|
Log-Analyse und Auswertung: Und noch ein BKA-TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
07.08.2011, 14:36 | #1 |
| Und noch ein BKA-Trojaner Hallo, habe auch den anscheinend weit verbreiteten BKA Trojaner. Heute Nacht gegen 4 Uhr kam der Screen, nach dem Neustart auch noch. Abgesicherter Modus funktionierte ohne Probleme. Nach einer Systemrücksetzung funktioniert jetzt wieder alles einwandfrei, ich bezweifel allerdings, dass dies so bleibt, und hab trotzdem mal OTL durchlaufen lassen, vllt ist der Trojaner ja noch irgendwo. Danke schonmal. OTL logfile created on: 07.08.2011 14:05:32 - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = D:\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,80 Gb Available Physical Memory | 55,28% Memory free 6,71 Gb Paging File | 5,18 Gb Available in Paging File | 77,15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 76,00 Gb Total Space | 5,68 Gb Free Space | 7,47% Space Free | Partition Type: NTFS Drive D: | 511,38 Gb Total Space | 24,52 Gb Free Space | 4,80% Space Free | Partition Type: NTFS Computer Name: DITTMER-PC | User Name: dittmer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Programme\Pando Networks\Media Booster\PMB.exe () PRC - D:\Program Files\Picasa3\PicasaPhotoViewer.exe (Google Inc.) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) PRC - C:\Programme\Air Mouse\Air Mouse\Air Mouse.exe () PRC - C:\ProgramData\TVersity\Media Server\MediaServer.exe () PRC - C:\Windows\vVX1000.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - D:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe () PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - D:\Program Files\Nero 9\InCD\InCDSrv.exe (Nero AG) PRC - D:\Program Files\Nero 9\InCD\NBHRegInCDSrv.exe (Nero AG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) PRC - C:\Windows\System32\rstrui.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Windows\System32\libusbd-nt.exe (hxxp://libusb-win32.sourceforge.net) ========== Modules (SafeList) ========== MOD - D:\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (SPService) -- File not found SRV - (Nero BackItUp Scheduler 4.0) -- File not found SRV - (TVersityMediaServer) -- C:\ProgramData\TVersity\Media Server\MediaServer.exe () SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe () SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (InCDSrv) -- D:\Program Files\Nero 9\InCD\InCDSrv.exe (Nero AG) SRV - (NeroRegInCDSrv) -- D:\Program Files\Nero 9\InCD\NBHRegInCDSrv.exe (Nero AG) SRV - (Usmsycl) -- C:\Windows\System32\drivers\ataport.sys (Microsoft Corporation) SRV - (TestHandler) -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (FSCLBaseUpdaterService) -- C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe () SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH) SRV - (UPnPService) -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG) SRV - (libusbd) -- C:\Windows\System32\libusbd-nt.exe (hxxp://libusb-win32.sourceforge.net) ========== Driver Services (SafeList) ========== DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (VX1000) -- C:\Windows\System32\drivers\VX1000.sys (Microsoft Corporation) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (InCDFs) -- C:\Windows\System32\drivers\InCDFs.sys (Nero AG) DRV - (InCDPass) -- C:\Windows\System32\drivers\InCDPass.sys (Nero AG) DRV - (InCDRec) -- C:\Windows\System32\drivers\InCDRec.sys (Nero AG) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (ahcix86s) -- C:\Windows\system32\drivers\ahcix86s.sys (AMD Technologies Inc.) DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (X4HSX32Ex) -- C:\Programme\Metaboli Player\X4HSX32Ex.sys (Exent Technologies Ltd.) DRV - (RxFilter) -- C:\Windows\System32\drivers\RxFilter.sys (Sonic Solutions) DRV - (libusb0) -- C:\Windows\System32\drivers\libusb0.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\1105221932\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "foxsearch" FF - prefs.js..browser.search.order.1: "foxsearch" FF - prefs.js..browser.search.selectedEngine: "foxsearch" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://buchholz-top-fahrschule.de/" FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590 FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.21.0 FF - prefs.js..extensions.enabledItems: {76C80A11-FAD4-406c-8246-F5ED4F9367B5}:0.1.6 FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.6.6 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: gutscheinmieze@synatix-gmbh.de:1.03 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7 FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - prefs.js..network.proxy.http: "109.235.49.143" FF - prefs.js..network.proxy.http_port: 80 FF - prefs.js..network.proxy.type: 0 FF - user.js..browser.search.selectedEngine: "foxsearch" FF - user.js..browser.search.order.1: "foxsearch" FF - user.js..browser.search.defaultenginename: "foxsearch" FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Program Files\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: c:\Program Files\Sony\Media Go\npmediago.dll (Sony Creative Software Inc) FF - HKLM\Software\MozillaPlugins\@thrixxx.com/WebLaunch: C:\Program Files\thriXXX\WebLaunch\Binaries\npWebLaunch.dll ( ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\dittmer\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks) FF - HKCU\Software\MozillaPlugins\@thrixxx.com/WebLaunch: C:\Program Files\thriXXX\WebLaunch\Binaries\npWebLaunch.dll ( ) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme [2011.07.13 18:15:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.08 18:17:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.08 18:17:39 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme [2011.07.13 18:15:08 | 000,000,000 | ---D | M] [2009.03.06 03:15:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dittmer\AppData\Roaming\mozilla\Extensions [2011.07.20 22:58:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dittmer\AppData\Roaming\mozilla\Firefox\Profiles\ce8qmtiq.default\extensions [2009.09.02 15:43:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\dittmer\AppData\Roaming\mozilla\Firefox\Profiles\ce8qmtiq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.06.20 19:50:48 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\dittmer\AppData\Roaming\mozilla\Firefox\Profiles\ce8qmtiq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.07.29 22:25:17 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\dittmer\AppData\Roaming\mozilla\Firefox\Profiles\ce8qmtiq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2009.08.26 05:53:29 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\dittmer\AppData\Roaming\mozilla\Firefox\Profiles\ce8qmtiq.default\extensions\battlefieldheroespatcher@ea.com [2011.01.05 21:41:34 | 000,000,000 | ---D | M] (Gutscheinmieze) -- C:\Users\dittmer\AppData\Roaming\mozilla\Firefox\Profiles\ce8qmtiq.default\extensions\gutscheinmieze@synatix-gmbh.de [2011.08.07 13:57:49 | 000,000,000 | ---D | M] ("Nero Toolbar") -- C:\Users\dittmer\AppData\Roaming\mozilla\Firefox\Profiles\ce8qmtiq.default\extensions\toolbar@ask.com [2011.08.04 00:52:15 | 000,000,950 | ---- | M] () -- C:\Users\dittmer\AppData\Roaming\Mozilla\Firefox\Profiles\ce8qmtiq.default\searchplugins\icqplugin-1.xml [2011.06.20 19:56:46 | 000,001,056 | ---- | M] () -- C:\Users\dittmer\AppData\Roaming\Mozilla\Firefox\Profiles\ce8qmtiq.default\searchplugins\icqplugin.xml [2009.08.07 05:39:21 | 000,002,134 | ---- | M] () -- C:\Users\dittmer\AppData\Roaming\Mozilla\Firefox\Profiles\ce8qmtiq.default\searchplugins\n-romsuche.xml [2009.09.18 00:49:42 | 000,002,010 | ---- | M] () -- C:\Users\dittmer\AppData\Roaming\Mozilla\Firefox\Profiles\ce8qmtiq.default\searchplugins\romulation-rom-search.xml [2011.08.05 22:59:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.11.14 22:50:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.08.05 22:59:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2009.08.26 08:19:10 | 000,000,000 | ---D | M] (Yummy CONDUIT Player) -- C:\Programme\Mozilla Firefox\extensions\YPlayer@yummy.net File not found (No name found) -- [2009.08.23 04:54:36 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2010.11.14 22:50:58 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.08.05 22:59:58 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.07.13 18:15:08 | 000,000,000 | ---D | M] (FaceTheme - Change your Facebook layout!) -- C:\PROGRAM FILES\OBJECT\FACETHEME () (No name found) -- C:\USERS\DITTMER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CE8QMTIQ.DEFAULT\EXTENSIONS\{76C80A11-FAD4-406C-8246-F5ED4F9367B5}.XPI () (No name found) -- C:\USERS\DITTMER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CE8QMTIQ.DEFAULT\EXTENSIONS\{B749FC7C-E949-447F-926C-3F4EED6ACCFE}.XPI () (No name found) -- C:\USERS\DITTMER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CE8QMTIQ.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI [2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2006.09.21 18:29:00 | 000,135,227 | ---- | M] (Exent Technologies Ltd.) -- C:\Program Files\mozilla firefox\plugins\npExentCtl.dll [2010.03.19 10:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll [2006.08.09 12:16:08 | 000,030,408 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npWebLaunch.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.01.05 21:41:34 | 000,000,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\foxsearch.src [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.) O2 - BHO: (Facetheme) - {cbc5b60a-aa4d-45f6-84c2-d086f320299a} - C:\Programme\Object\bho_project.dll (InternetEngine) O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found. O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\1105221932\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\dittmer\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\dittmer\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( ) O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\ApcMain.exe (Ascentive) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [wmupdater] File not found O4 - HKCU..\Run: [{3BEEA621-37E1-0A23-10A5-DB67BE56BC33}] File not found O4 - HKCU..\Run: [4E3E0230AEBB4E96] C:\Recycle.Bin\Recycle.Bin.exe (Macromedia, Inc.) O4 - HKCU..\Run: [aauakf5] File not found O4 - HKCU..\Run: [aavl5] File not found O4 - HKCU..\Run: [affvv] File not found O4 - HKCU..\Run: [afl3l] File not found O4 - HKCU..\Run: [AirVideoServer] C:\Programme\AirVideoServer\AirVideoServer.exe () O4 - HKCU..\Run: [appkaa] File not found O4 - HKCU..\Run: [aqgvvqq] File not found O4 - HKCU..\Run: [aqql1f] File not found O4 - HKCU..\Run: [aqqla] File not found O4 - HKCU..\Run: [avkkffa] File not found O4 - HKCU..\Run: [avvfkvf] File not found O4 - HKCU..\Run: [avvqll] File not found O4 - HKCU..\Run: [blllqbl] File not found O4 - HKCU..\Run: [cleansweep.exe] File not found O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [ddjdd2j] File not found O4 - HKCU..\Run: [ddsii5n] File not found O4 - HKCU..\Run: [ddtjj] File not found O4 - HKCU..\Run: [disd1s] File not found O4 - HKCU..\Run: [disniyt] File not found O4 - HKCU..\Run: [disy4s] File not found O4 - HKCU..\Run: [dydyd] File not found O4 - HKCU..\Run: [dyoytoo] File not found O4 - HKCU..\Run: [Exetender] C:\Program Files\Metaboli Player\GPlayer.exe (Exent Technologies Ltd.) O4 - HKCU..\Run: [extensionx.exe] File not found O4 - HKCU..\Run: [ggbvvq0] File not found O4 - HKCU..\Run: [gqbvqg] File not found O4 - HKCU..\Run: [hhmxhh] File not found O4 - HKCU..\Run: [hmhhwm] File not found O4 - HKCU..\Run: [hschsc] File not found O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [iisdxsi] File not found O4 - HKCU..\Run: [ininxii] File not found O4 - HKCU..\Run: [jjee98] File not found O4 - HKCU..\Run: [kpzukk] File not found O4 - HKCU..\Run: [laavvq] File not found O4 - HKCU..\Run: [laqffa] File not found O4 - HKCU..\Run: [lbbww] File not found O4 - HKCU..\Run: [lggbq] File not found O4 - HKCU..\Run: [mcrmrr] File not found O4 - HKCU..\Run: [mhhmhxx] File not found O4 - HKCU..\Run: [mxhss] File not found O4 - HKCU..\Run: [niyyss] File not found O4 - HKCU..\Run: [nninyi] File not found O4 - HKCU..\Run: [nnyiid] File not found O4 - HKCU..\Run: [nsxs1] File not found O4 - HKCU..\Run: [ooeuo] File not found O4 - HKCU..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [qaqql] File not found O4 - HKCU..\Run: [qfvva2] File not found O4 - HKCU..\Run: [qlffa] File not found O4 - HKCU..\Run: [qqfvva2] File not found O4 - HKCU..\Run: [qqllgaa] File not found O4 - HKCU..\Run: [qqvlq] File not found O4 - HKCU..\Run: [qqwgq] File not found O4 - HKCU..\Run: [qvqqfaa] File not found O4 - HKCU..\Run: [rhmxrrm] File not found O4 - HKCU..\Run: [rrhxxc] File not found O4 - HKCU..\Run: [rrwrhh] File not found O4 - HKCU..\Run: [scmmh] File not found O4 - HKCU..\Run: [tdojd] File not found O4 - HKCU..\Run: [tejte] File not found O4 - HKCU..\Run: [tyjdyo] File not found O4 - HKCU..\Run: [tyyeoyz] File not found O4 - HKCU..\Run: [userinit] File not found O4 - HKCU..\Run: [vavllfv] File not found O4 - HKCU..\Run: [vqffk] File not found O4 - HKCU..\Run: [vvfvvaf] File not found O4 - HKCU..\Run: [vvkka] File not found O4 - HKCU..\Run: [vvqggbq] File not found O4 - HKCU..\Run: [vvqq9] File not found O4 - HKCU..\Run: [vvqqvq1] File not found O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKCU..\Run: [wllg0] File not found O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKCU..\Run: [wwqggbq] File not found O4 - HKCU..\Run: [yejoyt] File not found O4 - HKCU..\Run: [yooj5] File not found O4 - HKCU..\Run: [yootydo] File not found O4 - HKCU..\Run: [ytnd0d] File not found O4 - HKCU..\Run: [yyodd] File not found O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - File not found O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\MPK\MPK.exe) - File not found O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-3070096142-6784784981-779092690-5225\rundll32.exe) - C:\RECYCLER\S-1-5-21-3070096142-6784784981-779092690-5225\ [2010.07.22 00:22:50 | 000,000,000 | RHSD | M] O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-3680809491-6281274103-558693237-4450\yv8g67.exe) - File not found O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-3070096142-6784784981-779092690-5225\rundll32.exe) - C:\RECYCLER\S-1-5-21-3070096142-6784784981-779092690-5225\ [2010.07.22 00:22:50 | 000,000,000 | RHSD | M] O24 - Desktop WallPaper: C:\Users\dittmer\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\dittmer\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{3a099e31-da53-11de-90a6-0021859a80ec}\Shell\AutoRun\command - "" = system32/rundll.exe O33 - MountPoints2\{3a099e31-da53-11de-90a6-0021859a80ec}\Shell\explore\command - "" = system32/rundll.exe O33 - MountPoints2\{3a099e31-da53-11de-90a6-0021859a80ec}\Shell\open\command - "" = system32/rundll.exe O33 - MountPoints2\{5a8a99f2-9f2a-11de-8c37-0021859a80ec}\Shell - "" = AutoRun O33 - MountPoints2\{5a8a99f2-9f2a-11de-8c37-0021859a80ec}\Shell\AutoRun\command - "" = K:\autorun.exe O33 - MountPoints2\{5a8aaa24-9f2a-11de-8c37-0021859a80ec}\Shell - "" = AutoRun O33 - MountPoints2\{5a8aaa24-9f2a-11de-8c37-0021859a80ec}\Shell\AutoRun\command - "" = M:\autorun.exe O33 - MountPoints2\{5a8aaa98-9f2a-11de-8c37-0021859a80ec}\Shell - "" = AutoRun O33 - MountPoints2\{5a8aaa98-9f2a-11de-8c37-0021859a80ec}\Shell\AutoRun\command - "" = N:\autorun.exe O33 - MountPoints2\{6751ba77-c436-11de-963c-0021859a80ec}\Shell\AutoRun\command - "" = P:\system32/rundll.exe O33 - MountPoints2\{6751ba77-c436-11de-963c-0021859a80ec}\Shell\explore\command - "" = P:\system32/rundll.exe O33 - MountPoints2\{6751ba77-c436-11de-963c-0021859a80ec}\Shell\open\command - "" = P:\system32/rundll.exe O33 - MountPoints2\{73ad8e24-e721-11de-b4e3-0021859a80ec}\Shell\AutoRun\command - "" = .\Docs\print.exe O33 - MountPoints2\{73ad8e24-e721-11de-b4e3-0021859a80ec}\Shell\explore\command - "" = .\\\\Docs/print.exe O33 - MountPoints2\{73ad8e24-e721-11de-b4e3-0021859a80ec}\Shell\open\command - "" = Docs////print.exe O33 - MountPoints2\{8e13cfe7-1e4f-11df-b2fe-0021859a80ec}\Shell\AutoRun\command - "" = .\Docs\print.exe O33 - MountPoints2\{8e13cfe7-1e4f-11df-b2fe-0021859a80ec}\Shell\explore\command - "" = P:\ O33 - MountPoints2\{8e13cfe7-1e4f-11df-b2fe-0021859a80ec}\Shell\open\command - "" = Docs////print.exe O33 - MountPoints2\{adcfe563-098b-11de-9d43-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{adcfe563-098b-11de-9d43-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe O33 - MountPoints2\{ba6ba536-8ed9-11de-8a48-0021859a80ec}\Shell\AutoRun\command - "" = system32/rundll.exe O33 - MountPoints2\{ba6ba536-8ed9-11de-8a48-0021859a80ec}\Shell\explore\command - "" = system32/rundll.exe O33 - MountPoints2\{ba6ba536-8ed9-11de-8a48-0021859a80ec}\Shell\open\command - "" = system32/rundll.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.08.05 23:00:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011.08.05 22:59:56 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.08.05 22:59:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.08.05 22:59:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.07.31 23:48:39 | 000,000,000 | ---D | C] -- C:\Users\dittmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ghostscript [2011.07.31 23:48:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ghostscript [2011.07.31 23:48:27 | 000,000,000 | ---D | C] -- C:\Program Files\gs [2011.07.31 23:42:48 | 000,000,000 | ---D | C] -- C:\Users\dittmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Blender [2011.07.31 23:42:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Blender [2011.07.31 23:42:48 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Blender [2011.07.28 18:52:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio [2011.07.28 18:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ballance [2011.07.25 17:08:57 | 000,000,000 | ---D | C] -- C:\Users\dittmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse [2011.07.19 21:09:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software2000 [2011.07.19 21:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\Software2000 [2011.07.19 20:20:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell [2011.07.17 08:21:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace [2011.07.17 08:09:15 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax [2011.07.17 08:09:13 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll [2011.07.17 08:09:12 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax [2011.07.17 08:03:36 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe [2011.07.17 08:01:43 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2011.07.17 08:01:43 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2011.07.17 08:01:43 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2011.07.17 08:00:12 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll [2011.07.17 08:00:11 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll [2011.07.17 07:58:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll [2011.07.17 07:56:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll [2011.07.17 07:56:35 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe [2011.07.17 07:56:35 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe [2011.07.17 07:56:35 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe [2011.07.17 07:56:34 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll [2011.07.17 07:56:34 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll [2011.07.17 07:56:33 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll [2011.07.17 07:56:33 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe [2011.07.17 07:56:33 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll [2011.07.17 07:56:33 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll [2011.07.17 07:56:33 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll [2011.07.17 07:56:25 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll [2011.07.17 07:56:25 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe [2011.07.17 07:56:25 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll [2011.07.17 07:56:25 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll [2011.07.17 07:56:25 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll [2011.07.17 07:49:10 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.07.17 07:49:10 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.07.17 07:49:10 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.07.17 07:49:10 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.07.17 07:49:10 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.07.17 07:49:09 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.07.17 07:49:09 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.07.17 07:49:09 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.07.17 07:49:09 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.07.17 07:49:08 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.07.17 07:49:08 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.07.17 07:49:07 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.07.17 07:49:07 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.07.17 07:49:07 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.07.17 07:49:07 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.07.17 07:49:07 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.07.17 07:49:07 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.07.17 07:46:44 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe [2011.07.17 07:46:44 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe [2011.07.17 07:46:44 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll [2011.07.17 07:46:44 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll [2011.07.17 07:46:44 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe [2011.07.17 07:46:44 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe [2011.07.17 07:46:43 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll [2011.07.17 07:46:43 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll [2011.07.17 07:46:43 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll [2011.07.17 07:43:21 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2011.07.17 07:39:28 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2011.07.17 07:38:39 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.07.17 07:37:39 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.07.17 07:37:39 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [2011.07.17 07:37:39 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.07.17 07:37:17 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2011.07.17 07:37:16 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2011.07.17 07:37:13 | 003,548,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.07.17 07:37:12 | 003,600,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.07.17 07:35:53 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.07.17 07:35:53 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.07.17 07:35:24 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [2011.07.17 07:35:22 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.07.17 07:35:22 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.07.17 07:35:18 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL [2011.07.17 07:35:02 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe [2011.07.17 07:34:36 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll [2011.07.17 07:34:36 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll [2011.07.17 07:34:36 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll [2011.07.17 07:34:18 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2011.07.17 07:34:17 | 002,042,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.07.17 07:34:16 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2011.07.17 07:33:31 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2011.07.17 07:33:31 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2011.07.17 07:33:30 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm [2011.07.17 07:32:47 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll [2011.07.17 07:32:47 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll [2011.07.17 07:32:24 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll [2011.07.17 07:31:38 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll [2011.07.17 07:31:38 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll [2011.07.17 07:31:21 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2011.07.17 07:30:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2011.07.17 07:30:13 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2011.07.17 07:30:12 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2011.07.17 07:30:12 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll [2011.07.17 07:30:12 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2011.07.17 07:30:12 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll [2011.07.17 07:30:09 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll [2011.07.17 07:28:45 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll [2011.07.17 07:28:45 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll [2011.07.17 07:28:45 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll [2011.07.17 07:28:45 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll [2011.07.17 07:27:21 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll [2011.07.13 18:16:45 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll [2011.07.13 18:16:45 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\i420vfw.dll [2011.07.13 18:15:32 | 000,000,000 | ---D | C] -- C:\Users\dittmer\AppData\Local\OpenCandy [2011.07.13 18:15:15 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll [2011.07.13 18:15:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © - by eRightSoft [2011.07.13 18:15:08 | 000,000,000 | ---D | C] -- C:\Program Files\Object [2011.07.10 17:09:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Oberon Games [2011.07.10 17:09:04 | 000,000,000 | ---D | C] -- C:\Users\dittmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oberon Media [2011.07.10 17:09:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oberon Media [2011.07.10 17:09:02 | 000,000,000 | ---D | C] -- C:\Program Files\GamesBar [2011.07.10 17:08:58 | 000,000,000 | ---D | C] -- C:\Program Files\Oberon Media [2011.07.10 17:08:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Oberon Media ========== Files - Modified Within 30 Days ========== [2011.08.07 13:56:04 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.08.07 13:56:04 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.08.07 13:56:04 | 000,122,636 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.08.07 13:56:04 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.08.07 13:49:59 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.08.07 13:49:33 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.08.07 13:49:32 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.08.07 13:49:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.08.07 02:50:41 | 000,001,356 | ---- | M] () -- C:\Users\dittmer\AppData\Local\d3d9caps.dat [2011.08.06 23:07:12 | 000,107,195 | ---- | M] () -- C:\Users\dittmer\Desktop\jhipo.JPG [2011.08.06 19:11:31 | 000,087,281 | ---- | M] () -- C:\Users\dittmer\Desktop\jpoj.JPG [2011.08.06 19:09:17 | 000,056,261 | ---- | M] () -- C:\Users\dittmer\Desktop\jpj.JPG [2011.08.06 19:06:06 | 000,074,954 | ---- | M] () -- C:\Users\dittmer\Desktop\lnoip.JPG [2011.08.06 19:04:03 | 000,244,437 | ---- | M] () -- C:\Users\dittmer\Desktop\dij.JPG [2011.08.06 18:28:47 | 000,071,836 | ---- | M] () -- C:\Users\dittmer\Desktop\be cool.jpg [2011.08.06 16:12:30 | 000,043,729 | ---- | M] () -- C:\Users\dittmer\Desktop\broa.JPG [2011.08.06 00:46:00 | 000,053,760 | ---- | M] () -- C:\Users\dittmer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.08.06 00:36:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.08.05 17:26:41 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2011.08.05 10:15:09 | 000,040,920 | ---- | M] () -- C:\Users\dittmer\Desktop\picdump-11-08-05-123.jpg [2011.08.05 10:13:58 | 000,050,691 | ---- | M] () -- C:\Users\dittmer\Desktop\picdump-11-08-05-106.jpg [2011.08.02 15:42:45 | 000,047,735 | ---- | M] () -- C:\Users\dittmer\Desktop\5822.jpg [2011.08.02 15:40:55 | 000,040,621 | ---- | M] () -- C:\Users\dittmer\Desktop\85th.jpg [2011.08.02 15:37:37 | 000,035,146 | ---- | M] () -- C:\Users\dittmer\Desktop\58th.jpg [2011.08.02 15:35:47 | 000,063,061 | ---- | M] () -- C:\Users\dittmer\Desktop\49th.jpg [2011.08.02 15:34:50 | 000,029,238 | ---- | M] () -- C:\Users\dittmer\Desktop\41th.jpg [2011.08.02 15:33:50 | 000,331,810 | ---- | M] () -- C:\Users\dittmer\Desktop\34th.jpg [2011.08.02 15:32:34 | 000,087,823 | ---- | M] () -- C:\Users\dittmer\Desktop\21th.jpg [2011.07.31 23:51:04 | 044,698,949 | ---- | M] () -- C:\.pdf [2011.07.31 23:50:32 | 000,000,043 | ---- | M] () -- C:\Windows\gswin32.ini [2011.07.31 23:42:48 | 000,000,841 | ---- | M] () -- C:\Users\dittmer\Desktop\PDF Blender.lnk [2011.07.29 14:45:52 | 000,055,876 | ---- | M] () -- C:\Users\dittmer\Desktop\picdump-11-07-29-120.jpg [2011.07.28 18:52:19 | 000,000,659 | ---- | M] () -- C:\Users\Public\Desktop\Ballance.lnk [2011.07.25 23:48:54 | 000,127,607 | ---- | M] () -- C:\Users\dittmer\Desktop\1418a91355.gif [2011.07.25 17:08:57 | 000,000,312 | ---- | M] () -- C:\Users\dittmer\Desktop\Curse Client.appref-ms [2011.07.25 14:48:56 | 000,042,649 | ---- | M] () -- C:\Users\dittmer\Desktop\jj.JPG [2011.07.23 13:51:28 | 000,052,386 | ---- | M] () -- C:\Users\dittmer\Desktop\picdump-10-07-22-044.jpg [2011.07.21 17:34:42 | 000,052,791 | ---- | M] () -- C:\Users\dittmer\Desktop\5812.jpg [2011.07.20 11:29:37 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.07.20 11:29:36 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.07.19 21:09:07 | 000,000,596 | ---- | M] () -- C:\Users\Public\Desktop\Pizza Syndicate.lnk [2011.07.19 20:24:04 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D9340780-93AB-4B8E-AAE2-6DB96F575BB6}.job [2011.07.19 20:23:50 | 000,299,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.07.17 21:52:00 | 000,041,075 | ---- | M] () -- C:\Users\dittmer\Desktop\lod.JPG [2011.07.13 18:17:42 | 283,544,572 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.07.11 13:05:50 | 000,040,871 | ---- | M] () -- C:\Users\dittmer\Desktop\859 euro fahrschule.JPG [2011.07.10 22:52:09 | 000,092,323 | ---- | M] () -- C:\Users\dittmer\Desktop\5762.jpg ========== Files Created - No Company Name ========== [2011.08.06 23:07:10 | 000,107,195 | ---- | C] () -- C:\Users\dittmer\Desktop\jhipo.JPG [2011.08.06 19:11:28 | 000,087,281 | ---- | C] () -- C:\Users\dittmer\Desktop\jpoj.JPG [2011.08.06 19:09:15 | 000,056,261 | ---- | C] () -- C:\Users\dittmer\Desktop\jpj.JPG [2011.08.06 19:06:03 | 000,074,954 | ---- | C] () -- C:\Users\dittmer\Desktop\lnoip.JPG [2011.08.06 19:04:00 | 000,244,437 | ---- | C] () -- C:\Users\dittmer\Desktop\dij.JPG [2011.08.06 18:28:47 | 000,071,836 | ---- | C] () -- C:\Users\dittmer\Desktop\be cool.jpg [2011.08.06 16:12:27 | 000,043,729 | ---- | C] () -- C:\Users\dittmer\Desktop\broa.JPG [2011.08.05 10:15:09 | 000,040,920 | ---- | C] () -- C:\Users\dittmer\Desktop\picdump-11-08-05-123.jpg [2011.08.05 10:13:58 | 000,050,691 | ---- | C] () -- C:\Users\dittmer\Desktop\picdump-11-08-05-106.jpg [2011.08.02 15:42:45 | 000,047,735 | ---- | C] () -- C:\Users\dittmer\Desktop\5822.jpg [2011.08.02 15:40:55 | 000,040,621 | ---- | C] () -- C:\Users\dittmer\Desktop\85th.jpg [2011.08.02 15:37:37 | 000,035,146 | ---- | C] () -- C:\Users\dittmer\Desktop\58th.jpg [2011.08.02 15:35:47 | 000,063,061 | ---- | C] () -- C:\Users\dittmer\Desktop\49th.jpg [2011.08.02 15:34:50 | 000,029,238 | ---- | C] () -- C:\Users\dittmer\Desktop\41th.jpg [2011.08.02 15:33:50 | 000,331,810 | ---- | C] () -- C:\Users\dittmer\Desktop\34th.jpg [2011.08.02 15:32:34 | 000,087,823 | ---- | C] () -- C:\Users\dittmer\Desktop\21th.jpg [2011.07.31 23:50:32 | 044,698,949 | ---- | C] () -- C:\.pdf [2011.07.31 23:50:32 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini [2011.07.31 23:42:48 | 000,000,841 | ---- | C] () -- C:\Users\dittmer\Desktop\PDF Blender.lnk [2011.07.29 14:45:52 | 000,055,876 | ---- | C] () -- C:\Users\dittmer\Desktop\picdump-11-07-29-120.jpg [2011.07.28 18:52:19 | 000,000,659 | ---- | C] () -- C:\Users\Public\Desktop\Ballance.lnk [2011.07.25 23:48:54 | 000,127,607 | ---- | C] () -- C:\Users\dittmer\Desktop\1418a91355.gif [2011.07.25 17:08:57 | 000,000,312 | ---- | C] () -- C:\Users\dittmer\Desktop\Curse Client.appref-ms [2011.07.25 14:48:53 | 000,042,649 | ---- | C] () -- C:\Users\dittmer\Desktop\jj.JPG [2011.07.23 13:51:28 | 000,052,386 | ---- | C] () -- C:\Users\dittmer\Desktop\picdump-10-07-22-044.jpg [2011.07.21 17:34:42 | 000,052,791 | ---- | C] () -- C:\Users\dittmer\Desktop\5812.jpg [2011.07.19 21:09:07 | 000,000,596 | ---- | C] () -- C:\Users\Public\Desktop\Pizza Syndicate.lnk [2011.07.17 21:51:58 | 000,041,075 | ---- | C] () -- C:\Users\dittmer\Desktop\lod.JPG [2011.07.17 08:21:31 | 000,001,247 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk [2011.07.17 07:56:26 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs [2011.07.17 07:56:26 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml [2011.07.17 07:56:26 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl [2011.07.13 18:16:45 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2011.07.13 18:15:15 | 000,121,344 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.ax [2011.07.13 18:15:15 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll [2011.07.11 13:05:48 | 000,040,871 | ---- | C] () -- C:\Users\dittmer\Desktop\859 euro fahrschule.JPG [2011.07.10 22:52:09 | 000,092,323 | ---- | C] () -- C:\Users\dittmer\Desktop\5762.jpg [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011.03.22 21:14:52 | 000,080,384 | ---- | C] () -- C:\Windows\gamedelete.exe [2011.01.25 16:07:33 | 000,017,778 | ---- | C] () -- C:\Windows\War3Unin.dat [2011.01.10 14:37:07 | 000,109,484 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2010.12.07 23:40:56 | 000,033,792 | ---- | C] () -- C:\Windows\System32\drivers\libusb0.sys [2010.06.02 04:26:09 | 000,000,012 | ---- | C] () -- C:\Users\dittmer\AppData\Roaming\vqdlkr.dat [2010.06.02 04:26:05 | 000,000,004 | ---- | C] () -- C:\Users\dittmer\AppData\Roaming\avdrn.dat [2010.01.20 02:13:54 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2009.12.23 16:22:20 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.12.10 07:46:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.12.09 14:05:25 | 000,000,174 | ---- | C] () -- C:\Users\dittmer\AppData\Local\rahistory.xml [2009.11.27 15:55:43 | 000,307,200 | ---- | C] () -- C:\Windows\System32\AscSQLite.dll [2009.11.20 00:08:40 | 000,090,624 | ---- | C] () -- C:\Windows\VSUNINST.EXE [2009.11.13 18:38:47 | 000,290,816 | ---- | C] () -- C:\Windows\System32\decdll.dll [2009.09.30 14:11:11 | 000,000,214 | ---- | C] () -- C:\Users\dittmer\AppData\Roaming\default.rss [2009.09.28 01:08:05 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini [2009.09.24 16:47:58 | 000,000,181 | ---- | C] () -- C:\Windows\WININIT.INI [2009.08.31 08:23:43 | 000,000,565 | ---- | C] () -- C:\Windows\Sierra.ini [2009.08.30 20:20:07 | 000,044,544 | ---- | C] () -- C:\Windows\System32\Gif89.dll [2009.08.26 09:08:51 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2009.08.26 09:08:50 | 000,022,328 | ---- | C] () -- C:\Users\dittmer\AppData\Roaming\PnkBstrK.sys [2009.08.26 09:08:36 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2009.08.26 09:08:34 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2009.08.26 09:08:34 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2009.08.26 08:20:04 | 000,000,068 | ---- | C] () -- C:\Windows\GPlrLanc.dat [2009.08.26 08:19:07 | 000,352,648 | ---- | C] () -- C:\Windows\System32\SysCheck2.dll [2009.08.22 23:00:19 | 000,001,356 | ---- | C] () -- C:\Users\dittmer\AppData\Local\d3d9caps.dat [2009.08.22 21:10:42 | 000,000,000 | ---- | C] () -- C:\Users\dittmer\AppData\Roaming\bcrypt.html [2009.08.16 16:04:25 | 000,040,960 | R--- | C] () -- C:\Windows\System32\psfind.dll [2009.08.14 13:41:34 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.08.14 13:41:33 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009.08.13 21:53:54 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll [2009.06.28 13:39:39 | 000,119,475 | ---- | C] () -- C:\Windows\hpqins00.dat [2009.06.26 18:21:02 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini [2009.03.08 09:13:12 | 000,160,154 | ---- | C] () -- C:\Windows\hpoins14.dat [2009.03.06 01:21:10 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.03.05 18:24:24 | 000,053,760 | ---- | C] () -- C:\Users\dittmer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.03.05 18:03:06 | 000,008,704 | ---- | C] () -- C:\Windows\System32\vidccleaner.exe [2009.03.05 18:02:35 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009.03.05 18:02:35 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.03.05 17:05:36 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini [2008.09.25 14:33:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2008.09.25 14:25:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2008.09.25 14:25:58 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.09.25 14:22:15 | 000,014,640 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat [2008.09.25 14:22:01 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2008.09.25 14:18:03 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2008.09.25 14:18:02 | 000,174,820 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2008.09.25 14:18:02 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008.09.25 14:18:02 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe [2008.09.25 14:18:02 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe [2008.09.25 14:18:01 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe [2008.09.25 13:53:02 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2008.09.25 13:53:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.04.25 15:23:38 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll [2008.01.21 09:15:58 | 000,618,204 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,122,636 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.09.20 03:14:41 | 000,002,000 | ---- | C] () -- C:\Windows\hpomdl14.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,299,368 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,586,980 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,101,052 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2005.10.21 00:58:52 | 000,090,112 | ---- | C] () -- C:\Windows\System32\vspxvfw.dll [2005.09.01 16:20:46 | 000,524,288 | ---- | C] () -- C:\Windows\System32\vspxcore.dll [2002.09.18 00:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe ========== Alternate Data Streams ========== @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:05EE1EEF @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:364682BC @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:4F636E25 < End of report > |
09.08.2011, 13:20 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Und noch ein BKA-Trojaner Hallo und
__________________Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ |
Themen zu Und noch ein BKA-Trojaner |
alternate, antivir, avg, avira, bho, bonjour, cdburnerxp, conduit, desktop, error, euro, firefox, format, google, google earth, helper, home, libusb0.sys, logfile, mozilla, object, pando media booster, performance, picasa, plug-in, realtek, recycle.bin, registry, rundll, scan, sched.exe, security, security scan, server, software, sptd.sys, staropen, start menu, super, version=1.0, vista |