|
Mülltonne: (2x) 50 Euro BKA Trojaner, Win XP, abgesicherter Modus geht auch nicht mehrWindows 7 Beiträge, die gegen unsere Regeln verstoßen haben, solche, die die Welt nicht braucht oder sonstiger Müll landet hier in der Mülltonne... |
15.03.2012, 22:55 | #1 |
| (2x) 50 Euro BKA Trojaner, Win XP, abgesicherter Modus geht auch nicht mehr Hallo zusammen, oder vielmehr HILFE!!! Habe es nach 20 Jahren Internet doch noch geschafft und mir so richtig Malware eingebrockt / und das auf einem Rechner der schleunigst wieder laufen muss! Es ist der 50 Euro BKA Trojaner. Er hat mir einen Schuss zugelassen: Ich konnte noch einmal abgesichert starten und mit Regedit verdaechtige Eintraege loeschen - jetzt geht gar nix mehr. Habe nach der Anleitung in anderen threads bezuegl. dieser Problematik ein Log erstellt Code:
ATTFilter OTL logfile created on: 3/15/2012 5:38:39 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: yyyy-MM-dd 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 97.66 Gb Total Space | 17.20 Gb Free Space | 17.61% Space Free | Partition Type: NTFS Drive D: | 110.75 Gb Total Space | 14.38 Gb Free Space | 12.98% Space Free | Partition Type: NTFS Drive F: | 1.86 Gb Total Space | 1.41 Gb Free Space | 76.00% Space Free | Partition Type: FAT Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet002 ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) SRV - [2011/08/14 18:26:48 | 003,246,040 | ---- | M] (Acronis) [Auto] -- C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2011/07/12 09:11:49 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/06/08 07:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2011/04/21 01:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011/02/01 15:53:34 | 000,805,024 | ---- | M] (Acronis) [Auto] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2009/03/03 06:19:28 | 000,691,200 | ---- | M] (FileZilla Project) [Auto] -- C:\Programme\FileZilla Server\FileZilla Server.exe -- (FileZilla Server) SRV - [2009/02/23 21:51:19 | 005,767,168 | ---- | M] () [Auto] -- C:\Programme\Hewlett-Packard\PNM\server\mysql\bin\mysqld-nt.exe -- (HP ProCurve Datastore) SRV - [2009/02/23 21:51:14 | 000,217,088 | ---- | M] () [Auto] -- C:\Programme\Hewlett-Packard\PNM\server\Wrapper.exe -- (HP ProCurve Network Manager Server) SRV - [2009/02/23 21:49:43 | 000,217,088 | ---- | M] () [Auto] -- C:\Programme\Hewlett-Packard\PNM\pcm-agent\wrapper.exe -- (HP ProCurve Network Manager Agent) SRV - [2009/02/05 10:36:00 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008/09/30 07:48:28 | 000,935,208 | ---- | M] (Nero AG) [Auto] -- C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2008/06/09 05:21:58 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2008/03/19 11:52:44 | 000,166,520 | ---- | M] () [Auto] -- C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service) SRV - [2008/03/19 11:52:38 | 000,051,816 | ---- | M] () [Auto] -- C:\Programme\IVT Corporation\BlueSoleil\StartSkysolSvc.exe -- (Start BT in service) SRV - [2007/07/24 05:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2007/05/28 12:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2007/05/04 04:27:00 | 000,071,360 | ---- | M] () [Auto] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2006/10/26 14:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006/10/26 09:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2005/11/09 19:00:30 | 000,090,112 | ---- | M] (Dell Inc.) [Auto] -- C:\Programme\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe -- (DLPWD) SRV - [2005/08/25 12:53:00 | 000,135,168 | ---- | M] (Dell Inc.) [Auto] -- C:\Programme\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe -- (DLSDB) SRV - [2005/04/03 19:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2001/11/12 08:31:48 | 000,020,480 | ---- | M] (X10) [Auto] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) SRV - [2001/04/06 17:24:54 | 000,032,256 | ---- | M] (C-Dilla Ltd) [Auto] -- C:\WINDOWS\system32\drivers\CDANTSRV.EXE -- (C-DillaSrv) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | Boot] -- -- (rseb) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | System] -- -- (lbrtfdc) DRV - File not found [Kernel | System] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand] -- -- (FXDrv32) DRV - File not found [Kernel | System] -- -- (Changer) DRV - [2012/03/15 03:54:00 | 000,284,792 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2011/08/14 18:26:49 | 000,167,968 | ---- | M] (Acronis) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp) DRV - [2011/08/14 18:26:44 | 000,752,128 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273) DRV - [2011/08/14 18:26:42 | 000,600,928 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter) DRV - [2011/08/14 18:26:34 | 000,170,528 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman) DRV - [2011/07/12 09:11:50 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011/07/12 09:11:50 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011/05/18 04:12:38 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2011/05/18 04:12:36 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2011/05/18 04:12:32 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2011/05/18 04:12:28 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2011/05/18 04:09:48 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2011/05/18 04:09:48 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2010/12/30 06:59:18 | 006,290,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2010/11/17 08:03:56 | 000,101,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService) DRV - [2009/11/25 12:54:23 | 000,003,026 | ---- | M] (Logix4u) [Kernel | System] -- C:\WINDOWS\system32\drivers\hwinterface.sys -- (hwinterface) DRV - [2009/11/18 02:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2009/11/18 02:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2009/10/08 11:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/10/06 08:00:44 | 000,716,272 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2009/08/14 00:27:00 | 004,485,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2009/04/01 07:28:32 | 000,093,184 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2009/03/25 09:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2009/03/08 23:10:50 | 000,014,848 | R--- | M] (Silicon Laboratories) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SiUSBXp.sys -- (SIUSBXP) DRV - [2009/02/24 13:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus) DRV - [2009/02/13 06:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008/08/26 04:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008/08/08 05:15:56 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto] -- C:\Programme\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) DRV - [2008/04/13 19:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE) DRV - [2008/04/13 17:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) DRV - [2008/02/26 09:07:54 | 000,073,728 | ---- | M] (EZB Systems, Inc.) [File_System | System] -- C:\Programme\UltraISO\drivers\ISODrive.sys -- (ISODrive) DRV - [2007/11/08 05:29:52 | 000,458,752 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PAC7302.SYS -- (PAC7302) DRV - [2007/06/27 02:05:52 | 000,053,184 | R--- | M] (FTDI Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS) DRV - [2007/06/27 02:04:14 | 000,071,488 | R--- | M] (FTDI Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K) DRV - [2007/06/24 16:56:54 | 000,038,920 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb) DRV - [2007/06/24 16:56:40 | 000,027,656 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio) DRV - [2007/06/24 16:56:34 | 000,034,312 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio) DRV - [2007/03/05 15:59:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT) DRV - [2007/03/05 15:57:14 | 000,019,472 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VHIDMini.sys -- (VHidMinidrv) DRV - [2007/03/05 15:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\BTHidMgr.sys -- (BTHidMgr) DRV - [2007/03/05 15:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum) DRV - [2007/03/05 15:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr) DRV - [2007/03/05 15:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm) DRV - [2006/04/28 10:34:00 | 000,882,688 | R--- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid) DRV - [2005/10/04 13:37:54 | 000,072,320 | R--- | M] (C-Media Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cmiucr.SYS -- (CMISTOR) DRV - [2005/07/25 05:04:08 | 000,048,640 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl) DRV - [2005/07/14 15:58:38 | 000,241,536 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (RT2500USB) DRV - [2005/06/30 07:16:00 | 001,094,848 | R--- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2005/05/19 10:52:58 | 000,017,792 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\x10ufx2.sys -- (XUIF) DRV - [2005/01/14 12:14:07 | 000,047,616 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2004/12/03 06:20:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x) DRV - [2004/10/28 06:47:59 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2004/06/18 14:23:56 | 000,016,768 | R--- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SiBulk.sys -- (SiBulk) DRV - [2003/12/05 04:40:24 | 000,262,987 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\et251.sys -- (DCamUSBET251) DRV - [2003/04/04 09:07:20 | 000,030,336 | ---- | M] (Politecnico di Torino) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) DRV - [2002/03/01 17:21:00 | 000,004,944 | ---- | M] () [Kernel | On_Demand] -- C:\Programme\Z-ParSwitch\WinIo.sys -- (WINIO) DRV - [2001/08/17 07:14:24 | 000,444,416 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fpcibase.sys -- (fpcibase) DRV - [2001/08/17 07:13:48 | 000,037,568 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avmwan.sys -- (AVMWAN) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Freak_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\Freak_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKU\Freak_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.wetteronline.de/Bayern/BayWald.htm IE - HKU\Freak_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "collectr" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Programme\Real Alternative\Browser\Plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Programme\Real Alternative\Browser\Plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Programme\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/08/05 12:11:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Programme\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/08/05 12:11:11 | 000,000,000 | ---D | M] [2009/01/26 04:44:36 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\mozilla\Firefox\Profiles\humki2he.default\extensions [2009/01/26 04:44:33 | 000,000,000 | ---D | M] (Screen grab!) -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\mozilla\Firefox\Profiles\humki2he.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671} [2009/01/26 04:44:34 | 000,000,000 | ---D | M] (FlashGot) -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\mozilla\Firefox\Profiles\humki2he.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [2009/01/26 04:44:34 | 000,000,000 | ---D | M] ("Simple Options Button") -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\mozilla\Firefox\Profiles\humki2he.default\extensions\{1d1bf47b-eb43-4fd8-a49a-efb6ba833d29} [2009/01/26 04:44:35 | 000,000,000 | ---D | M] (PDF Download) -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\mozilla\Firefox\Profiles\humki2he.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2009/01/26 04:44:35 | 000,000,000 | ---D | M] (Flashblock) -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\mozilla\Firefox\Profiles\humki2he.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2009/01/26 04:44:35 | 000,000,000 | ---D | M] (Stealther) -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\mozilla\Firefox\Profiles\humki2he.default\extensions\{4776510a-a1f4-41f3-a3c8-35b474ecef23} [2009/01/26 04:44:35 | 000,000,000 | ---D | M] (Modern Modoki) -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\mozilla\Firefox\Profiles\humki2he.default\extensions\{4a428302-5267-4749-bb22-459b3236695f} [2009/01/26 04:44:35 | 000,000,000 | ---D | M] (NoScript) -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\mozilla\Firefox\Profiles\humki2he.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2009/01/26 04:44:35 | 000,000,000 | ---D | M] (TinyUrl Creator) -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\mozilla\Firefox\Profiles\humki2he.default\extensions\{89736E8E-4B14-4042-8C75-AD00B6BD3900} [2009/01/26 04:44:35 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\mozilla\Firefox\Profiles\humki2he.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} [2009/01/26 04:44:35 | 000,000,000 | ---D | M] (FireFTP button) -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\mozilla\Firefox\Profiles\humki2he.default\extensions\{9BAE5926-8513-417d-8E47-774955A7C60D} [2009/01/26 04:44:36 | 000,000,000 | ---D | M] (FireFTP) -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\mozilla\Firefox\Profiles\humki2he.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2009/01/26 04:44:36 | 000,000,000 | ---D | M] (BBCode) -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\mozilla\Firefox\Profiles\humki2he.default\extensions\{AE37D527-6604-461c-8102-975CF8053A2F} [2009/01/26 04:44:36 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\mozilla\Firefox\Profiles\humki2he.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009/01/26 04:44:33 | 000,000,000 | ---D | M] (Ctrl Tab Preview) -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\mozilla\Firefox\Profiles\humki2he.default\extensions\ctrltabpreview@extensions.hesslow.se [2009/01/26 04:44:33 | 000,000,000 | ---D | M] (Wortliste von hxxp://tkltrans.sf.net (alte und neue deutsche Rechtschreibung)) -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\mozilla\Firefox\Profiles\humki2he.default\extensions\de-DE-comb@dictionaries.addons.mozilla.org [2009/01/26 04:44:33 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\mozilla\Firefox\Profiles\humki2he.default\extensions\ctrltabpreview@extensions.hesslow.se\chrome [2008/04/25 16:08:23 | 000,002,649 | ---- | M] () -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\Mozilla\Firefox\Profiles\humki2he.default\searchplugins\collectr.xml [2009/04/01 06:27:53 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/01/26 10:35:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION O1 HOSTS File: ([2012/03/15 05:02:42 | 000,001,009 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 www.mygully.com O1 - Hosts: 127.0.0.1 www.boerse.bz O1 - Hosts: 127.0.0.1 www.mygully.com O1 - Hosts: 127.0.0.1 www.boerse.bz O1 - Hosts: 127.0.0.1 www.mygully.com O1 - Hosts: 127.0.0.1 www.boerse.bz O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKU\Freak_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [ATICustomerCare] C:\Programme\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BDRegion] C:\Programme\CyberLink\Shared Files\brs.exe (cyberlink) O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCREye.exe () O4 - HKLM..\Run: [CorelDRAW Graphics Suite 11b] File not found O4 - HKLM..\Run: [DLPSP] C:\Programme\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE (Dell Inc.) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG) O4 - HKLM..\Run: [MedionVFD] C:\Programme\Medion Info Display\MdionLCM.exe (Dritek System Inc.) O4 - HKLM..\Run: [NokiaMServer] C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\Pac7302\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Programme\CyberLink\PowerDVD8\Language\Language.exe () O4 - HKLM..\Run: [RAVCpl32] C:\WINDOWS\system32\RAVCpl32.exe () O4 - HKLM..\Run: [RemoteControl8] C:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.) O4 - HKLM..\Run: [SAOB Monitor] C:\Programme\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKU\Freak_ON_C..\Run: [] File not found O4 - HKU\Freak_ON_C..\Run: [AdobeBridge] File not found O4 - HKU\Freak_ON_C..\Run: [AnVir Task Manager] C:\Programme\AnVir Task Manager\AnVir.exe (AnVir Software) O4 - HKU\Freak_ON_C..\Run: [BayGenie] File not found O4 - HKU\Freak_ON_C..\Run: [Buyertools Reminder] File not found O4 - HKU\Freak_ON_C..\Run: [PowerSuite] C:\Programme\Uniblue\PowerSuite\Launcher.exe (Uniblue Systems Limited) O4 - HKU\Freak_ON_C..\Run: [RAVCpl32] C:\WINDOWS\system32\RAVCpl32.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Ralink Wireless Utility.lnk = C:\Programme\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe (Ralink Technology, Corp.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Register Mask Pro 3.0.lnk = File not found O4 - Startup: C:\Dokumente und Einstellungen\Freak\Startmenü\Programme\Autostart\MagicDisc.lnk = C:\Programme\MagicDisc\MagicDisc.exe (MagicISO, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideRunAsVerb = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 1 O7 - HKU\Freak_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Freak_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\Freak_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 1 O7 - HKU\Freak_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1 O7 - HKU\Freak_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ConfirmFileDelete = 0 O7 - HKU\Freak_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: IntelliMenus = 0 O7 - HKU\Freak_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0 O7 - HKU\Freak_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceCopyAclwithFile = 1 O7 - HKU\Freak_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RecycleBinSize = 5 O7 - HKU\Freak_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\Freak_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 1 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 1 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O16 - DPF: {1F831FA3-42FC-11D4-95A6-0080AD30DCE1} file:///C:/Programme/AutoCAD%202002%20Deu/InstFred.ocx (InstaFred) O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} hxxp://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab (System Requirements Lab Class) O16 - DPF: {2F0D96B4-7D9D-4767-A657-F7ECC9114886} hxxp://192.168.2.3/IPCamPluginDMPT.cab (IPCamPluginDMPT Control) O16 - DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} hxxp://chkr-web.ifolor.net/ORDERINGGENERAL/LowRes/app_support/ActiveX/IfolorUploader_chkr.cab (IfolorUploader Control) O16 - DPF: {7340F0E4-AEDA-47C6-8971-9DB314030BD7} hxxp://192.168.1.222/activex/decoder/h264_dec.cab (CAxH264Dec Class) O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file:///C:/Programme/AutoCAD%202002%20Deu/AcDcToday.ocx (AcDcToday-Steuerung) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} hxxp://192.168.1.200/activex/AxisCamControl.cab (CamImage Class) O16 - DPF: {950D732B-EF81-4DC0-A7F2-8A46D94CF55C} hxxp://192.168.1.240/UltraMJCamX.cab (UltraMJCamX Class) O16 - DPF: {AE563724-B4F5-11D4-A415-00108302FDFD} file:///C:/Programme/AutoCAD%202002%20Deu/InstBanr.ocx (NOXLATE-BANR) O16 - DPF: {BA7A56EB-D1B9-443B-96E9-086532A378F1} hxxp://192.168.1.239/activex/decoder/aac_dec.cab (CAxAacDecEmb Class) O16 - DPF: {C111A91F-D4EC-4D22-8D27-C3BCB0389F43} hxxp://192.168.1.254/activex/AMC.cab (AudioHandlerEmbedded) O16 - DPF: {C32FE9F1-A857-48B0-B7BF-065B5792F28D} hxxp://192.168.1.245/activex/decoder/intel_mpeg4_dec.cab (CAxMP4Dec Class) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://192.168.1.200/activex/AMC.cab (AxisMediaControlEmb Class) O16 - DPF: {E2A2AF54-194A-499D-B6C7-79B646BC0ED6} hxxp://192.168.1.120/UltraCamX.cab (UltraCamX Class) O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file:///C:/Programme/AutoCAD%202002%20Deu/AcPreview.ocx (AcPreview-Steuerung) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (C:\WINDOWS\system32\RAVCpl32.exe) - C:\WINDOWS\system32\RAVCpl32.exe () O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - File not found O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\winbiy32: DllName - winbiy32.dll - File not found O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/01/26 04:27:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{87bfb513-ce35-11de-97c2-0013d3bab5fa}\Shell - "" = AutoRun O33 - MountPoints2\{87bfb513-ce35-11de-97c2-0013d3bab5fa}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{87bfb513-ce35-11de-97c2-0013d3bab5fa}\Shell\AutoRun\command - "" = H:\setup.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\cry_setup.exe O33 - MountPoints2\E\Shell\install\command - "" = E:\cry_setup.exe O33 - MountPoints2\E\Shell\install1\command - "" = E:\support\DirectX\DXSETUP.exe O34 - HKLM BootExecute: (autocheck xmnt2002 /bat="C:\WINDOWS\TEMP\PQ_BATCH.PQB" /win="C:\WINDOWS" /dbg="C:\WINDOWS\TEMP\PQ_DEBUG.TXT" /ver=262144 /prd="PartitionMagic") - File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/03/15 03:56:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Freak\Lokale Einstellungen\Anwendungsdaten\_ [2012/03/15 03:54:09 | 000,000,000 | ---D | C] -- C:\Programme\DellTPad [2012/03/15 03:54:01 | 000,115,640 | ---- | C] (Alps Electric Co., Ltd.) -- C:\WINDOWS\System32\Vxdif.dll [2012/03/15 03:54:00 | 000,284,792 | ---- | C] (Alps Electric Co., Ltd.) -- C:\WINDOWS\System32\drivers\Apfiltr.sys [2012/03/15 03:46:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Uniblue [2012/03/09 17:04:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Freak\Startmenü\Programme\CyberLink PowerDVD 8 [2012/03/09 17:01:58 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Freak\Recent [2012/03/07 02:50:57 | 000,000,000 | ---D | C] -- C:\ME3 [2012/02/28 10:52:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Freak\Desktop\Alive.2002.German.AC3.DVDRIP.XviD-WRC.torrent [2012/02/25 17:19:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Freak\Desktop\Alan.Wake.Collectors.Edition.MULTi2.RIP-RAF [2012/02/21 07:53:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Doom Ultimate Complete Collection [2012/02/21 07:46:01 | 000,000,000 | ---D | C] -- C:\Programme\Doom Ultimate Complete Collection [2012/02/17 16:33:00 | 002,028,391 | ---- | C] (Jan Kolarik & Ondrej Vaverka) -- C:\WINDOWS\EIZO Pin-Up.scr [2012/02/17 16:32:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\EIZO Pin-Up Uninstaller [2010/03/28 08:39:17 | 000,047,360 | ---- | C] (VSO Software) -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\pcouffin.sys [9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/03/15 10:43:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/03/15 05:06:20 | 3219,640,320 | -HS- | M] () -- C:\hiberfil.sys [2012/03/15 04:12:00 | 000,458,476 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012/03/15 04:12:00 | 000,440,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/03/15 04:12:00 | 000,084,318 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012/03/15 04:12:00 | 000,071,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/03/15 03:55:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/03/15 03:54:14 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_Apfiltr_01009.Wdf [2012/03/15 03:54:01 | 001,461,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WdfCoInstaller01009.dll [2012/03/15 03:54:01 | 000,115,640 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\System32\Vxdif.dll [2012/03/15 03:54:00 | 000,284,792 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\System32\drivers\Apfiltr.sys [2012/03/15 03:37:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Uniblue [2012/03/15 03:37:22 | 000,000,791 | ---- | M] () -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\PowerSuite.lnk [2012/03/15 03:37:22 | 000,000,773 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PowerSuite.lnk [2012/03/14 16:57:01 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/03/13 16:09:11 | 000,002,516 | -HS- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys.crypt [2012/03/11 17:12:15 | 000,025,713 | ---- | M] () -- C:\WINDOWS\CSTBox.INI [2012/03/08 16:12:30 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012/03/08 07:48:14 | 000,000,642 | ---- | M] () -- C:\Dokumente und Einstellungen\Freak\Desktop\MassEffect3.exe.lnk [2012/03/07 17:39:30 | 000,061,812 | ---- | M] () -- C:\olaf.pdf [2012/03/03 16:06:46 | 000,238,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Freak\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/03/03 10:02:08 | 000,032,956 | ---- | M] () -- C:\Dokumente und Einstellungen\Freak\Eigene Dateien\TNG.Benzinbrueder.German.1997.DVDRiP.XViD-AMBASSADOR.torrent [2012/02/26 08:32:10 | 000,514,560 | ---- | M] () -- C:\WINDOWS\System32\RAVCpl32.exe [2012/02/21 07:53:04 | 000,001,084 | ---- | M] () -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Doom 3 - Resurrection of Evil.lnk [2012/02/21 07:53:04 | 000,001,066 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Doom 3 - Resurrection of Evil.lnk [2012/02/21 07:53:04 | 000,001,009 | ---- | M] () -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Doom 64 EX.lnk [2012/02/21 07:53:04 | 000,001,002 | ---- | M] () -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Doom 3.lnk [2012/02/21 07:53:04 | 000,000,991 | ---- | M] () -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Doom II.lnk [2012/02/21 07:53:04 | 000,000,984 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Doom 3.lnk [2012/02/21 07:53:04 | 000,000,969 | ---- | M] () -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\GZDoom.lnk [2012/02/21 07:53:04 | 000,000,954 | ---- | M] () -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Doom.lnk [2012/02/21 07:53:04 | 000,000,951 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\GZDoom.lnk [2012/02/21 07:53:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Doom Ultimate Complete Collection [9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/03/15 05:00:25 | 3219,640,320 | -HS- | C] () -- C:\hiberfil.sys [2012/03/15 03:54:14 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_Apfiltr_01009.Wdf [2012/03/15 03:37:22 | 000,000,791 | ---- | C] () -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\PowerSuite.lnk [2012/03/15 03:37:22 | 000,000,773 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PowerSuite.lnk [2012/03/15 03:36:29 | 000,514,560 | ---- | C] () -- C:\WINDOWS\System32\RAVCpl32.exe [2012/03/08 07:48:14 | 000,000,642 | ---- | C] () -- C:\Dokumente und Einstellungen\Freak\Desktop\MassEffect3.exe.lnk [2012/03/07 17:39:30 | 000,061,812 | ---- | C] () -- C:\olaf.pdf [2012/03/03 10:02:08 | 000,032,956 | ---- | C] () -- C:\Dokumente und Einstellungen\Freak\Eigene Dateien\TNG.Benzinbrueder.German.1997.DVDRiP.XViD-AMBASSADOR.torrent [2012/02/21 07:53:04 | 000,001,084 | ---- | C] () -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Doom 3 - Resurrection of Evil.lnk [2012/02/21 07:53:04 | 000,001,066 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Doom 3 - Resurrection of Evil.lnk [2012/02/21 07:53:04 | 000,001,009 | ---- | C] () -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Doom 64 EX.lnk [2012/02/21 07:53:04 | 000,001,002 | ---- | C] () -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Doom 3.lnk [2012/02/21 07:53:04 | 000,000,991 | ---- | C] () -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Doom II.lnk [2012/02/21 07:53:04 | 000,000,984 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Doom 3.lnk [2012/02/21 07:53:04 | 000,000,969 | ---- | C] () -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\GZDoom.lnk [2012/02/21 07:53:04 | 000,000,954 | ---- | C] () -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Doom.lnk [2012/02/21 07:53:04 | 000,000,951 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\GZDoom.lnk [2012/02/05 07:50:04 | 002,976,806 | ---- | C] () -- C:\WINDOWS\exiftool.exe [2012/01/10 08:29:28 | 000,003,273 | ---- | C] () -- C:\WINDOWS\scenelib24.ini [2011/07/25 16:50:02 | 000,000,600 | ---- | C] () -- C:\WINDOWS\Rtcw.INI [2011/05/16 02:59:13 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\GkSui18.EXE [2011/03/10 12:11:33 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2011/03/10 12:11:33 | 000,022,328 | ---- | C] () -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\PnkBstrK.sys [2011/03/10 12:11:19 | 000,107,832 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe [2011/03/10 12:11:18 | 002,250,024 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe [2011/03/10 12:11:18 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe [2011/02/23 02:46:56 | 000,000,092 | ---- | C] () -- C:\Programme\verkleinerer.set [2011/02/22 13:38:25 | 000,240,640 | ---- | C] () -- C:\Programme\verkleinerer17.exe [2011/01/25 12:00:22 | 000,045,056 | R--- | C] () -- C:\Programme\SetAttrib.exe [2011/01/25 12:00:22 | 000,040,960 | R--- | C] () -- C:\Programme\delete.exe [2011/01/15 05:36:12 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll [2010/12/09 18:32:26 | 000,033,019 | ---- | C] () -- C:\WINDOWS\System32\CoreAAC-uninstall.exe [2010/04/02 12:17:34 | 000,179,091 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2010/03/28 08:39:17 | 000,087,608 | ---- | C] () -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\inst.exe [2010/03/28 08:39:17 | 000,007,887 | ---- | C] () -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\pcouffin.cat [2010/03/28 08:39:17 | 000,001,144 | ---- | C] () -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\pcouffin.inf [2010/02/28 13:35:23 | 000,000,089 | ---- | C] () -- C:\WINDOWS\PLX4017.DAT [2009/12/15 19:04:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Screen-Wash.ini [2009/12/11 18:38:43 | 002,129,920 | ---- | C] () -- C:\WINDOWS\System32\myodbc3S.dll [2009/12/11 18:38:43 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\myodbcinst.exe [2009/12/11 18:38:43 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\imyodbc.exe [2009/11/25 12:57:44 | 000,074,240 | ---- | C] () -- C:\WINDOWS\AKDeInstall.exe [2009/11/11 17:58:22 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2009/10/16 09:11:52 | 000,001,716 | ---- | C] () -- C:\WINDOWS\ATICIM.INI [2009/10/15 06:55:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2009/10/15 06:51:54 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe [2009/10/15 06:51:46 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2009/10/15 06:51:45 | 000,197,654 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2009/10/15 06:51:45 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2009/08/13 16:16:18 | 000,000,031 | ---- | C] () -- C:\WINDOWS\DeskCalc.INI [2009/06/24 07:38:14 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\Freak\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2009/06/17 03:18:56 | 000,238,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Freak\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/04/15 02:37:22 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\SerialMP.exe [2009/04/15 02:37:22 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\MosUsbPrintConfig.exe [2009/04/15 02:37:22 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\ParallelMP.exe [2009/04/15 02:37:22 | 000,000,159 | ---- | C] () -- C:\WINDOWS\System32\Config.ini [2009/04/15 02:37:22 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\PConfig.ini [2009/04/14 16:39:59 | 000,000,363 | ---- | C] () -- C:\WINDOWS\loggerconfig.ini [2009/04/14 16:38:43 | 000,016,768 | R--- | C] () -- C:\WINDOWS\System32\drivers\SiBulk.sys [2009/03/31 11:27:03 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\acdbres.dll [2009/02/18 13:55:20 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe [2009/02/07 17:07:10 | 000,000,516 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini [2009/02/07 17:07:08 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.INI [2009/02/06 10:00:17 | 000,002,516 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys.crypt [2009/02/06 10:00:17 | 000,000,008 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\E228B2A355.sys.crypt [2009/02/05 11:53:29 | 000,000,408 | ---- | C] () -- C:\WINDOWS\PowerReg.dat [2009/02/05 10:08:29 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2009/02/05 07:18:18 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009/02/03 16:52:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe [2009/02/02 19:33:06 | 000,025,713 | ---- | C] () -- C:\WINDOWS\CSTBox.INI [2009/01/26 10:51:27 | 000,262,987 | ---- | C] () -- C:\WINDOWS\System32\drivers\et251.sys [2009/01/26 10:51:27 | 000,049,152 | ---- | C] () -- C:\WINDOWS\etStill.exe [2009/01/26 10:51:27 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\etcamusd.dll [2009/01/26 06:03:26 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Install2500USB.dll [2009/01/26 06:03:26 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DEDriverDLL.dll [2009/01/26 06:03:26 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\WRLSetup.exe [2009/01/26 06:00:28 | 000,003,072 | R--- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll [2009/01/26 06:00:26 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll [2009/01/26 05:51:34 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2009/01/26 05:44:39 | 000,000,360 | ---- | C] () -- C:\WINDOWS\CNYHKey.ini [2009/01/26 05:44:38 | 000,549,376 | ---- | C] () -- C:\WINDOWS\mHotkey.exe [2009/01/26 05:44:38 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll [2009/01/26 05:44:38 | 000,049,152 | ---- | C] () -- C:\WINDOWS\CNYUSB.dll [2009/01/26 05:44:38 | 000,011,776 | ---- | C] () -- C:\WINDOWS\HIDMNT.dll [2009/01/26 05:44:38 | 000,005,120 | ---- | C] () -- C:\WINDOWS\HKCYDLL.dll [2009/01/26 05:25:56 | 000,127,184 | ---- | C] () -- C:\WINDOWS\Unwise.exe [2009/01/26 05:23:32 | 000,241,664 | R--- | C] () -- C:\WINDOWS\System32\CmUCRRm.exe [2009/01/26 05:23:32 | 000,241,664 | R--- | C] () -- C:\WINDOWS\System32\CmUCREye.exe [2009/01/26 05:23:32 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\CmUCRRm.Dll [2009/01/26 05:23:29 | 000,024,576 | R--- | C] () -- C:\WINDOWS\CmiUCRUninstall.exe [2009/01/26 05:23:29 | 000,000,052 | R--- | C] () -- C:\WINDOWS\CMICARDREADER.INI [2009/01/26 04:43:20 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Freak\PUTTY.RND [2009/01/26 04:42:55 | 000,014,852 | ---- | C] () -- C:\Programme\settings.dat [2009/01/26 04:42:37 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009/01/26 04:38:54 | 000,123,152 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2009/01/26 04:29:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2009/01/26 04:27:30 | 000,092,192 | ---- | C] () -- C:\WINDOWS\System32\Mapi32.dll [2009/01/26 04:24:46 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2009/01/26 04:18:01 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009/01/26 04:16:43 | 002,507,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008/12/19 10:21:58 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\BH_DATA120VC8.dll [2008/12/16 17:40:44 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\FKStampPainter20.dll [2008/12/10 14:56:38 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\LXPrnUtil10.dll [2008/12/10 14:55:10 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC8.dll [2008/12/10 14:53:30 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC8.dll [2008/12/10 14:53:18 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC8.dll [2008/05/02 16:46:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2008/05/02 16:46:00 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2008/05/02 16:46:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2008/05/02 16:46:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2008/05/02 16:46:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2008/05/02 16:46:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2008/05/02 16:46:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2008/04/25 07:45:19 | 000,000,237 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2008/04/14 02:06:26 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2006/12/31 01:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2006/03/06 10:08:00 | 000,008,946 | ---- | C] () -- C:\WINDOWS\System32\drivers\CBG2402.bin [2005/06/09 06:18:14 | 000,145,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\AR5523.bin [2005/01/26 12:23:00 | 000,005,374 | ---- | C] () -- C:\WINDOWS\System32\drivers\CBG108.BIN [2004/07/13 07:49:02 | 000,003,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\BFAIFILT.SYS [2004/05/28 05:43:42 | 000,003,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\AIFILT.SYS [2002/12/31 08:00:00 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\winamp.exe [2002/12/31 08:00:00 | 000,009,228 | ---- | C] () -- C:\WINDOWS\System32\hdinfo.exe.vir [2002/12/31 08:00:00 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\MachLink.exe [2002/03/01 22:10:02 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2001/08/18 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2001/08/18 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2001/08/18 07:00:00 | 000,458,476 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2001/08/18 07:00:00 | 000,440,684 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2001/08/18 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2001/08/18 07:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2001/08/18 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2001/08/18 07:00:00 | 000,084,318 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2001/08/18 07:00:00 | 000,071,002 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2001/08/18 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2001/08/18 07:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2001/08/18 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2001/08/18 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2001/08/18 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2001/04/30 04:36:36 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\mtstack.exe [2000/09/18 19:50:28 | 000,202,752 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll ========== LOP Check ========== [2009/01/26 05:52:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\X10 Commander [2011/08/11 16:28:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\Acronis [2009/03/31 11:36:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\Autodesk [2009/10/16 04:30:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\Blitware [2012/03/11 17:17:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\Canon [2012/02/12 05:15:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\CoSoSys [2009/02/07 17:25:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\FRITZ! [2011/05/04 10:55:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\FRITZ!fax für FRITZ!Box [2010/06/23 02:34:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\GHISLER [2009/11/24 17:45:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\gnupg [2009/11/11 13:37:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\GoodSync [2009/04/29 18:07:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\Lexware [2009/02/05 11:47:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\Mp3tag [2009/02/08 12:04:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\Nvu [2011/01/23 16:08:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\Opera [2011/08/05 16:59:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\PC Suite [2009/01/26 04:44:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\Thunderbird [2009/02/05 12:04:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\TrueCrypt [2009/09/18 04:09:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\UDC Profiles [2012/03/15 03:44:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\Uniblue [2012/03/07 05:35:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\uTorrent [2010/03/28 08:39:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\Vso [2012/01/11 07:21:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\WinTrack [2009/01/26 04:44:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\X-Chat 2 [2012/02/26 18:25:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Freak\Anwendungsdaten\XnView [2011/08/14 18:27:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis [2012/03/15 03:57:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Bluetooth [2012/03/15 03:57:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve [2011/03/26 18:24:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EA Core [2011/04/06 02:29:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts [2012/01/25 19:10:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InstallMate [2011/05/04 10:55:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ISDNWatch [2012/03/15 03:58:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware [2009/01/26 18:26:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe [2011/08/05 16:59:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia [2012/03/15 03:59:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache [2011/08/05 16:56:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2012/02/14 05:03:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RELOADED [2012/03/15 03:59:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Rosetta Stone [2011/08/03 08:49:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan [2009/01/26 18:00:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp [2010/03/28 09:33:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\vsosdk [2009/02/05 10:30:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip [2009/01/26 05:43:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\X10 Settings [2009/10/16 04:30:33 | 000,000,446 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job ========== Purity Check ========== < End of report > Bitte helft mir weiter TOM |
16.03.2012, 18:22 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | (2x) 50 Euro BKA Trojaner, Win XP, abgesicherter Modus geht auch nicht mehr__________________
__________________ |
Themen zu (2x) 50 Euro BKA Trojaner, Win XP, abgesicherter Modus geht auch nicht mehr |
0x00000001, adblock, antivir, anvir, avira, bho, cdburnerxp, desktop, disabletaskmgr, einstellungen, euro, firefox, fontcache, format, helper, hilfe!!, homepage, internet, logfile, malware, monitor.exe, mp3, nodrives, object, plug-in, realtek, registry, scan, server, software, starten, trojaner, windows, windows xp |