark\AppData\Local\d3d9caps.dat
[2008.12.13 17:05:41 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2008.12.13 16:46:26 | 000,088,064 | -H-- | C] () -- C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.28 15:00:51 | 000,626,688 | -H-- | C] () -- C:\Windows\Image.dll
[2008.10.28 15:00:51 | 000,200,704 | -H-- | C] () -- C:\Windows\PLFSetI.exe
[2008.10.28 15:00:51 | 000,000,036 | -H-- | C] () -- C:\Windows\PidList.ini
[2008.10.28 14:48:01 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.07.30 12:19:21 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.07.30 04:13:17 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.07.30 04:13:17 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.07.30 03:47:56 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008.07.30 03:42:04 | 000,487,424 | -H-- | C] () -- C:\Windows\System32\INT15.dll
[2008.07.30 03:25:14 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008.07.30 03:25:14 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008.07.30 03:25:14 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008.07.30 03:25:14 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008.01.21 09:15:58 | 000,618,442 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,122,842 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.08.29 16:55:38 | 000,081,920 | -H-- | C] () -- C:\Windows\System32\sw2_ttls_manager.exe
[2007.01.26 08:32:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,324,864 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,587,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,101,250 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.11.14 14:56:00 | 001,802,240 | -H-- | C] () -- C:\Windows\System32\lcppn21.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== LOP Check ==========
 
[2009.02.08 22:02:56 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\Ableton
[2008.12.14 13:38:18 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\Acer
[2008.07.30 04:10:28 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\Acer GameZone Console
[2009.03.14 00:37:43 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\Canneverbe_Limited
[2009.07.19 21:11:53 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\Canon
[2009.12.27 23:12:45 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\Coopnet
[2008.12.13 18:03:06 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\DAEMON Tools
[2008.12.13 18:04:29 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\DAEMON Tools Lite
[2009.01.18 19:15:09 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\DAEMON Tools Pro
[2010.08.09 16:24:13 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\DL
[2011.05.06 21:32:06 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\Dropbox
[2009.03.28 21:12:15 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\Foxit
[2011.01.10 23:48:42 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\gtk-2.0
[2009.04.20 11:37:25 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\Hyperz
[2010.07.09 11:51:01 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\ICQ
[2010.01.30 20:21:48 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\IrfanView
[2011.01.13 04:06:57 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\JonDo
[2010.02.19 01:43:00 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\Leadertech
[2010.02.07 20:55:48 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\Mobipocket
[2009.03.09 19:10:30 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\OpenOffice.org
[2011.04.16 11:11:46 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\Opera
[2011.04.26 23:02:53 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Panda Security
[2010.02.06 15:24:28 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\ProtectDisc
[2009.05.22 00:58:13 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\Red Alert 3
[2010.10.09 19:12:31 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\Research In Motion
[2008.12.14 14:03:19 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\SPORE
[2011.04.26 23:02:11 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\SurfSecret Privacy Suite
[2010.08.26 12:50:04 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\Template
[2011.03.20 13:15:25 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\uTorrent
[2009.02.04 02:03:42 | 000,000,000 | -H-D | M] -- C:\Users\Mark\AppData\Roaming\WebCam Recorder
[2008.12.20 23:23:08 | 000,000,334 | -H-- | M] () -- C:\Windows\Tasks\ezpxivlt.job
[2011.05.06 08:37:54 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:B623B5B8

< End of report >

--- --- ---

markusg 07.05.2011 15:26

hi,
dabei ist das doch nen gutes bier, was du nur hast :-)
ne spaß bei seite.
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Buckyfuller 09.05.2011 00:07

Oha dankeschön. Das Problem scheint sich geklärt zu haben.

mfg

bucky

markusg 09.05.2011 10:11

machst du onlinebanking einkäufe oder sonst was wichtiges mit dem pc? (privat oder beruflich)


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:14 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131