| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows Sperrung, Aufforderung zur Zahlung i.H.v. 50 EURWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.12.2011, 20:24
| #1 |
 |  Windows Sperrung, Aufforderung zur Zahlung i.H.v. 50 EUR Hallo! Ich wünsche einen guten Abend! Vorweg! Vielen Dank das es euch gibt! Danke für die Zeit! Jetzt zum Problem. Wie oben schon ersichtlich habe auch ich offenbar nicht die nötigen Programme (bei mir nur das übliche Antivir) installiert, so dass mich auch dieser "Trojaner" erwischt hat!  Ich habe bereits die Forenbeiträge gelesen und gehofft das ich es allein schaffen könnte, jedoch wurde so eindringlich davor gewarnt es ohne Hilfe eurerseits zu versuchen das ich euch leider auch belästigen muss. OTL habe ich installiert und den Lauf durchgeführt! Werde die Dateien anhängen und harre der Dinge.  |
|
08.12.2011, 20:27
| #2 |
| | Windows Sperrung, Aufforderung zur Zahlung i.H.v. 50 EUR Leider finde ich die Funktion für den 2. Anhang nicht daher hier:OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 08.12.2011 20:09:06 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\Freunde\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 52,37% Memory free 2,85 Gb Paging File | 1,96 Gb Available in Paging File | 68,78% Paging File free Paging file location(s): C:\pagefile.sys 1024 1024 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 181,65 Gb Total Space | 1,83 Gb Free Space | 1,01% Space Free | Partition Type: NTFS Computer Name: DARKNESS | User Name: Freunde | NOT logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Dokumente und Einstellungen\Freunde\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Norton 360\Engine\5.0.0.125\ccSvcHst.exe (Symantec Corporation) PRC - C:\Programme\Hotspot Shield\bin\openvpntray.exe () PRC - C:\Programme\Orbitdownloader\orbitdm.exe (Orbitdownloader.com) PRC - C:\Programme\Orbitdownloader\orbitnet.exe (Orbitdownloader.com) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\LANCOM\Advanced VPN Client\NcpBudgetGui.exe (NCP engineering GmbH) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Toshiba\TOSHIBA Controls\TFncKy.exe (TOSHIBA Corporation) PRC - C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation) PRC - C:\Programme\Toshiba\Touch and Launch\PadExe.exe (TOSHIBA) PRC - C:\Programme\Toshiba\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe (TOSHIBA Corporation) PRC - C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) ========== Modules (No Company Name) ========== MOD - C:\Programme\Google\Chrome\Application\15.0.874.121\ppgooglenaclpluginchrome.dll () MOD - C:\Programme\Google\Chrome\Application\15.0.874.121\pdf.dll () MOD - C:\Programme\Google\Chrome\Application\15.0.874.121\avutil-51.dll () MOD - C:\Programme\Google\Chrome\Application\15.0.874.121\avformat-53.dll () MOD - C:\Programme\Google\Chrome\Application\15.0.874.121\avcodec-53.dll () MOD - C:\Programme\Google\Chrome\Application\15.0.874.121\gcswf32.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll () MOD - C:\Programme\Hotspot Shield\bin\openvpntray.exe () MOD - C:\Programme\Hotspot Shield\bin\lang\gui-eng.dll () MOD - C:\Programme\Orbitdownloader\wtlctrl.dll () MOD - C:\Programme\LANCOM\Advanced VPN Client\NCPMIF32.DLL () MOD - C:\Programme\LANCOM\Advanced VPN Client\NCPDLG.DLL () MOD - C:\Programme\Intel\Wireless\Bin\IntStngs.dll () MOD - C:\Programme\LANCOM\Advanced VPN Client\NCPCFG.DLL () ========== Win32 Services (SafeList) ========== ========== Driver Services (SafeList) ========== ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = Kostenlose E-Mail - Free Mail - E-Cards - Arcor das Newsportal IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2438034613-2327497867-1286197980-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Bing IE - HKU\S-1-5-21-2438034613-2327497867-1286197980-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing IE - HKU\S-1-5-21-2438034613-2327497867-1286197980-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN, Hotmail und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKU\S-1-5-21-2438034613-2327497867-1286197980-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Programme\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Programme\Virtual Earth 3D\ [2009.10.18 20:20:48 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohPlayer: C:\Programme\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll (Veoh Networks Inc) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.04.02 19:35:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.13 11:55:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011.12.08 18:15:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn\ [2011.12.07 21:22:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.11.11 18:48:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.10.09 21:09:46 | 000,000,000 | ---D | M] [2011.11.12 14:10:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2007.04.06 18:07:21 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011.11.12 14:10:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011.11.11 18:48:03 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2007.11.09 15:10:50 | 000,034,384 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\logging.dll [2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2011.10.03 10:54:50 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.03 10:54:50 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2011.10.03 10:54:50 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011.10.03 10:54:50 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.03 10:54:50 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.03 10:54:50 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\15.0.874.121\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Programme\Mozilla Firefox\plugins\NPOFFICE.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\15.0.874.121\pdf.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Programme\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Orbit Downloader (Enabled) = C:\Programme\Google\Chrome\Application\plugins\nporbit.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Programme\DivX\DivX Content Uploader\npUpload.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Programme\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Updater (Enabled) = C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll CHR - plugin: NPVeohVersion4 plugin (Enabled) = C:\Programme\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Programme\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Dokumente und Einstellungen\Freunde\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ O1 HOSTS File: ([2009.08.15 16:54:31 | 000,321,627 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 10.252.70.10 NTPOIP.SERVICES.DATEVNET.DE O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 Scan | Free Anti Virus | Bitdefender | Malware | Avast | Avg | Spyware Removal | Adware at 0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com - Informationen zum Thema Sex links. Diese Website steht zum Verkauf! O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 11017 more lines... O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (dsWebAllowBHO Class) - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Programme\Windows Desktop Search\dsWebAllow.dll (Microsoft Corporation) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\5.0.0.125\IPS\IPSBHO.dll (Symantec Corporation) O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Programme\BitTorrentBar\tbBit1.dll (Conduit Ltd.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.) O2 - BHO: (FreeOnlineRadioPlayerRecorder Toolbar) - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Programme\FreeOnlineRadioPlayerRecorder\tbFre2.dll (Conduit Ltd.) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Programme\BitTorrentBar\tbBit1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (MSN Suche Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Toolbar Suite\msntb.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (FreeOnlineRadioPlayerRecorder Toolbar) - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Programme\FreeOnlineRadioPlayerRecorder\tbFre2.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2438034613-2327497867-1286197980-1006\..\Toolbar\ShellBrowser: (MSN Suche Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Toolbar Suite\msntb.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-2438034613-2327497867-1286197980-1006\..\Toolbar\WebBrowser: (MSN Suche Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Toolbar Suite\msntb.dll (Microsoft Corporation) O4 - HKLM..\Run: [000StTHK] C:\WINDOWS\System32\000StTHK.exe () O4 - HKLM..\Run: [ALUAlert] "\ALuNotify.exe" "/LOWDISKSPACE C" File not found O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [NcpBudgetGui] C:\Programme\LANCOM\Advanced VPN Client\NcpBudgetGui.exe (NCP engineering GmbH) O4 - HKLM..\Run: [NcpMonitor] C:\Programme\LANCOM\Advanced VPN Client\ncpmon.exe (NCP engineering GmbH) O4 - HKLM..\Run: [NcpPopup] C:\Programme\LANCOM\Advanced VPN Client\ncppopup.exe (NCP engineering GmbH) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PadTouch] C:\Programme\Toshiba\Touch and Launch\PadExe.exe (TOSHIBA) O4 - HKLM..\Run: [SmoothView] C:\Programme\Toshiba\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation) O4 - HKU\S-1-5-21-2438034613-2327497867-1286197980-1006..\Run: [TOSCDSPD] C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\WINDOWS\is-EKFDF.exe () O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware (registration)] C:\Programme\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\CIVStart.Exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Orbit.lnk = C:\Programme\Orbitdownloader\orbitdm.exe (Orbitdownloader.com) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O7 - HKU\S-1-5-21-2438034613-2327497867-1286197980-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &MSN Suche - C:\Programme\MSN Toolbar Suite\msntb.dll (Microsoft Corporation) O8 - Extra context menu item: In neuer Registerkarte im Hintergrund öffnen - C:\Programme\MSN Toolbar Suite\de-de\msntabres.dll.mui (Microsoft Corporation) O8 - Extra context menu item: In neuer Registerkarte im Vordergrund öffnen - C:\Programme\MSN Toolbar Suite\de-de\msntabres.dll.mui (Microsoft Corporation) O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://goasp.datev.de/CACHE/stc/1/binaries/vpnweb.cab (Reg Error: Key error.) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/webplayer/stage6/windows/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {9522589E-57B9-46C5-9A77-1F1C1CCBE550} file://D:\ols\cd-db\fscax.cab (F-Secure Online Scanner 2.1 (CD version)) O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0FA2302-8E99-4F8E-936B-5CD0F03EB5DE}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programme\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O20 - Winlogon\Notify\DVCCSA: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Qosmio_NonHD.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Qosmio_NonHD.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.07 07:31:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.12.08 19:53:28 | 000,331,384 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symtdiv.sys [2011.12.08 19:53:27 | 000,369,784 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symtdi.sys [2011.12.08 19:53:26 | 000,296,568 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnets.sys [2011.12.08 19:53:23 | 000,744,568 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symefa.sys [2011.12.08 19:53:21 | 000,340,088 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symds.sys [2011.12.08 19:53:20 | 000,050,168 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtspx.sys [2011.12.08 19:53:16 | 000,516,216 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtsp.sys [2011.12.08 19:53:15 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\ironx86.sys [2011.12.08 19:50:57 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Freunde\Desktop\OTL.exe [2011.12.08 19:49:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0501000.01D [2011.12.08 19:43:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Freunde\Anwendungsdaten\HPAppData [2011.12.08 19:41:02 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011.12.08 19:41:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Freunde\Anwendungsdaten\Malwarebytes [2011.12.07 21:23:39 | 000,652,336 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymEFA.sys [2011.12.07 21:23:39 | 000,509,560 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\srtsp.sys [2011.12.07 21:23:39 | 000,368,248 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\symtdi.sys [2011.12.07 21:23:39 | 000,340,016 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymDS.sys [2011.12.07 21:23:39 | 000,330,360 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\symtdiv.sys [2011.12.07 21:23:39 | 000,295,032 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\symnets.sys [2011.12.07 21:23:39 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\Ironx86.sys [2011.12.07 21:23:39 | 000,050,168 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\srtspx.sys [2011.12.07 21:22:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360 [2011.12.07 21:22:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0500000.07D [2011.12.07 21:22:17 | 000,000,000 | ---D | C] -- C:\Programme\Windows Sidebar [2011.12.07 21:22:17 | 000,000,000 | ---D | C] -- C:\Programme\Norton 360 [2011.12.07 21:22:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Norton 360 [2011.12.07 21:22:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton [2011.12.07 21:21:36 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware [2011.12.07 21:21:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com [2011.12.07 21:07:56 | 148,385,712 | ---- | C] (Symantec Corporation) -- C:\Dokumente und Einstellungen\Freunde\Desktop\N360_5.0.0.125_SYMTB_CNET_LOEM_MRFTT_233_5628_1C.exe [2011.12.07 21:04:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Freunde\Eigene Dateien\Downloads [2011.12.07 21:04:51 | 013,421,552 | ---- | C] (SUPERAntiSpyware.com) -- C:\Dokumente und Einstellungen\Freunde\Desktop\SUPERAntiSpyware.exe [2011.12.07 21:03:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Freunde\Anwendungsdaten\ProgSense [2011.12.07 21:03:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Freunde\Anwendungsdaten\Orbit [2011.12.07 20:56:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Freunde\Lokale Einstellungen\Anwendungsdaten\Google [2011.12.07 20:49:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Freunde\Anwendungsdaten\Avira [2011.11.23 18:24:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Earth [2011.11.12 14:10:33 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2011.11.12 14:10:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2011.11.12 14:10:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.12.08 19:54:38 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS [2011.12.08 19:54:38 | 000,007,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT [2011.12.08 19:54:38 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF [2011.12.08 19:54:35 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL [2011.12.08 19:50:18 | 000,001,526 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Orbit.lnk [2011.12.08 19:41:02 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011.12.08 19:32:46 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011.12.08 19:32:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.12.08 19:32:04 | 2146,484,224 | -HS- | M] () -- C:\hiberfil.sys [2011.12.08 19:28:14 | 000,002,163 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Safari.lnk [2011.12.08 19:28:14 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.12.08 18:26:36 | 000,709,968 | ---- | M] () -- C:\WINDOWS\is-EKFDF.exe [2011.12.08 18:26:36 | 000,012,782 | ---- | M] () -- C:\WINDOWS\is-EKFDF.msg [2011.12.08 18:26:36 | 000,000,415 | ---- | M] () -- C:\WINDOWS\is-EKFDF.lst [2011.12.08 18:21:23 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011.12.08 18:14:13 | 000,043,762 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2011.12.08 18:11:54 | 000,750,534 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\Cat.DB [2011.12.07 21:23:47 | 000,001,873 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Norton 360.LNK [2011.12.07 21:21:44 | 000,001,642 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2011.12.07 18:25:49 | 013,421,552 | ---- | M] (SUPERAntiSpyware.com) -- C:\Dokumente und Einstellungen\Freunde\Desktop\SUPERAntiSpyware.exe [2011.12.07 00:00:01 | 000,000,340 | ---- | M] () -- C:\WINDOWS\System32\tversity.cookies [2011.12.06 21:40:18 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.12.04 14:03:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2011.11.23 18:24:36 | 000,001,887 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk [2011.11.21 18:33:42 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2011.11.18 18:25:50 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2011.11.13 11:55:19 | 000,001,721 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\DivX Plus Converter.lnk [2011.11.12 14:09:58 | 000,474,086 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2011.11.12 14:09:58 | 000,454,268 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.11.12 14:09:58 | 000,092,604 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2011.11.12 14:09:58 | 000,079,322 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.08 19:53:27 | 000,007,877 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnetv.cat [2011.12.08 19:53:27 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnetv.inf [2011.12.08 19:53:25 | 000,007,458 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnet.cat [2011.12.08 19:53:25 | 000,001,446 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnet.inf [2011.12.08 19:53:23 | 000,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symefa.inf [2011.12.08 19:53:22 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symefa.cat [2011.12.08 19:53:21 | 000,002,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symds.inf [2011.12.08 19:53:20 | 000,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtspx.inf [2011.12.08 19:53:18 | 000,007,454 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtspx.cat [2011.12.08 19:53:16 | 000,007,450 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtsp.cat [2011.12.08 19:53:16 | 000,001,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtsp.inf [2011.12.08 19:53:15 | 000,007,528 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\iron.cat [2011.12.08 19:53:15 | 000,000,742 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\iron.inf [2011.12.08 19:50:08 | 000,001,526 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Orbit.lnk [2011.12.08 19:49:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symds.cat [2011.12.08 19:49:29 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\isolate.ini [2011.12.08 19:32:04 | 2146,484,224 | -HS- | C] () -- C:\hiberfil.sys [2011.12.08 18:26:36 | 000,709,968 | ---- | C] () -- C:\WINDOWS\is-EKFDF.exe [2011.12.08 18:26:36 | 000,012,782 | ---- | C] () -- C:\WINDOWS\is-EKFDF.msg [2011.12.08 18:26:36 | 000,000,415 | ---- | C] () -- C:\WINDOWS\is-EKFDF.lst [2011.12.08 18:10:48 | 000,750,534 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\Cat.DB [2011.12.07 21:23:47 | 000,001,873 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Norton 360.LNK [2011.12.07 21:22:42 | 000,003,374 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymEFA.inf [2011.12.07 21:22:42 | 000,002,792 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymDS.inf [2011.12.07 21:22:42 | 000,001,474 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymNetV.inf [2011.12.07 21:22:42 | 000,001,446 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymNet.inf [2011.12.07 21:22:42 | 000,001,389 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\srtspx.inf [2011.12.07 21:22:42 | 000,001,383 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\srtsp.inf [2011.12.07 21:22:42 | 000,000,742 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\Iron.inf [2011.12.07 21:22:27 | 000,007,877 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\symnetv.cat [2011.12.07 21:22:27 | 000,007,528 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\iron.cat [2011.12.07 21:22:27 | 000,007,458 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymNet.cat [2011.12.07 21:22:27 | 000,007,456 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymEFA.cat [2011.12.07 21:22:27 | 000,007,454 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\srtspx.cat [2011.12.07 21:22:27 | 000,007,450 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymDS.cat [2011.12.07 21:22:27 | 000,007,450 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\srtsp.cat [2011.12.07 21:22:27 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\isolate.ini [2011.12.07 21:21:44 | 000,001,642 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2011.11.23 18:24:36 | 000,001,887 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk [2011.09.09 00:04:58 | 000,444,283 | ---- | C] () -- C:\Programme\Gemeinsame Dateien\WinPcapNmap.exe [2010.11.22 10:18:52 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2010.09.06 22:03:33 | 000,338,552 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2010.08.22 07:40:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat [2010.08.04 20:03:40 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll [2010.07.04 16:58:28 | 000,000,021 | ---- | C] () -- C:\WINDOWS\DvInesKurusOleServer003.INI [2010.07.02 21:59:19 | 000,000,470 | ---- | C] () -- C:\WINDOWS\IMG2PDF.ini [2010.04.02 19:33:53 | 000,023,671 | ---- | C] () -- C:\WINDOWS\hpqins15.dat [2010.01.27 03:09:02 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2009.11.27 08:17:24 | 000,078,170 | ---- | C] () -- C:\WINDOWS\hpqins05.dat [2009.07.12 16:49:52 | 000,001,381 | ---- | C] () -- C:\WINDOWS\scummvm.ini [2009.07.04 13:32:55 | 000,080,896 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01.exe [2009.06.18 19:36:05 | 000,000,311 | ---- | C] () -- C:\WINDOWS\game.ini [2009.06.11 13:23:33 | 000,003,309 | ---- | C] () -- C:\WINDOWS\wincmd.ini [2009.06.07 14:06:16 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009.06.07 14:06:15 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009.05.22 22:05:43 | 000,170,044 | ---- | C] () -- C:\WINDOWS\hpqins00.dat [2009.04.18 23:25:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\wiso.ini [2009.04.18 22:49:21 | 000,264,025 | ---- | C] () -- C:\WINDOWS\hpqins11.dat [2009.04.18 22:20:25 | 000,179,231 | ---- | C] () -- C:\WINDOWS\hpoins28.dat.temp [2009.04.18 22:20:25 | 000,000,932 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat.temp [2009.04.18 21:51:26 | 000,003,245 | ---- | C] () -- C:\WINDOWS\tm.ini [2009.04.18 19:01:57 | 000,179,090 | ---- | C] () -- C:\WINDOWS\hpoins28.dat [2009.04.18 19:01:57 | 000,000,932 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat [2009.03.25 18:00:36 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig [2009.03.02 00:21:28 | 000,000,108 | ---- | C] () -- C:\WINDOWS\wininit.ini [2009.01.18 18:26:09 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll [2009.01.17 22:33:54 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\msadio.dll [2008.08.27 07:47:54 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2008.08.27 07:47:38 | 000,107,832 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe [2008.08.27 07:47:37 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe [2008.08.27 07:47:36 | 002,250,024 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe [2008.08.26 08:28:40 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI [2008.08.09 21:02:38 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\wwindowdp32.dll [2008.08.05 18:42:57 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2008.07.26 19:26:21 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Robota.INI [2008.07.26 19:24:45 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\mgxasio2.dll [2008.07.26 19:23:24 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll [2008.07.26 19:22:00 | 000,005,937 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini [2008.07.19 00:16:30 | 000,063,716 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2008.07.17 22:31:24 | 000,502,784 | ---- | C] () -- C:\WINDOWS\x2.64.exe [2008.07.17 22:31:24 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\x.264.exe [2008.07.17 22:31:24 | 000,066,560 | ---- | C] () -- C:\WINDOWS\MOTA113.exe [2008.07.17 22:31:24 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2008.07.17 22:31:23 | 000,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe [2008.06.23 21:07:46 | 000,000,509 | ---- | C] () -- C:\WINDOWS\System32\DARKNESS.jrf.init [2008.06.23 19:20:30 | 000,000,021 | ---- | C] () -- C:\WINDOWS\KurusDeinstall.INI [2008.06.22 19:34:09 | 000,000,074 | ---- | C] () -- C:\WINDOWS\webica.ini [2008.06.22 19:32:22 | 000,000,021 | ---- | C] () -- C:\WINDOWS\DvInesKurusOleServer002.INI [2008.06.22 19:32:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\netop.ini [2008.06.22 19:31:48 | 000,000,110 | ---- | C] () -- C:\WINDOWS\dvinesinstart001.INI [2008.06.22 19:31:48 | 000,000,110 | ---- | C] () -- C:\WINDOWS\dvinesinstalllocation001.INI [2008.06.22 19:31:34 | 000,000,021 | ---- | C] () -- C:\WINDOWS\startup.INI [2008.06.03 22:30:25 | 000,008,192 | -HS- | C] () -- C:\WINDOWS\o2cLicStore.bin [2008.06.03 22:29:18 | 000,000,503 | ---- | C] () -- C:\WINDOWS\System32\FeMakro.ini [2008.06.03 22:29:18 | 000,000,497 | ---- | C] () -- C:\WINDOWS\System32\FeAnim.ini [2008.03.01 21:03:31 | 000,000,031 | ---- | C] () -- C:\WINDOWS\idc.ini [2007.12.09 21:43:11 | 000,000,015 | ---- | C] () -- C:\WINDOWS\Powerplayer.ini [2007.12.09 21:39:30 | 000,000,564 | ---- | C] () -- C:\WINDOWS\psnetwork.ini [2007.09.01 10:13:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI [2007.08.10 23:34:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2007.08.05 23:04:48 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2007.07.14 22:56:52 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll [2007.05.28 00:32:06 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll [2007.04.06 18:07:11 | 000,002,266 | ---- | C] () -- C:\WINDOWS\mozver.dat [2007.03.27 23:44:38 | 000,000,059 | ---- | C] () -- C:\WINDOWS\ANS2000.INI [2007.03.27 23:44:38 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini [2007.03.27 23:44:38 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini [2007.03.18 15:26:47 | 000,000,614 | ---- | C] () -- C:\WINDOWS\eReg.dat [2007.02.15 22:06:12 | 000,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI [2007.01.28 15:47:12 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll [2007.01.28 15:47:12 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll [2007.01.28 15:01:59 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL [2007.01.14 09:51:54 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2007.01.14 09:51:53 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2007.01.13 23:55:54 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2007.01.13 21:30:08 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat [2007.01.12 20:33:09 | 000,001,359 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache [2007.01.09 21:40:16 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll [2007.01.09 17:58:10 | 000,000,092 | R--- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini [2007.01.08 22:53:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI [2007.01.08 15:46:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI [2007.01.06 19:56:55 | 000,558,592 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll [2007.01.06 19:56:53 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll [2007.01.06 19:40:14 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2007.01.06 15:58:29 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\Freunde\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.01.06 15:58:28 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Freunde\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2007.01.05 19:13:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ToDisc.INI [2006.10.06 10:17:23 | 000,000,562 | ---- | C] () -- C:\WINDOWS\TBTdetect.ini [2006.09.28 13:55:34 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll [2006.09.26 13:01:40 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2006.09.07 17:04:53 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006.09.07 17:04:53 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2006.09.07 17:04:53 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006.09.07 17:04:53 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006.09.07 17:04:52 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006.09.07 17:04:52 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2006.09.07 17:04:51 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2006.09.07 17:04:51 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe [2006.09.07 17:04:51 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2006.09.07 10:49:28 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006.09.07 09:39:23 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006.09.07 08:53:51 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2006.09.07 08:53:51 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2006.09.07 08:53:51 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2006.09.07 08:53:51 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2006.09.07 08:53:51 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2006.09.07 08:53:51 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2006.09.07 08:51:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI [2006.09.07 08:43:48 | 000,127,184 | ---- | C] () -- C:\WINDOWS\Unwise.exe [2006.09.07 08:33:33 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini [2006.09.07 08:33:33 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll [2006.09.07 08:33:33 | 000,010,161 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini [2006.09.07 08:33:33 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini [2006.09.07 08:25:03 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\000StTHK.exe [2006.09.07 08:23:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2006.09.07 08:22:42 | 000,298,848 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2006.09.07 07:34:05 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2006.09.07 07:28:34 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2006.09.07 07:18:02 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll [2006.09.07 07:18:01 | 000,159,744 | ---- | C] () -- C:\WINDOWS\MakeMrk.exe [2006.09.07 07:18:01 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2006.09.07 07:17:52 | 000,474,086 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2006.09.07 07:17:52 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2006.09.07 07:17:52 | 000,092,604 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2006.09.07 07:17:52 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2006.09.07 07:17:26 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\syscvchk.dll [2006.09.07 07:17:22 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2006.09.07 07:17:19 | 000,454,268 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2006.09.07 07:17:19 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2006.09.07 07:17:19 | 000,079,322 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2006.09.07 07:17:19 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2006.09.07 07:17:16 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2006.09.07 07:17:16 | 000,004,598 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2006.09.07 07:17:14 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2006.09.07 07:17:11 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2006.09.07 07:17:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2006.09.07 07:17:08 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2006.09.07 07:17:01 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2005.09.02 13:44:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll [2005.07.22 20:30:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll [2004.10.01 08:11:20 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2004.07.20 16:04:00 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll [2004.01.15 13:43:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll [2004.01.14 01:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll [2001.05.03 08:03:58 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\smcelp32.ini [2001.05.03 08:03:58 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\pspgru.ini ========== Alternate Data Streams ========== @Alternate Data Stream - 115 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:FB1B13D8 @Alternate Data Stream - 113 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 < End of report > |
|
08.12.2011, 20:27
| #3 |
| /// Malware-holic   | Windows Sperrung, Aufforderung zur Zahlung i.H.v. 50 EUR hi
__________________otl.txt bitte noch :-)
__________________ |
|
08.12.2011, 20:29
| #4 |
| | Windows Sperrung, Aufforderung zur Zahlung i.H.v. 50 EUR Leider finde ich die Funktion für den 2. Anhang nicht daher hier: OTL Logfile: Code:
ATTFilter OTL logfile created on: 08.12.2011 20:09:06 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\Freunde\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 52,37% Memory free 2,85 Gb Paging File | 1,96 Gb Available in Paging File | 68,78% Paging File free Paging file location(s): C:\pagefile.sys 1024 1024 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 181,65 Gb Total Space | 1,83 Gb Free Space | 1,01% Space Free | Partition Type: NTFS Computer Name: DARKNESS | User Name: Freunde | NOT logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Dokumente und Einstellungen\Freunde\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Norton 360\Engine\5.0.0.125\ccSvcHst.exe (Symantec Corporation) PRC - C:\Programme\Hotspot Shield\bin\openvpntray.exe () PRC - C:\Programme\Orbitdownloader\orbitdm.exe (Orbitdownloader.com) PRC - C:\Programme\Orbitdownloader\orbitnet.exe (Orbitdownloader.com) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\LANCOM\Advanced VPN Client\NcpBudgetGui.exe (NCP engineering GmbH) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Toshiba\TOSHIBA Controls\TFncKy.exe (TOSHIBA Corporation) PRC - C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation) PRC - C:\Programme\Toshiba\Touch and Launch\PadExe.exe (TOSHIBA) PRC - C:\Programme\Toshiba\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe (TOSHIBA Corporation) PRC - C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) ========== Modules (No Company Name) ========== MOD - C:\Programme\Google\Chrome\Application\15.0.874.121\ppgooglenaclpluginchrome.dll () MOD - C:\Programme\Google\Chrome\Application\15.0.874.121\pdf.dll () MOD - C:\Programme\Google\Chrome\Application\15.0.874.121\avutil-51.dll () MOD - C:\Programme\Google\Chrome\Application\15.0.874.121\avformat-53.dll () MOD - C:\Programme\Google\Chrome\Application\15.0.874.121\avcodec-53.dll () MOD - C:\Programme\Google\Chrome\Application\15.0.874.121\gcswf32.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll () MOD - C:\Programme\Hotspot Shield\bin\openvpntray.exe () MOD - C:\Programme\Hotspot Shield\bin\lang\gui-eng.dll () MOD - C:\Programme\Orbitdownloader\wtlctrl.dll () MOD - C:\Programme\LANCOM\Advanced VPN Client\NCPMIF32.DLL () MOD - C:\Programme\LANCOM\Advanced VPN Client\NCPDLG.DLL () MOD - C:\Programme\Intel\Wireless\Bin\IntStngs.dll () MOD - C:\Programme\LANCOM\Advanced VPN Client\NCPCFG.DLL () ========== Win32 Services (SafeList) ========== ========== Driver Services (SafeList) ========== ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = Kostenlose E-Mail - Free Mail - E-Cards - Arcor das Newsportal IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2438034613-2327497867-1286197980-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Bing IE - HKU\S-1-5-21-2438034613-2327497867-1286197980-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing IE - HKU\S-1-5-21-2438034613-2327497867-1286197980-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN, Hotmail und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKU\S-1-5-21-2438034613-2327497867-1286197980-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Programme\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Programme\Virtual Earth 3D\ [2009.10.18 20:20:48 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohPlayer: C:\Programme\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll (Veoh Networks Inc) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.04.02 19:35:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.13 11:55:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011.12.08 18:15:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn\ [2011.12.07 21:22:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.11.11 18:48:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.10.09 21:09:46 | 000,000,000 | ---D | M] [2011.11.12 14:10:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2007.04.06 18:07:21 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011.11.12 14:10:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011.11.11 18:48:03 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2007.11.09 15:10:50 | 000,034,384 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\logging.dll [2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2011.10.03 10:54:50 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.03 10:54:50 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2011.10.03 10:54:50 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011.10.03 10:54:50 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.03 10:54:50 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.03 10:54:50 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\15.0.874.121\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Programme\Mozilla Firefox\plugins\NPOFFICE.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\15.0.874.121\pdf.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Programme\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Orbit Downloader (Enabled) = C:\Programme\Google\Chrome\Application\plugins\nporbit.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Programme\DivX\DivX Content Uploader\npUpload.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Programme\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Updater (Enabled) = C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll CHR - plugin: NPVeohVersion4 plugin (Enabled) = C:\Programme\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Programme\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Dokumente und Einstellungen\Freunde\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ O1 HOSTS File: ([2009.08.15 16:54:31 | 000,321,627 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 10.252.70.10 NTPOIP.SERVICES.DATEVNET.DE O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 Anti Spyware | Cash Advance | Debt Consolidation | Insurance | Cell Phones at 0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com - Informationen zum Thema Sex links. Diese Website steht zum Verkauf! O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 11017 more lines... O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (dsWebAllowBHO Class) - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Programme\Windows Desktop Search\dsWebAllow.dll (Microsoft Corporation) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\5.0.0.125\IPS\IPSBHO.dll (Symantec Corporation) O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Programme\BitTorrentBar\tbBit1.dll (Conduit Ltd.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.) O2 - BHO: (FreeOnlineRadioPlayerRecorder Toolbar) - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Programme\FreeOnlineRadioPlayerRecorder\tbFre2.dll (Conduit Ltd.) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Programme\BitTorrentBar\tbBit1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (MSN Suche Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Toolbar Suite\msntb.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (FreeOnlineRadioPlayerRecorder Toolbar) - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Programme\FreeOnlineRadioPlayerRecorder\tbFre2.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2438034613-2327497867-1286197980-1006\..\Toolbar\ShellBrowser: (MSN Suche Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Toolbar Suite\msntb.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-2438034613-2327497867-1286197980-1006\..\Toolbar\WebBrowser: (MSN Suche Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Toolbar Suite\msntb.dll (Microsoft Corporation) O4 - HKLM..\Run: [000StTHK] C:\WINDOWS\System32\000StTHK.exe () O4 - HKLM..\Run: [ALUAlert] "\ALuNotify.exe" "/LOWDISKSPACE C" File not found O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [NcpBudgetGui] C:\Programme\LANCOM\Advanced VPN Client\NcpBudgetGui.exe (NCP engineering GmbH) O4 - HKLM..\Run: [NcpMonitor] C:\Programme\LANCOM\Advanced VPN Client\ncpmon.exe (NCP engineering GmbH) O4 - HKLM..\Run: [NcpPopup] C:\Programme\LANCOM\Advanced VPN Client\ncppopup.exe (NCP engineering GmbH) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PadTouch] C:\Programme\Toshiba\Touch and Launch\PadExe.exe (TOSHIBA) O4 - HKLM..\Run: [SmoothView] C:\Programme\Toshiba\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation) O4 - HKU\S-1-5-21-2438034613-2327497867-1286197980-1006..\Run: [TOSCDSPD] C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\WINDOWS\is-EKFDF.exe () O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware (registration)] C:\Programme\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\CIVStart.Exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Orbit.lnk = C:\Programme\Orbitdownloader\orbitdm.exe (Orbitdownloader.com) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O7 - HKU\S-1-5-21-2438034613-2327497867-1286197980-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &MSN Suche - C:\Programme\MSN Toolbar Suite\msntb.dll (Microsoft Corporation) O8 - Extra context menu item: In neuer Registerkarte im Hintergrund öffnen - C:\Programme\MSN Toolbar Suite\de-de\msntabres.dll.mui (Microsoft Corporation) O8 - Extra context menu item: In neuer Registerkarte im Vordergrund öffnen - C:\Programme\MSN Toolbar Suite\de-de\msntabres.dll.mui (Microsoft Corporation) O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://goasp.datev.de/CACHE/stc/1/binaries/vpnweb.cab (Reg Error: Key error.) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/webplayer/stage6/windows/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {9522589E-57B9-46C5-9A77-1F1C1CCBE550} file://D:\ols\cd-db\fscax.cab (F-Secure Online Scanner 2.1 (CD version)) O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0FA2302-8E99-4F8E-936B-5CD0F03EB5DE}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programme\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O20 - Winlogon\Notify\DVCCSA: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Qosmio_NonHD.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Qosmio_NonHD.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.07 07:31:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.12.08 19:53:28 | 000,331,384 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symtdiv.sys [2011.12.08 19:53:27 | 000,369,784 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symtdi.sys [2011.12.08 19:53:26 | 000,296,568 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnets.sys [2011.12.08 19:53:23 | 000,744,568 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symefa.sys [2011.12.08 19:53:21 | 000,340,088 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symds.sys [2011.12.08 19:53:20 | 000,050,168 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtspx.sys [2011.12.08 19:53:16 | 000,516,216 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtsp.sys [2011.12.08 19:53:15 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0501000.01D\ironx86.sys [2011.12.08 19:50:57 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Freunde\Desktop\OTL.exe [2011.12.08 19:49:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0501000.01D [2011.12.08 19:43:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Freunde\Anwendungsdaten\HPAppData [2011.12.08 19:41:02 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011.12.08 19:41:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Freunde\Anwendungsdaten\Malwarebytes [2011.12.07 21:23:39 | 000,652,336 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymEFA.sys [2011.12.07 21:23:39 | 000,509,560 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\srtsp.sys [2011.12.07 21:23:39 | 000,368,248 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\symtdi.sys [2011.12.07 21:23:39 | 000,340,016 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymDS.sys [2011.12.07 21:23:39 | 000,330,360 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\symtdiv.sys [2011.12.07 21:23:39 | 000,295,032 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\symnets.sys [2011.12.07 21:23:39 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\Ironx86.sys [2011.12.07 21:23:39 | 000,050,168 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0500000.07D\srtspx.sys [2011.12.07 21:22:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360 [2011.12.07 21:22:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0500000.07D [2011.12.07 21:22:17 | 000,000,000 | ---D | C] -- C:\Programme\Windows Sidebar [2011.12.07 21:22:17 | 000,000,000 | ---D | C] -- C:\Programme\Norton 360 [2011.12.07 21:22:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Norton 360 [2011.12.07 21:22:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton [2011.12.07 21:21:36 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware [2011.12.07 21:21:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com [2011.12.07 21:07:56 | 148,385,712 | ---- | C] (Symantec Corporation) -- C:\Dokumente und Einstellungen\Freunde\Desktop\N360_5.0.0.125_SYMTB_CNET_LOEM_MRFTT_233_5628_1C.exe [2011.12.07 21:04:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Freunde\Eigene Dateien\Downloads [2011.12.07 21:04:51 | 013,421,552 | ---- | C] (SUPERAntiSpyware.com) -- C:\Dokumente und Einstellungen\Freunde\Desktop\SUPERAntiSpyware.exe [2011.12.07 21:03:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Freunde\Anwendungsdaten\ProgSense [2011.12.07 21:03:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Freunde\Anwendungsdaten\Orbit [2011.12.07 20:56:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Freunde\Lokale Einstellungen\Anwendungsdaten\Google [2011.12.07 20:49:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Freunde\Anwendungsdaten\Avira [2011.11.23 18:24:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Earth [2011.11.12 14:10:33 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2011.11.12 14:10:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2011.11.12 14:10:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.12.08 19:54:38 | 000,126,584 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS [2011.12.08 19:54:38 | 000,007,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT [2011.12.08 19:54:38 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF [2011.12.08 19:54:35 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL [2011.12.08 19:50:18 | 000,001,526 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Orbit.lnk [2011.12.08 19:41:02 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011.12.08 19:32:46 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011.12.08 19:32:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.12.08 19:32:04 | 2146,484,224 | -HS- | M] () -- C:\hiberfil.sys [2011.12.08 19:28:14 | 000,002,163 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Safari.lnk [2011.12.08 19:28:14 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.12.08 18:26:36 | 000,709,968 | ---- | M] () -- C:\WINDOWS\is-EKFDF.exe [2011.12.08 18:26:36 | 000,012,782 | ---- | M] () -- C:\WINDOWS\is-EKFDF.msg [2011.12.08 18:26:36 | 000,000,415 | ---- | M] () -- C:\WINDOWS\is-EKFDF.lst [2011.12.08 18:21:23 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011.12.08 18:14:13 | 000,043,762 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2011.12.08 18:11:54 | 000,750,534 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\Cat.DB [2011.12.07 21:23:47 | 000,001,873 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Norton 360.LNK [2011.12.07 21:21:44 | 000,001,642 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2011.12.07 18:25:49 | 013,421,552 | ---- | M] (SUPERAntiSpyware.com) -- C:\Dokumente und Einstellungen\Freunde\Desktop\SUPERAntiSpyware.exe [2011.12.07 00:00:01 | 000,000,340 | ---- | M] () -- C:\WINDOWS\System32\tversity.cookies [2011.12.06 21:40:18 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.12.04 14:03:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2011.11.23 18:24:36 | 000,001,887 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk [2011.11.21 18:33:42 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2011.11.18 18:25:50 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2011.11.13 11:55:19 | 000,001,721 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\DivX Plus Converter.lnk [2011.11.12 14:09:58 | 000,474,086 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2011.11.12 14:09:58 | 000,454,268 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.11.12 14:09:58 | 000,092,604 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2011.11.12 14:09:58 | 000,079,322 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.08 19:53:27 | 000,007,877 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnetv.cat [2011.12.08 19:53:27 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnetv.inf [2011.12.08 19:53:25 | 000,007,458 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnet.cat [2011.12.08 19:53:25 | 000,001,446 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symnet.inf [2011.12.08 19:53:23 | 000,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symefa.inf [2011.12.08 19:53:22 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symefa.cat [2011.12.08 19:53:21 | 000,002,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symds.inf [2011.12.08 19:53:20 | 000,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtspx.inf [2011.12.08 19:53:18 | 000,007,454 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtspx.cat [2011.12.08 19:53:16 | 000,007,450 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtsp.cat [2011.12.08 19:53:16 | 000,001,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\srtsp.inf [2011.12.08 19:53:15 | 000,007,528 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\iron.cat [2011.12.08 19:53:15 | 000,000,742 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\iron.inf [2011.12.08 19:50:08 | 000,001,526 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Orbit.lnk [2011.12.08 19:49:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\symds.cat [2011.12.08 19:49:29 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0501000.01D\isolate.ini [2011.12.08 19:32:04 | 2146,484,224 | -HS- | C] () -- C:\hiberfil.sys [2011.12.08 18:26:36 | 000,709,968 | ---- | C] () -- C:\WINDOWS\is-EKFDF.exe [2011.12.08 18:26:36 | 000,012,782 | ---- | C] () -- C:\WINDOWS\is-EKFDF.msg [2011.12.08 18:26:36 | 000,000,415 | ---- | C] () -- C:\WINDOWS\is-EKFDF.lst [2011.12.08 18:10:48 | 000,750,534 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\Cat.DB [2011.12.07 21:23:47 | 000,001,873 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Norton 360.LNK [2011.12.07 21:22:42 | 000,003,374 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymEFA.inf [2011.12.07 21:22:42 | 000,002,792 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymDS.inf [2011.12.07 21:22:42 | 000,001,474 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymNetV.inf [2011.12.07 21:22:42 | 000,001,446 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymNet.inf [2011.12.07 21:22:42 | 000,001,389 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\srtspx.inf [2011.12.07 21:22:42 | 000,001,383 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\srtsp.inf [2011.12.07 21:22:42 | 000,000,742 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\Iron.inf [2011.12.07 21:22:27 | 000,007,877 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\symnetv.cat [2011.12.07 21:22:27 | 000,007,528 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\iron.cat [2011.12.07 21:22:27 | 000,007,458 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymNet.cat [2011.12.07 21:22:27 | 000,007,456 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymEFA.cat [2011.12.07 21:22:27 | 000,007,454 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\srtspx.cat [2011.12.07 21:22:27 | 000,007,450 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\SymDS.cat [2011.12.07 21:22:27 | 000,007,450 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\srtsp.cat [2011.12.07 21:22:27 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0500000.07D\isolate.ini [2011.12.07 21:21:44 | 000,001,642 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2011.11.23 18:24:36 | 000,001,887 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk [2011.09.09 00:04:58 | 000,444,283 | ---- | C] () -- C:\Programme\Gemeinsame Dateien\WinPcapNmap.exe [2010.11.22 10:18:52 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2010.09.06 22:03:33 | 000,338,552 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2010.08.22 07:40:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat [2010.08.04 20:03:40 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll [2010.07.04 16:58:28 | 000,000,021 | ---- | C] () -- C:\WINDOWS\DvInesKurusOleServer003.INI [2010.07.02 21:59:19 | 000,000,470 | ---- | C] () -- C:\WINDOWS\IMG2PDF.ini [2010.04.02 19:33:53 | 000,023,671 | ---- | C] () -- C:\WINDOWS\hpqins15.dat [2010.01.27 03:09:02 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2009.11.27 08:17:24 | 000,078,170 | ---- | C] () -- C:\WINDOWS\hpqins05.dat [2009.07.12 16:49:52 | 000,001,381 | ---- | C] () -- C:\WINDOWS\scummvm.ini [2009.07.04 13:32:55 | 000,080,896 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01.exe [2009.06.18 19:36:05 | 000,000,311 | ---- | C] () -- C:\WINDOWS\game.ini [2009.06.11 13:23:33 | 000,003,309 | ---- | C] () -- C:\WINDOWS\wincmd.ini [2009.06.07 14:06:16 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009.06.07 14:06:15 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009.05.22 22:05:43 | 000,170,044 | ---- | C] () -- C:\WINDOWS\hpqins00.dat [2009.04.18 23:25:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\wiso.ini [2009.04.18 22:49:21 | 000,264,025 | ---- | C] () -- C:\WINDOWS\hpqins11.dat [2009.04.18 22:20:25 | 000,179,231 | ---- | C] () -- C:\WINDOWS\hpoins28.dat.temp [2009.04.18 22:20:25 | 000,000,932 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat.temp [2009.04.18 21:51:26 | 000,003,245 | ---- | C] () -- C:\WINDOWS\tm.ini [2009.04.18 19:01:57 | 000,179,090 | ---- | C] () -- C:\WINDOWS\hpoins28.dat [2009.04.18 19:01:57 | 000,000,932 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat [2009.03.25 18:00:36 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig [2009.03.02 00:21:28 | 000,000,108 | ---- | C] () -- C:\WINDOWS\wininit.ini [2009.01.18 18:26:09 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll [2009.01.17 22:33:54 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\msadio.dll [2008.08.27 07:47:54 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2008.08.27 07:47:38 | 000,107,832 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe [2008.08.27 07:47:37 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe [2008.08.27 07:47:36 | 002,250,024 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe [2008.08.26 08:28:40 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI [2008.08.09 21:02:38 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\wwindowdp32.dll [2008.08.05 18:42:57 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2008.07.26 19:26:21 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Robota.INI [2008.07.26 19:24:45 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\mgxasio2.dll [2008.07.26 19:23:24 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll [2008.07.26 19:22:00 | 000,005,937 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini [2008.07.19 00:16:30 | 000,063,716 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2008.07.17 22:31:24 | 000,502,784 | ---- | C] () -- C:\WINDOWS\x2.64.exe [2008.07.17 22:31:24 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\x.264.exe [2008.07.17 22:31:24 | 000,066,560 | ---- | C] () -- C:\WINDOWS\MOTA113.exe [2008.07.17 22:31:24 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2008.07.17 22:31:23 | 000,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe [2008.06.23 21:07:46 | 000,000,509 | ---- | C] () -- C:\WINDOWS\System32\DARKNESS.jrf.init [2008.06.23 19:20:30 | 000,000,021 | ---- | C] () -- C:\WINDOWS\KurusDeinstall.INI [2008.06.22 19:34:09 | 000,000,074 | ---- | C] () -- C:\WINDOWS\webica.ini [2008.06.22 19:32:22 | 000,000,021 | ---- | C] () -- C:\WINDOWS\DvInesKurusOleServer002.INI [2008.06.22 19:32:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\netop.ini [2008.06.22 19:31:48 | 000,000,110 | ---- | C] () -- C:\WINDOWS\dvinesinstart001.INI [2008.06.22 19:31:48 | 000,000,110 | ---- | C] () -- C:\WINDOWS\dvinesinstalllocation001.INI [2008.06.22 19:31:34 | 000,000,021 | ---- | C] () -- C:\WINDOWS\startup.INI [2008.06.03 22:30:25 | 000,008,192 | -HS- | C] () -- C:\WINDOWS\o2cLicStore.bin [2008.06.03 22:29:18 | 000,000,503 | ---- | C] () -- C:\WINDOWS\System32\FeMakro.ini [2008.06.03 22:29:18 | 000,000,497 | ---- | C] () -- C:\WINDOWS\System32\FeAnim.ini [2008.03.01 21:03:31 | 000,000,031 | ---- | C] () -- C:\WINDOWS\idc.ini [2007.12.09 21:43:11 | 000,000,015 | ---- | C] () -- C:\WINDOWS\Powerplayer.ini [2007.12.09 21:39:30 | 000,000,564 | ---- | C] () -- C:\WINDOWS\psnetwork.ini [2007.09.01 10:13:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI [2007.08.10 23:34:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2007.08.05 23:04:48 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2007.07.14 22:56:52 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll [2007.05.28 00:32:06 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll [2007.04.06 18:07:11 | 000,002,266 | ---- | C] () -- C:\WINDOWS\mozver.dat [2007.03.27 23:44:38 | 000,000,059 | ---- | C] () -- C:\WINDOWS\ANS2000.INI [2007.03.27 23:44:38 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini [2007.03.27 23:44:38 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini [2007.03.18 15:26:47 | 000,000,614 | ---- | C] () -- C:\WINDOWS\eReg.dat [2007.02.15 22:06:12 | 000,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI [2007.01.28 15:47:12 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll [2007.01.28 15:47:12 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll [2007.01.28 15:01:59 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL [2007.01.14 09:51:54 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2007.01.14 09:51:53 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2007.01.13 23:55:54 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2007.01.13 21:30:08 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat [2007.01.12 20:33:09 | 000,001,359 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache [2007.01.09 21:40:16 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll [2007.01.09 17:58:10 | 000,000,092 | R--- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini [2007.01.08 22:53:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI [2007.01.08 15:46:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI [2007.01.06 19:56:55 | 000,558,592 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll [2007.01.06 19:56:53 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll [2007.01.06 19:40:14 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2007.01.06 15:58:29 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\Freunde\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.01.06 15:58:28 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Freunde\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2007.01.05 19:13:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ToDisc.INI [2006.10.06 10:17:23 | 000,000,562 | ---- | C] () -- C:\WINDOWS\TBTdetect.ini [2006.09.28 13:55:34 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll [2006.09.26 13:01:40 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2006.09.08 08:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2006.09.07 17:04:53 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006.09.07 17:04:53 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2006.09.07 17:04:53 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006.09.07 17:04:53 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006.09.07 17:04:52 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006.09.07 17:04:52 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2006.09.07 17:04:51 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2006.09.07 17:04:51 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe [2006.09.07 17:04:51 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2006.09.07 10:49:28 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006.09.07 09:39:23 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006.09.07 08:53:51 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2006.09.07 08:53:51 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2006.09.07 08:53:51 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2006.09.07 08:53:51 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2006.09.07 08:53:51 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2006.09.07 08:53:51 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2006.09.07 08:51:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI [2006.09.07 08:43:48 | 000,127,184 | ---- | C] () -- C:\WINDOWS\Unwise.exe [2006.09.07 08:33:33 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini [2006.09.07 08:33:33 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll [2006.09.07 08:33:33 | 000,010,161 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini [2006.09.07 08:33:33 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini [2006.09.07 08:25:03 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\000StTHK.exe [2006.09.07 08:23:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2006.09.07 08:22:42 | 000,298,848 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2006.09.07 07:34:05 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2006.09.07 07:28:34 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2006.09.07 07:18:02 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll [2006.09.07 07:18:01 | 000,159,744 | ---- | C] () -- C:\WINDOWS\MakeMrk.exe [2006.09.07 07:18:01 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2006.09.07 07:17:52 | 000,474,086 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2006.09.07 07:17:52 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2006.09.07 07:17:52 | 000,092,604 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2006.09.07 07:17:52 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2006.09.07 07:17:26 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\syscvchk.dll [2006.09.07 07:17:22 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2006.09.07 07:17:19 | 000,454,268 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2006.09.07 07:17:19 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2006.09.07 07:17:19 | 000,079,322 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2006.09.07 07:17:19 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2006.09.07 07:17:16 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2006.09.07 07:17:16 | 000,004,598 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2006.09.07 07:17:14 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2006.09.07 07:17:11 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2006.09.07 07:17:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2006.09.07 07:17:08 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2006.09.07 07:17:01 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2005.09.02 13:44:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll [2005.07.22 20:30:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll [2004.10.01 08:11:20 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2004.07.20 16:04:00 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll [2004.01.15 13:43:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll [2004.01.14 01:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll [2001.05.03 08:03:58 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\smcelp32.ini [2001.05.03 08:03:58 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\pspgru.ini ========== Alternate Data Streams ========== @Alternate Data Stream - 115 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:FB1B13D8 @Alternate Data Stream - 113 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 < End of report > |
|
08.12.2011, 20:41
| #5 |
| /// Malware-holic | Windows Sperrung, Aufforderung zur Zahlung i.H.v. 50 EUR combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde! Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.12.2011, 21:41
| #6 |
| | Windows Sperrung, Aufforderung zur Zahlung i.H.v. 50 EUR OK! Endlich fertig! Leider habe ich die Wiederherstellungskonsole nicht installiert! Mein Profil kann ja nicht Online gehen da ja der Trojaner aktiv wird, und im abgesicherten Modus geht das Internet irgendwie nicht!? Viell. hilft es ja trotzdem weiter?? Danke das ihr so schnell antwortet! Spitze! Zufall? Egal!  |
|
08.12.2011, 21:50
| #7 |
| /// Malware-holic | Windows Sperrung, Aufforderung zur Zahlung i.H.v. 50 EUR geh mal wieder in den normalen modus, öffne Malwarebytes poste alle log unter malwarebytes, logdateien zu finden
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.12.2011, 21:55
| #8 |
| | Windows Sperrung, Aufforderung zur Zahlung i.H.v. 50 EUR Meinst du im "Problemprofil" oder geht auch "hier" in einem Nebenprofil? Weil im Hauptprofil muss ich mich ja vom Internet trennen, da der Trojaner sonst wieder aufpoppt! ODER? PS: ich hab hier im Nebenprofil sämtliche Icons, den Start Button etc. verloren! Auch rechte Maustaste Kontextmenü funzt net!? |
|
08.12.2011, 22:13
| #9 |
| /// Malware-holic | Windows Sperrung, Aufforderung zur Zahlung i.H.v. 50 EUR nein du musst alle logs im problem profil erstellen sonst bringts ja nicht viel.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.12.2011, 22:16
| #10 |
| | Windows Sperrung, Aufforderung zur Zahlung i.H.v. 50 EUR OK! Ich werde Sie posten! |
|
08.12.2011, 22:16
| #11 |
| | Windows Sperrung, Aufforderung zur Zahlung i.H.v. 50 EUR Die Zweite, Sorry muss ich immer Text eingeben? |
|
08.12.2011, 22:17
| #12 |
| /// Malware-holic | Windows Sperrung, Aufforderung zur Zahlung i.H.v. 50 EUR wird das system für onlinebanking einkäufe oder ähnlich wichtiges genutzt
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.12.2011, 22:17
| #13 |
| | Windows Sperrung, Aufforderung zur Zahlung i.H.v. 50 EUR Ist ein wenig peinlich immer was schrieben zu müssen! |
|
08.12.2011, 22:18
| #14 |
| | Windows Sperrung, Aufforderung zur Zahlung i.H.v. 50 EUR Das soll wirklich kein Spam sein! |
|
08.12.2011, 22:19
| #15 |
| | Windows Sperrung, Aufforderung zur Zahlung i.H.v. 50 EUR Ja leider! Für alles möglich inkl. VPN Tunnel zur Arbeit! |
|
| Themen zu Windows Sperrung, Aufforderung zur Zahlung i.H.v. 50 EUR |
| abend, anhänge, anhängen, antivir, aufforderung, beiträge, bereits, dateien, durchgeführt, ersichtlich, erwischt, guten, hänge, hängen, installier, installiert, programme, sperrung, troja, trojaner, versuche, windows, wünsche, zahlung |
Linear-Darstellung
