| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: paketetikett trojaner aus spammailWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
25.09.2012, 15:58
| #1 |
| |  paketetikett trojaner aus spammail hallo, mein vater hat sich folgenden virus gefangen: postetikett - trojaner geht ja zur zeit um. hab hier ma die OTL und die EXTRA txt-datei. würde mich freuen wenn sich das mal wer anschauen könnte. ich habe ihm sofort das netz gekappt aber antivir lies sich dennoch erst nach einem neustart öffnen (davor gab es eine fehlermeldung). mfg & dank p.s. wenn ihr weitere informationen zum system benötigt sagt mir bitte einfach bescheid (meines wissens nutzt er vista und firefox als browser) OTL: OTL logfile created on: 25.09.2012 16:14:08 - Run 1 OTL by OldTimer - Version 3.2.68.0 Folder = F:\ Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,97 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 58,04% Memory free 5,93 Gb Paging File | 4,64 Gb Available in Paging File | 78,16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 287,15 Gb Total Space | 75,78 Gb Free Space | 26,39% Space Free | Partition Type: NTFS Drive D: | 931,51 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: NTFS Drive F: | 3,73 Gb Total Space | 3,01 Gb Free Space | 80,80% Space Free | Partition Type: FAT32 Drive Q: | 9,77 Gb Total Space | 4,02 Gb Free Space | 41,13% Space Free | Partition Type: NTFS Computer Name: PC_BÜRO | User Name: Büro | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.25 04:20:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\OTL.exe PRC - [2012.08.09 08:13:43 | 000,468,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avscan.exe PRC - [2012.08.09 08:13:41 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.06.27 13:44:16 | 000,106,496 | ---- | M] () -- C:\Windows\System32\CNOServerLauncher.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.02 00:22:53 | 000,391,632 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avcenter.exe PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.07.26 00:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\System Update\SUService.exe PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.10.06 19:12:57 | 000,135,168 | ---- | M] (Häfele GmbH & Co KG Adolf Häfele Straße 1 72202 Nagold) -- C:\Programme\Haefele\EasyLink2\easyLinkSVC.exe PRC - [2010.06.25 19:34:44 | 002,342,912 | ---- | M] (Häfele GmbH & Co KG Adolf Häfele Straße 1 72202 Nagold) -- C:\Programme\Haefele\EasyLink2\EasyLink.exe PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009.12.17 04:07:04 | 001,504,568 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!\FriFax32.exe PRC - [2009.11.04 16:03:46 | 000,098,304 | ---- | M] (Primax Electronics Ltd.) -- C:\Programme\Lenovo\Mouse Suite\ico.exe PRC - [2009.10.16 11:07:06 | 000,064,064 | ---- | M] (Lenovo Group Limited) -- C:\Programme\ThinkPad\Utilities\SCHTASK.EXE PRC - [2009.10.16 11:06:14 | 000,072,256 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe PRC - [2009.09.04 03:54:24 | 000,077,824 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programme\Haefele\EasyLink2\postgres\bin\pg_ctl.exe PRC - [2009.09.04 03:53:16 | 003,686,400 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programme\Haefele\EasyLink2\postgres\bin\postgres.exe PRC - [2009.08.28 15:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe PRC - [2009.07.20 10:47:50 | 000,139,264 | ---- | M] (Primax Electronics Ltd.) -- C:\Programme\Lenovo\Mouse Suite\PELMICED.EXE PRC - [2009.06.25 17:09:04 | 000,049,152 | ---- | M] (Lenovo (Shenzhen) Electronic Co., Ltd.) -- C:\Programme\Lenovo\FanSpeedControl\LenovoFSC.exe PRC - [2009.05.27 23:09:36 | 000,049,976 | ---- | M] () -- C:\Programme\Lenovo\Message Center Plus\MCPLaunch.exe PRC - [2009.01.30 20:36:35 | 000,172,032 | ---- | M] (Häfele GmbH & Co KG Adolf Häfele Straße 1 72202 Nagold) -- C:\Programme\Haefele\EasyLink2\EasyLinkWSV.exe PRC - [2009.01.14 18:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2008.12.16 14:47:08 | 000,020,480 | ---- | M] () -- C:\Programme\Lenovo\Mouse Suite\FSRremoS.EXE PRC - [2008.11.24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe PRC - [2007.08.29 17:06:10 | 001,077,248 | ---- | M] (Marvell Semiconductor, Inc.) -- C:\Programme\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe PRC - [2007.07.10 02:00:00 | 000,482,304 | ---- | M] (SYDATEC) -- C:\Programme\SYDATEC\Phoenix Backup Professional\pbtray.exe ========== Modules (No Company Name) ========== MOD - [2012.06.27 13:44:16 | 000,106,496 | ---- | M] () -- C:\Windows\System32\CNOServerLauncher.exe MOD - [2012.04.16 23:11:02 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2009.09.21 19:01:00 | 000,035,328 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\PWMRT32V.DLL MOD - [2009.09.04 03:54:20 | 000,167,936 | ---- | M] () -- C:\Programme\Haefele\EasyLink2\postgres\bin\libpq.dll MOD - [2009.05.27 23:09:36 | 000,049,976 | ---- | M] () -- C:\Programme\Lenovo\Message Center Plus\MCPLaunch.exe MOD - [2009.02.27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Programme\Brother\BrUtilities\BrLogAPI.dll MOD - [2008.12.16 14:47:08 | 000,020,480 | ---- | M] () -- C:\Programme\Lenovo\Mouse Suite\FSRremoS.EXE MOD - [2007.06.18 20:45:16 | 000,362,029 | ---- | M] () -- C:\Programme\Haefele\EasyLink2\sqlite3.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2012.09.21 13:37:00 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.10 10:50:39 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.03.09 19:54:29 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011.07.26 00:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.10.06 19:12:57 | 000,135,168 | ---- | M] (Häfele GmbH & Co KG Adolf Häfele Straße 1 72202 Nagold) [Auto | Running] -- C:\Program Files\Haefele\EasyLink2\easyLinkSVC.exe -- (EasyLink-Server) SRV - [2009.10.16 11:06:14 | 000,072,256 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service) SRV - [2009.09.04 03:54:24 | 000,077,824 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\Haefele\EasyLink2\postgres\bin\pg_ctl.exe -- (EasyLink-DB) SRV - [2009.08.28 15:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service) SRV - [2009.08.04 22:36:56 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Programme\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10) SRV - [2009.08.04 22:36:46 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Programme\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10) SRV - [2009.08.04 22:33:46 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Programme\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10) SRV - [2009.08.04 22:33:34 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Programme\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10) SRV - [2009.08.04 22:32:42 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Programme\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10) SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.01.14 18:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2008.11.24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2008.11.24 23:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SRV - [2008.11.24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2008.11.24 23:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) SRV - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.08.17 09:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2011.08.17 09:56:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2011.08.17 09:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.02.04 20:05:05 | 000,033,088 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd) DRV - [2009.11.02 16:46:16 | 000,024,064 | ---- | M] (TPMX Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PELUSBLF.SYS -- (pelusblf) DRV - [2009.11.02 15:29:42 | 000,019,456 | ---- | M] (TPMX Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PELMOUSE.SYS -- (pelmouse) DRV - [2009.07.14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2009.07.14 00:02:54 | 000,559,104 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fpcibase.sys -- (FPCIBASE) DRV - [2009.07.14 00:02:54 | 000,064,000 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmcowan.sys -- (AVMCOWAN) DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) DRV - [2009.06.05 18:18:08 | 000,011,720 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\spio.sys -- (SuperIO) DRV - [2009.05.20 05:10:00 | 000,314,368 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2008.05.02 10:58:14 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {CB3883F3-0FF6-4F3A-BDC0-9852D13BE161} IE - HKLM\..\SearchScopes\{CB3883F3-0FF6-4F3A-BDC0-9852D13BE161}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox; IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkcentre [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkcentre [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com/ IE - HKCU\..\SearchScopes,DefaultScope = {CB3883F3-0FF6-4F3A-BDC0-9852D13BE161} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/|hxxp://www.google.de/firefox?client=firefox-a&rls=org.mozilla:de  fficial"FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120910 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.10 10:50:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.10 10:50:38 | 000,000,000 | ---D | M] [2010.02.27 14:09:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Büro\AppData\Roaming\mozilla\Extensions [2012.09.20 17:17:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Büro\AppData\Roaming\mozilla\Firefox\Profiles\beyb0lwn.default\extensions [2012.09.20 17:17:15 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Büro\AppData\Roaming\mozilla\Firefox\Profiles\beyb0lwn.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.09.10 10:50:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions File not found (No name found) -- C:\USERS\BüRO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BEYB0LWN.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7} [2012.09.10 10:50:40 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.06.30 14:45:22 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.03 09:38:00 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.30 14:45:22 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.30 14:45:22 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.30 14:45:22 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.30 14:45:22 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CnOServerLauncher] C:\Windows\System32\CNOServerLauncher.exe () O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [LenovoFSC] C:\Programme\Lenovo\FanSpeedControl\LenovoFSC.exe (Lenovo (Shenzhen) Electronic Co., Ltd.) O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe () O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\Programme\Lenovo\Mouse Suite\ico.exe (Primax Electronics Ltd.) O4 - HKLM..\Run: [Power Manager Power Agenda] C:\Programme\ThinkPad\Utilities\DPMHost.EXE () O4 - HKLM..\Run: [PrnStatusMX] C:\Programme\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe (Marvell Semiconductor, Inc.) O4 - HKLM..\Run: [PWMTRV] C:\Programme\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions) O4 - HKCU..\Run: [fowbacqv] C:\Users\Büro\AppData\Local\rglilgol.exe () O4 - HKCU..\Run: [Phoenix Backup] C:\Programme\SYDATEC\Phoenix Backup Professional\pbtray.exe (SYDATEC) O4 - Startup: C:\Users\Büro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FriFax32 - Verknüpfung.lnk = C:\Programme\FRITZ!\FriFax32.exe (AVM Berlin) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01FF1675-DC68-48B2-8B42-98D6E576F98F}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - Unable to obtain root file information for disk Q:\ O33 - MountPoints2\{7fede5dd-eb21-11e0-9601-404e57434401}\Shell - "" = AutoRun O33 - MountPoints2\{7fede5dd-eb21-11e0-9601-404e57434401}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a O33 - MountPoints2\{ab3c0c5a-11b5-11df-ba22-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{ab3c0c5a-11b5-11df-ba22-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009.08.10 23:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited) O33 - MountPoints2\{f66a5969-ef0e-11e0-9250-404e57434401}\Shell - "" = AutoRun O33 - MountPoints2\{f66a5969-ef0e-11e0-9250-404e57434401}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.09.21 11:01:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe [2012.09.10 10:50:37 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.09.01 10:34:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2012.09.01 10:34:56 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe ========== Files - Modified Within 30 Days ========== [2012.09.25 16:20:00 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2012.09.25 16:17:55 | 000,710,898 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.09.25 16:17:55 | 000,662,518 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.09.25 16:17:55 | 000,153,326 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.09.25 16:17:55 | 000,123,712 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.09.25 16:15:02 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job [2012.09.25 16:14:01 | 000,000,000 | ---- | M] () -- C:\Users\Büro\defogger_reenable [2012.09.25 15:52:35 | 000,016,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.25 15:52:35 | 000,016,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.25 15:42:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.25 15:42:53 | 2388,582,400 | -HS- | M] () -- C:\hiberfil.sys [2012.09.25 15:42:09 | 000,000,187 | ---- | M] () -- C:\Windows\csclient.INI [2012.09.25 15:36:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.25 15:28:54 | 000,058,880 | ---- | M] () -- C:\Users\Büro\AppData\Local\bkpodxie [2012.09.25 15:28:01 | 000,055,296 | ---- | M] () -- C:\Users\Büro\AppData\Local\mleadlwu.exe [2012.09.25 15:27:32 | 000,055,296 | ---- | M] () -- C:\Users\Büro\AppData\Local\kmviibie.exe [2012.09.25 15:27:13 | 000,055,296 | ---- | M] () -- C:\Users\Büro\AppData\Local\rglilgol.exe [2012.09.25 14:04:34 | 000,093,569 | ---- | M] () -- C:\Users\Büro\Documents\Coca_Cola_Landshut#054_01Behälterosram.pdf [2012.09.25 09:20:24 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET [2012.09.25 08:47:53 | 000,000,107 | ---- | M] () -- C:\Windows\AMBERCS.INI [2012.09.24 16:20:47 | 000,027,932 | ---- | M] () -- C:\Users\Büro\Documents\Tikis Lichtblick vom Sonntag, 23. September 2012 (fwd).html [2012.09.24 10:56:15 | 000,003,931 | ---- | M] () -- C:\Users\Büro\Documents\*** im Agi Fieber.html [2012.09.22 19:17:33 | 000,016,534 | ---- | M] () -- C:\Users\Büro\Documents\Maschinen - Schreinerei ***.odt [2012.09.21 11:15:34 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI [2012.09.21 11:15:21 | 000,012,473 | ---- | M] () -- C:\Users\Büro\Dokumente\Desktop\Unbenannt.png [2012.09.20 08:07:09 | 000,095,374 | ---- | M] () -- C:\Users\Büro\Documents\***_***#001_07.pdf [2012.09.18 09:00:25 | 000,000,510 | ---- | M] () -- C:\Windows\ktel.ini [2012.09.14 11:49:03 | 000,115,947 | ---- | M] () -- C:\Users\Büro\Documents\Scala_Discothekenbetriebe_***#001_01.pdf [2012.09.13 20:00:00 | 000,411,621 | ---- | M] () -- C:\Users\Büro\Dokumente\Desktop\arbeitsflaeche.pdf [2012.09.13 13:47:29 | 000,004,964 | ---- | M] () -- C:\Users\Büro\Documents\Arbeitsplan kinder2012.rtf [2012.09.11 14:49:08 | 000,119,216 | ---- | M] () -- C:\Users\Büro\Documents\Glöckl,_DEZ,_Biergarten_***#004_01.pdf [2012.09.09 11:15:37 | 000,018,674 | ---- | M] () -- C:\Users\Büro\Documents\Tikis Lichtblick vom Sonntag, 9. September 2012.html [2012.09.08 09:35:58 | 007,254,016 | ---- | M] () -- C:\Users\Büro\Documents\PCKabel,fairrepair.wps [2012.09.07 14:07:12 | 000,089,150 | ---- | M] () -- C:\Users\Büro\Documents\***_***#001_05.pdf [2012.09.04 09:26:54 | 000,084,667 | ---- | M] () -- C:\Users\Büro\Documents\Münchener_Boulevard_Möbel_GmbH,_MBM_Forsting#003.pdf [2012.09.04 07:45:46 | 000,118,712 | ---- | M] () -- C:\Users\Büro\Documents\Radach_Rastpark_GmbH_und_Co__***#004_08.pdf [2012.09.03 16:33:04 | 000,000,035 | ---- | M] () -- C:\Windows\DINFO.INI [2012.09.03 10:23:56 | 000,020,669 | ---- | M] () -- C:\Users\Büro\Documents\Tikis Lichtblick vom Sonntag, 2. September 2012.html [2012.08.31 12:40:10 | 000,120,403 | ---- | M] () -- C:\Users\Büro\Documents\LABERTALER_Heil-_und_Schierling#001_01.pdf [2012.08.30 08:04:08 | 000,005,938 | ---- | M] () -- C:\Users\Büro\Documents\Briefkopf, Privat.rtf [2012.08.30 07:15:43 | 000,007,358 | ---- | M] () -- C:\Users\Büro\Documents\Rewag antrag eigenverbrauch.rtf [2012.08.29 08:07:47 | 000,001,848 | ---- | M] () -- C:\Users\Public\Desktop\PRIMUS-Update über Internet holen.lnk [2012.08.29 08:07:47 | 000,001,838 | ---- | M] () -- C:\Users\Public\Desktop\PRIMUS lokal Zusatzprogramme.lnk [2012.08.29 08:07:47 | 000,001,820 | ---- | M] () -- C:\Users\Public\Desktop\PRIMUS lokal.lnk ========== Files Created - No Company Name ========== [2012.09.25 16:14:01 | 000,000,000 | ---- | C] () -- C:\Users\Büro\defogger_reenable [2012.09.25 15:28:54 | 000,058,880 | ---- | C] () -- C:\Users\Büro\AppData\Local\bkpodxie [2012.09.25 15:28:01 | 000,055,296 | ---- | C] () -- C:\Users\Büro\AppData\Local\mleadlwu.exe [2012.09.25 15:27:32 | 000,055,296 | ---- | C] () -- C:\Users\Büro\AppData\Local\kmviibie.exe [2012.09.25 15:27:13 | 000,055,296 | ---- | C] () -- C:\Users\Büro\AppData\Local\rglilgol.exe [2012.09.25 14:04:33 | 000,093,569 | ---- | C] () -- C:\Users\Büro\Documents\Coca_Cola_Landshut#054_01Behälterosram.pdf [2012.09.24 16:20:47 | 000,027,932 | ---- | C] () -- C:\Users\Büro\Documents\Tikis Lichtblick vom Sonntag, 23. September 2012 (fwd).html [2012.09.24 10:56:15 | 000,003,931 | ---- | C] () -- C:\Users\Büro\Documents\*** im Agi Fieber.html [2012.09.22 19:17:29 | 000,016,534 | ---- | C] () -- C:\Users\Büro\Documents\Maschinen - Schreinerei ***.odt [2012.09.21 11:11:58 | 000,012,473 | ---- | C] () -- C:\Users\Büro\Dokumente\Desktop\Unbenannt.png [2012.09.20 08:07:08 | 000,095,374 | ---- | C] () -- C:\Users\Büro\Documents\***_***#001_07.pdf [2012.09.14 11:49:02 | 000,115,947 | ---- | C] () -- C:\Users\Büro\Documents\Scala_Discothekenbetriebe_***#001_01.pdf [2012.09.13 20:00:00 | 000,411,621 | ---- | C] () -- C:\Users\Büro\Dokumente\Desktop\arbeitsflaeche.pdf [2012.09.11 16:05:25 | 000,004,964 | ---- | C] () -- C:\Users\Büro\Documents\Arbeitsplan kinder2012.rtf [2012.09.11 14:49:07 | 000,119,216 | ---- | C] () -- C:\Users\Büro\Documents\Glöckl,_DEZ,_Biergarten_***#004_01.pdf [2012.09.09 11:15:37 | 000,018,674 | ---- | C] () -- C:\Users\Büro\Documents\Tikis Lichtblick vom Sonntag, 9. September 2012.html [2012.09.08 09:35:58 | 007,254,016 | ---- | C] () -- C:\Users\Büro\Documents\PCKabel,fairrepair.wps [2012.09.07 14:07:12 | 000,089,150 | ---- | C] () -- C:\Users\Büro\Documents\***_***#001_05.pdf [2012.09.04 09:26:53 | 000,084,667 | ---- | C] () -- C:\Users\Büro\Documents\Münchener_Boulevard_Möbel_GmbH,_MBM_Forsting#003.pdf [2012.09.04 07:45:45 | 000,118,712 | ---- | C] () -- C:\Users\Büro\Documents\Radach_Rastpark_GmbH_und_Co__***#004_08.pdf [2012.09.03 10:23:56 | 000,020,669 | ---- | C] () -- C:\Users\Büro\Documents\Tikis Lichtblick vom Sonntag, 2. September 2012.html [2012.09.01 10:35:05 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.08.31 12:40:10 | 000,120,403 | ---- | C] () -- C:\Users\Büro\Documents\LABERTALER_Heil-_und_Schierling#001_01.pdf [2012.08.30 08:04:04 | 000,005,938 | ---- | C] () -- C:\Users\Büro\Documents\Briefkopf, Privat.rtf [2012.08.29 07:16:19 | 000,007,358 | ---- | C] () -- C:\Users\Büro\Documents\Rewag antrag eigenverbrauch.rtf [2012.06.27 13:44:16 | 000,106,496 | ---- | C] () -- C:\Windows\System32\CNOServerLauncher.exe [2012.02.23 15:20:06 | 000,000,148 | ---- | C] () -- C:\Windows\holz_cd.ini [2011.10.27 17:20:22 | 000,000,035 | ---- | C] () -- C:\Windows\DINFO.INI [2011.09.30 11:11:48 | 000,000,140 | ---- | C] () -- C:\Windows\ODBC.INI [2011.09.30 11:11:36 | 000,000,165 | ---- | C] () -- C:\Windows\GENOLITE.INI [2011.09.29 10:41:26 | 000,000,772 | ---- | C] () -- C:\Windows\ODBCINST.INI [2011.06.14 06:58:58 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.02.17 08:56:56 | 000,000,000 | ---- | C] () -- C:\Windows\MSDraw.ini [2011.01.19 10:51:23 | 000,010,231 | ---- | C] () -- C:\Users\Büro\12031963_elster_2048.pfx [2010.10.28 11:58:23 | 000,000,000 | ---- | C] () -- C:\Users\Büro\AppData\Local\rx_image32.Cache [2010.10.01 13:11:17 | 000,000,024 | ---- | C] () -- C:\ProgramData\r.bat [2010.02.28 18:09:09 | 000,004,608 | ---- | C] () -- C:\Users\Büro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010.11.11 08:24:10 | 000,000,000 | ---D | M] -- C:\Users\Büro\AppData\Roaming\AVG10 [2010.02.27 09:35:38 | 000,000,000 | ---D | M] -- C:\Users\Büro\AppData\Roaming\DesktopPwrMgr [2010.05.26 19:16:13 | 000,000,000 | ---D | M] -- C:\Users\Büro\AppData\Roaming\EDrawings [2011.07.26 07:03:13 | 000,000,000 | ---D | M] -- C:\Users\Büro\AppData\Roaming\FRITZ! [2010.03.02 17:49:36 | 000,000,000 | ---D | M] -- C:\Users\Büro\AppData\Roaming\GHISLER [2011.10.27 17:18:52 | 000,000,000 | ---D | M] -- C:\Users\Büro\AppData\Roaming\klickTel [2010.02.27 14:38:42 | 000,000,000 | ---D | M] -- C:\Users\Büro\AppData\Roaming\OpenOffice.org [2010.02.27 13:40:37 | 000,000,000 | ---D | M] -- C:\Users\Büro\AppData\Roaming\postgresql [2010.02.27 12:21:54 | 000,000,000 | ---D | M] -- C:\Users\Büro\AppData\Roaming\T-Online [2010.02.27 15:56:08 | 000,000,000 | ---D | M] -- C:\Users\Büro\AppData\Roaming\Template [2010.12.01 13:06:44 | 000,000,000 | ---D | M] -- C:\Users\Büro\AppData\Roaming\Update ========== Purity Check ========== < End of report > |
| Themen zu paketetikett trojaner aus spammail |
| adobe, antivir, avg, avira, bho, browser, defender, desktop, error, fehlermeldung, firefox, flash player, home, lenovo, logfile, monitor, mozilla, plug-in, registry, scan, security, software, system, trojaner, virus, vista, windows |
Baum-Darstellung