Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Fund: Variante von Win32/InstallCore.D Anwendung (https://www.trojaner-board.de/130098-fund-variante-win32-installcore-d-anwendung.html)

bloc 25.01.2013 23:48
Fund: Variante von Win32/InstallCore.D Anwendung
 
Hallo,

nachdem ich auf meinem PC (siehe hier: http://www.trojaner-board.de/130058-...iframe-bt.html) einen Trojaner gefunden habe, hab ich auch mal meinen Laptop unter die Lupe genommen und bin leider auch fündig geworden :( - wegen Zeichenüberschreitung ist die Extras.txt + gmer.txt im angehängten 7zip. Es sind keine weiteren Logs vorhanden!

Log Online-Scanner ESET
Code:
:\Users\xxx\AppData\Local\Temp\ICReinstall\cnet2_NokiaSoftwareUpdaterSetup_EN_US_exe.exe        Variante von Win32/InstallCore.D Anwendung        Gesäubert durch Löschen - in Quarantäne kopiert
OTL.txt
Code:
OTL logfile created on: 25.01.2013 22:24:15 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\xxx\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 48,30% Memory free
3,01 Gb Paging File | 1,62 Gb Available in Paging File | 53,69% Paging File free
Paging file location(s): c:\pagefile.sys 16 4069 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 88,90 Gb Total Space | 6,34 Gb Free Space | 7,13% Space Free | Partition Type: NTFS
 
Computer Name: xxx-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\xxx\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited)
PRC - C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited)
PRC - C:\Programme\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Programme\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Programme\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
PRC - C:\Programme\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited)
PRC - C:\Programme\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe (Sophos Limited)
PRC - C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
PRC - C:\Programme\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
PRC - C:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)
PRC - C:\Programme\XSManager\WTGService.exe ()
PRC - C:\Programme\ThinkVantage Fingerprint Software\upeksvr.exe (UPEK Inc.)
PRC - C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
PRC - C:\Programme\Google\Gmail Notifier\gnotify.exe (Google Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\Notepad++\NppShell_04.dll ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (swi_service) -- C:\Programme\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited)
SRV - (SAVAdminService) -- C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited)
SRV - (swi_update) -- C:\ProgramData\Sophos\Web Intelligence\swi_update.exe (Sophos Limited)
SRV - (Secunia PSI Agent) -- C:\Programme\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Programme\Secunia\PSI\sua.exe (Secunia)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (Sophos AutoUpdate Service) -- C:\Programme\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited)
SRV - (Sophos Web Control Service) -- C:\Programme\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe (Sophos Limited)
SRV - (SAVService) -- C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (SUService) -- C:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (XS Stick Service) -- C:\Windows\service4g.exe (4G Systems GmbH & Co. KG)
SRV - (rpcapd) -- C:\Programme\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (WTGService) -- C:\Programme\XSManager\WTGService.exe ()
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (vpnva) -- system32\DRIVERS\vpnva.sys File not found
DRV - (VBoxNetFlt) -- system32\DRIVERS\VBoxNetFlt.sys File not found
DRV - (sdcfilter) -- C:\Windows\System32\drivers\sdcfilter.sys (Sophos Limited)
DRV - (SAVOnAccess) -- C:\Windows\System32\drivers\savonaccess.sys (Sophos Limited)
DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6232.sys (Intel Corporation)
DRV - (teamviewervpn) -- C:\Windows\System32\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV - (SKMScan) -- C:\Windows\System32\drivers\skmscan.sys (Sophos Plc)
DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (nhcDriverDevice) -- C:\Windows\System32\drivers\nhcDriver.sys (Notebook Hardware Control)
DRV - (cmnsusbser) -- C:\Windows\System32\drivers\cmnsusbser.sys (Mobile Connector)
DRV - (SophosBootDriver) -- C:\Windows\System32\drivers\SophosBootDriver.sys (Sophos Plc)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (InputFilter_Hid_FlexDef2b) -- C:\Windows\System32\drivers\InputFilter_FlexDef2b.sys (Siliten)
DRV - (PCDSRVC{3037D694-FD904ACA-06020000}_0) -- c:\Programme\PC-Doctor\pcdsrvc.pkms (PC-Doctor, Inc.)
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (TVTI2C) -- C:\Windows\System32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (smihlp) -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys (UPEK Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (lenovo.smi) -- C:\Windows\System32\drivers\smiif32.sys (Lenovo Group Limited)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (ZSMC0305) -- C:\Windows\System32\drivers\usbVM305.sys (Vimicro Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1540551232-1688979138-1493288123-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=15788&l=dis
IE - HKU\S-1-5-21-1540551232-1688979138-1493288123-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1540551232-1688979138-1493288123-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1540551232-1688979138-1493288123-1001\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=IMB&o=&src=crm&q={searchTerms}&locale=
IE - HKU\S-1-5-21-1540551232-1688979138-1493288123-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1540551232-1688979138-1493288123-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-1540551232-1688979138-1493288123-1013\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1540551232-1688979138-1493288123-1013\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1540551232-1688979138-1493288123-1013\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.25 19:41:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.25 19:41:19 | 000,000,000 | ---D | M]
 
[2013.01.25 19:41:19 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.01.25 19:41:23 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2013.01.18 22:56:20 | 000,171,584 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2013.01.05 16:11:17 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.05 16:11:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.01.05 16:11:17 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.05 16:11:17 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.05 16:11:17 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.05 16:11:17 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\24.0.1312.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Mixesoft Click&Clean Plug-In (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhxxxejejjmhhchfonmamedcbeod\7.9_0\plugin/npccch32.dll
CHR - plugin: Bitdefender QuickScan (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhxxxejejjmhhchfonmamedcbeod\7.9_0\plugin/npqscan.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Angry Birds = \Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Search Filter = \Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddgjlkmkllmpdhegaliddgplookikmjf\2.0.0.2_0\
CHR - Extension: AT_Reas = \Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\dinoconpnefhjndafimindldhibbcdae\2_1\
CHR - Extension: VTchromizer = \Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\efbjojhplkelaegfbieplglfidafgoka\1.2_0\
CHR - Extension: Facebook Disconnect = \Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec\1.3.0_0\
CHR - Extension: Click&Clean = \Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhxxxejejjmhhchfonmamedcbeod\8.0.1_0\
CHR - Extension: AdBlock = \Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.56_0\
CHR - Extension: Keep My Opt-Outs = \Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.14_0\
CHR - Extension: SEO for Chrome = \Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\oangcciaeihlfmhppegpdceadpfaoclj\0.9.5_0\
 
O1 HOSTS File: ([2010.10.11 15:16:07 | 000,386,187 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 127.0.0.1        1-2005-search.com
O1 - Hosts: 127.0.0.1        www.123fporn.info
O1 - Hosts: 13319 more lines...
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programme\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Programme\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
O4 - HKU\S-1-5-21-1540551232-1688979138-1493288123-1001..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray File not found
O4 - HKU\S-1-5-21-1540551232-1688979138-1493288123-1001..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1540551232-1688979138-1493288123-1013..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Admin\Anwendungsdaten [2012.07.04 12:34:47 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Admin\AppData [2012.07.04 12:34:47 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Admin\Cookies [2012.07.04 12:34:47 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Admin\defogger_reenable ()
O4 - Startup: C:\Users\Admin\Desktop [2013.01.25 21:45:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Admin\Documents [2013.01.25 18:07:47 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Admin\Downloads [2009.07.14 03:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Admin\Druckumgebung [2012.07.04 12:34:47 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Admin\Eigene Dateien [2012.07.04 12:34:47 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Admin\Favorites [2012.12.23 12:57:32 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Admin\Links [2009.07.14 03:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Admin\Lokale Einstellungen [2012.07.04 12:34:47 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Admin\Music [2009.07.14 03:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Admin\Netzwerkumgebung [2012.07.04 12:34:47 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Admin\NTUSER.DAT ()
O4 - Startup: C:\Users\Admin\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Admin\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{018eebc6-0182-11e2-b0c2-0015582fc1d2}.TM.blf ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{018eebc6-0182-11e2-b0c2-0015582fc1d2}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{018eebc6-0182-11e2-b0c2-0015582fc1d2}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{17190f5b-f357-11e1-8bc0-0015582fc1d2}.TM.blf ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{17190f5b-f357-11e1-8bc0-0015582fc1d2}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{17190f5b-f357-11e1-8bc0-0015582fc1d2}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{3849d7e2-057a-11e2-86ef-0015582fc1d2}.TM.blf ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{3849d7e2-057a-11e2-86ef-0015582fc1d2}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{3849d7e2-057a-11e2-86ef-0015582fc1d2}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{448e2cc1-3423-11e2-bb86-0015582fc1d2}.TM.blf ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{448e2cc1-3423-11e2-bb86-0015582fc1d2}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{448e2cc1-3423-11e2-bb86-0015582fc1d2}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{48d4e901-0e41-11e2-981e-0015582fc1d2}.TM.blf ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{48d4e901-0e41-11e2-981e-0015582fc1d2}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{48d4e901-0e41-11e2-981e-0015582fc1d2}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{8d024ed9-4b7a-11e2-9c7e-0015582fc1d2}.TM.blf ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{8d024ed9-4b7a-11e2-9c7e-0015582fc1d2}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{8d024ed9-4b7a-11e2-9c7e-0015582fc1d2}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{e895d7e4-154c-11e2-9b1b-0015582fc1d2}.TM.blf ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{e895d7e4-154c-11e2-9b1b-0015582fc1d2}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{e895d7e4-154c-11e2-9b1b-0015582fc1d2}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{fcdd911a-e889-11e1-9b51-0015582fc1d2}.TM.blf ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{fcdd911a-e889-11e1-9b51-0015582fc1d2}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{fcdd911a-e889-11e1-9b51-0015582fc1d2}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Admin\ntuser.ini ()
O4 - Startup: C:\Users\Admin\Pictures [2009.07.14 03:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Admin\Recent [2012.07.04 12:34:47 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Admin\Saved Games [2009.07.14 03:04:25 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Admin\SendTo [2012.07.04 12:34:47 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Admin\Startmenü [2012.07.04 12:34:47 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Admin\Videos [2009.07.14 03:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Admin\Vorlagen [2012.07.04 12:34:47 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013.01.14 11:26:29 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\ABBYY [2013.01.25 18:04:36 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Adobe [2012.12.23 12:52:05 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Anwendungsdaten [2010.04.01 09:56:37 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Apple [2011.10.11 23:07:45 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Apple Computer [2010.09.07 12:36:50 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Application Data [2009.07.14 05:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Cisco [2010.10.18 17:47:50 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Desktop [2009.07.14 05:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\DivX [2010.11.13 23:02:44 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Documents [2009.07.14 05:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Dokumente [2010.04.01 09:56:37 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\ezsidmv.dat ()
O4 - Startup: C:\Users\All Users\Favoriten [2010.04.01 09:56:37 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Favorites [2009.07.14 05:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\FreePDF [2010.06.27 23:43:12 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Google [2011.11.30 18:59:29 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Hewlett-Packard [2010.04.12 22:10:32 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\HP [2012.01.19 12:48:10 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\hpzinstall.log ()
O4 - Startup: C:\Users\All Users\Installations [2012.05.21 14:47:34 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Malwarebytes [2010.04.20 16:11:48 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Microsoft [2011.08.12 10:53:26 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\All Users\Microsoft Help [2013.01.11 16:32:16 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Mozilla [2012.05.23 15:41:39 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Nokia [2010.05.25 18:11:09 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Norton [2010.10.18 17:36:24 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\ntuser.pol ()
O4 - Startup: C:\Users\All Users\OviInstallerCache [2010.05.25 17:29:53 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\PC Suite [2011.03.02 16:12:23 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\PC-Doctor for Windows [2010.06.09 11:22:32 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\PCDr [2010.06.09 11:23:09 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\regid.1986-12.com.adobe [2012.10.26 21:31:02 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Skype [2012.09.20 07:21:04 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Sophos [2012.07.28 08:14:15 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Spybot - Search & Destroy [2013.01.25 18:58:32 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Start Menu [2009.07.14 05:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Startmenü [2010.04.01 09:56:37 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Sun [2010.04.10 19:20:42 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Templates [2009.07.14 05:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Tracker Software [2010.06.24 23:59:00 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\TrueCrypt [2010.04.01 10:54:03 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Vorlagen [2010.04.01 09:56:37 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\WEBREG [2010.06.23 15:39:03 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.04.10 22:17:14 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\Anwendungsdaten [2010.04.01 09:56:37 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\AppData [2009.07.14 03:37:05 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Default\Application Data [2009.07.14 05:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Cookies [2009.07.14 05:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Desktop [2009.07.14 03:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Documents [2010.04.01 09:56:37 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Downloads [2009.07.14 03:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Druckumgebung [2010.04.01 09:56:37 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Eigene Dateien [2010.04.01 09:56:37 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Favorites [2009.07.14 03:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Links [2009.07.14 03:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Local Settings [2009.07.14 05:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Lokale Einstellungen [2010.04.01 09:56:37 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Music [2009.07.14 03:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\My Documents [2009.07.14 05:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NetHood [2009.07.14 05:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Netzwerkumgebung [2010.04.01 09:56:37 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NTUSER.DAT ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG1 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG2 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Default\Pictures [2009.07.14 03:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\PrintHood [2009.07.14 05:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Recent [2009.07.14 05:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Saved Games [2009.07.14 03:04:25 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\SendTo [2009.07.14 05:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Start Menu [2009.07.14 05:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Startmenü [2010.04.01 09:56:37 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Templates [2009.07.14 05:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Videos [2009.07.14 03:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Vorlagen [2010.04.01 09:56:37 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\xxx\.gimp-2.6 [2013.01.25 18:24:23 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\xxx\.jordan [2010.09.28 11:47:42 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\xxx\.pdfsam [2010.04.10 21:19:56 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\xxx\.recently-used.xbel ()
O4 - Startup: C:\Users\xxx\.thumbnails [2012.02.17 15:56:00 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\xxx\.VirtualBox [2012.07.06 19:16:31 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\xxx\Anwendungsdaten [2010.04.01 09:56:54 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\xxx\AppData [2010.11.08 23:45:47 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\xxx\Application Data [2010.04.29 11:49:49 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\xxx\B0BF705768694E4B920CEA2A58DA07F0.TMP [2011.05.27 10:00:32 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\xxx\Calibre Bibliothek [2012.12.31 14:27:01 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\xxx\Contacts [2012.07.17 19:19:40 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\xxx\Cookies [2010.04.01 09:56:54 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\xxx\defogger_reenable ()
O4 - Startup: C:\Users\xxx\Desktop [2013.01.25 22:09:18 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\xxx\Documents [2012.12.26 18:35:27 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\xxx\Downloads [2013.01.25 21:49:03 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\xxx\Dropbox [2013.01.25 16:43:54 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\xxx\Druckumgebung [2010.04.01 09:56:54 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\xxx\dwhelper [2011.05.03 08:31:05 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\xxx\eBooks [2012.12.23 12:19:47 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\xxx\Eigene Dateien [2010.04.01 09:56:54 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\xxx\Favorites [2012.07.17 19:19:40 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\xxx\Links [2013.01.18 22:15:19 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\xxx\Lokale Einstellungen [2010.04.01 09:56:54 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\xxx\Music [2012.07.17 19:19:40 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\xxx\Netzwerkumgebung [2010.04.01 09:56:54 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\xxx\NTUSER.DAT ()
O4 - Startup: C:\Users\xxx\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\xxx\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\xxx\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf ()
O4 - Startup: C:\Users\xxx\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\xxx\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\xxx\ntuser.ini ()
O4 - Startup: C:\Users\xxx\ntuser.pol ()
O4 - Startup: C:\Users\xxx\Pictures [2013.01.06 14:11:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\xxx\Recent [2010.04.01 09:56:54 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\xxx\Saved Games [2012.09.18 18:51:53 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\xxx\Searches [2012.07.17 19:19:40 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\xxx\SendTo [2010.04.01 09:56:54 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\xxx\Sicherung.ct ()
O4 - Startup: C:\Users\xxx\Startmenü [2010.04.01 09:56:54 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\xxx\temp [2012.08.17 18:02:31 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\xxx\Videos [2012.07.17 19:19:40 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\xxx\Vorlagen [2010.04.01 09:56:54 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Public\Desktop [2013.01.25 18:47:31 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Documents [2010.04.01 09:56:37 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Downloads [2009.07.14 05:41:57 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Favorites [2009.07.14 03:04:25 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Libraries [2010.04.01 09:56:39 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Music [2009.07.14 05:41:57 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Pictures [2012.03.27 21:52:46 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Recorded TV [2009.07.14 09:56:56 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Videos [2011.11.06 14:17:18 | 000,000,000 | R--D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\S-1-5-21-1540551232-1688979138-1493288123-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1540551232-1688979138-1493288123-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1540551232-1688979138-1493288123-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B183254B-A08C-46D1-81D5-CFD1C68FD3D7}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F22437F5-A0DC-4EA7-BC94-2F925A130629}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Programme\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.25 19:41:19 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.01.25 18:56:30 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.01.25 18:24:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2013.01.25 18:18:55 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2013.01.25 18:11:47 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2013.01.14 11:26:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.01.14 11:25:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.01.14 11:25:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.01.14 11:25:46 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.01.13 14:34:25 | 000,000,000 | ---D | C] -- C:\Windows\rescache
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.25 22:26:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.25 22:04:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.25 22:01:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1540551232-1688979138-1493288123-1001UA.job
[2013.01.25 21:49:03 | 000,000,000 | ---- | M] () -- C:\Users\Admin\defogger_reenable
[2013.01.25 18:47:31 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.01.25 18:46:54 | 000,001,175 | ---- | M] () -- C:\Users\Public\Desktop\PDF-Viewer.lnk
[2013.01.25 18:24:15 | 000,001,739 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2013.01.25 18:23:26 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2013.01.25 18:21:41 | 000,001,028 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.01.25 18:11:50 | 000,001,068 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013.01.25 16:51:10 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.25 16:51:10 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.25 16:42:44 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.25 16:41:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.25 16:41:25 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.25 12:01:22 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2013.01.25 10:18:49 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1540551232-1688979138-1493288123-1001Core.job
[2013.01.14 11:26:37 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.01.11 21:01:34 | 000,439,840 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.11 16:37:37 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.11 16:37:37 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.11 16:37:37 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.11 16:37:37 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.25 21:49:03 | 000,000,000 | ---- | C] () -- C:\Users\Admin\defogger_reenable
[2013.01.25 18:46:54 | 000,001,175 | ---- | C] () -- C:\Users\Public\Desktop\PDF-Viewer.lnk
[2013.01.25 18:24:15 | 000,001,751 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2013.01.25 18:24:15 | 000,001,739 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2013.01.25 18:21:41 | 000,001,028 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.01.25 18:19:09 | 000,001,791 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2013.01.25 18:11:50 | 000,001,068 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013.01.25 18:11:50 | 000,001,031 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2013.01.14 11:26:37 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.06.09 12:43:05 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2011.06.09 12:43:05 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2011.03.11 10:04:53 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.12.09 01:31:51 | 000,000,058 | ---- | C] () -- \.tdbd
[2010.04.20 19:41:20 | 000,000,458 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.04.17 22:44:24 | 000,001,732 | ---- | C] () -- \tvtpktfilter.dat
[2010.04.01 11:05:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.04.01 10:42:47 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK
[2010.04.01 10:42:45 | 000,383,786 | RHS- | C] () -- \bootmgr
[2010.04.01 09:43:57 | 2414,682,112 | -HS- | C] () -- \hiberfil.sys
[2009.07.14 03:04:04 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2009.07.14 03:04:04 | 000,000,010 | ---- | C] () -- \config.sys
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.07.04 12:34:47 | 000,000,000 | -HSD | M] -- C:\Users\Admin\Anwendungsdaten
[2012.07.04 12:34:47 | 000,000,000 | -H-D | M] -- C:\Users\Admin\AppData
[2012.07.04 12:34:47 | 000,000,000 | -HSD | M] -- C:\Users\Admin\Cookies
[2013.01.25 21:45:59 | 000,000,000 | R--D | M] -- C:\Users\Admin\Desktop
[2013.01.25 18:07:47 | 000,000,000 | R--D | M] -- C:\Users\Admin\Documents
[2009.07.14 03:04:25 | 000,000,000 | R--D | M] -- C:\Users\Admin\Downloads
[2012.07.04 12:34:47 | 000,000,000 | -HSD | M] -- C:\Users\Admin\Druckumgebung
[2012.07.04 12:34:47 | 000,000,000 | -HSD | M] -- C:\Users\Admin\Eigene Dateien
[2012.12.23 12:57:32 | 000,000,000 | R--D | M] -- C:\Users\Admin\Favorites
[2009.07.14 03:04:25 | 000,000,000 | R--D | M] -- C:\Users\Admin\Links
[2012.07.04 12:34:47 | 000,000,000 | -HSD | M] -- C:\Users\Admin\Lokale Einstellungen
[2009.07.14 03:04:25 | 000,000,000 | R--D | M] -- C:\Users\Admin\Music
[2012.07.04 12:34:47 | 000,000,000 | -HSD | M] -- C:\Users\Admin\Netzwerkumgebung
[2009.07.14 03:04:25 | 000,000,000 | R--D | M] -- C:\Users\Admin\Pictures
[2012.07.04 12:34:47 | 000,000,000 | -HSD | M] -- C:\Users\Admin\Recent
[2009.07.14 03:04:25 | 000,000,000 | ---D | M] -- C:\Users\Admin\Saved Games
[2012.07.04 12:34:47 | 000,000,000 | -HSD | M] -- C:\Users\Admin\SendTo
[2012.07.04 12:34:47 | 000,000,000 | -HSD | M] -- C:\Users\Admin\Startmenü
[2009.07.14 03:04:25 | 000,000,000 | R--D | M] -- C:\Users\Admin\Videos
[2012.07.04 12:34:47 | 000,000,000 | -HSD | M] -- C:\Users\Admin\Vorlagen
[2013.01.14 11:26:29 | 000,000,000 | ---D | M] -- C:\Users\All Users\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2010.04.01 09:56:37 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Anwendungsdaten
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data
[2010.10.18 17:47:50 | 000,000,000 | ---D | M] -- C:\Users\All Users\Cisco
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents
[2010.04.01 09:56:37 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Dokumente
[2010.04.01 09:56:37 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favoriten
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites
[2010.06.27 23:43:12 | 000,000,000 | ---D | M] -- C:\Users\All Users\FreePDF
[2012.05.21 14:47:34 | 000,000,000 | ---D | M] -- C:\Users\All Users\Installations
[2010.05.25 18:11:09 | 000,000,000 | ---D | M] -- C:\Users\All Users\Nokia
[2010.05.25 17:29:53 | 000,000,000 | ---D | M] -- C:\Users\All Users\OviInstallerCache
[2011.03.02 16:12:23 | 000,000,000 | ---D | M] -- C:\Users\All Users\PC Suite
[2010.06.09 11:22:32 | 000,000,000 | ---D | M] -- C:\Users\All Users\PC-Doctor for Windows
[2010.06.09 11:23:09 | 000,000,000 | ---D | M] -- C:\Users\All Users\PCDr
[2012.10.26 21:31:02 | 000,000,000 | ---D | M] -- C:\Users\All Users\regid.1986-12.com.adobe
[2012.07.28 08:14:15 | 000,000,000 | ---D | M] -- C:\Users\All Users\Sophos
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu
[2010.04.01 09:56:37 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Startmenü
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates
[2010.06.24 23:59:00 | 000,000,000 | ---D | M] -- C:\Users\All Users\Tracker Software
[2010.04.01 10:54:03 | 000,000,000 | ---D | M] -- C:\Users\All Users\TrueCrypt
[2010.04.01 09:56:37 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Vorlagen
[2010.04.10 22:17:14 | 000,000,000 | ---D | M] -- C:\Users\All Users\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.04.01 09:56:37 | 000,000,000 | -HSD | M] -- C:\Users\Default\Anwendungsdaten
[2009.07.14 03:37:05 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Cookies
[2009.07.14 03:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
[2010.04.01 09:56:37 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
[2009.07.14 03:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
[2010.04.01 09:56:37 | 000,000,000 | -HSD | M] -- C:\Users\Default\Druckumgebung
[2010.04.01 09:56:37 | 000,000,000 | -HSD | M] -- C:\Users\Default\Eigene Dateien
[2009.07.14 03:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
[2009.07.14 03:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
[2010.04.01 09:56:37 | 000,000,000 | -HSD | M] -- C:\Users\Default\Lokale Einstellungen
[2009.07.14 03:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
[2010.04.01 09:56:37 | 000,000,000 | -HSD | M] -- C:\Users\Default\Netzwerkumgebung
[2009.07.14 03:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
[2009.07.14 03:04:25 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
[2010.04.01 09:56:37 | 000,000,000 | -HSD | M] -- C:\Users\Default\Startmenü
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
[2009.07.14 03:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
[2010.04.01 09:56:37 | 000,000,000 | -HSD | M] -- C:\Users\Default\Vorlagen
[2013.01.25 18:24:23 | 000,000,000 | ---D | M] -- C:\Users\xxx\.gimp-2.6
[2010.09.28 11:47:42 | 000,000,000 | ---D | M] -- C:\Users\xxx\.jordan
[2010.04.10 21:19:56 | 000,000,000 | ---D | M] -- C:\Users\xxx\.pdfsam
[2012.02.17 15:56:00 | 000,000,000 | ---D | M] -- C:\Users\xxx\.thumbnails
[2012.07.06 19:16:31 | 000,000,000 | ---D | M] -- C:\Users\xxx\.VirtualBox
[2010.04.01 09:56:54 | 000,000,000 | -HSD | M] -- C:\Users\xxx\Anwendungsdaten
[2010.11.08 23:45:47 | 000,000,000 | -H-D | M] -- C:\Users\xxx\AppData
[2010.04.29 11:49:49 | 000,000,000 | ---D | M] -- C:\Users\xxx\Application Data
[2011.05.27 10:00:32 | 000,000,000 | ---D | M] -- C:\Users\xxx\B0BF705768694E4B920CEA2A58DA07F0.TMP
[2012.12.31 14:27:01 | 000,000,000 | ---D | M] -- C:\Users\xxx\Calibre Bibliothek
[2012.07.17 19:19:40 | 000,000,000 | R--D | M] -- C:\Users\xxx\Contacts
[2010.04.01 09:56:54 | 000,000,000 | -HSD | M] -- C:\Users\xxx\Cookies
[2013.01.25 22:09:18 | 000,000,000 | R--D | M] -- C:\Users\xxx\Desktop
[2012.12.26 18:35:27 | 000,000,000 | R--D | M] -- C:\Users\xxx\Documents
[2013.01.25 21:49:03 | 000,000,000 | R--D | M] -- C:\Users\xxx\Downloads
[2013.01.25 16:43:54 | 000,000,000 | R--D | M] -- C:\Users\xxx\Dropbox
[2010.04.01 09:56:54 | 000,000,000 | -HSD | M] -- C:\Users\xxx\Druckumgebung
[2011.05.03 08:31:05 | 000,000,000 | ---D | M] -- C:\Users\xxx\dwhelper
[2012.12.23 12:19:47 | 000,000,000 | ---D | M] -- C:\Users\xxx\eBooks
[2010.04.01 09:56:54 | 000,000,000 | -HSD | M] -- C:\Users\xxx\Eigene Dateien
[2012.07.17 19:19:40 | 000,000,000 | R--D | M] -- C:\Users\xxx\Favorites
[2013.01.18 22:15:19 | 000,000,000 | R--D | M] -- C:\Users\xxx\Links
[2010.04.01 09:56:54 | 000,000,000 | -HSD | M] -- C:\Users\xxx\Lokale Einstellungen
[2012.07.17 19:19:40 | 000,000,000 | R--D | M] -- C:\Users\xxx\Music
[2010.04.01 09:56:54 | 000,000,000 | -HSD | M] -- C:\Users\xxx\Netzwerkumgebung
[2013.01.06 14:11:02 | 000,000,000 | R--D | M] -- C:\Users\xxx\Pictures
[2010.04.01 09:56:54 | 000,000,000 | -HSD | M] -- C:\Users\xxx\Recent
[2012.09.18 18:51:53 | 000,000,000 | R--D | M] -- C:\Users\xxx\Saved Games
[2012.07.17 19:19:40 | 000,000,000 | R--D | M] -- C:\Users\xxx\Searches
[2010.04.01 09:56:54 | 000,000,000 | -HSD | M] -- C:\Users\xxx\SendTo
[2010.04.01 09:56:54 | 000,000,000 | -HSD | M] -- C:\Users\xxx\Startmenü
[2012.08.17 18:02:31 | 000,000,000 | ---D | M] -- C:\Users\xxx\temp
[2012.07.17 19:19:40 | 000,000,000 | R--D | M] -- C:\Users\xxx\Videos
[2010.04.01 09:56:54 | 000,000,000 | -HSD | M] -- C:\Users\xxx\Vorlagen
[2013.01.25 18:47:31 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2010.04.01 09:56:37 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents
[2009.07.14 05:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
[2009.07.14 03:04:25 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2010.04.01 09:56:39 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2009.07.14 05:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Music
[2012.03.27 21:52:46 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures
[2009.07.14 09:56:56 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV
[2011.11.06 14:17:18 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos
 
========== Purity Check ==========
 
 

< End of report >

ryder 26.01.2013 10:10
Das ist ein Installer in dem ein wenig Werbung ist. Da ist nichts zu tun.

bloc 26.01.2013 10:20
Okay. Eine Frage noch:

Was mir im OTL-Log noch aufgefallen war, sind diese komischen Links unter:

O1 HOSTS File: ([2010.10.11 15:16:07 | 000,386,187 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com

und so weiter

O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info

wo kommen die her?

ryder 26.01.2013 10:23
Das ist der veraltete Spybot-Schutz. Weg mit dem Programm ...

bloc 26.01.2013 10:24
Super! Danke ... Ihr seid echt die besten!!

ryder 26.01.2013 10:28
Yay! :)

Schön, dass wir helfen konnten :abklatsch:

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen

Falls du noch Lob oder Kritik loswerden möchtest, dann gibt es diesen Bereich hier: http://www.trojaner-board.de/lob-kritik-wuensche/


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:08 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55