| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Google leitet um, und ist Langsam..Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
01.03.2012, 21:52
| #1 |
 |  Google leitet um, und ist Langsam.. Hallo, liebes Trojaner-Team, bin über Google auf Euch gestoßen, aber erst beim dritten Anlauf (Klick). Genau das ist auch mein Problem: der bekannte Redirect-Virus. Symptome sind genau wie bei einem Forumsmitglied: Google-Suchergebnisse werden korrekt angezeigt, der Aufruf der Seiten führt jedoch zunächst zwei- bis dreimal auf irgendwelche Werbeseiten. Ich habe nach einigem Forschen folgende Schritte durchgeführt: 1. sinnlose oder unbekannte Add-On-Einstellungen deaktiviert 2. in den LAN-Einstellungen alle Häkchen entfernt 3. in der Host-Datei einen überflüssigen Eintrag entfernt (auf hxxp://www.sicherpc.net/malware/wie-man-das-google-redirect-virus-problem-browser-entfuhrer-lost steht genau, wie sie auszusehen hat). Außerdem habe ich mit "Malwarebytes" und "Spy Doctor" gescannt. "Malwarebytes" fand überhaupt nichts, "Spy Doctor" zeigte mir lediglich ein paar Cookies (obwohl ich alle gelöscht hatte) von harmlosen Seiten, die ich öfter benutze. Auf meinem PC läuft Win 7 (32bit). die ganzen anderen Programme die ich benutzt hab, haben logs erstellt, die hab ich mal angehangen. Redirect-Problem ist nach wie vor da, und ich glaube, dass nun "Combofix" die einzige Lösung ist. Ihr warnt ja davor, das einfach auf eigene Faust zu benutzen, deshalb wende ich mich hilfesuchend an Euch. Gruß Xellar Hier noch ein Paar logfiles: Hijackthis: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:56:03, on 01.03.2012 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Windows\SOUNDMAN.EXE C:\Program Files\Windows Media Player\wmplayer.exe C:\Windows\system32\taskmgr.exe C:\Windows\system32\Dwm.exe C:\Program Files\Trend Micro\HiJackThis\Hijackthis.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Mozilla Firefox\plugin-container.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [FILSHtray] "C:\Program Files\FILSHtray\FILSHtray.exe" O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray O4 - HKCU\..\Run: [Google Update] "C:\Users\PC\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - Startup: Dropbox.lnk = PC\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- End of file - 3021 bytes ( mit dem Such vorschlägen von hier aus dem http://www.trojaner-board.de/109631-...tml#post770680 ) Code:
ATTFilter OTL logfile created on: 28.02.2012 17:23:23 - Run 1 OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\PC\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,50 Gb Total Physical Memory | 0,51 Gb Available Physical Memory | 34,20% Memory free 3,00 Gb Paging File | 1,75 Gb Available in Paging File | 58,44% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,52 Gb Total Space | 29,27 Gb Free Space | 39,28% Space Free | Partition Type: NTFS Drive F: | 7,47 Gb Total Space | 7,02 Gb Free Space | 94,03% Space Free | Partition Type: FAT32 Computer Name: PC1 | User Name: PC | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\PC\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) PRC - C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia) PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll () MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll () ========== Win32 Services (SafeList) ========== SRV - (TeamViewer7) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (inpout32) -- C:\Windows\System32\drivers\inpout32.sys (Highresolution Enterprises [www.highrez.co.uk]) DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\Windows\System32\drivers\RTKVAC.SYS (Realtek Semiconductor Corp.) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (RivaTuner32) -- C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys () DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A4 6B 33 B2 C6 F2 CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "google.de" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\PC\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\PC\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.07 13:38:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.02.19 23:15:30 | 000,000,000 | ---D | M] [2012.02.08 18:55:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\Extensions [2012.02.23 16:29:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\Firefox\Profiles\9061zevv.default\extensions [2012.02.12 15:52:34 | 000,000,000 | ---D | M] (Wörterbuch Deutsch (de-DE), Hunspell-unterstützt) -- C:\Users\PC\AppData\Roaming\mozilla\Firefox\Profiles\9061zevv.default\extensions\de_DE@dicts.j3e.de [2012.02.08 18:55:25 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions () (No name found) -- C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9061ZEVV.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\PC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9061ZEVV.DEFAULT\EXTENSIONS\COMPATIBILITY@ADDONS.MOZILLA.ORG.XPI [2012.02.18 13:17:59 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.01.29 15:02:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.29 14:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.01.29 15:02:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.01.29 15:02:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.29 15:02:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.29 15:02:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - Extension: YouTube = C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Google Mail = C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2012.02.27 18:57:38 | 000,000,761 | RHS- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O4 - HKLM..\Run: [FILSHtray] C:\Program Files\FILSHtray\FILSHtray.exe (FILSH Media GmbH) O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) O4 - Startup: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\PC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files\Trillian\trillian.exe (Cerulean Studios) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{556A1582-8442-4FF5-9B45-83D6F2EB182F}: DhcpNameServer = 192.168.2.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.02.28 17:25:06 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\PC\Desktop\mbam-setup-1.60.1.1000.exe [2012.02.28 17:22:47 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\PC\Desktop\OTL.exe [2012.02.28 17:10:39 | 001,083,264 | ---- | C] (Nokia) -- C:\Users\PC\Desktop\NokiaSuite.exe [2012.02.28 17:07:02 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2012.02.28 17:07:02 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2012.02.28 16:55:08 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.02.28 16:54:00 | 000,733,264 | ---- | C] (Google Inc.) -- C:\Users\PC\Desktop\ChromeSetup.exe [2012.02.28 16:12:00 | 000,000,000 | ---D | C] -- C:\Users\PC\Documents\BlazeVideo [2012.02.28 16:11:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music DVD Creator [2012.02.28 16:11:54 | 000,000,000 | ---D | C] -- C:\ProgramData\BlazeVideo [2012.02.28 16:11:54 | 000,000,000 | ---D | C] -- C:\Program Files\BlazeVideo [2012.02.27 18:56:46 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jtag Tool [2012.02.27 18:56:41 | 000,000,000 | ---D | C] -- C:\Program Files\Coolshrimp [2012.02.27 00:44:36 | 000,000,000 | ---D | C] -- C:\Program Files\J-Runner [2012.02.26 16:03:30 | 000,011,936 | ---- | C] (Highresolution Enterprises [www.highrez.co.uk]) -- C:\Windows\System32\drivers\inpout32.sys [2012.02.26 16:02:21 | 000,000,000 | ---D | C] -- C:\Users\PC\AutoGG 0.2.9g [2012.02.25 14:22:32 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2012.02.25 14:22:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2012.02.25 14:21:57 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2012.02.25 14:21:29 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\HP [2012.02.25 11:40:06 | 000,000,000 | R--D | C] -- C:\Users\PC\XBOX 360 [2012.02.24 16:43:21 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\abgx360 [2012.02.22 18:19:57 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader [2012.02.22 18:17:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\abgx360 [2012.02.22 18:17:15 | 000,000,000 | ---D | C] -- C:\Program Files\abgx360 [2012.02.22 16:48:30 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\admigro [2012.02.22 16:48:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\admigro [2012.02.22 16:47:55 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\admigro [2012.02.20 20:46:01 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Foxit Software [2012.02.20 17:43:48 | 000,000,000 | ---D | C] -- C:\Users\PC\Desktop\Neuer Ordner [2012.02.20 00:08:40 | 000,000,000 | ---D | C] -- C:\Users\PC\Documents\Nokia Suite [2012.02.19 23:42:24 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\NokiaAccount [2012.02.19 23:16:24 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Nokia [2012.02.19 23:16:24 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\Nokia [2012.02.19 23:16:21 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite [2012.02.19 23:16:19 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\PC Suite [2012.02.19 23:15:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia [2012.02.19 23:15:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Nokia [2012.02.19 23:15:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia [2012.02.19 23:14:41 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2012.02.19 23:14:40 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys [2012.02.19 23:14:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE [2012.02.19 23:14:34 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution [2012.02.19 23:14:10 | 000,075,264 | ---- | C] (Nokia) -- C:\Windows\System32\nmwcdcls.dll [2012.02.19 23:14:04 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\WinRAR [2012.02.19 23:14:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.02.19 23:14:03 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.02.19 23:13:58 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2012.02.19 23:13:04 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaInstallerCache [2012.02.19 23:13:04 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia [2012.02.17 10:03:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client [2012.02.17 10:03:02 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client [2012.02.15 20:56:43 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\NVIDIA [2012.02.15 20:52:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe [2012.02.14 22:34:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2012.02.14 22:31:17 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\Google [2012.02.14 22:31:17 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2012.02.12 16:34:03 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Trillian [2012.02.12 16:33:30 | 000,000,000 | ---D | C] -- C:\Program Files\Trillian [2012.02.10 22:10:05 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\FILSH_Media_GmbH [2012.02.10 22:10:04 | 000,000,000 | ---D | C] -- C:\Users\PC\Documents\FILSHtray [2012.02.10 22:09:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FILSHtray [2012.02.10 22:09:58 | 000,000,000 | ---D | C] -- C:\Program Files\FILSHtray [2012.02.10 22:07:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2012.02.10 22:07:28 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2012.02.10 22:07:16 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2012.02.10 22:07:16 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2012.02.10 22:07:16 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2012.02.09 17:33:23 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\TeamViewer [2012.02.09 17:31:30 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer [2012.02.09 17:00:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 5.1 [2012.02.09 17:00:09 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software [2012.02.08 21:15:49 | 000,000,000 | R--D | C] -- C:\Users\PC\Dropbox [2012.02.08 21:13:55 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2012.02.08 21:12:37 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Dropbox [2012.02.08 19:39:34 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2012.02.08 19:39:21 | 006,350,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll [2012.02.08 19:39:21 | 003,840,320 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll [2012.02.08 19:39:21 | 003,074,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll [2012.02.08 19:39:21 | 000,203,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll [2012.02.08 19:39:21 | 000,123,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll [2012.02.08 19:39:20 | 000,602,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\easyupdatusapiu.dll [2012.02.08 19:39:04 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2012.02.08 19:38:25 | 018,871,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll [2012.02.08 19:38:25 | 017,248,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll [2012.02.08 19:38:25 | 010,327,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys [2012.02.08 19:38:25 | 005,578,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll [2012.02.08 19:38:25 | 002,458,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll [2012.02.08 19:38:25 | 002,401,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll [2012.02.08 19:38:25 | 002,099,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll [2012.02.08 19:38:25 | 000,919,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco32.dll [2012.02.08 19:38:25 | 000,877,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco32.dll [2012.02.08 19:38:25 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll [2012.02.08 19:38:01 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2012.02.08 19:27:56 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition [2012.02.08 19:27:43 | 000,000,000 | ---D | C] -- C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition [2012.02.08 19:11:42 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Macromedia [2012.02.08 19:11:42 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Adobe [2012.02.08 19:07:34 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2012.02.08 19:06:17 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.02.08 19:06:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed [2012.02.08 19:01:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys [2012.02.08 19:01:41 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys [2012.02.08 18:55:49 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Mozilla [2012.02.08 18:55:49 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\Mozilla [2012.02.08 18:55:23 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.02.08 18:50:42 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\ElevatedDiagnostics [2012.02.08 18:49:40 | 000,000,000 | R--D | C] -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012.02.08 18:49:40 | 000,000,000 | R--D | C] -- C:\Users\PC\Searches [2012.02.08 18:49:40 | 000,000,000 | R--D | C] -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012.02.08 18:49:27 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Identities [2012.02.08 18:49:25 | 000,000,000 | R--D | C] -- C:\Users\PC\Contacts [2012.02.08 18:49:14 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\VirtualStore [2012.02.08 18:49:10 | 000,000,000 | -HSD | C] -- C:\Users\PC\Vorlagen [2012.02.08 18:49:10 | 000,000,000 | -HSD | C] -- C:\Users\PC\AppData\Local\Verlauf [2012.02.08 18:49:10 | 000,000,000 | -HSD | C] -- C:\Users\PC\AppData\Local\Temporary Internet Files [2012.02.08 18:49:10 | 000,000,000 | -HSD | C] -- C:\Users\PC\Startmenü [2012.02.08 18:49:10 | 000,000,000 | -HSD | C] -- C:\Users\PC\SendTo [2012.02.08 18:49:10 | 000,000,000 | -HSD | C] -- C:\Users\PC\Recent [2012.02.08 18:49:10 | 000,000,000 | -HSD | C] -- C:\Users\PC\Netzwerkumgebung [2012.02.08 18:49:10 | 000,000,000 | -HSD | C] -- C:\Users\PC\Lokale Einstellungen [2012.02.08 18:49:10 | 000,000,000 | -HSD | C] -- C:\Users\PC\Documents\Eigene Videos [2012.02.08 18:49:10 | 000,000,000 | -HSD | C] -- C:\Users\PC\Documents\Eigene Musik [2012.02.08 18:49:10 | 000,000,000 | -HSD | C] -- C:\Users\PC\Eigene Dateien [2012.02.08 18:49:10 | 000,000,000 | -HSD | C] -- C:\Users\PC\Documents\Eigene Bilder [2012.02.08 18:49:10 | 000,000,000 | -HSD | C] -- C:\Users\PC\Druckumgebung [2012.02.08 18:49:10 | 000,000,000 | -HSD | C] -- C:\Users\PC\Cookies [2012.02.08 18:49:10 | 000,000,000 | -HSD | C] -- C:\Users\PC\AppData\Local\Anwendungsdaten [2012.02.08 18:49:10 | 000,000,000 | -HSD | C] -- C:\Users\PC\Anwendungsdaten [2012.02.08 18:49:08 | 000,000,000 | --SD | C] -- C:\Users\PC\AppData\Roaming\Microsoft [2012.02.08 18:49:08 | 000,000,000 | R--D | C] -- C:\Users\PC\Videos [2012.02.08 18:49:08 | 000,000,000 | R--D | C] -- C:\Users\PC\Saved Games [2012.02.08 18:49:08 | 000,000,000 | R--D | C] -- C:\Users\PC\Pictures [2012.02.08 18:49:08 | 000,000,000 | R--D | C] -- C:\Users\PC\Music [2012.02.08 18:49:08 | 000,000,000 | R--D | C] -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.02.08 18:49:08 | 000,000,000 | R--D | C] -- C:\Users\PC\Links [2012.02.08 18:49:08 | 000,000,000 | R--D | C] -- C:\Users\PC\Favorites [2012.02.08 18:49:08 | 000,000,000 | R--D | C] -- C:\Users\PC\Downloads [2012.02.08 18:49:08 | 000,000,000 | R--D | C] -- C:\Users\PC\Documents [2012.02.08 18:49:08 | 000,000,000 | R--D | C] -- C:\Users\PC\Desktop [2012.02.08 18:49:08 | 000,000,000 | R--D | C] -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.02.08 18:49:08 | 000,000,000 | -H-D | C] -- C:\Users\PC\AppData [2012.02.08 18:49:08 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\Temp [2012.02.08 18:49:08 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\Microsoft [2012.02.08 18:49:08 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Media Center Programs [2012.02.08 18:45:07 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2012.02.08 18:45:07 | 000,000,000 | -HSD | C] -- C:\Recovery [2012.02.08 18:45:07 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2012.02.08 18:45:07 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2012.02.08 18:45:07 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2012.02.08 18:45:07 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2012.02.08 18:45:06 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2012.02.08 18:45:06 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2012.02.08 18:45:06 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2012.02.08 18:45:06 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2012.02.08 18:40:11 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2012.02.08 18:37:36 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2012.02.08 18:36:38 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2012.02.08 18:24:54 | 000,000,000 | -HSD | C] -- C:\Boot [2012.02.07 14:03:56 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012.02.07 13:29:53 | 000,000,000 | ---D | C] -- C:\NVIDIA [2012.02.06 23:52:35 | 000,000,000 | R--D | C] -- C:\Programme [2012.02.06 23:49:16 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2012.02.06 23:49:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen ========== Files - Modified Within 30 Days ========== [2012.02.28 17:25:22 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\PC\Desktop\mbam-setup-1.60.1.1000.exe [2012.02.28 17:22:48 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\PC\Desktop\OTL.exe [2012.02.28 17:07:02 | 000,002,949 | ---- | M] () -- C:\Users\PC\Desktop\HiJackThis.lnk [2012.02.28 17:06:26 | 001,402,880 | ---- | M] () -- C:\Users\PC\Desktop\HiJackThis.msi [2012.02.28 16:59:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3471856837-3392401971-277603258-1000UA.job [2012.02.28 16:59:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3471856837-3392401971-277603258-1000Core.job [2012.02.28 16:55:18 | 000,002,292 | ---- | M] () -- C:\Users\PC\Desktop\Google Chrome.lnk [2012.02.28 16:54:00 | 000,733,264 | ---- | M] (Google Inc.) -- C:\Users\PC\Desktop\ChromeSetup.exe [2012.02.28 16:36:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.02.28 16:16:08 | 000,040,448 | ---- | M] () -- C:\Users\PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.02.28 16:11:56 | 000,001,183 | ---- | M] () -- C:\Users\PC\Desktop\Music DVD Creator.lnk [2012.02.28 16:11:41 | 003,305,790 | ---- | M] ( ) -- C:\Users\PC\Desktop\MusicDVDCreatorSetup.exe [2012.02.28 16:03:36 | 000,696,132 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.02.28 16:03:36 | 000,651,450 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.02.28 16:03:36 | 000,147,428 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.02.28 16:03:36 | 000,120,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.02.28 15:58:37 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.28 15:58:37 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.28 15:53:42 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.02.28 15:53:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.28 15:53:12 | 1207,017,472 | -HS- | M] () -- C:\hiberfil.sys [2012.02.27 18:57:38 | 000,000,761 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.02.27 18:56:46 | 000,002,207 | ---- | M] () -- C:\Users\PC\Desktop\Jtag Tool (Reset Glitch).lnk [2012.02.27 18:51:02 | 042,164,213 | ---- | M] () -- C:\Users\PC\Desktop\Jtag-Tool-1.00-Reset-Glitch-Package-14699.rar [2012.02.27 00:49:31 | 000,001,281 | ---- | M] () -- C:\Users\PC\Desktop\JRunner.lnk [2012.02.27 00:46:38 | 014,904,602 | ---- | M] () -- C:\Users\PC\Desktop\14719 Additional Pack.rar [2012.02.26 19:38:17 | 000,044,049 | ---- | M] () -- C:\Users\PC\Unbenannt.GIF [2012.02.26 16:03:30 | 000,011,936 | ---- | M] (Highresolution Enterprises [www.highrez.co.uk]) -- C:\Windows\System32\drivers\inpout32.sys [2012.02.25 15:59:20 | 000,011,864 | ---- | M] () -- C:\Users\PC\Desktop\NFS THE RUN.dlc [2012.02.25 14:22:24 | 000,002,236 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 1000 J110 series.lnk [2012.02.22 18:20:58 | 000,001,983 | ---- | M] () -- C:\Users\PC\Desktop\JDownloader.lnk [2012.02.22 18:17:48 | 000,001,852 | ---- | M] () -- C:\Users\PC\Desktop\abgx360 GUI.lnk [2012.02.22 16:48:30 | 000,001,451 | ---- | M] () -- C:\Users\PC\Desktop\PowerTeacher.lnk [2012.02.19 23:41:06 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf [2012.02.19 23:15:32 | 000,002,047 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Suite.lnk [2012.02.15 19:51:28 | 003,439,836 | ---- | M] () -- C:\Users\PC\Desktop\LAD Soundsystem - Like a man (Official Video).mp3 [2012.02.14 22:34:11 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2012.02.13 00:55:07 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.02.12 16:34:03 | 000,001,037 | ---- | M] () -- C:\Users\PC\Desktop\Trillian.lnk [2012.02.12 16:34:03 | 000,001,001 | ---- | M] () -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk [2012.02.10 21:17:19 | 000,003,296 | ---- | M] () -- C:\bootsqm.dat [2012.02.09 17:31:36 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk [2012.02.08 21:32:29 | 003,791,757 | ---- | M] () -- C:\Users\PC\Desktop\Glitch Mob - Kraddy - Steppin' Razor.mp3 [2012.02.08 21:14:13 | 000,001,011 | ---- | M] () -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.02.08 21:13:55 | 000,000,995 | ---- | M] () -- C:\Users\PC\Desktop\Dropbox.lnk [2012.02.08 19:27:56 | 000,001,360 | ---- | M] () -- C:\Users\PC\Desktop\RivaTuner.lnk [2012.02.08 19:10:44 | 000,003,744 | ---- | M] (Analog Devices, Inc.) -- C:\Windows\System32\drivers\smsens.sys [2012.02.08 19:10:43 | 000,720,896 | ---- | M] (Sensaura Ltd) -- C:\Windows\System32\a3d.dll [2012.02.08 19:07:06 | 003,906,696 | ---- | M] () -- C:\Users\PC\Desktop\XATAR - INTERPOL.COM (Official Video).mp3 [2012.02.08 19:06:17 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.02.08 19:03:34 | 010,975,264 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTLCPL.EXE [2012.02.08 19:03:34 | 000,604,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SOUNDMAN.EXE [2012.02.08 19:03:33 | 019,036,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\ALSNDMGR.CPL [2012.02.08 19:03:33 | 004,172,832 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVAC.SYS [2012.02.08 19:03:33 | 002,510,368 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll [2012.02.08 19:03:33 | 000,965,664 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll [2012.02.08 19:03:33 | 000,154,144 | ---- | M] () -- C:\Windows\System32\RTLCPAPI.dll [2012.02.08 19:03:33 | 000,141,856 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCfg.dll [2012.02.08 19:03:33 | 000,141,016 | ---- | M] () -- C:\Windows\System32\ALSNDMGR.WAV [2012.02.08 19:03:30 | 000,223,776 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\Alcrmv.exe [2012.02.08 19:01:43 | 000,001,072 | ---- | M] () -- C:\Users\PC\Desktop\EVEREST Home Edition.lnk [2012.02.08 18:55:25 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.02.08 18:46:57 | 000,171,136 | RHS- | M] () -- C:\w7ldr [2012.02.08 18:43:24 | 000,265,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.02.08 18:41:09 | 000,057,050 | ---- | M] () -- C:\Windows\System32\license.rtf [2012.02.08 18:39:13 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012.02.08 18:36:25 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2012.02.08 18:36:24 | 000,000,355 | RHS- | M] () -- C:\Boot.ini.saved [2012.02.07 00:01:21 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2012.02.07 00:01:21 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2012.02.06 23:56:10 | 000,000,211 | -H-- | M] () -- C:\Boot.BAK ========== Files Created - No Company Name ========== [2012.02.28 17:07:02 | 000,002,949 | ---- | C] () -- C:\Users\PC\Desktop\HiJackThis.lnk [2012.02.28 17:06:25 | 001,402,880 | ---- | C] () -- C:\Users\PC\Desktop\HiJackThis.msi [2012.02.28 16:55:18 | 000,002,292 | ---- | C] () -- C:\Users\PC\Desktop\Google Chrome.lnk [2012.02.28 16:54:09 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3471856837-3392401971-277603258-1000UA.job [2012.02.28 16:54:08 | 000,001,056 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3471856837-3392401971-277603258-1000Core.job [2012.02.28 16:14:00 | 000,040,448 | ---- | C] () -- C:\Users\PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.02.28 16:11:56 | 000,001,183 | ---- | C] () -- C:\Users\PC\Desktop\Music DVD Creator.lnk [2012.02.28 16:11:36 | 003,305,790 | ---- | C] ( ) -- C:\Users\PC\Desktop\MusicDVDCreatorSetup.exe [2012.02.27 18:56:46 | 000,002,207 | ---- | C] () -- C:\Users\PC\Desktop\Jtag Tool (Reset Glitch).lnk [2012.02.27 18:46:51 | 042,164,213 | ---- | C] () -- C:\Users\PC\Desktop\Jtag-Tool-1.00-Reset-Glitch-Package-14699.rar [2012.02.27 00:49:31 | 000,001,281 | ---- | C] () -- C:\Users\PC\Desktop\JRunner.lnk [2012.02.27 00:45:56 | 014,904,602 | ---- | C] () -- C:\Users\PC\Desktop\14719 Additional Pack.rar [2012.02.26 19:37:48 | 000,044,049 | ---- | C] () -- C:\Users\PC\Unbenannt.GIF [2012.02.25 15:59:21 | 000,011,864 | ---- | C] () -- C:\Users\PC\Desktop\NFS THE RUN.dlc [2012.02.25 14:22:24 | 000,002,236 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 1000 J110 series.lnk [2012.02.22 18:20:58 | 000,001,983 | ---- | C] () -- C:\Users\PC\Desktop\JDownloader.lnk [2012.02.22 18:20:44 | 000,001,947 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk [2012.02.22 18:20:44 | 000,001,891 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk [2012.02.22 18:20:44 | 000,001,870 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk [2012.02.22 18:17:48 | 000,001,852 | ---- | C] () -- C:\Users\PC\Desktop\abgx360 GUI.lnk [2012.02.22 16:48:30 | 000,001,451 | ---- | C] () -- C:\Users\PC\Desktop\PowerTeacher.lnk [2012.02.19 23:41:06 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf [2012.02.19 23:15:32 | 000,002,047 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Suite.lnk [2012.02.15 19:51:08 | 003,439,836 | ---- | C] () -- C:\Users\PC\Desktop\LAD Soundsystem - Like a man (Official Video).mp3 [2012.02.14 22:34:11 | 000,002,170 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2012.02.14 22:31:27 | 000,001,090 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.02.14 22:31:26 | 000,001,086 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.02.13 00:55:07 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.02.12 16:34:03 | 000,001,067 | ---- | C] () -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trillian.lnk [2012.02.12 16:34:03 | 000,001,037 | ---- | C] () -- C:\Users\PC\Desktop\Trillian.lnk [2012.02.12 16:34:03 | 000,001,001 | ---- | C] () -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk [2012.02.10 21:17:19 | 000,003,296 | ---- | C] () -- C:\bootsqm.dat [2012.02.09 17:31:36 | 000,001,132 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk [2012.02.09 17:31:36 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk [2012.02.08 21:31:07 | 003,791,757 | ---- | C] () -- C:\Users\PC\Desktop\Glitch Mob - Kraddy - Steppin' Razor.mp3 [2012.02.08 21:16:28 | 003,906,696 | ---- | C] () -- C:\Users\PC\Desktop\XATAR - INTERPOL.COM (Official Video).mp3 [2012.02.08 21:14:13 | 000,001,011 | ---- | C] () -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.02.08 21:13:55 | 000,000,995 | ---- | C] () -- C:\Users\PC\Desktop\Dropbox.lnk [2012.02.08 19:38:25 | 000,004,359 | ---- | C] () -- C:\Windows\System32\nvinfo.pb [2012.02.08 19:27:56 | 000,001,360 | ---- | C] () -- C:\Users\PC\Desktop\RivaTuner.lnk [2012.02.08 19:01:43 | 000,001,072 | ---- | C] () -- C:\Users\PC\Desktop\EVEREST Home Edition.lnk [2012.02.08 18:55:25 | 000,001,100 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.02.08 18:55:25 | 000,001,088 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.02.08 18:49:42 | 000,001,409 | ---- | C] () -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.02.08 18:46:57 | 000,171,136 | RHS- | C] () -- C:\w7ldr [2012.02.08 18:40:42 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2012.02.08 18:40:33 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2012.02.08 18:39:13 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012.02.08 18:37:15 | 1207,017,472 | -HS- | C] () -- C:\hiberfil.sys [2012.02.08 18:36:24 | 000,000,211 | -H-- | C] () -- C:\Boot.BAK [2012.02.08 18:25:00 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK [2012.02.08 18:24:54 | 000,383,562 | RHS- | C] () -- C:\bootmgr [2012.02.07 00:48:38 | 000,000,355 | RHS- | C] () -- C:\Boot.ini.saved [2012.02.07 00:01:21 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2012.02.07 00:01:21 | 000,000,000 | RHS- | C] () -- C:\IO.SYS [2012.01.03 08:28:06 | 002,570,286 | ---- | C] () -- C:\Windows\System32\abgx360.exe ========== LOP Check ========== [2012.02.26 05:31:34 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\abgx360 [2012.02.28 15:54:06 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Dropbox [2012.02.23 13:22:27 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Foxit Software [2012.02.19 23:16:24 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Nokia [2012.02.19 23:42:37 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\PC Suite [2012.02.09 17:45:55 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\TeamViewer [2012.02.12 16:35:46 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Trillian [2009.07.14 05:53:46 | 000,021,796 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.28.04 Windows 7 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 8.0.7600.16385 PC :: PC1 [Administrator] 29.02.2012 20:48:39 mbam-log-2012-02-29 (20-48-39).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 233018 Laufzeit: 21 Minute(n), 22 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\PC\AppData\Local\Temp\5575.sys (Rootkit.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Gruß Xellar |
| Themen zu Google leitet um, und ist Langsam.. |
| .dll, application/pdf, application/pdf:, combofix, dateisystem, defender, explorer, google, google earth, heuristiks/extra, heuristiks/shuriken, internet, internet explorer, langs, logfiles, malwarebytes, microsoft, mozilla, problem, programme, realtek, registry, rootkit.agent, seiten, software, system, version=1.0, win32/agent.suc.gen, windows, winlogon |
Baum-Darstellung