Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: BKA Trojaner gefangen am 1.12

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 03.12.2011, 14:16   #1
oli1a
 
BKA Trojaner gefangen am 1.12 - Standard

BKA Trojaner gefangen am 1.12



Ich habe nun auch dasselbe Problem.

Ich komme nicht in den abgesicherten Modus, eine Systemherstellung ist auch nicht möglich. Die Rescue CDs von Kaspersky und Avira haben somit auch nichts gefunden.

Ich habe nun mit Reatogo ein Log erstellt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 12/3/2011 3:00:32 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 146.14 Gb Free Space | 62.75% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 85.30 Gb Free Space | 18.31% Space Free | Partition Type: NTFS
Drive E: | 596.17 Gb Total Space | 44.65 Gb Free Space | 7.49% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 438.97 Gb Free Space | 47.12% Space Free | Partition Type: NTFS
Drive G: | 14.83 Gb Total Space | 9.05 Gb Free Space | 61.02% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011/03/09 06:12:26 | 005,352,960 | ---- | M] (Native Instruments GmbH) [Auto] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/06/05 11:42:04 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2011/11/01 13:35:50 | 002,072,896 | ---- | M] (TuneUp Software) [Auto] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/07/03 11:12:59 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/30 08:43:12 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/04/22 07:21:10 | 000,092,592 | ---- | M] (TomTom) [Disabled] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/02/21 10:13:06 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/01/07 13:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 07:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/02 06:27:26 | 000,090,112 | ---- | M] () [Auto] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009/02/18 09:31:56 | 000,294,912 | -H-- | M] (DeviceVM) [Auto] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/07/03 11:12:59 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/07/03 11:12:59 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010/12/07 08:39:32 | 000,187,912 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\MAudioFastTrackPro.sys -- (MAUSBFASTTRACKPRO)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/05/26 06:19:26 | 000,055,296 | ---- | M] (Novation DMS Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvnusbaudio.sys -- (NvnUsbAudio)
DRV:64bit: - [2009/10/16 08:10:10 | 000,011,264 | ---- | M] (Novation Digital Music Systems Limited) [Kernel | On_Demand] -- C:\Windows\System32\drivers\automap.sys -- (automap)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/05/20 04:10:00 | 000,393,728 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\Windows\System32\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/05/14 03:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/05/11 17:49:10 | 000,178,728 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\mv61xx.sys -- (mv61xx)
DRV:64bit: - [2009/04/22 06:46:06 | 003,552,384 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009/02/08 15:43:10 | 000,111,104 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hxctlflt.sys -- (hxctlflt)
DRV - [2011/10/31 10:22:10 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/02/21 13:28:04 | 000,019,952 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\Oli_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru
IE - HKU\Oli_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
IE - HKU\Oli_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru
IE - HKU\Oli_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://qip.ru
IE - HKU\Oli_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie
IE - HKU\Oli_ON_C\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\Oli_ON_C\..\URLSearchHook: {95289393-33EA-4F8D-B952-483415B9C955} - Reg Error: Key error. File not found
IE - HKU\Oli_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Oli_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/#t_0"
FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76
FF - prefs.js..keyword.URL: "hxxp://search.qip.ru/search?from=FF&query="
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Oli\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/08 16:13:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/12 19:45:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/09/12 19:45:23 | 000,000,000 | ---D | M]
 
[2011/08/06 07:17:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oli\AppData\Roaming\Mozilla\Extensions
[2011/02/22 09:53:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oli\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/08/06 07:17:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oli\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2011/06/02 00:55:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\6o4a3o2d.default\extensions
[2011/06/02 00:55:54 | 000,000,000 | ---D | M] (QipAuthorizer) -- C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\6o4a3o2d.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}
[2011/02/21 08:53:30 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\6o4a3o2d.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2011/02/21 08:53:35 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\6o4a3o2d.default\extensions\noia2_option@kk.noia
[2011/06/02 00:56:01 | 000,002,062 | ---- | M] () -- C:\Users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\6o4a3o2d.default\searchplugins\qip-search.xml
[2011/11/08 16:13:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/07/13 09:51:20 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- 
[2011/11/08 16:13:12 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/03 21:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/07/11 16:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011/05/16 06:54:34 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/08 16:13:12 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2011/11/08 07:54:47 | 000,002,795 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1 3dns.adobe.com
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com.*
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip2.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip4.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 crl.verisign.net
O1 - Hosts: 127.0.0.1 CRL.VERISIGN.NET.*
O1 - Hosts: 127.0.0.1 ood.opsource.net
O1 - Hosts: 127.0.0.1 209-34-83-73.ood.opsource.net
O1 - Hosts: 127.0.0.1 practivate.adobe
O1 - Hosts: 43 more lines...
O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Oli\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\Oli_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [CamserviceOG] C:\Program Files (x86)\Hercules\Deluxe Optical Glass\Camservice.exe (Guillemot Corporation S.A.)
O4:64bit: - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Ai Nap] C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CamserviceOG] C:\Program Files (x86)\Hercules\Deluxe Optical Glass\Camservice.exe (Guillemot Corporation S.A.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [QFan Help] C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\Oli_ON_C..\Run: [Facebook Update] C:\Users\Oli\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\Oli_ON_C..\Run: [MyTomTomSA.exe] C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - HKU\Oli_ON_C..\Run: [QIP Internet Guardian] C:\Users\Oli\AppData\Roaming\QipGuard\QipGuard.exe ()
O4 - HKU\Oli_ON_C..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - Startup: C:\Users\Oli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.48053860769966894.exe.lnk ()
O4 - Startup: C:\Users\Oli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\Oli_ON_C\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\System32\acaptuser64.dll (Adobe Systems, Inc.)
O20 - AppInit_DLLs: (acaptuser32.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/11/30 18:30:45 | 000,000,000 | ---D | C] -- C:\Users\Oli\AppData\Local\Facebook
[2011/11/30 18:30:32 | 000,493,520 | ---- | C] (Facebook Inc.) -- C:\Users\Oli\Desktop\FacebookVideoCallSetup_v1.2.203.0.exe
[2011/11/29 19:45:04 | 000,000,000 | ---D | C] -- C:\Users\Oli\Desktop\The_Riot2_
[2011/11/28 20:34:45 | 000,000,000 | ---D | C] -- C:\Users\Oli\Desktop\Gaiser-Unstable_Witness-(MINUS92)-WEB-2010-BPM
[2011/11/21 15:04:22 | 000,000,000 | ---D | C] -- C:\Users\Oli\Desktop\Hair
[2011/11/21 12:27:23 | 000,000,000 | ---D | C] -- C:\Users\Oli\Desktop\Bedburg Hau 2011
[2011/11/15 10:13:09 | 000,000,000 | ---D | C] -- C:\Users\Oli\AppData\Local\Diagnostics
[2011/11/09 18:56:01 | 000,000,000 | ---D | C] -- C:\Users\Oli\Desktop\Led_Zeppelin_-_Greatest_Hits_CD2
[2011/11/09 18:53:43 | 000,000,000 | ---D | C] -- C:\Users\Oli\Desktop\Led-Zeppelin---Greatest-Hits-CD1
[2011/11/08 21:46:54 | 000,000,000 | ---D | C] -- C:\Users\Oli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain
[2011/11/08 21:46:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain
[2011/11/08 21:46:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MP3Gain
[2011/11/08 20:39:52 | 000,000,000 | ---D | C] -- C:\Users\Oli\Desktop\Samples
[2011/11/08 07:49:55 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2011/11/08 07:49:55 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2011/11/08 07:49:55 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2011/11/08 07:49:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2011/11/08 07:49:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012
[2011/11/08 07:47:57 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2011/11/06 19:20:48 | 000,000,000 | ---D | C] -- C:\Users\Oli\Desktop\Exit Videos
 
========== Files - Modified Within 30 Days ==========
 
[2011/12/02 14:11:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/02 12:52:04 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2011/12/02 12:49:24 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/02 12:49:24 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/02 12:46:12 | 000,654,130 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/12/02 12:46:12 | 000,616,012 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/02 12:46:12 | 000,130,002 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/12/02 12:46:12 | 000,106,392 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/02 12:41:36 | 2146,734,079 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/02 06:35:01 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1096937704-2634556558-625876520-1000UA.job
[2011/12/01 19:11:26 | 011,373,024 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/01 17:29:03 | 060,904,948 | ---- | M] () -- C:\Users\Oli\Desktop\Beatport - New Tech House Tracks (1 December 2011).rar.part
[2011/12/01 17:27:00 | 000,001,043 | ---- | M] () -- C:\Users\Oli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.48053860769966894.exe.lnk
[2011/11/30 18:35:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1096937704-2634556558-625876520-1000Core.job
[2011/11/30 18:30:34 | 000,493,520 | ---- | M] (Facebook Inc.) -- C:\Users\Oli\Desktop\FacebookVideoCallSetup_v1.2.203.0.exe
[2011/11/30 11:34:16 | 000,602,084 | ---- | M] () -- C:\Users\Oli\Desktop\Blue Oyster Cult - Don 't Fear The Reaper.pdf
[2011/11/28 10:28:49 | 000,027,738 | ---- | M] () -- C:\Users\Oli\Desktop\img_mod_DG_3032.jpg
[2011/11/10 07:02:28 | 000,002,110 | ---- | M] () -- C:\Users\Oli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/11/09 18:50:12 | 009,277,489 | ---- | M] () -- C:\Users\Oli\Desktop\IMG_6110edit01.jpg
[2011/11/09 09:25:23 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Media Player Classic - Home Cinema x64.lnk
[2011/11/09 09:25:23 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player Classic - Home Cinema x64
[2011/11/08 21:46:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain
[2011/11/08 16:13:45 | 000,002,048 | ---- | M] () -- C:\Users\Oli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/08 07:54:47 | 000,002,795 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/11/08 07:49:53 | 000,002,209 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2011/11/08 07:49:53 | 000,002,201 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2011/11/08 07:49:53 | 000,002,189 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2011/11/08 07:49:53 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
 
========== Files Created - No Company Name ==========
 
[2011/12/01 17:27:00 | 000,001,043 | ---- | C] () -- C:\Users\Oli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.48053860769966894.exe.lnk
[2011/12/01 17:17:48 | 060,904,948 | ---- | C] () -- C:\Users\Oli\Desktop\Beatport - New Tech House Tracks (1 December 2011).rar.part
[2011/11/30 18:30:49 | 000,000,920 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1096937704-2634556558-625876520-1000UA.job
[2011/11/30 18:30:48 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1096937704-2634556558-625876520-1000Core.job
[2011/11/30 11:34:15 | 000,602,084 | ---- | C] () -- C:\Users\Oli\Desktop\Blue Oyster Cult - Don 't Fear The Reaper.pdf
[2011/11/28 10:28:49 | 000,027,738 | ---- | C] () -- C:\Users\Oli\Desktop\img_mod_DG_3032.jpg
[2011/11/09 18:50:11 | 009,277,489 | ---- | C] () -- C:\Users\Oli\Desktop\IMG_6110edit01.jpg
[2011/11/08 07:49:53 | 000,002,209 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2011/11/08 07:49:53 | 000,002,201 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2011/11/08 07:49:53 | 000,002,189 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2011/10/17 12:29:12 | 000,000,043 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/08/11 10:43:01 | 003,600,384 | ---- | C] () -- C:\Windows\ffmpeg.exe
[2011/07/05 08:15:23 | 000,004,638 | ---- | C] () -- C:\Users\Oli\AppData\Roaming\214f3b05
[2011/07/05 08:15:23 | 000,004,638 | ---- | C] () -- C:\Users\Oli\AppData\Roaming\20f6637c
[2011/07/05 08:15:16 | 000,004,638 | ---- | C] () -- C:\Users\Oli\AppData\Roaming\8239dd4f
[2011/07/05 08:15:16 | 000,004,638 | ---- | C] () -- C:\Users\Oli\AppData\Roaming\81e6eb3a
[2011/07/05 08:14:45 | 000,004,638 | ---- | C] () -- C:\Users\Oli\AppData\Roaming\5d134e80
[2011/07/05 08:14:45 | 000,004,638 | ---- | C] () -- C:\Users\Oli\AppData\Roaming\5aaf67f2
[2011/07/05 08:14:44 | 000,004,638 | ---- | C] () -- C:\Users\Oli\AppData\Roaming\d06d063f
[2011/07/05 08:14:44 | 000,004,638 | ---- | C] () -- C:\Users\Oli\AppData\Roaming\d0174247
[2011/07/05 08:14:39 | 000,004,638 | ---- | C] () -- C:\Users\Oli\AppData\Roaming\3f998923
[2011/07/05 08:14:39 | 000,004,638 | ---- | C] () -- C:\Users\Oli\AppData\Roaming\3d4cb242
[2011/07/05 08:14:38 | 000,004,638 | ---- | C] () -- C:\Users\Oli\AppData\Roaming\8f8756e4
[2011/07/05 08:14:38 | 000,004,638 | ---- | C] () -- C:\Users\Oli\AppData\Roaming\8f35888c
[2011/07/05 08:14:30 | 000,004,638 | ---- | C] () -- C:\Users\Oli\AppData\Roaming\ef4dae6b
[2011/07/05 08:14:30 | 000,004,638 | ---- | C] () -- C:\Users\Oli\AppData\Roaming\ee2ad43c
[2011/07/05 08:14:23 | 000,004,638 | ---- | C] () -- C:\Users\Oli\AppData\Roaming\fa128077
[2011/07/05 08:14:23 | 000,004,638 | ---- | C] () -- C:\Users\Oli\AppData\Roaming\f9b99080
[2011/07/05 08:14:19 | 000,004,638 | ---- | C] () -- C:\Users\Oli\AppData\Roaming\76662a8a
[2011/07/05 08:14:19 | 000,004,638 | ---- | C] () -- C:\Users\Oli\AppData\Roaming\75f565d7
[2011/07/05 08:14:19 | 000,004,638 | ---- | C] () -- C:\Users\Oli\AppData\Roaming\7518c582
[2011/07/05 08:14:19 | 000,004,638 | ---- | C] () -- C:\Users\Oli\AppData\Roaming\74c05615
[2011/07/05 08:14:19 | 000,004,638 | ---- | C] () -- C:\Users\Oli\AppData\Roaming\746b4b1b
[2011/07/05 08:14:19 | 000,004,638 | ---- | C] () -- C:\Users\Oli\AppData\Roaming\719c1d50
[2011/07/05 08:14:19 | 000,004,638 | ---- | C] () -- C:\Users\Oli\AppData\Roaming\71301166
[2011/07/05 08:14:19 | 000,004,638 | ---- | C] () -- C:\Users\Oli\AppData\Roaming\6bca7287
[2011/07/05 08:14:19 | 000,004,638 | ---- | C] () -- C:\Users\Oli\AppData\Roaming\6b71ad87
[2011/07/05 08:14:19 | 000,004,638 | ---- | C] () -- C:\Users\Oli\AppData\Roaming\65d545e0
[2011/07/05 08:14:19 | 000,004,638 | ---- | C] () -- C:\Users\Oli\AppData\Roaming\658fe93f
[2011/07/05 08:14:19 | 000,004,638 | ---- | C] () -- C:\Users\Oli\AppData\Roaming\65418fc9
[2011/07/05 08:14:19 | 000,004,638 | ---- | C] () -- C:\Users\Oli\AppData\Roaming\64fbf513
[2011/07/05 08:14:19 | 000,004,638 | ---- | C] () -- C:\Users\Oli\AppData\Roaming\64ad4d7a
[2011/07/05 08:14:19 | 000,004,638 | ---- | C] () -- C:\Users\Oli\AppData\Roaming\64592c5c
[2011/06/23 16:11:56 | 000,252,928 | ---- | C] () -- C:\Windows\SysWow64\DShowRdpFilter.dll
[2011/06/07 06:14:04 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/05/18 15:03:45 | 000,001,456 | ---- | C] () -- C:\Users\Oli\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011/02/22 06:49:57 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/02/22 06:49:57 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7030.DAT
[2011/02/22 06:49:21 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2011/02/22 06:49:19 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2011/02/21 08:34:17 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011/02/21 08:34:17 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011/02/21 08:34:14 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011/02/21 08:34:14 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011/02/21 08:22:04 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/11/07 12:08:20 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2006/05/19 02:39:58 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
 
========== LOP Check ==========
 
[2011/12/01 17:26:52 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\.purple
[2011/10/28 06:59:30 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\Ableton
[2011/10/21 14:12:03 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\Audacity
[2011/07/05 08:14:16 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\Boilsoft
[2011/04/10 16:29:57 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\Canneverbe Limited
[2011/11/21 15:47:33 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\Dropbox
[2011/05/01 21:24:50 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\FileZilla
[2011/06/26 12:21:16 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\gtk-2.0
[2011/04/10 14:19:38 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\ID3-TagIT 3
[2011/09/13 07:59:12 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\ImgBurn
[2011/06/02 00:56:06 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\QIP
[2011/06/02 00:56:01 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\QipGuard
[2011/03/13 17:01:00 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/02/22 09:53:54 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\Thunderbird
[2011/08/06 07:17:22 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\TomTom
[2011/11/08 07:49:44 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\TuneUp Software
[2011/07/05 18:55:32 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\XMedia Recode
[2011/02/22 08:29:15 | 000,000,000 | ---D | M] -- C:\ProgramData\Ableton
[2011/02/21 08:12:06 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2011/04/10 16:29:57 | 000,000,000 | ---D | M] -- C:\ProgramData\Canneverbe Limited
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2011/02/21 08:12:06 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2011/02/21 08:12:06 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/04/10 14:15:24 | 000,000,000 | ---D | M] -- C:\ProgramData\ID3-TagIT 3
[2011/04/03 21:30:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Native Instruments
[2011/11/02 13:55:00 | 000,000,000 | ---D | M] -- C:\ProgramData\Propellerhead Software
[2011/02/23 18:24:21 | 000,000,000 | ---D | M] -- C:\ProgramData\regid.1986-12.com.adobe
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011/02/21 08:12:06 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/08/06 07:17:34 | 000,000,000 | ---D | M] -- C:\ProgramData\TomTom
[2011/11/08 07:49:45 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software
[2011/02/21 08:12:06 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2011/02/22 12:34:41 | 000,000,000 | -HSD | M] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011/04/03 21:30:43 | 000,000,000 | -H-D | M] -- C:\ProgramData\{2C41B757-F5D0-44F9-A206-EEB9CD973927}
[2011/11/08 07:47:57 | 000,000,000 | -HSD | M] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2011/04/03 21:31:05 | 000,000,000 | -H-D | M] -- C:\ProgramData\{4A818508-3355-4FBC-B302-D53B599DD9D5}
[2011/09/28 15:22:22 | 000,000,000 | -H-D | M] -- C:\ProgramData\{57A17D2C-24D0-4DC8-AA7D-006F3BC9294A}
[2011/09/28 15:24:28 | 000,000,000 | -H-D | M] -- C:\ProgramData\{926AA06E-8C65-4E2D-8820-E207F857C8CE}
[2011/04/03 21:30:31 | 000,000,000 | -H-D | M] -- C:\ProgramData\{A6DB2A6F-FF9D-453F-99D6-C1AA54BC0C14}
[2011/11/30 18:35:00 | 000,000,898 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1096937704-2634556558-625876520-1000Core.job
[2011/12/02 06:35:01 | 000,000,920 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1096937704-2634556558-625876520-1000UA.job
[2011/11/25 06:43:47 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> F:\Eigene Dokumente\MOV02617.MPG:TOC.WMV
< End of report >
         
--- --- ---

Da steht jetzt ziemlich viel, ich habe nämlich mein Profil "oli" ausgewählt. Solltemich dich lieber "system profile" wählen mit "minimaloutput"?

Geändert von oli1a (03.12.2011 um 14:27 Uhr)

Alt 04.12.2011, 18:40   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner gefangen am 1.12 - Standard

BKA Trojaner gefangen am 1.12



Aus welcher Quelle stammt dein AdobeAcrobat? hast du eine gute Erklärung für die Anwesenheit dieser offensichtlichen Hosts-Datei-Einträge?

Zitat:
C:\Program Files (x86)\Common Files\Adobe\Acrobat\

O1 - Hosts: 127.0.0.1 3dns.adobe.com
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com.*
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip2.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip4.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com
__________________

__________________

Antwort

Themen zu BKA Trojaner gefangen am 1.12
adobe, alternate, antivir, autorun, avira, bho, bonjour, cpu, defender, desktop, error, explorer, firefox, format, google, helper, home, hängen, kaspersky, launch, limited.com/facebook, logfile, mozilla thunderbird, nvidia, pdf, registry, scan, sched.exe, software, trojaner, version=1.0, webcheck



Ähnliche Themen: BKA Trojaner gefangen am 1.12


  1. windows 7: Trojaner TR/Crypt.XPACK.gen7 gefangen
    Log-Analyse und Auswertung - 01.02.2015 (16)
  2. BupSystem Trojaner gefangen
    Plagegeister aller Art und deren Bekämpfung - 25.05.2014 (17)
  3. Qvo6: Ich hab mir wohl einen Trojaner gefangen
    Plagegeister aller Art und deren Bekämpfung - 21.07.2013 (11)
  4. GVU-Trojaner gefangen
    Log-Analyse und Auswertung - 09.09.2012 (12)
  5. GVU Trojaner mit Webcam gefangen. Help!
    Plagegeister aller Art und deren Bekämpfung - 08.08.2012 (26)
  6. BKA Trojaner gefangen
    Log-Analyse und Auswertung - 08.08.2012 (15)
  7. GEMA-TROJANER gefangen
    Log-Analyse und Auswertung - 18.03.2012 (12)
  8. Trojaner bei ICQ gefangen :( finde die datei nicht
    Plagegeister aller Art und deren Bekämpfung - 27.05.2010 (1)
  9. trojaner gefangen :(
    Log-Analyse und Auswertung - 02.05.2010 (1)
  10. Trojaner gefangen
    Plagegeister aller Art und deren Bekämpfung - 28.07.2009 (1)
  11. trojaner gefangen????????
    Log-Analyse und Auswertung - 17.06.2009 (0)
  12. Ich glaub, ich hab mir was gefangen - Viren oder Trojaner?!
    Plagegeister aller Art und deren Bekämpfung - 19.05.2006 (5)
  13. Trojaner gefangen?? unerwünschte Pop-Ups
    Plagegeister aller Art und deren Bekämpfung - 09.02.2006 (2)
  14. trojaner gefangen?
    Log-Analyse und Auswertung - 09.10.2005 (2)
  15. Trojaner gefangen: Bitte um Hilfe
    Plagegeister aller Art und deren Bekämpfung - 13.09.2005 (5)
  16. Hi Leute! Ich glaube ich habe mir einen Trojaner gefangen
    Plagegeister aller Art und deren Bekämpfung - 25.11.2004 (6)
  17. Ich glaube ich hab e mir einen Trojaner gefangen
    Plagegeister aller Art und deren Bekämpfung - 07.11.2004 (11)

Zum Thema BKA Trojaner gefangen am 1.12 - Ich habe nun auch dasselbe Problem. Ich komme nicht in den abgesicherten Modus, eine Systemherstellung ist auch nicht möglich. Die Rescue CDs von Kaspersky und Avira haben somit auch nichts - BKA Trojaner gefangen am 1.12...
Archiv
Du betrachtest: BKA Trojaner gefangen am 1.12 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.