| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Weiterleitung auf URL123.infoWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
23.04.2012, 11:02
| #1 |
 |  Weiterleitung auf URL123.info Hallo, ich wurde gestern von Google auf eine Seite mit dem namen url123.info weitergeleitet, doch das wollte ich garnicht. Es öffnete sich ein weißer Bildschirm und die Seite fragte mich auch ständig als ich zurück wollte ob ich nicht noch etwas zu erledigen habe usw. Kennt jemand diese Seite und weiß ob sie schädlich ist? Hier mal ein ORL Scan: Code:
ATTFilter OTL logfile created on: 23.04.2012 11:54:46 - Run 11 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kevin\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,54 Gb Available Physical Memory | 47,55% Memory free 10,99 Gb Paging File | 9,37 Gb Available in Paging File | 85,24% Paging File free Paging file location(s): [Binary data over 100 bytes] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 195,31 Gb Total Space | 58,14 Gb Free Space | 29,77% Space Free | Partition Type: NTFS Drive D: | 270,45 Gb Total Space | 22,15 Gb Free Space | 8,19% Space Free | Partition Type: NTFS Computer Name: KEVIN-PC | User Name: Kevin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Google\Update\1.3.21.111\GoogleCrashHandler.exe (Google Inc.) PRC - D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\Kevin\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Programme\PostgreSQL\8.4\bin\postgres.exe (PostgreSQL Global Development Group) PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - D:\Program Files\Tunngle\TnglCtrl.exe (Tunngle.net GmbH) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) PRC - C:\Programme\Microsoft Xbox 360 Accessories\XBoxStat.exe (Microsoft Corporation) PRC - c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios) PRC - C:\Programme\VIA\VIAudioi\VDeck\VDeck.exe (VIA) PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\System32\lxbccoms.exe ( ) PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe () ========== Modules (No Company Name) ========== MOD - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCoreGecko10.dll () MOD - D:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll () MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Programme\VIA\VIAudioi\VDeck\Dts2ApoApi.dll () MOD - C:\Programme\VIA\VIAudioi\VDeck\QsApoApi.dll () MOD - C:\Programme\VIA\VIAudioi\VDeck\VMicApi.dll () MOD - D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe () ========== Win32 Services (SafeList) ========== SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (postgresql-8.4) -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group) SRV - (postgresql-8.3) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group) SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (TunngleService) -- D:\Program Files\Tunngle\TnglCtrl.exe (Tunngle.net GmbH) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (DAUpdaterSvc) -- D:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare) SRV - (RosettaStoneDaemon) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe (Rosetta Stone Ltd.) SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software) SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (lxbc_device) -- C:\Windows\System32\lxbccoms.exe ( ) SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (OpenVPNService) -- C:\Programme\OpenVPN\bin\openvpnserv.exe () ========== Driver Services (SafeList) ========== DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (PnkBstrK) -- C:\Windows\System32\drivers\PnkBstrK.sys () DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (Lavasoft Kernexplorer) -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys () DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation) DRV - (ss_bserd) -- C:\Windows\System32\drivers\ss_bserd.sys (MCCI Corporation) DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI) DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation) DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\System32\drivers\tap0901t.sys (Tunngle.net) DRV - (RsFx0103) -- C:\Windows\System32\drivers\RsFx0103.sys (Microsoft Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (VIAHdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.) DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys () DRV - (tap0801) -- C:\Windows\System32\drivers\tap0801.sys (The OpenVPN Project) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: - SOFTWARE\Classes\CLSID\\LocalServer32 File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Bar = hxxp://google.icq.com/search/search_frame.php IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.wieistmeineip.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: NPDyyno@dyyno.com:1.0.0.24 FF - prefs.js..extensions.enabledItems: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.8.6.1 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@dyyno.com/vlc;version=0.8.6f.2: C:\Program Files\Dyyno\Dyyno Player\npvlc.dll (Dyyno) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.12.30 20:41:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012.03.20 19:17:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.27\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.24 13:38:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.27\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.24 13:38:08 | 000,000,000 | ---D | M] [2009.01.23 18:12:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Extensions [2012.04.22 23:52:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions [2012.02.24 13:55:28 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e} [2012.04.22 23:52:05 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.08.26 19:52:16 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.03.30 14:02:27 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.04.23 11:42:05 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2012.03.01 22:17:16 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010.02.14 19:45:30 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\moveplayer@movenetworks.com [2009.04.20 15:36:41 | 000,000,000 | ---D | M] (Simple Dyyno Launcher) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\NPDyyno@dyyno.com [2010.10.20 20:48:50 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\1j5n9nvp.default\extensions\vshare@toolbar [2010.01.23 13:35:03 | 000,002,321 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\1j5n9nvp.default\searchplugins\dictcc.xml [2009.06.15 21:46:47 | 000,002,030 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\1j5n9nvp.default\searchplugins\myvideo-suche-.xml [2009.07.11 12:04:46 | 000,000,727 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\1j5n9nvp.default\searchplugins\phpnet.xml [2009.01.23 19:10:53 | 000,002,108 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\1j5n9nvp.default\searchplugins\youtube-videosuche.xml [2012.02.22 13:29:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.01.29 13:33:36 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.03.16 23:19:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.07.16 14:48:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} () (No name found) -- C:\USERS\KEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1J5N9NVP.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.02.24 13:38:07 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.24 13:38:07 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.24 13:38:07 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.24 13:38:07 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.24 13:38:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\Application\14.0.835.163\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\Application\14.0.835.163\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kevin\AppData\Local\Google\Chrome\Application\14.0.835.163\pdf.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: getPlusPlus for Adobe 16263 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll CHR - plugin: Dyyno Player Plugin (Enabled) = C:\Program Files\Dyyno\Dyyno Player\npvlc.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: iTunes Application Detector (Enabled) = D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\ O1 HOSTS File: ([2012.04.18 19:15:32 | 000,441,949 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 15212 more lines... O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [NeroCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Kevin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\PrxerNsp.dll ( ) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\PrxerDrv.dll (Initex Software) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\PrxerDrv.dll (Initex Software) O15 - HKCU\..Trusted Domains: everestpoker.com ([account] https in Trusted sites) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0DE9F9EF-8DB8-41C2-8A1F-AF77E3B8D7FB}: NameServer = 195.50.140.246 195.50.140.248 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23E65DDC-D557-4A3C-93DC-0488FAD00A79}: DhcpNameServer = 92.241.168.201 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5348C871-FA4C-48BA-8047-4C204317B8F4}: DhcpNameServer = 7.254.254.254 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{5c2a288e-ee35-11df-a91a-d049f4b62852}\Shell - "" = AutoRun O33 - MountPoints2\{5c2a288e-ee35-11df-a91a-d049f4b62852}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a O33 - MountPoints2\{9c031dfe-e967-11dd-b6cc-002354732f26}\Shell - "" = AutoRun O33 - MountPoints2\{9c031dfe-e967-11dd-b6cc-002354732f26}\Shell\AutoRun\command - "" = H:\steambackup2.EXE O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.04.13 13:56:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.04.13 13:56:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012.04.01 22:18:23 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Temporary Projects [2012.03.27 19:46:12 | 000,050,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll [2012.03.27 19:46:04 | 000,079,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll [2012.03.27 19:43:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\RsFx [2012.03.27 19:42:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0 [2012.03.27 19:42:10 | 000,000,000 | ---D | C] -- C:\Windows\System32\1033 [2012.03.27 19:42:10 | 000,000,000 | ---D | C] -- C:\Windows\System32\1031 [2012.03.27 19:40:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 [2012.03.27 19:38:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server [2012.03.27 19:37:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services [2012.03.27 19:37:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition [2012.03.27 19:36:34 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\Visual Studio 2010 [2012.03.27 19:36:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express [2012.03.27 19:34:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs [2012.03.27 19:34:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer [2012.03.27 19:34:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0 [2012.03.27 19:24:55 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll [2012.03.27 19:24:53 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll [2012.03.27 19:24:53 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msisip.dll [2009.01.29 20:28:27 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\PrxerNsp.dll [2009.01.26 15:40:49 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbcserv.dll [2009.01.26 15:40:49 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxbcusb1.dll [2009.01.26 15:40:49 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbchbn3.dll [2009.01.26 15:40:49 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbccomc.dll [2009.01.26 15:40:49 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbcpmui.dll [2009.01.26 15:40:49 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbclmpm.dll [2009.01.26 15:40:49 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxbccoms.exe [2009.01.26 15:40:49 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbccomm.dll [2009.01.26 15:40:49 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbcinpa.dll [2009.01.26 15:40:49 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbciesc.dll [2009.01.26 15:40:49 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxbcih.exe [2009.01.26 15:40:49 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxbccfg.exe [2009.01.26 15:40:49 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBChcp.dll [2009.01.26 15:40:49 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbcprox.dll [2009.01.26 15:40:49 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbcpplc.dll [4 C:\Users\Kevin\Documents\*.tmp files -> C:\Users\Kevin\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.04.23 11:40:31 | 000,765,288 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.04.23 11:40:31 | 000,721,450 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.04.23 11:40:31 | 000,181,702 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.04.23 11:40:31 | 000,153,554 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.04.23 11:35:42 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.04.23 11:35:42 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.04.23 11:35:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.04.23 11:35:28 | 3488,735,232 | -HS- | M] () -- C:\hiberfil.sys [2012.04.23 00:33:08 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.dat [2012.04.22 21:50:59 | 000,000,552 | ---- | M] () -- C:\Users\Kevin\AppData\Local\d3d8caps.dat [2012.04.22 21:39:46 | 000,711,240 | ---- | M] () -- C:\Windows\is-I1TPS.exe [2012.04.22 21:39:46 | 000,012,782 | ---- | M] () -- C:\Windows\is-I1TPS.msg [2012.04.22 21:39:46 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.22 21:39:46 | 000,000,441 | ---- | M] () -- C:\Windows\is-I1TPS.lst [2012.04.22 21:17:20 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat [2012.04.22 21:17:20 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat [2012.04.22 20:31:36 | 000,002,379 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.04.19 17:53:01 | 000,025,622 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\wklnhst.dat [2012.04.19 17:52:04 | 000,000,404 | ---- | M] () -- C:\Windows\LEXSTAT.INI [2012.04.19 17:37:06 | 000,002,623 | ---- | M] () -- C:\Users\Kevin\Desktop\Microsoft Word.lnk [2012.04.18 19:15:32 | 000,441,949 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.04.18 15:23:02 | 000,155,648 | ---- | M] () -- C:\Users\Kevin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.04.17 16:03:54 | 000,441,866 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120418-191532.backup [2012.04.12 00:20:32 | 000,441,866 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120417-160352.backup [2012.04.09 01:13:59 | 000,441,321 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120412-002032.backup [2012.04.08 18:37:21 | 000,002,109 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.04.06 14:46:07 | 000,441,321 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120409-011359.backup [2012.04.04 20:01:51 | 000,441,321 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120406-144607.backup [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.03.30 21:16:20 | 000,440,697 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120404-200151.backup [2012.03.30 11:53:01 | 000,440,697 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120330-211620.backup [2012.03.29 13:28:18 | 000,440,697 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120330-115300.backup [2012.03.28 17:39:09 | 000,440,697 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120329-132818.backup [2012.03.28 13:38:04 | 000,001,175 | ---- | M] () -- C:\Users\Kevin\Desktop\Microsoft Visual Basic 2010 Express.lnk [4 C:\Users\Kevin\Documents\*.tmp files -> C:\Users\Kevin\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.04.22 21:50:59 | 000,000,552 | ---- | C] () -- C:\Users\Kevin\AppData\Local\d3d8caps.dat [2012.04.22 21:39:46 | 000,711,240 | ---- | C] () -- C:\Windows\is-I1TPS.exe [2012.04.22 21:39:46 | 000,012,782 | ---- | C] () -- C:\Windows\is-I1TPS.msg [2012.04.22 21:39:46 | 000,000,441 | ---- | C] () -- C:\Windows\is-I1TPS.lst [2012.03.28 13:38:04 | 000,001,175 | ---- | C] () -- C:\Users\Kevin\Desktop\Microsoft Visual Basic 2010 Express.lnk [2012.03.13 14:47:47 | 000,000,045 | ---- | C] () -- C:\Users\Kevin\AppData\Local\machpro.dat [2012.02.29 21:21:24 | 000,042,392 | ---- | C] () -- C:\Windows\System32\xfcodec.dll [2011.08.03 03:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2011.08.01 19:35:03 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2011.06.12 23:20:17 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI [2011.06.01 14:45:52 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2011.06.01 14:45:52 | 000,042,112 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2011.05.26 21:17:33 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat [2011.05.26 21:17:33 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat [2011.05.12 21:46:08 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe [2011.01.13 19:18:15 | 000,000,365 | ---- | C] () -- C:\Users\Kevin\AppData\Local\postgresinstall.bat [2011.01.04 16:10:58 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.01.04 16:10:56 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.01.04 16:10:56 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.01.04 16:10:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.01.04 16:10:56 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2010.12.06 15:58:56 | 002,496,715 | ---- | C] () -- C:\Windows\System32\abgx360.exe [2010.05.26 20:37:52 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat [2010.04.28 21:31:06 | 000,000,068 | ---- | C] () -- C:\Windows\cdplayer.ini [2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010.03.05 19:47:36 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe [2010.02.27 14:08:29 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2010.02.23 17:13:27 | 000,040,960 | R--- | C] () -- C:\Windows\System32\psfind.dll [2010.01.27 21:46:45 | 000,138,384 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2009.12.29 13:32:12 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2009.12.23 21:40:51 | 000,000,762 | ---- | C] () -- C:\Windows\Edofma.INI [2009.08.28 14:25:32 | 000,000,126 | -HS- | C] () -- C:\ProgramData\.zreglib [2009.07.23 20:20:43 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2009.05.29 18:36:24 | 000,086,250 | ---- | C] () -- C:\Windows\wininit.ini [2009.05.27 18:23:04 | 000,000,600 | ---- | C] () -- C:\Users\Kevin\AppData\Local\PUTTY.RND [2009.05.12 13:32:34 | 000,014,848 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll [2009.03.22 22:18:35 | 000,134,989 | ---- | C] () -- C:\Windows\War3Unin.dat [2009.03.15 20:22:50 | 000,000,535 | ---- | C] () -- C:\Windows\ODBCINST.INI [2009.01.29 21:02:15 | 000,000,093 | ---- | C] () -- C:\Users\Kevin\AppData\Local\fusioncache.dat [2009.01.29 20:28:29 | 000,000,386 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\Current.prx [2009.01.26 15:40:49 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbcutil.dll [2009.01.26 15:40:49 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBCinst.dll [2009.01.26 12:19:30 | 000,025,622 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\wklnhst.dat [2009.01.26 12:15:43 | 000,001,187 | ---- | C] () -- C:\Windows\ODBC.INI [2009.01.26 11:43:49 | 000,000,404 | ---- | C] () -- C:\Windows\LEXSTAT.INI [2009.01.25 19:14:10 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.01.25 19:14:08 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009.01.23 18:21:26 | 000,155,648 | ---- | C] () -- C:\Users\Kevin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.01.23 18:10:00 | 000,138,056 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\PnkBstrK.sys [2009.01.23 18:09:45 | 000,215,128 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2009.01.23 18:09:43 | 000,682,280 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2009.01.23 18:09:43 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2009.01.23 16:28:26 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.01.23 16:28:26 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.01.23 16:04:28 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys [2009.01.23 16:04:23 | 000,026,082 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2009.01.23 16:03:13 | 000,000,680 | ---- | C] () -- C:\Users\Kevin\AppData\Local\d3d9caps.dat [2008.01.21 09:15:58 | 000,765,288 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,181,702 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.12.28 09:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS [2007.04.27 11:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2007.02.22 19:32:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbccoin.dll [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,367,592 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,721,450 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,153,554 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2005.10.25 15:51:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbcvs.dll [1999.01.22 22:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL [1998.06.10 01:00:00 | 000,015,120 | ---- | C] () -- C:\Windows\System32\REPUTIL.DLL < End of report > |
| Themen zu Weiterleitung auf URL123.info |
| 0x00000001, ad-aware, antivir, audiodg.exe, autorun, avira, bho, bildschirm, bonjour, conduit, converter, defender, downloader, error, firefox, format, ftp, google, google earth, home, logfile, mozilla, mp3, plug-in, realtek, registry, safer networking, scan, server, software, vdeck.exe, version=1.0, vista, visual studio |
Baum-Darstellung