|
Plagegeister aller Art und deren Bekämpfung: Desktop Security 2010 plagt meinen Laptop.Alles versuche vergeblich, kommt nach Neustart wieder.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
05.08.2010, 18:08 | #1 |
| Desktop Security 2010 plagt meinen Laptop.Alles versuche vergeblich, kommt nach Neustart wieder.Hallo Leute, vorweg erstmal ein ganz dickes dafür dass Ihr dieses Forum zum Leben erweckt habt...es hat mich, trotz erfolglosigkeit, mit verschiedensten Tipps sehr, sehr weit gebracht...Dieses "Rkill" programm stoppt alle Aktivitäten dieses Nervenzerfetztenden Viruses...Ich könnt echt kot*en!!! Habe versucht, wie vorgegeben in den Forenregeln, mich allein durch zu kämpfen bzw die Themen durch zu suchen...Hab sämtliche programme runtergeladen und auch scannen lassen wie z.b.: Rkill, Mailwarebytes, CCleaner, Rsit & OTL...hab dafür auch alles Berichte oder Logfiles... Dieses Malewarebytes habe ich nun bestimmt schon sechs mal laufen lassen und davon einmal einen vollscann durchgeführt...im bericht (werde alle Berichte nach meiner Bescheibung posten) steht aufgelistet dass ich den Virus entfernt haben... -> Neustart ALLES WIEDER DA....aaaaaaaaaaahhhhhhhhhh ich reg mich so übel über Virenschreiben auf...nicht zu fassen!!! Hier mal die Logfiles: Rkill: This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Ran as Sabrina on 05.08.2010 at 17:22:36. Processes terminated by Rkill or while it was running: C:\Users\IKKE\AppData\Roaming\MSA\baka11.exe C:\Users\IKKE\AppData\Roaming\Desktop Security 2010\Desktop Security 2010.exe C:\Users\IKKE\AppData\Roaming\Desktop Security 2010\securitycenter.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\IKKE\Desktop\rkill.com Rkill completed on 05.08.2010 at 17:23:14. Malewarebytes (vollscann vor Neustart): Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4052 Windows 6.0.6000 Internet Explorer 7.0.6000.17037 05.08.2010 14:39:21 mbam-log-2010-08-05 (14-39-21).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 262711 Laufzeit: 1 Stunde(n), 0 Minute(n), 50 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Malewarebytes (nach Neustart) : Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4052 Windows 6.0.6000 Internet Explorer 7.0.6000.17037 05.08.2010 18:10:08 mbam-log-2010-08-05 (18-10-08).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 134527 Laufzeit: 7 Minute(n), 31 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 1 Infizierte Dateien: 3 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\securitycenter (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\Users\IKKE\AppData\Roaming\Desktop Security 2010 (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully. Infizierte Dateien: C:\Users\IKKE\AppData\Roaming\Desktop Security 2010\Desktop Security 2010.exe (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully. C:\Users\IKKE\AppData\Roaming\Desktop Security 2010\securitycenter.exe (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully. C:\Users\IKKE\AppData\Local\Temp\wrfwe_di.exe (Trojan.Downloader) -> Quarantined and deleted successfully. ich hoffe das reicht erstmal... Bitte helft mich bevor ich den Rechner zum Fenster rausschmeiß! |
05.08.2010, 18:29 | #2 |
| Desktop Security 2010 plagt meinen Laptop.Alles versuche vergeblich, kommt nach Neustart wieder. Hi,
__________________poste mal ein komplettes OTL-Log... OTL Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
chris
__________________ |
06.08.2010, 14:32 | #3 |
| Desktop Security 2010 plagt meinen Laptop.Alles versuche vergeblich, kommt nach Neustart wieder. Ok...
__________________Hier die Logfiles von OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 05.08.2010 18:13:41 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.17037) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 122,59 Gb Total Space | 61,09 Gb Free Space | 49,83% Space Free | Partition Type: NTFS Drive D: | 26,45 Gb Total Space | 17,12 Gb Free Space | 64,72% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ***-PC Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.) PRC - C:\Programme\Launch Manager\WButton.exe (Wistron) PRC - C:\Programme\Launch Manager\HotkeyApp.exe (Wistron) PRC - C:\Programme\Softex\OmniPass\scureapp.exe () PRC - C:\Programme\Softex\OmniPass\opvapp.exe () PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Launch Manager\LaunchAp.exe () PRC - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) PRC - C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) PRC - C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) PRC - C:\Programme\Medion\MEDIONbox\Program\GCS.exe (Empolis GmbH) PRC - c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH) PRC - C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.) PRC - C:\Programme\Launch Manager\OSD.exe (Wistron Corp.) PRC - C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) PRC - C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10) ========== Modules (SafeList) ========== MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH) SRV - (AntiVirScheduler) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WisLMSvc) -- C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.) SRV - (HRService) -- C:\Program Files\Haufe\iDesk\iDeskService\iDeskService.exe () SRV - (omniserv) -- C:\Programme\Softex\OmniPass\OmniServ.exe (Softex Inc.) SRV - (srvcPVR) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH) SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (vsmon) -- C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (GnabService) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe (MAGIX®) SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (AVIRA GmbH) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (Cam5607) -- C:\Windows\System32\drivers\BisonC07.sys (Bison Electronics. Inc. ) DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (PhilCap) -- C:\Windows\System32\drivers\PhilCap.sys (NXP Semiconductors Germany GmbH) DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (Vsdatant) -- C:\Windows\System32\drivers\vsdatant.sys (Check Point Software Technologies LTD) DRV - (Si3531) -- C:\Windows\system32\DRIVERS\Si3531.sys (Silicon Image, Inc) DRV - (SiFilter) -- C:\Windows\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.) DRV - (SiRemFil) -- C:\Windows\system32\DRIVERS\SiRemFil.sys (Silicon Image, Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (USB_RNDIS) -- C:\Windows\System32\drivers\usb8023.sys (Microsoft Corporation) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.arcor.de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.arcor.de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.arcor.de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.arcor.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.11 20:58:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.11 20:58:22 | 000,000,000 | ---D | M] [2009.02.18 22:26:57 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\mozilla\Extensions [2010.08.05 12:49:47 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\mozilla\Firefox\Profiles\xesr9eq3.default\extensions [2009.09.07 22:19:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sabrina\AppData\Roaming\mozilla\Firefox\Profiles\xesr9eq3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.11.29 01:56:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sabrina\AppData\Roaming\mozilla\Firefox\Profiles\xesr9eq3.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2009.11.29 01:56:40 | 000,000,000 | ---D | M] -- C:\Users\Sabrina\AppData\Roaming\mozilla\Firefox\Profiles\xesr9eq3.default\extensions\staged-xpis [2010.08.02 22:26:07 | 000,000,950 | ---- | M] () -- C:\Users\Sabrina\AppData\Roaming\Mozilla\FireFox\Profiles\xesr9eq3.default\searchplugins\icqplugin-1.xml [2010.04.02 10:16:07 | 000,000,950 | ---- | M] () -- C:\Users\Sabrina\AppData\Roaming\Mozilla\FireFox\Profiles\xesr9eq3.default\searchplugins\icqplugin-10.xml [2010.02.16 17:48:39 | 000,000,950 | ---- | M] () -- C:\Users\Sabrina\AppData\Roaming\Mozilla\FireFox\Profiles\xesr9eq3.default\searchplugins\icqplugin-11.xml [2010.01.06 17:39:59 | 000,000,950 | ---- | M] () -- C:\Users\Sabrina\AppData\Roaming\Mozilla\FireFox\Profiles\xesr9eq3.default\searchplugins\icqplugin-12.xml [2008.03.27 10:53:19 | 000,000,950 | ---- | M] () -- C:\Users\Sabrina\AppData\Roaming\Mozilla\FireFox\Profiles\xesr9eq3.default\searchplugins\icqplugin-2.xml [2008.04.20 15:18:50 | 000,000,950 | ---- | M] () -- C:\Users\Sabrina\AppData\Roaming\Mozilla\FireFox\Profiles\xesr9eq3.default\searchplugins\icqplugin-3.xml [2008.07.04 19:22:34 | 000,000,950 | ---- | M] () -- C:\Users\Sabrina\AppData\Roaming\Mozilla\FireFox\Profiles\xesr9eq3.default\searchplugins\icqplugin-4.xml [2008.07.06 03:00:15 | 000,000,950 | ---- | M] () -- C:\Users\Sabrina\AppData\Roaming\Mozilla\FireFox\Profiles\xesr9eq3.default\searchplugins\icqplugin-5.xml [2008.07.21 14:43:24 | 000,000,950 | ---- | M] () -- C:\Users\Sabrina\AppData\Roaming\Mozilla\FireFox\Profiles\xesr9eq3.default\searchplugins\icqplugin-6.xml [2009.09.05 17:09:26 | 000,000,950 | ---- | M] () -- C:\Users\Sabrina\AppData\Roaming\Mozilla\FireFox\Profiles\xesr9eq3.default\searchplugins\icqplugin-7.xml [2009.09.07 22:19:12 | 000,000,950 | ---- | M] () -- C:\Users\Sabrina\AppData\Roaming\Mozilla\FireFox\Profiles\xesr9eq3.default\searchplugins\icqplugin-8.xml [2009.09.12 16:46:35 | 000,000,950 | ---- | M] () -- C:\Users\Sabrina\AppData\Roaming\Mozilla\FireFox\Profiles\xesr9eq3.default\searchplugins\icqplugin-9.xml [2009.07.26 14:56:56 | 000,000,944 | ---- | M] () -- C:\Users\Sabrina\AppData\Roaming\Mozilla\FireFox\Profiles\xesr9eq3.default\searchplugins\icqplugin.xml [2009.09.05 17:10:38 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.09.05 17:10:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2009.02.18 22:26:37 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org [2010.02.21 13:25:10 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.02.21 13:25:10 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.02.21 13:25:10 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.02.21 13:25:11 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.02.21 13:25:11 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe File not found O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe () O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe () O4 - HKLM..\Run: [RemoteControl] C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe File not found O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [{12E4D40B-866E-5E4C-9D46-F1F8BD88D8A8}] C:\Users\Sabrina\AppData\Roaming\Hide\dozex.exe File not found O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [s3aanwwvunkw] C:\Users\***\AppData\Roaming\MSA\baka11.exe () O4 - HKCU..\Run: [vd2.exe] C:\Users\***\AppData\Roaming\MSA\vd2.exe File not found O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Programme\PPLive\PPLive.exe () O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Programme\PPLive\PPLive.exe () O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2007.10.31 15:03:26 | 000,000,076 | ---- | M] () - D:\AUTORUN.INF -- [ FAT32 ] O33 - MountPoints2\{717095e9-b928-11dd-b09c-001b77b85fee}\Shell\1\Command - "" = .\recycled\info.exe O33 - MountPoints2\{ba4bffe3-5609-11df-8232-0016d3862a09}\Shell - "" = AutoRun O33 - MountPoints2\{ba4bffe3-5609-11df-8232-0016d3862a09}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe -- File not found O33 - MountPoints2\{d8b69414-c7ce-11dd-ad87-001b77b85fee}\Shell\1\Command - "" = .\recycled\info.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== File not found -- C:\Users\***\Desktop\Mein Po [2010.08.05 13:15:09 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.08.05 13:09:34 | 000,000,000 | ---D | C] -- C:\Programme\trend micro [2010.08.05 13:09:31 | 000,000,000 | ---D | C] -- C:\rsit [2010.08.04 22:10:15 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.08.04 21:33:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.08.04 21:33:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.08.04 21:33:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.08.04 21:33:45 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.08.04 21:33:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.08.04 17:19:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\MSA [2010.07.31 18:43:43 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Xatar - Alles Oder Nix [2010.07.26 17:23:26 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\ebay verkauf [2010.07.11 21:01:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Apple Computer [2010.07.11 21:01:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple Computer [2010.07.11 21:00:36 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll [2010.07.11 20:59:34 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.07.11 20:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.07.11 20:59:16 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2010.07.11 20:57:41 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime [2010.07.11 20:57:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2010.07.11 20:56:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple [2010.07.11 20:56:46 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update [2010.07.11 20:53:51 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2010.07.11 20:53:29 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Apple [2010.07.11 20:53:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple ========== Files - Modified Within 30 Days ========== File not found -- C:\Users\Sabrina\Desktop\Mein Po [2010.08.05 18:15:00 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{90663FBF-2A35-461D-87EE-4B5211AB44E9}.job [2010.08.05 18:14:59 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8C9FF4E4-698F-43C4-9504-DE231AB5EBC1}.job [2010.08.05 18:12:49 | 002,359,296 | -HS- | M] () -- C:\Users\***\ntuser.dat [2010.08.05 18:10:17 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\ldxsgihk.sys [2010.08.05 17:25:10 | 001,488,910 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.08.05 17:25:10 | 000,651,350 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.08.05 17:25:10 | 000,616,818 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.08.05 17:25:10 | 000,121,114 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.08.05 17:25:10 | 000,105,962 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.08.05 17:18:52 | 000,350,468 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml [2010.08.05 17:18:52 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.08.05 17:18:51 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.08.05 17:18:51 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.08.05 17:18:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.08.05 17:18:41 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys [2010.08.05 15:01:30 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.08.05 15:00:48 | 001,606,209 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db [2010.08.05 13:15:13 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.08.05 12:43:27 | 000,339,991 | ---- | M] () -- C:\Users\***\Desktop\RSIT.exe [2010.08.05 12:41:02 | 000,363,520 | ---- | M] () -- C:\Users\***\Desktop\rkill.com [2010.08.04 22:10:21 | 000,000,808 | ---- | M] () -- C:\Users\***\Desktop\CCleaner.lnk [2010.08.04 21:33:50 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.25 17:00:46 | 010,219,008 | ---- | M] () -- C:\Users\***\Documents\zimmer.wps [2010.07.25 17:00:46 | 000,002,808 | ---- | M] () -- C:\Users\***\AppData\Roaming\wklnhst.dat [2010.07.15 16:57:05 | 000,000,264 | ---- | M] () -- C:\Windows\win.ini [2010.07.11 21:01:18 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk ========== Files Created - No Company Name ========== [2010.08.05 18:10:17 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\ldxsgihk.sys [2010.08.05 12:43:24 | 000,339,991 | ---- | C] () -- C:\Users\***\Desktop\RSIT.exe [2010.08.05 12:40:58 | 000,363,520 | ---- | C] () -- C:\Users\***\Desktop\rkill.com [2010.08.04 22:10:21 | 000,000,808 | ---- | C] () -- C:\Users\***\Desktop\CCleaner.lnk [2010.08.04 21:33:50 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.25 16:49:37 | 010,219,008 | ---- | C] () -- C:\Users\***\Documents\zimmer.wps [2010.07.11 21:01:18 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2009.12.31 15:41:30 | 000,073,728 | ---- | C] () -- C:\Windows\System32\vbzlib1.dll [2009.10.04 19:07:35 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2008.03.17 18:46:36 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2008.01.02 17:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll [2008.01.02 17:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll [2008.01.02 17:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll [2008.01.02 17:47:22 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll [2007.10.31 19:33:56 | 000,796,048 | ---- | C] () -- C:\Windows\System32\libeay32_0.9.6l.dll [2007.09.19 07:56:18 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini [2007.09.18 20:01:37 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll [2007.09.18 20:01:37 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll [2007.09.18 18:49:17 | 000,000,199 | ---- | C] () -- C:\Windows\WISO.INI [2007.09.18 15:41:03 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys [2007.09.18 09:33:27 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini [2007.09.12 09:36:27 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.09.12 09:35:40 | 000,910,720 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2007.09.12 09:35:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1318.dll [2007.09.12 09:35:31 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.09.20 07:34:10 | 000,000,000 | ---- | C] () -- C:\Windows\Buhl.ini [2001.10.10 09:57:58 | 000,073,786 | ---- | C] () -- C:\Windows\System32\dntvmc23.dll [2001.10.10 09:57:58 | 000,061,497 | ---- | C] () -- C:\Windows\System32\dntvm23.dll [2001.03.07 09:02:30 | 000,229,431 | ---- | C] () -- C:\Windows\System32\dnt23.dll < End of report > Ist voll der Stress die Namen und das ganze hick hack zu entfernen....brauchst du die Extralogfile auch? |
Themen zu Desktop Security 2010 plagt meinen Laptop.Alles versuche vergeblich, kommt nach Neustart wieder. |
anti-malware, appdata, ccleaner, dateien, desktop, explorer, forum, local\temp, log file, malwarebytes, microsoft, neustart, programm, programme, rechner, rkill, roaming, scan, security, software, suche, system, system32, temp, this, tipps, virus blocker maleware sicherheitscenter, virus entfernt, windows |