| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Viren ohne ende...Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
05.05.2010, 13:30
| #1 |
 |  Viren ohne ende... Hallo, ich brauche eure Hilfe... In meinem Firefox ist überall Werbung die nicht hingehört... Ich habe des Gefühl es werden immer mehr Viren... Grad eben hat sich ein Fenster geöffnet was sich als "Antispyware soft demo" oder so ähnlich ausgab... ich konnte nur über den Task-manager es beenden. im Task-manager sind fast alle Prozesse doppelt oder mehrfach (siehe Bild) und es werden immer mehr... Auch wenn ich Windows update aufrufe um die Updates zu installieren kommt immer eine Fehlermeldung, ebenso wenn ich die Systemwiederherstellung von Windows aufrufe kommt folgende Meldung  auch in CCleaner werden keine Systemwiederherstellungspunkte angezeigt... rKill 14Uhr: Code:
ATTFilter rKill 14 Uhr:
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as *** on 05.05.2010 at 14:00:23.
Processes terminated by Rkill or while it was running:
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
Rkill completed on 05.05.2010 at 14:00:44.
Code:
ATTFilter This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as David Manuel Dreher on 05.05.2010 at 14:25:31.
Processes terminated by Rkill or while it was running:
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
Rkill completed on 05.05.2010 at 14:25:43.
Code:
ATTFilter OTL logfile created on: 05.05.2010 14:01:35 - Run 2 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18882) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free 3,00 Gb Paging File | 2,00 Gb Available in Paging File | 66,00% Paging File free Paging file location(s): [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 229,81 Gb Total Space | 26,01 Gb Free Space | 11,32% Space Free | Partition Type: NTFS Drive D: | 229,11 Gb Total Space | 151,75 Gb Free Space | 66,23% Space Free | Partition Type: NTFS Drive E: | 3,92 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 698,63 Gb Total Space | 77,17 Gb Free Space | 11,05% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DAVIDSPC Current User Name: D**** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Google\Update\1.2.183.23\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Free Download Manager\fdm.exe (FreeDownloadManager.ORG) PRC - d:\xampp\mysql\bin\mysqld-nt.exe () PRC - D:\xampp\apache\bin\apache.exe (Apache Software Foundation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Windows\System32\cmd.exe (Microsoft Corporation) PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) PRC - C:\Programme\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation) PRC - C:\Programme\Symantec AntiVirus\DefWatch.exe (Symantec Corporation) PRC - C:\Programme\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) ========== Modules (SafeList) ========== MOD - C:\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (RoxLiveShare9) -- File not found SRV - (Akamai) -- c:\Programme\Common Files\Akamai\rswin_3653.dll () SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (mysql) -- d:\xampp\mysql\bin\mysqld-nt.exe () SRV - (Apache2.2) -- D:\xampp\apache\bin\apache.exe (Apache Software Foundation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec) SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation) SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation) SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation) SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation) ========== Driver Services (SafeList) ========== DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation) DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.) DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100504.004\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100504.004\NAVENG.SYS (Symantec Corporation) DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\vboxnetadp.sys (Sun Microsystems, Inc.) DRV - (VBoxUSB) -- C:\Windows\System32\drivers\vboxusb.sys (Sun Microsystems, Inc.) DRV - (avmaura) -- C:\Windows\System32\drivers\avmaura.sys (AVM Berlin) DRV - (Uim_IM) -- C:\Windows\System32\drivers\Uim_IM.sys (Paragon) DRV - (UimBus) -- C:\Windows\System32\drivers\UimBus.sys (Windows (R) 2000 DDK provider) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell) DRV - (dsltestSp5) -- C:\Windows\System32\drivers\dsltestsp5.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (DslMNLwf) -- C:\Windows\System32\drivers\dslmnlwf.sys (T-Systems Enterprise Services GmbH) DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s115mgmt.sys (MCCI Corporation) DRV - (s115obex) -- C:\Windows\System32\drivers\s115obex.sys (MCCI Corporation) DRV - (s115mdm) -- C:\Windows\System32\drivers\s115mdm.sys (MCCI Corporation) DRV - (s115mdfl) -- C:\Windows\System32\drivers\s115mdfl.sys (MCCI Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys () DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation) DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\e1g60i32.sys (Intel Corporation) DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation) DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation) DRV - (SPBBCDrv) -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation) DRV - (RTLWUSB) -- C:\Windows\System32\drivers\wg111v2.sys (NETGEAR Inc.) DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- C:\Windows\System32\drivers\k750bus.sys (MCCI) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.de/search?hl=de&btnG=Suche&meta=&q=" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.christus-portal.net/" FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1 FF - prefs.js..extensions.enabledItems: twitternotifier@naan.net:1.9.6.3 FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.4 FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.13 FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}:5.0.21 FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.3 FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.2 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63 FF - prefs.js..extensions.enabledItems: {a08fb0e7-cdd6-2796-9d51-2c93ecbcf934}:4.6.6.7 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.03 00:28:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.28 06:26:37 | 000,000,000 | ---D | M] [2009.11.23 23:07:29 | 000,000,000 | ---D | M] -- C:\Users\D****\AppData\Roaming\mozilla\Extensions [2009.11.23 23:07:29 | 000,000,000 | ---D | M] -- C:\Users\D****\AppData\Roaming\mozilla\Extensions\prism@developer.mozilla.org [2010.05.04 21:22:21 | 000,000,000 | ---D | M] -- C:\Users\D****\AppData\Roaming\mozilla\Firefox\Profiles\e0eg2w1m.default\extensions [2010.04.14 22:25:25 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\D****\AppData\Roaming\mozilla\Firefox\Profiles\e0eg2w1m.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2010.05.03 20:19:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\D****\AppData\Roaming\mozilla\Firefox\Profiles\e0eg2w1m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.03.26 19:14:45 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\D****\AppData\Roaming\mozilla\Firefox\Profiles\e0eg2w1m.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2010.04.14 22:25:25 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\D****\AppData\Roaming\mozilla\Firefox\Profiles\e0eg2w1m.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644} [2010.04.24 12:39:47 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\D****\AppData\Roaming\mozilla\Firefox\Profiles\e0eg2w1m.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010.03.31 05:27:33 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\D****\AppData\Roaming\mozilla\Firefox\Profiles\e0eg2w1m.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} [2010.02.19 11:15:30 | 000,000,000 | ---D | M] -- C:\Users\D****\AppData\Roaming\mozilla\Firefox\Profiles\e0eg2w1m.default\extensions\de-DE@dictionaries.addons.mozilla.org [2010.04.14 22:25:25 | 000,000,000 | ---D | M] -- C:\Users\D****\AppData\Roaming\mozilla\Firefox\Profiles\e0eg2w1m.default\extensions\twitternotifier@naan.net [2010.05.04 19:04:36 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.05.04 19:04:36 | 000,000,000 | ---D | M] (z) -- C:\Programme\Mozilla Firefox\extensions\{a08fb0e7-cdd6-2796-9d51-2c93ecbcf934} [2009.09.24 20:55:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} [2008.06.18 15:11:35 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\inspector@mozilla.org [2010.03.14 20:22:17 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.14 20:22:17 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.14 20:22:17 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.14 20:22:18 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.14 20:22:18 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (profitizeme browser enhancer) - {136E74A4-9153-4EF6-FEA5-C6039A817743} - C:\Windows\System32\scstbfkfgquyzup.dll () O2 - BHO: (profitmuse) - {3479441f-9783-76c9-c150-3269d45a0cd6} - C:\Windows\System32\5782b950.dll () O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found. O4 - HKCU..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG) O4 - HKCU..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\D****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rkill.com () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm () O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {162247AF-26A7-44FC-A93A-69506EA244F3} https://maxdomeaccount.1und1.de/presentation/script/HWTest.CAB (HWTest.HWTestControl) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_21-windows-i586.cab (Java Plug-in 1.5.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\D****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\D****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005.02.25 18:24:44 | 000,000,051 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{44462aac-3261-11dd-be1d-001c253200eb}\Shell\AutoRun\command - "" = J:\setupSNK.exe -- File not found O33 - MountPoints2\{896f6dc2-2250-11dd-8142-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{896f6dc2-2250-11dd-8142-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Install.exe -- [2004.10.21 19:38:02 | 000,126,976 | R--- | M] (Macrovision Corporation) O33 - MountPoints2\{bc3d89bc-6556-11dd-b14d-001c253200eb}\Shell - "" = AutoRun O33 - MountPoints2\{bc3d89bc-6556-11dd-b14d-001c253200eb}\Shell\AutoRun\command - "" = L:\autorun.exe -- File not found O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\setupSNK.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 30 Days ========== [2010.05.04 20:59:36 | 000,000,000 | ---D | C] -- C:\Programme\Vips2 [2010.05.03 19:57:22 | 000,000,000 | ---D | C] -- C:\Users\D****\AppData\Roaming\TrueCrypt [2010.05.03 19:54:26 | 000,000,000 | ---D | C] -- C:\ProgramData\TrueCrypt [2010.05.03 19:54:24 | 000,223,440 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys [2010.05.02 21:53:03 | 000,000,000 | ---D | C] -- C:\Users\D****\Documents\NetBeansProjects [2010.05.02 21:44:16 | 000,000,000 | ---D | C] -- C:\Users\D****\.netbeans [2010.05.02 21:44:11 | 000,000,000 | ---D | C] -- C:\Users\D****\.netbeans-registration [2010.05.02 21:34:29 | 000,000,000 | ---D | C] -- C:\Users\D****\.nbi [2010.05.02 10:26:23 | 000,000,000 | ---D | C] -- C:\Programme\JFrameBuilder [2010.04.28 06:25:00 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DivX Shared [2010.04.28 06:18:23 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2010.04.24 13:33:38 | 000,000,000 | ---D | C] -- C:\Programme\Shock Utility [2010.04.24 12:39:54 | 000,000,000 | ---D | C] -- C:\Programme\NOS [2010.04.24 12:39:54 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS [2010.04.23 15:37:08 | 000,000,000 | ---D | C] -- C:\games [2010.04.17 00:10:59 | 000,000,000 | ---D | C] -- C:\Users\D****\AppData\Roaming\Feedreader [2010.04.16 18:09:42 | 000,000,000 | ---D | C] -- C:\Users\D****\Desktop\Alt [2010.04.14 22:08:50 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2010.04.14 22:08:50 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2010.04.14 22:08:50 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2010.04.14 22:07:51 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010.04.14 22:04:46 | 000,000,000 | --SD | C] -- C:\ComboFix.txt [2010.04.14 22:03:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2010.04.14 21:32:23 | 000,000,000 | ---D | C] -- C:\Qoobox [2010.04.12 18:15:12 | 000,000,000 | ---D | C] -- C:\Programme\trend micro [2010.04.12 18:15:11 | 000,000,000 | ---D | C] -- C:\rsit [2010.04.11 22:55:02 | 000,000,000 | ---D | C] -- C:\Users\D****\AppData\Roaming\Malwarebytes [2010.04.11 22:52:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.04.11 22:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.04.11 22:52:42 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.04.11 22:52:41 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.04.11 22:32:13 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\stu2.exe [2010.04.06 20:16:18 | 000,147,456 | ---- | C] (Bullzip) -- C:\Windows\System32\bzpdfc.dll [2010.04.06 20:16:15 | 000,187,392 | ---- | C] (BullZip) -- C:\Windows\System32\bzpdf.dll [2010.04.06 20:16:11 | 000,000,000 | ---D | C] -- C:\Programme\Bullzip [2010.04.06 19:59:05 | 000,000,000 | ---D | C] -- C:\Users\D****\Documents\HERMA [2010.04.06 19:59:05 | 000,000,000 | ---D | C] -- C:\Users\D****\AppData\Local\HERMA [2010.04.06 19:56:09 | 000,000,000 | ---D | C] -- C:\Programme\HERMA [2010.04.06 19:56:09 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\HERMA [2010.04.06 19:53:18 | 000,000,000 | ---D | C] -- C:\HERMA [2010.04.05 19:23:25 | 000,000,000 | ---D | C] -- C:\Users\D****\Documents\TikGames [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.05.05 14:05:25 | 004,194,304 | -HS- | M] () -- C:\Users\D****\NTUSER.DAT [2010.05.05 14:00:58 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{615FB214-9DF7-478C-A55A-DE4C901F3D01}.job [2010.05.05 13:57:01 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ca5ac8caf1400.job [2010.05.05 13:56:56 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.05.05 13:56:54 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.05.05 13:56:54 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.05.05 13:56:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.05.05 13:56:05 | 3489,128,448 | -HS- | M] () -- C:\hiberfil.sys [2010.05.05 13:46:53 | 000,524,288 | -HS- | M] () -- C:\Users\D****\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.05.05 13:46:53 | 000,065,536 | -HS- | M] () -- C:\Users\D****\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.05.05 13:46:23 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.05.05 13:46:17 | 002,544,598 | -H-- | M] () -- C:\Users\D****\AppData\Local\IconCache.db [2010.05.05 13:10:42 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.05.04 20:59:45 | 000,000,548 | ---- | M] () -- C:\Windows\System32\javaw.exe.manifest [2010.05.04 20:59:45 | 000,000,548 | ---- | M] () -- C:\Windows\System32\java.exe.manifest [2010.05.04 19:17:35 | 000,000,155 | ---- | M] () -- C:\Users\D****\.appletviewer [2010.05.04 19:04:36 | 000,096,761 | ---- | M] () -- C:\Windows\System32\2f55e719.exe [2010.05.04 19:03:29 | 000,050,994 | ---- | M] () -- C:\Windows\System32\bnpdivwrrkqxmuwep.exe [2010.05.03 21:28:05 | 000,099,328 | ---- | M] () -- C:\Users\D****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.05.03 19:54:24 | 000,223,440 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys [2010.05.02 18:39:43 | 000,089,336 | ---- | M] () -- C:\Users\D****\AppData\Local\GDIPFONTCACHEV1.DAT [2010.05.02 18:35:55 | 002,288,056 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.05.02 18:05:21 | 000,788,998 | ---- | M] () -- C:\Users\D****\Desktop\crane.zip [2010.05.02 10:26:13 | 000,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe [2010.04.30 06:07:37 | 001,427,404 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.04.30 06:07:37 | 000,621,704 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.04.30 06:07:37 | 000,589,884 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.04.30 06:07:37 | 000,123,654 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.04.30 06:07:37 | 000,101,896 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.04.28 13:44:22 | 000,000,012 | ---- | M] () -- C:\Users\D****\AppData\Roaming\Light_Board_Veloca_-_Update_Checker.ini [2010.04.27 20:31:30 | 000,000,004 | ---- | M] () -- C:\Users\D****\AppData\Roaming\pro-fusion_-_Update_Checker.ini [2010.04.27 19:38:05 | 000,000,735 | ---- | M] () -- C:\Users\D****\SciTE.session [2010.04.27 19:10:32 | 000,000,036 | ---- | M] () -- C:\Users\D****\.org.eclipse.epp.usagedata.recording.userId [2010.04.27 13:58:48 | 000,381,952 | ---- | M] () -- C:\Windows\System32\scstbfkfgquyzup.dll [2010.04.26 22:16:47 | 000,000,463 | ---- | M] () -- C:\Users\D****\Desktop\Spielfilme.lnk [2010.04.25 21:04:18 | 000,050,715 | ---- | M] () -- C:\Users\D****\Desktop\IMG00431.jpg [2010.04.24 16:26:09 | 000,000,157 | ---- | M] () -- C:\Users\D****\Desktop\swr3_mp3_m.m3u [2010.04.24 13:33:23 | 000,065,536 | ---- | M] () -- C:\Windows\IFinst27.exe [2010.04.23 17:57:38 | 001,453,568 | ---- | M] () -- C:\Windows\System32\5782b950.dll [2010.04.22 17:30:26 | 000,033,280 | ---- | M] () -- C:\Users\D****\Desktop\Tabelle Johanna.doc [2010.04.22 15:43:53 | 000,000,962 | ---- | M] () -- C:\Users\D****\Desktop\Serien.lnk [2010.04.17 15:42:35 | 000,008,192 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\AtiPcie.sys [2010.04.14 18:35:39 | 000,088,064 | ---- | M] () -- C:\Users\D****\Desktop\Hartz IV.doc [2010.04.11 22:39:22 | 000,001,181 | ---- | M] () -- C:\ProgramData\_VOIDmfeklnmal.dll [2010.04.11 22:37:21 | 000,363,520 | ---- | M] () -- C:\Users\D****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rkill.com [2010.04.11 17:55:33 | 000,001,498 | ---- | M] () -- C:\Users\D****\.recently-used.xbel [2010.04.10 07:34:48 | 000,000,256 | ---- | M] () -- C:\Windows\System32\pool.bin [2010.04.10 00:06:00 | 000,558,846 | ---- | M] () -- C:\Users\D****\Desktop\IMG00271.jpg [2010.04.10 00:05:51 | 000,053,364 | ---- | M] () -- C:\Users\D****\Desktop\IMG00269.jpg [2010.04.10 00:03:11 | 000,000,256 | ---- | M] () -- C:\Users\D****\Documents\pool.bin [2010.04.09 23:33:42 | 004,357,332 | ---- | M] () -- C:\Users\D****\Documents\LoaderBackup-(2010-04-09).ipd [2010.04.09 23:09:43 | 004,357,133 | ---- | M] () -- C:\Users\D****\Documents\AutoBackup-(2010-04-09).ipd [2010.04.09 22:58:32 | 000,000,292 | ---- | M] () -- C:\Windows\win.ini [2010.04.07 15:11:29 | 000,190,464 | ---- | M] () -- C:\Users\D****\Desktop\Bericht.doc [2010.04.06 20:09:09 | 000,020,480 | ---- | M] () -- C:\Users\D****\Documents\Alberts Hauslikör.doc [2010.04.06 20:09:09 | 000,000,300 | ---- | M] () -- C:\Users\D****\Documents\Alberts Hauslikör.hea [2010.04.06 20:09:09 | 000,000,162 | -H-- | M] () -- C:\Users\D****\Documents\~$berts Hauslikör.doc [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.05.05 13:50:05 | 000,000,424 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{615FB214-9DF7-478C-A55A-DE4C901F3D01}.job [2010.05.04 19:17:35 | 000,000,155 | ---- | C] () -- C:\Users\D****\.appletviewer [2010.05.04 19:04:36 | 000,096,761 | ---- | C] () -- C:\Windows\System32\2f55e719.exe [2010.05.04 19:03:29 | 000,050,994 | ---- | C] () -- C:\Windows\System32\bnpdivwrrkqxmuwep.exe [2010.05.02 18:05:20 | 000,788,998 | ---- | C] () -- C:\Users\D****\Desktop\crane.zip [2010.04.29 17:36:42 | 000,000,003 | ---- | C] () -- C:\Users\D****\AppData\Roaming\TicTacToe.txt [2010.04.28 13:28:10 | 000,000,012 | ---- | C] () -- C:\Users\D****\AppData\Roaming\Light_Board_Veloca_-_Update_Checker.ini [2010.04.27 19:11:33 | 000,000,004 | ---- | C] () -- C:\Users\D****\AppData\Roaming\pro-fusion_-_Update_Checker.ini [2010.04.27 19:10:32 | 000,000,036 | ---- | C] () -- C:\Users\D****\.org.eclipse.epp.usagedata.recording.userId [2010.04.27 13:58:48 | 000,381,952 | ---- | C] () -- C:\Windows\System32\scstbfkfgquyzup.dll [2010.04.25 21:04:27 | 000,050,715 | ---- | C] () -- C:\Users\D****\Desktop\IMG00431.jpg [2010.04.24 16:26:07 | 000,000,157 | ---- | C] () -- C:\Users\D****\Desktop\swr3_mp3_m.m3u [2010.04.24 13:33:23 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe [2010.04.23 17:57:38 | 001,453,568 | ---- | C] () -- C:\Windows\System32\5782b950.dll [2010.04.22 17:28:02 | 000,033,280 | ---- | C] () -- C:\Users\D****\Desktop\Tabelle Johanna.doc [2010.04.14 22:08:51 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe [2010.04.14 22:08:50 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe [2010.04.14 22:08:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010.04.14 22:08:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010.04.14 22:08:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010.04.14 18:35:38 | 000,088,064 | ---- | C] () -- C:\Users\D****\Desktop\Hartz IV.doc [2010.04.12 17:45:05 | 3489,128,448 | -HS- | C] () -- C:\hiberfil.sys [2010.04.11 23:10:09 | 000,363,520 | ---- | C] () -- C:\Users\D****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rkill.com [2010.04.11 22:39:22 | 000,001,181 | ---- | C] () -- C:\ProgramData\_VOIDmfeklnmal.dll [2010.04.11 17:55:33 | 000,001,498 | ---- | C] () -- C:\Users\D****\.recently-used.xbel [2010.04.10 00:03:11 | 000,000,256 | ---- | C] () -- C:\Users\D****\Documents\pool.bin [2010.04.09 23:33:42 | 004,357,332 | ---- | C] () -- C:\Users\D****\Documents\LoaderBackup-(2010-04-09).ipd [2010.04.09 23:31:08 | 000,053,364 | ---- | C] () -- C:\Users\D****\Desktop\IMG00269.jpg [2010.04.09 23:28:08 | 000,558,846 | ---- | C] () -- C:\Users\D****\Desktop\IMG00271.jpg [2010.04.09 23:09:42 | 004,357,133 | ---- | C] () -- C:\Users\D****\Documents\AutoBackup-(2010-04-09).ipd [2010.04.07 15:11:29 | 000,190,464 | ---- | C] () -- C:\Users\D****\Desktop\Bericht.doc [2010.04.06 20:09:09 | 000,020,480 | ---- | C] () -- C:\Users\D****\Documents\Alberts Hauslikör.doc [2010.04.06 20:09:09 | 000,000,162 | -H-- | C] () -- C:\Users\D****\Documents\~$berts Hauslikör.doc [2010.04.06 20:09:08 | 000,000,300 | ---- | C] () -- C:\Users\D****\Documents\Alberts Hauslikör.hea [2010.04.06 10:01:12 | 000,000,962 | ---- | C] () -- C:\Users\D****\Desktop\Serien.lnk [2010.04.06 10:01:12 | 000,000,463 | ---- | C] () -- C:\Users\D****\Desktop\Spielfilme.lnk [2010.02.21 20:29:36 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll [2010.02.19 09:40:24 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.01.28 17:50:50 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010.01.24 00:10:29 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll [2010.01.24 00:10:29 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll [2010.01.24 00:10:27 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2009.12.13 22:41:20 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.12.11 07:34:59 | 000,116,736 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2009.12.11 07:34:40 | 000,094,274 | ---- | C] () -- C:\Windows\System32\HPBHEALR.DLL [2009.08.31 14:03:42 | 000,262,144 | ---- | C] () -- C:\Windows\System32\EMRegSys.dll [2009.07.09 18:59:41 | 000,138,384 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2008.11.11 22:56:34 | 000,018,944 | ---- | C] () -- C:\Windows\System32\wk32.dll [2008.11.11 22:56:34 | 000,003,584 | ---- | C] () -- C:\Windows\System32\ic32.dll [2008.08.08 16:28:51 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2008.07.08 18:13:58 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008.06.02 16:10:50 | 000,077,824 | ---- | C] () -- C:\Windows\System32\HPZIDS01.dll [2008.05.31 14:23:31 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2007.05.07 10:41:16 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2007.05.07 09:22:38 | 000,000,834 | ---- | C] () -- C:\Windows\generic.ini [2007.05.07 09:22:38 | 000,000,123 | ---- | C] () -- C:\Windows\Alaunch.ini [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.02.23 18:37:18 | 000,047,104 | ---- | C] () -- C:\Windows\System32\dsfFLACEncoder.dll [2006.02.23 17:37:06 | 000,047,616 | ---- | C] () -- C:\Windows\System32\dsfVorbisDecoder.dll [2006.02.23 17:36:22 | 000,102,400 | ---- | C] () -- C:\Windows\System32\dsfOggDemux2.dll [2006.02.23 17:35:56 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dsfOGMDecoder.dll [2006.02.23 17:35:44 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dsfNativeFLACSource.dll [2006.02.23 17:35:40 | 000,049,664 | ---- | C] () -- C:\Windows\System32\dsfFLACDecoder.dll [2006.02.23 17:34:58 | 000,083,456 | ---- | C] () -- C:\Windows\System32\libFLAC++.dll [2006.02.23 17:34:56 | 000,106,496 | ---- | C] () -- C:\Windows\System32\libFishSound.dll [2006.02.23 17:34:38 | 000,029,696 | ---- | C] () -- C:\Windows\System32\libOOOggSeek.dll [2006.02.23 17:34:26 | 001,108,480 | ---- | C] () -- C:\Windows\System32\vorbis.dll [2006.02.23 17:34:16 | 000,049,152 | ---- | C] () -- C:\Windows\System32\libOOogg.dll [2006.02.23 17:33:54 | 000,140,288 | ---- | C] () -- C:\Windows\System32\libFLAC.dll [2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll [1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll < End of report > Geändert von dredav (05.05.2010 um 13:39 Uhr) |
| Themen zu Viren ohne ende... |
| 0x00000001, akamai, antivirus, aufrufe, bho, c:\windows\system32\cmd.exe, components, corp./icp, desktop, dsl, error, excel, excel.exe, firefox, firefox 3.6.3, firefox.exe, free download, google, home, home premium, install.exe, location, log file, logfile, manuel, mozilla, mp3, netgear, nvstor.sys, oldtimer, otl logfile, otl.exe, plug-in, programdata, realtek, registry, rkill.com, searchplugins, software, sptd.sys, start menu, symantec, system, twitter, viren, vista, werbung, windows |
Baum-Darstellung