Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner Log - Weitere Schritte erforderliche

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 11.04.2012, 17:57   #1
Longer
 
Trojaner Log - Weitere Schritte erforderliche - Standard

Trojaner Log - Weitere Schritte erforderliche



Hier meine Logs




OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 4/7/2012 8:46:54 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 34.18 Gb Total Space | 1.15 Gb Free Space | 3.36% Space Free | Partition Type: NTFS
Drive D: | 113.89 Gb Total Space | 113.48 Gb Free Space | 99.64% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1872749105-2845732687-1551579151-1000]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series" = Canon MP280 series MP Drivers
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{2B11BA9C-7F97-4C16-970F-1491FD77969B}_is1" = shopping-preise.de - AddOn für Firefox
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{542068F1-9AAE-4E1B-8ACA-094FE03728BE}" = Carambis Driver Updater
"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.8.0
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1" = FireJump
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"Canon MP280 series Benutzerregistrierung" = Canon MP280 series Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CCleaner" = CCleaner
"DesktopIconAmazon" = Desktop Icon für Amazon
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Flatcast Viewer 5.3_is1" = Flatcast Viewer Plugin 5.3.0.784
"ICQToolbar" = ICQ Toolbar
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de)
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"MP3-DJ_is1" = MP3-DJ 11.6.0
"SearchAnonymizer" = SearchAnonymizer
"TVWiz" = Intel(R) TV Wizard
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\Maddi_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
< End of report >
         
--- --- ---

--- --- ---
[/QUOTE]



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 4/7/2012 8:46:54 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 34.18 Gb Total Space | 1.15 Gb Free Space | 3.36% Space Free | Partition Type: NTFS
Drive D: | 113.89 Gb Total Space | 113.48 Gb Free Space | 99.64% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/03/18 17:53:55 | 000,040,960 | ---- | M] () [Auto] -- C:\Users\Maddi\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/28 14:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto] -- D:\Anwendungen D\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/11/21 05:49:24 | 000,247,608 | ---- | M] () [Auto] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2008/01/18 18:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - [2011/12/06 15:50:49 | 002,109,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011/11/28 13:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 13:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 13:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 13:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 13:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 13:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/23 04:21:32 | 000,259,176 | ---- | M] (Realtek                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/03/07 08:46:32 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2006/11/02 03:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/11/14 08:28:00 | 000,034,176 | ---- | M] (O2Micro ) [Kernel | Boot] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\Maddi_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Maddi_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Maddi_ON_C\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\Maddi_ON_C\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\1108121332\ICQToolBar.dll (ICQ)
IE - HKU\Maddi_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: D:\Anwendungen D\Avast\WebRep\FF [2011/12/06 16:21:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/18 16:08:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/12 15:50:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Windows\System32\components [2012/01/30 03:42:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Windows\System32\plugins
 
[2011/10/10 07:51:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/10 07:51:52 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/09/23 09:43:02 | 001,623,552 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv530.dll
[2012/03/18 17:54:02 | 000,001,686 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/03/18 17:54:02 | 000,002,655 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/03/18 17:54:02 | 000,007,053 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/03/18 17:54:02 | 000,001,280 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/03/18 17:54:02 | 000,001,172 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Anwendungen D\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\1108121332\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Anwendungen D\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\Maddi_ON_C\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [avast] D:\Anwendungen D\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BX6kRBeYBXtpN21] C:\Users\Maddi\AppData\Roaming\y6drxuj c7ti.exe (jqUhg)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [Ocs_SM] C:\Users\Maddi\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Maddi_ON_C..\Run: [BX6kRBeYBXtpN21] C:\Users\Maddi\AppData\Roaming\y6drxuj c7ti.exe (jqUhg)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\Maddi_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Maddi_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Maddi_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (C:\Users\Maddi\AppData\Roaming\y6drxuj c7ti.exe) - C:\Users\Maddi\AppData\Roaming\y6drxuj c7ti.exe (jqUhg)
O20 - HKLM Winlogon: UserInit - (C:\Users\Maddi\AppData\Roaming\y6drxuj c7ti.exe) - C:\Users\Maddi\AppData\Roaming\y6drxuj c7ti.exe (jqUhg)
O20 - HKU\Maddi_ON_C Winlogon: Shell - (C:\Users\Maddi\AppData\Roaming\y6drxuj c7ti.exe) - C:\Users\Maddi\AppData\Roaming\y6drxuj c7ti.exe (jqUhg)
O20 - HKU\Maddi_ON_C Winlogon: UserInit - (C:\Users\Maddi\AppData\Roaming\y6drxuj c7ti.exe) - C:\Users\Maddi\AppData\Roaming\y6drxuj c7ti.exe (jqUhg)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/04/03 00:23:47 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/03/30 19:23:51 | 000,240,128 | ---- | C] (jqUhg) -- C:\Users\Maddi\AppData\Roaming\y6drxuj c7ti.exe
[2012/03/18 17:54:03 | 000,000,000 | ---D | C] -- C:\Users\Maddi\AppData\Roaming\Opera
[2012/03/18 17:53:55 | 000,000,000 | ---D | C] -- C:\Users\Maddi\AppData\Roaming\OCS
[2012/03/18 17:43:19 | 000,000,000 | ---D | C] -- C:\Users\Maddi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/03/18 17:43:18 | 000,000,000 | ---D | C] -- C:\Users\Maddi\AppData\Roaming\DesktopIconForAmazon
[2012/03/18 17:42:34 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\System32\dhRichClient3.dll
[2012/03/17 15:10:15 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/03/17 15:10:15 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/03/17 15:10:14 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/03/17 15:10:14 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/03/17 15:10:14 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/03/17 15:10:14 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/03/17 15:10:14 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/03/17 15:10:14 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/03/17 15:10:13 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/03/17 15:10:13 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/03/17 15:10:13 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/03/17 15:10:13 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/03/17 15:10:13 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/03/17 15:10:12 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/03/17 15:10:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/03/17 15:10:12 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/03/17 15:10:12 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/03/17 15:10:12 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/03/17 15:10:11 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/03/17 15:10:11 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/03/17 15:10:11 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/03/17 15:10:10 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/03/17 15:10:10 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/03/17 15:10:10 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/03/17 15:10:09 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/03/17 15:10:09 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/03/17 15:10:09 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2012/03/17 15:10:09 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/03/17 15:10:09 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/03/17 15:10:09 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/03/17 15:10:09 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/03/17 15:10:09 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/03/17 15:10:08 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2012/03/17 15:10:08 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/03/17 15:10:08 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/03/17 15:10:08 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/03/17 15:10:08 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/03/17 15:10:08 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/03/17 15:10:07 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/03/14 08:13:00 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/03/14 08:12:55 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/03/14 08:12:55 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/03/14 08:12:55 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/03/14 08:12:55 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/03/14 08:12:55 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/03/14 08:12:26 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012/04/02 14:51:11 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/02 14:51:10 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/02 14:51:00 | 000,375,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/04/02 14:50:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/02 14:50:37 | 2138,345,472 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/02 14:24:48 | 000,632,252 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/04/02 14:24:48 | 000,598,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/02 14:24:48 | 000,127,270 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/04/02 14:24:48 | 000,104,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/30 19:23:49 | 000,240,128 | ---- | M] (jqUhg) -- C:\Users\Maddi\AppData\Roaming\y6drxuj c7ti.exe
[2012/03/18 17:43:19 | 000,001,418 | ---- | M] () -- C:\Users\Maddi\Desktop\Amazon.lnk
[2012/03/18 17:43:19 | 000,001,418 | ---- | M] () -- C:\Users\Maddi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Amazon.lnk
[2012/03/17 15:24:52 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/03/17 15:19:07 | 000,000,953 | ---- | M] () -- C:\Users\Maddi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/17 15:10:28 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012/03/17 15:10:27 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012/03/17 15:10:15 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/03/17 15:10:15 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/03/17 15:10:14 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/03/17 15:10:14 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/03/17 15:10:14 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/03/17 15:10:14 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/03/17 15:10:14 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/03/17 15:10:14 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/03/17 15:10:13 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/03/17 15:10:13 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/03/17 15:10:13 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/03/17 15:10:13 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/03/17 15:10:13 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/03/17 15:10:12 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/03/17 15:10:12 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/03/17 15:10:12 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/03/17 15:10:12 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/03/17 15:10:12 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/03/17 15:10:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/03/17 15:10:11 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/03/17 15:10:11 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/03/17 15:10:11 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/03/17 15:10:10 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/03/17 15:10:10 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/03/17 15:10:10 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/03/17 15:10:09 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/03/17 15:10:09 | 001,798,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/03/17 15:10:09 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2012/03/17 15:10:09 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/03/17 15:10:09 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/03/17 15:10:09 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/03/17 15:10:09 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/03/17 15:10:09 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/03/17 15:10:08 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2012/03/17 15:10:08 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/03/17 15:10:08 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/03/17 15:10:08 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/03/17 15:10:08 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/03/17 15:10:08 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/03/17 15:10:07 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/03/13 08:12:41 | 195,548,797 | ---- | M] () -- C:\Windows\MEMORY.DMP
 
========== Files Created - No Company Name ==========
 
[2012/04/02 14:18:27 | 2138,345,472 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/18 17:43:19 | 000,001,418 | ---- | C] () -- C:\Users\Maddi\Desktop\Amazon.lnk
[2012/03/18 17:43:19 | 000,001,418 | ---- | C] () -- C:\Users\Maddi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Amazon.lnk
[2012/03/18 17:42:34 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2012/03/17 15:10:12 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/01/30 03:42:33 | 000,004,284 | ---- | C] () -- C:\Windows\System32\crashreporter.ini
[2012/01/30 03:42:33 | 000,002,153 | ---- | C] () -- C:\Windows\System32\application.ini
[2012/01/30 03:42:33 | 000,000,706 | ---- | C] () -- C:\Windows\System32\crashreporter-override.ini
[2012/01/30 03:42:30 | 002,124,760 | ---- | C] () -- C:\Windows\System32\mozjs.dll
[2012/01/30 03:42:27 | 000,000,141 | ---- | C] () -- C:\Windows\System32\platform.ini
[2012/01/30 03:42:26 | 000,000,701 | ---- | C] () -- C:\Windows\System32\updater.ini
[2012/01/05 08:00:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012/01/05 07:58:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/01/05 07:58:29 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/12/18 08:06:20 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2011/12/18 08:06:20 | 000,002,321 | ---- | C] () -- C:\Windows\unins000.dat
[2011/08/17 16:22:24 | 000,005,115 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2011/04/24 13:18:48 | 000,007,168 | ---- | C] () -- C:\Users\Maddi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/18 16:08:29 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/02/11 16:23:01 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/02/06 18:57:33 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/02/06 17:33:16 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2011/02/06 16:40:17 | 000,000,680 | ---- | C] () -- C:\Users\Maddi\AppData\Local\d3d9caps.dat
[2009/12/03 04:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/02/26 07:38:40 | 001,498,564 | ---- | C] () -- C:\Windows\System32\igkrng400.bin
[2008/02/11 14:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/11 14:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/02/11 14:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/02/11 14:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2006/11/02 11:33:31 | 000,632,252 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006/11/02 11:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006/11/02 11:33:31 | 000,127,270 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006/11/02 11:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,375,112 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,598,900 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,914 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2011/12/06 15:43:56 | 000,000,000 | ---D | M] -- C:\Users\Maddi\AppData\Roaming\3v
[2012/02/11 10:21:14 | 000,000,000 | ---D | M] -- C:\Users\Maddi\AppData\Roaming\Canon
[2011/08/17 16:22:24 | 000,000,000 | ---D | M] -- C:\Users\Maddi\AppData\Roaming\Carambis
[2012/03/18 17:43:19 | 000,000,000 | ---D | M] -- C:\Users\Maddi\AppData\Roaming\DesktopIconForAmazon
[2012/03/07 17:30:17 | 000,000,000 | ---D | M] -- C:\Users\Maddi\AppData\Roaming\ICQ
[2012/03/18 17:53:55 | 000,000,000 | ---D | M] -- C:\Users\Maddi\AppData\Roaming\OCS
[2012/03/18 17:54:03 | 000,000,000 | ---D | M] -- C:\Users\Maddi\AppData\Roaming\Opera
[2012/01/04 17:33:08 | 000,000,000 | ---D | M] -- C:\Users\Maddi\AppData\Roaming\TeamViewer
[2011/02/06 16:47:11 | 000,000,000 | ---D | M] -- C:\Users\Maddi\AppData\Roaming\Vodafone
[2011/02/06 16:38:20 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2011/02/06 18:06:15 | 000,000,000 | ---D | M] -- C:\ProgramData\AVAST Software
[2011/11/27 17:53:24 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ
[2011/11/27 18:01:31 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonEPP
[2011/11/27 18:01:31 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJEPPEX2
[2011/11/27 17:58:28 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJMSetup
[2012/02/11 10:21:14 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonIJScan
[2011/11/27 17:55:59 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonIJWSpt
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2011/02/06 16:38:20 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2011/02/06 16:38:20 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/08/12 07:32:21 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011/02/06 16:38:20 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/02/06 16:46:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Vodafone
[2011/02/06 16:38:20 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2012/04/02 14:32:01 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
         
--- --- ---

Alt 12.04.2012, 11:38   #2
markusg
/// Malware-holic
 
Trojaner Log - Weitere Schritte erforderliche - Standard

Trojaner Log - Weitere Schritte erforderliche



wieso eröffnest du n neues thema? ist das n anderer pc?
__________________

__________________

Antwort

Themen zu Trojaner Log - Weitere Schritte erforderliche
.dll, 7-zip, adobe, autorun, avast, benutzerregistrierung, bho, browser, defender, disabletaskmgr, dll, error, excel, explorer, flash player, format, home, install.exe, launch, logfile, microsoft office word, mozilla, office 2007, pdf, realtek, registry, rundll, scan, security, security update, software, trojaner, vista



Ähnliche Themen: Trojaner Log - Weitere Schritte erforderliche


  1. Adware/Graftor.151675.8 von Avira gefunden und in Quarantäne verschoben (Windows 8), Probleme verschwunden, weitere Schritte?
    Log-Analyse und Auswertung - 15.10.2014 (9)
  2. Freeware-Mitbringsel Juchee! - Weitere Schritte zur Müllentfernung notwendig...
    Plagegeister aller Art und deren Bekämpfung - 06.03.2014 (12)
  3. OTLogfile Auswertung für weitere Schritte benötigt
    Log-Analyse und Auswertung - 06.12.2013 (10)
  4. Funde durch AdwCleaner...weitere Schritte nötig?
    Plagegeister aller Art und deren Bekämpfung - 24.11.2013 (3)
  5. GVU Trojaner; weitere Schritte nach Systemwiederherstellung
    Plagegeister aller Art und deren Bekämpfung - 26.06.2013 (13)
  6. Bundespolizei Trojaner - Weitere Schritte nach Systemwiederherstellung
    Log-Analyse und Auswertung - 04.06.2013 (18)
  7. Sicherheitslücken in Java: User Groups fordern von Oracle weitere Schritte
    Nachrichten - 07.05.2013 (0)
  8. Avira hat Trojaner "TR/Rogue.KD.853855.1" gefunden und in Quarantäne verschoben --> Sind weitere Schritte notwendig?
    Log-Analyse und Auswertung - 25.02.2013 (11)
  9. GUV Trojaner/Systemwiederherstellung geschafft Weitere Schritte?
    Plagegeister aller Art und deren Bekämpfung - 28.01.2013 (8)
  10. Bundesministerium-Trojaner: Malwarebytes durchgeführt, Computer jetzt wieder normal nutzbar? ggf. weitere Schritte?
    Plagegeister aller Art und deren Bekämpfung - 22.11.2012 (20)
  11. GVU Trojaner - defooger fehlermeldung und weitere Schritte
    Log-Analyse und Auswertung - 20.10.2012 (30)
  12. Trojan.Banker und Backdoor.Agent mit Malwarebytes entfernt - weitere Schritte nötig?
    Plagegeister aller Art und deren Bekämpfung - 19.06.2012 (3)
  13. EXP/CVE-2012-0507 in Quarantäne verschoben! Weitere Schritte notwendig?
    Log-Analyse und Auswertung - 21.04.2012 (36)
  14. GEMA-Trojaner mit Tool bereinigt, weitere Schritte?
    Plagegeister aller Art und deren Bekämpfung - 25.03.2012 (1)
  15. GEMA Virus vorerst bekämpft! Weitere Schritte?
    Plagegeister aller Art und deren Bekämpfung - 08.12.2011 (1)
  16. Avira meldet den Trojaner Shutdowner.fft - weitere Schritte ?
    Plagegeister aller Art und deren Bekämpfung - 25.12.2010 (5)
  17. antimalware doctor entfernen-guide befolgt, weitere schritte erforderlich?
    Plagegeister aller Art und deren Bekämpfung - 08.09.2010 (4)

Zum Thema Trojaner Log - Weitere Schritte erforderliche - Hier meine Logs OTL EXTRAS Logfile: Code: Alles auswählen Aufklappen ATTFilter OTL Extras logfile created on: 4/7/2012 8:46:54 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE - Trojaner Log - Weitere Schritte erforderliche...
Archiv
Du betrachtest: Trojaner Log - Weitere Schritte erforderliche auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.