|
Mein Pc wird immer langsamer und hat Internet Probleme Ich habe das Problem , dass mein Computer in letzter Zeit immer langesamer wird und beim Internet auch sehr lange braucht zum laden deswegen wollte ich mal meine Registery von euch checken lassen. Code: Logfile of Trend Micro HijackThis v2.0.3 (BETA) |
Hi, das Log gibt nicht so viel her, daher: Malwarebytes Antimalware (MAM) Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen: http://filepony.de/download-chameleon/ Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen") Fullscan und alles bereinigen lassen! Log posten. OTL Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
Gmer: http://www.trojaner-board.de/74908-a...t-scanner.html Den Downloadlink findest Du links oben (http://www.gmer.net/#files), dort dann auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken). Starte gmer und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein. Falls GMER nicht läuft, in abgesicherten Modus probieren (F8 beim Booten).. chris |
Code: OTL Extras logfile created on: 07.04.2010 12:09:01 - Run 1 |
Code: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] |
Hi, mit den Extras alleine kann ich nicht soviel anfangen, poste bitte noch das MAM-Log, das OTL-Log (nicht das Extra-Log) und das GMER-Log... chris |
Code: Malwarebytes' Anti-Malware 1.45 |
Code: GMER 1.0.15.15281 - hxxp://www.gmer.netOTL logfile created on: 07.04.2010 21:43:42 - Run 2 OTL by OldTimer - Version 3.2.1.0 Folder = C:\Users\nici8880\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 47,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 581,64 Gb Total Space | 430,28 Gb Free Space | 73,98% Space Free | Partition Type: NTFS Drive D: | 14,53 Gb Total Space | 1,74 Gb Free Space | 11,94% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: NICI8880-PC Current User Name: nici8880 Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\nici8880\Downloads\OTL(2).exe (OldTimer Tools) PRC - C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.) PRC - C:\Program Files (x86)\IncrediMail\bin\ImApp.exe (IncrediMail, Ltd.) PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab) ========== Modules (SafeList) ========== MOD - C:\Users\nici8880\Downloads\OTL(2).exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation) SRV:64bit: - (BthServ) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation) SRV:64bit: - (ezSharedSvc) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation) SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV:64bit: - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSer64.exe (Logitech Inc.) SRV - (avg9emc) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.) SRV - (avg9wd) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (TuneUp.Defrag) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software) SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2010.03.29 05:42:29 | 000,000,000 | ---D | M] SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab) SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (ACPService) -- C:\Program Files (x86)\Philips\CamSuite\1.0.9.0\ACPService.exe () SRV - (LVSrvLauncher) -- C:\Programme\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.) SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof () SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof () ========== Driver Services (SafeList) ========== DRV:64bit: - (AvgTdiA) -- C:\Windows\SysNative\Drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AvgRkx64) -- C:\Windows\SysNative\Drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AvgLdx64) -- C:\Windows\SysNative\Drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AvgMfx64) -- C:\Windows\SysNative\Drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\Drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (KLIF) -- C:\Windows\SysNative\DRIVERS\klif.sys (Kaspersky Lab) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\DRIVERS\klim6.sys (Kaspersky Lab) DRV:64bit: - (phaudlwr) -- C:\Windows\SysNative\DRIVERS\phaudlwr.sys (Philips Applied Technologies) DRV:64bit: - (KLBG) -- C:\Windows\SysNative\DRIVERS\klbg.sys (Kaspersky Lab) DRV:64bit: - (gbridge) -- C:\Windows\SysNative\DRIVERS\gbridge64.sys (Gbridge LLC) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\DRIVERS\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation) DRV:64bit: - (kl1) -- C:\Windows\SysNative\DRIVERS\kl1.sys (Kaspersky Lab) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (BTHPORT) -- C:\Windows\SysNative\Drivers\BTHport.sys (Microsoft Corporation) DRV:64bit: - (RFCOMM) Bluetooth-Gerät (RFCOMM-Protokoll-TDI) -- C:\Windows\SysNative\DRIVERS\rfcomm.sys (Microsoft Corporation) DRV:64bit: - (BthEnum) -- C:\Windows\SysNative\DRIVERS\BthEnum.sys (Microsoft Corporation) DRV:64bit: - (BTHUSB) -- C:\Windows\SysNative\Drivers\BTHUSB.sys (Microsoft Corporation) DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation) DRV:64bit: - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\SysNative\drivers\usbaudio.sys (Microsoft Corporation) DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation ) DRV:64bit: - (btnetBUs) -- C:\Windows\SysNative\Drivers\btnetBus.sys () DRV:64bit: - (UimBus) -- C:\Windows\SysNative\DRIVERS\uimx64.sys (Windows (R) 2000 DDK provider) DRV:64bit: - (ENTECH64) -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys (EnTech Taiwan) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys (Nokia) DRV:64bit: - (SPC1030) USB2.0 PC Camera (SPC1030) -- C:\Windows\SysNative\DRIVERS\spc1030.sys () DRV:64bit: - (teamviewervpn) -- C:\Windows\SysNative\DRIVERS\teamviewervpn.sys (TeamViewer GmbH) DRV:64bit: - (usbvideo) USB-Videogerät (WDM) -- C:\Windows\SysNative\Drivers\usbvideo.sys (Microsoft Corporation) DRV:64bit: - (BthPan) Bluetooth-Gerät (PAN) -- C:\Windows\SysNative\DRIVERS\bthpan.sys (Microsoft Corporation) DRV:64bit: - (LVcKap64) -- C:\Windows\SysNative\DRIVERS\LVcKap64.sys (Logitech Inc.) DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys () DRV:64bit: - (LVMVDrv) -- C:\Windows\SysNative\DRIVERS\LVMVDrv.sys (Logitech Inc.) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV - (PCDSRVC{F36B3A4C-F95654BD-06000000}_0) -- c:\Programme\PC-Doctor for Windows\pcdsrvc_x64.pkms (PC-Doctor, Inc.) DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof () DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof () DRV - (SPC1030) USB2.0 PC Camera (SPC1030) -- C:\Windows\spc1030.ini () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=93&bd=Presario&pf=cndt IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=93&bd=Presario&pf=cndt IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=93&bd=Presario&pf=cndt IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://de.search.yahoo.com/?fr=avantsearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 0.0.0.0:80 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98 FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010.04.07 10:27:14 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.04.03 16:26:52 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.04.05 21:10:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010.03.28 19:56:24 | 000,000,000 | ---D | M] [2010.03.19 11:34:16 | 000,000,000 | ---D | M] -- C:\Users\nici8880\AppData\Roaming\mozilla\Extensions [2009.12.30 00:35:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nici8880\AppData\Roaming\mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a} [2010.01.27 23:35:13 | 000,000,000 | ---D | M] -- C:\Users\nici8880\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com [2010.04.07 10:30:36 | 000,000,000 | ---D | M] -- C:\Users\nici8880\AppData\Roaming\mozilla\Firefox\Profiles\2de1okzx.default\extensions [2010.04.03 16:27:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\nici8880\AppData\Roaming\mozilla\Firefox\Profiles\2de1okzx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.12.30 00:45:29 | 000,000,000 | ---D | M] -- C:\Users\nici8880\AppData\Roaming\mozilla\SeaMonkey\Profiles\wftq9zok.default\extensions [2010.04.07 10:30:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml [2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.03.29 21:19:34 | 000,381,182 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 im.adtech.de O1 - Hosts: 127.0.0.1 adserver.adtech.de O1 - Hosts: 127.0.0.1 adtech.de O1 - Hosts: 127.0.0.1 atwola.com O1 - Hosts: 127.0.0.1 adserver.71i.de O1 - Hosts: 127.0.0.1 adicqserver.71i.de O1 - Hosts: 127.0.0.1 71i.de O1 - Hosts: 127.0.0.1 ar.atwola.com O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 13133 more lines... O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\ievkbd.dll (Kaspersky Lab) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab) O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108835 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm () O8:64bit: - Extra context menu item: RF - Formular ausfüllen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O8:64bit: - Extra context menu item: RF - Formular speichern - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O8:64bit: - Extra context menu item: RF - Menü anpassen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html () O8:64bit: - Extra context menu item: RF - RoboForm-Leiste ein/aus - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm () O8 - Extra context menu item: RF - Formular ausfüllen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O8 - Extra context menu item: RF - Formular speichern - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O8 - Extra context menu item: RF - Menü anpassen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html () O8 - Extra context menu item: RF - RoboForm-Leiste ein/aus - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O9 - Extra 'Tools' menuitem : RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O9 - Extra Button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O9 - Extra 'Tools' menuitem : RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O9 - Extra 'Tools' menuitem : RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 85.216.127.130 82.212.63.122 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\sbhook64.dll (Kaspersky Lab) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\kloehk.dll (Kaspersky Lab) O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Value error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab) O20 - Winlogon\Notify\klogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\deskscapes.dll (Stardock Corporation) O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - Stardock Vista ControlPanel Extension - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll (Stardock) O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - StardockDreamController - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\DreamControl.dll (Stardock) O24 - Desktop WallPaper: C:\Users\nici8880\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp O24 - Desktop BackupWallPaper: C:\Users\nici8880\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp O32 - HKLM CDRom: AutoRun - 0 O33 - MountPoints2\{cef4c8f2-be4f-11de-a838-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{cef4c8f2-be4f-11de-a838-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.04.07 12:07:21 | 000,000,000 | ---D | C] -- C:\Users\nici8880\Desktop\mbam-installer [2010.04.07 11:34:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.04.07 11:23:23 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\Agent.OMZ.Fix.exe [2010.04.07 11:23:22 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\IEDFix.C.exe [2010.04.07 11:23:22 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\404Fix.exe [2010.04.07 11:23:22 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\o4Patch.exe [2010.04.07 11:23:21 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\VACFix.exe [2010.04.07 11:23:21 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\IEDFix.exe [2010.04.07 11:23:19 | 000,289,144 | ---- | C] (S!Ri) -- C:\Windows\SysWow64\VCCLSID.exe [2010.04.07 11:23:19 | 000,288,417 | ---- | C] (S!Ri) -- C:\Windows\SysWow64\SrchSTS.exe [2010.04.07 11:23:19 | 000,079,360 | ---- | C] (SteelWerX) -- C:\Windows\SysWow64\swxcacls.exe [2010.04.07 11:23:18 | 000,135,168 | ---- | C] (SteelWerX) -- C:\Windows\SysWow64\swreg.exe [2010.04.07 11:23:18 | 000,053,248 | ---- | C] (hxxp://www.beyondlogic.org) -- C:\Windows\SysWow64\Process.exe [2010.04.07 11:22:59 | 000,000,000 | ---D | C] -- C:\Users\nici8880\Desktop\SmitfraudFix [2010.04.07 10:28:59 | 000,012,976 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll [2010.04.07 10:28:58 | 000,056,008 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys [2010.04.07 10:28:57 | 000,316,936 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys [2010.04.07 10:28:53 | 000,269,320 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys [2010.04.07 10:28:52 | 000,035,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys [2010.04.07 10:28:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\Avg [2010.04.07 10:26:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2010.04.06 11:19:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Siber Systems [2010.04.05 21:11:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2010.04.05 21:10:38 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2010.04.05 21:10:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2010.04.05 21:10:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2010.04.05 21:10:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2010.04.03 16:26:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2010.04.03 15:34:18 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs [2010.04.03 15:34:18 | 000,000,000 | ---D | C] -- C:\Users\nici8880\AppData\Local\AOL [2010.04.03 15:07:16 | 000,000,000 | ---D | C] -- C:\Users\nici8880\AppData\Roaming\QuickStoresToolbar [2010.04.03 15:07:09 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll [2010.04.03 11:59:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Application Data [2010.04.03 11:43:42 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint [2010.04.02 19:43:18 | 000,000,000 | ---D | C] -- C:\Users\nici8880\{45e5254f-ebdd-4557-a41d-303da2ba363a} [2010.04.02 19:36:09 | 000,238,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll [2010.04.02 14:19:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CC-Bar [2010.04.02 01:24:15 | 004,332,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NVStWiz.exe [2010.04.02 01:09:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2010.04.02 01:08:38 | 000,612,384 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl [2010.04.02 00:49:59 | 000,239,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod1910.dll [2010.04.01 23:48:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.1 [2010.03.31 14:46:27 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys [2010.03.31 14:45:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft [2010.03.31 07:31:36 | 002,334,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll [2010.03.31 07:31:36 | 001,147,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll [2010.03.31 07:31:36 | 000,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll [2010.03.31 07:31:36 | 000,459,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll [2010.03.31 07:31:36 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2010.03.31 07:31:36 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2010.03.31 07:31:35 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2010.03.31 07:31:35 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2010.03.31 07:31:35 | 001,062,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll [2010.03.31 07:31:35 | 000,700,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2010.03.31 07:31:35 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll [2010.03.31 07:31:35 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2010.03.31 07:31:35 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll [2010.03.31 07:31:35 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2010.03.31 07:31:35 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2010.03.31 07:31:35 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2010.03.31 07:31:35 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2010.03.31 07:31:35 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2010.03.31 07:31:35 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2010.03.31 07:31:35 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2010.03.31 07:31:35 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2010.03.31 07:31:35 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2010.03.31 07:31:35 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2010.03.31 07:31:35 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2010.03.31 07:31:35 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll [2010.03.31 07:31:35 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2010.03.31 07:31:35 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2010.03.31 07:31:35 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2010.03.31 07:31:35 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll [2010.03.31 07:31:35 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll [2010.03.31 07:31:35 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll [2010.03.31 07:31:35 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2010.03.31 07:31:35 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2010.03.29 00:26:02 | 000,000,000 | ---D | C] -- C:\Users\nici8880\AppData\Roaming\BitDefender [2010.03.29 00:21:11 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\BitDefender [2010.03.29 00:21:11 | 000,000,000 | ---D | C] -- C:\ProgramData\BitDefender [2010.03.29 00:21:10 | 000,000,000 | ---D | C] -- C:\Programme\BitDefender [2010.03.29 00:18:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BitDefender [2010.03.28 23:51:43 | 000,143,360 | ---- | C] (Info-ZIP) -- C:\Windows\SysWow64\vbuzip10.dll [2010.03.28 23:51:42 | 000,147,456 | ---- | C] (Info-ZIP) -- C:\Windows\SysWow64\Vbzip11.dll [2010.03.28 23:51:40 | 000,010,752 | ---- | C] (Almeida & Andrade Ltda) -- C:\Windows\SysWow64\aamd532.dll [2010.03.28 23:51:33 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbar332.dll [2010.03.28 23:51:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Spyware Scanner [2010.03.28 18:56:37 | 000,000,000 | ---D | C] -- C:\Users\nici8880\Documents\FFOutput [2010.03.28 18:27:17 | 000,000,000 | ---D | C] -- C:\Users\nici8880\AppData\Roaming\PC Suite [2010.03.28 13:05:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010.03.28 12:06:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.03.28 12:00:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools [2010.03.28 11:50:40 | 000,000,000 | ---D | C] -- C:\Users\nici8880\Tracing [2010.03.28 01:47:15 | 000,000,000 | ---D | C] -- C:\FBackup [2010.03.28 01:47:03 | 000,000,000 | ---D | C] -- C:\Windows\VDLL.DLL [2010.03.28 01:47:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\runouce.exe [2010.03.28 01:47:03 | 000,000,000 | ---D | C] -- C:\Windows\RUNDL132.EXE [2010.03.28 01:47:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\regsvr.exe [2010.03.28 01:47:03 | 000,000,000 | ---D | C] -- C:\Windows\logo_1.exe [2010.03.28 00:35:11 | 000,000,000 | -H-D | C] -- C:\$AVG [2010.03.28 00:01:37 | 000,000,000 | ---D | C] -- C:\ProgramData\MicroWorld [2010.03.27 23:54:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MicroWorld [2010.03.27 23:54:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eScan [2010.03.27 22:59:23 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9 [2010.03.27 22:47:01 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure [2010.03.27 22:42:19 | 000,000,000 | ---D | C] -- C:\Users\nici8880\AppData\Roaming\QuickScan [2010.03.27 22:25:43 | 000,000,000 | ---D | C] -- C:\rsit [2010.03.25 23:58:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab [2010.03.25 11:20:14 | 000,000,000 | ---D | C] -- C:\Programme\Alwil Software [2010.03.25 11:20:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software [2010.03.24 19:43:56 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2010.03.22 21:52:41 | 000,000,000 | ---D | C] -- C:\Users\nici8880\AppData\Roaming\Download Manager [2010.03.22 21:14:45 | 000,012,744 | R--- | C] (EnTech Taiwan) -- C:\Windows\SysNative\drivers\Entech64.sys [2010.03.22 21:14:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Futuremark Shared [2010.03.22 21:14:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Futuremark [2010.03.22 19:35:36 | 000,000,000 | ---D | C] -- C:\Users\nici8880\Documents\Eigene Google Gadgets [2010.03.22 19:18:57 | 000,000,000 | ---D | C] -- C:\Users\nici8880\AppData\Roaming\Gbridge [2010.03.22 19:18:11 | 000,000,000 | ---D | C] -- C:\Users\nici8880\{218f454e-d30a-4f1b-afa5-d7798f2aafff} [2010.03.22 19:17:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gbridge LLC [2010.03.22 18:38:13 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Speedbit [2010.03.21 17:43:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegCleaner [2010.03.19 23:40:13 | 000,000,000 | ---D | C] -- C:\Users\nici8880\AppData\Roaming\Move Networks [2010.03.19 15:54:38 | 000,066,560 | ---- | C] (Nokia) -- C:\Windows\SysNative\nmwcdclsx64.dll [2010.03.19 15:54:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nokia [2010.03.19 15:54:16 | 000,025,600 | ---- | C] (Nokia) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys [2010.03.19 15:52:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution [2010.03.19 15:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations [2010.03.19 15:29:50 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe [2010.03.18 10:10:55 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2010.03.18 10:10:55 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2010.03.18 09:51:01 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll [2010.03.18 09:51:01 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\corpol.dll [2010.03.18 09:51:00 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2010.03.18 09:51:00 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advpack.dll [2010.03.18 09:51:00 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll [2010.03.18 09:51:00 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\advpack.dll [2010.03.18 09:51:00 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll [2010.03.18 09:51:00 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2010.03.18 09:51:00 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll [2010.03.18 09:51:00 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2010.03.18 09:51:00 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\corpol.dll [2010.03.18 09:50:59 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll [2010.03.18 09:50:59 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2010.03.18 09:50:59 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2010.03.18 09:50:59 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2010.03.18 09:50:59 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2010.03.18 09:50:59 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2010.03.18 09:50:59 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2010.03.18 09:50:59 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2010.03.18 09:50:59 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2010.03.18 09:50:58 | 000,508,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2010.03.18 09:50:58 | 000,481,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2010.03.18 09:50:58 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2010.03.18 09:50:58 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll [2010.03.18 09:50:58 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2010.03.18 09:50:58 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll [2010.03.18 09:50:58 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2010.03.18 09:50:58 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll [2010.03.18 09:50:57 | 000,271,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll [2010.03.18 09:50:57 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2010.03.18 09:50:57 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll [2010.03.18 09:50:57 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2010.03.18 09:50:57 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll [2010.03.18 09:50:57 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2010.03.18 09:50:57 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2010.03.18 09:50:57 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2010.03.18 09:50:57 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2010.03.18 09:50:56 | 000,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2010.03.18 09:50:56 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll [2010.03.18 09:50:56 | 000,278,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinFXDocObj.exe [2010.03.18 09:50:56 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WinFXDocObj.exe [2010.03.18 09:50:56 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll [2010.03.18 09:50:56 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PDMSetup.exe [2010.03.18 09:50:56 | 000,129,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2010.03.18 09:50:56 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2010.03.18 09:50:56 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetDepNx.exe [2010.03.18 09:50:56 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2010.03.18 09:50:56 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2010.03.18 09:50:55 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2010.03.18 09:50:55 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2010.03.18 09:50:55 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2010.03.18 09:50:54 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2010.03.18 09:50:54 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2010.03.18 09:50:54 | 000,479,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2010.03.18 09:50:54 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2010.03.18 09:50:54 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2010.03.18 09:50:54 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2010.03.18 09:50:54 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PDMSetup.exe [2010.03.18 09:50:54 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2010.03.18 09:50:54 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2010.03.18 09:50:54 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetDepNx.exe [2010.03.17 01:06:42 | 000,000,000 | ---D | C] -- C:\Users\nici8880\Documents\Xilisoft Corporation [2010.03.17 01:06:40 | 000,000,000 | ---D | C] -- C:\Users\nici8880\Application Data [2010.03.17 01:05:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xilisoft [2010.03.17 01:00:23 | 000,000,000 | ---D | C] -- C:\Users\nici8880\Desktop\Avatar.German 2009.3D.Aufbruch.nach.Pandora.Line DubbedDVDSCREENER.XviD [2010.03.16 12:28:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MozBackup [2010.03.15 12:58:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Logishrd [2010.03.15 01:25:48 | 000,000,000 | ---D | C] -- C:\Programme\Logitech [2010.03.15 01:24:01 | 000,000,000 | ---D | C] -- C:\Users\nici8880\AppData\Roaming\Logitech [2010.03.15 01:24:01 | 000,000,000 | ---D | C] -- C:\Users\nici8880\AppData\Roaming\Logishrd [2010.03.11 12:16:30 | 000,000,000 | ---D | C] -- C:\Users\nici8880\AppData\Roaming\Avant Profiles [2010.03.11 00:14:12 | 000,000,000 | ---D | C] -- C:\Users\nici8880\Documents\WebCam Media [2010.03.11 00:14:07 | 000,000,000 | ---D | C] -- C:\Users\nici8880\Documents\WebCam Albums [2010.03.11 00:11:53 | 000,000,000 | ---D | C] -- C:\Users\nici8880\AppData\Local\ArcSoft [2010.03.11 00:11:51 | 000,000,000 | ---D | C] -- C:\Users\nici8880\AppData\Roaming\ArcSoft [2010.03.11 00:11:48 | 000,000,000 | ---D | C] -- C:\ProgramData\ArcSoft [2010.03.11 00:11:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ArcSoft [2010.03.11 00:11:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ArcSoft [2010.03.11 00:09:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Philips [2010.03.11 00:08:16 | 000,000,000 | ---D | C] -- C:\Programme\DIFX [2010.03.11 00:07:29 | 001,919,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wdfcoinstaller01005.dll [2010.03.11 00:07:19 | 000,000,000 | ---D | C] -- C:\Programme\Philips [2010.03.11 00:07:15 | 000,000,000 | ---D | C] -- C:\Users\nici8880\Documents\My Philips SPC1030NC Webcam Pictures [2010.03.11 00:06:35 | 000,319,488 | ---- | C] (Philips) -- C:\Windows\SysWow64\stvspc.ax [2010.03.11 00:06:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SPC1030NC [2010.03.11 00:06:23 | 000,000,000 | ---D | C] -- C:\Windows\Philips [2010.03.11 00:06:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Philips [2010.03.10 23:38:06 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshhttp.dll [2010.03.10 23:38:06 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshhttp.dll [2010.03.10 23:38:05 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpapi.dll [2010.03.10 23:38:05 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll [2010.03.09 12:27:33 | 000,008,704 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysNative\E_GCINST.DLL [2010.03.09 12:27:31 | 000,081,408 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_IBCBCEE.DLL [2010.03.06 01:18:25 | 005,521,408 | ---- | C] (Jeffrey Harris) -- C:\Users\nici8880\SharePod.exe [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.04.07 21:44:32 | 008,126,464 | ---- | M] () -- C:\Users\nici8880\ntuser.dat [2010.04.07 21:36:17 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.04.07 21:36:16 | 000,032,156 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010.04.07 21:36:16 | 000,032,156 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010.04.07 21:36:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.04.07 13:41:22 | 058,637,906 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm [2010.04.07 12:40:57 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.04.07 12:40:57 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.04.07 11:38:32 | 000,001,964 | ---- | M] () -- C:\Users\nici8880\Desktop\HiJackThis.lnk [2010.04.07 11:34:28 | 000,000,814 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.07 11:23:48 | 000,001,434 | ---- | M] () -- C:\Windows\SysWow64\tmp.reg [2010.04.07 10:48:32 | 000,618,204 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.04.07 10:48:32 | 000,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.04.07 10:48:32 | 000,122,636 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.04.07 10:48:32 | 000,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.04.07 10:48:31 | 001,418,806 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.04.07 10:41:10 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.04.07 10:40:58 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.04.07 10:29:00 | 000,012,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll [2010.04.07 10:29:00 | 000,001,655 | ---- | M] () -- C:\Users\Public\Desktop\AVG 9.0.lnk [2010.04.07 10:28:58 | 000,316,936 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys [2010.04.07 10:28:58 | 000,056,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys [2010.04.07 10:28:54 | 000,269,320 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys [2010.04.07 10:28:53 | 000,035,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys [2010.04.07 10:28:52 | 000,113,461 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm [2010.04.07 02:07:30 | 000,524,288 | -HS- | M] () -- C:\Users\nici8880\ntuser.dat{e89cff25-3a91-11df-bf04-00248ca96ef0}.TMContainer00000000000000000001.regtrans-ms [2010.04.07 02:07:30 | 000,065,536 | -HS- | M] () -- C:\Users\nici8880\ntuser.dat{e89cff25-3a91-11df-bf04-00248ca96ef0}.TM.blf [2010.04.07 02:07:27 | 004,278,804 | -H-- | M] () -- C:\Users\nici8880\AppData\Local\IconCache.db [2010.04.05 21:10:27 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2010.04.05 21:10:27 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2010.04.05 21:10:27 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2010.04.05 21:10:25 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deploytk.dll [2010.04.03 16:26:45 | 000,001,744 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.04.03 16:15:45 | 000,068,243 | ---- | M] () -- C:\Users\nici8880\bookmarks.html [2010.04.03 16:07:19 | 009,182,984 | R--- | M] () -- C:\Users\nici8880\Documents\Firefox 3.6.3 (de) - 2010-04-03.pcv [2010.04.03 16:07:19 | 009,182,984 | ---- | M] () -- C:\Users\nici8880\Firefox 3.6.3 (de) - 2010-04-03.pcv [2010.04.03 15:07:18 | 000,000,191 | ---- | M] () -- C:\Users\nici8880\Desktop\QuickStores.url [2010.04.03 15:02:44 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2010.04.03 15:02:44 | 000,001,873 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk [2010.04.03 12:00:22 | 000,000,036 | ---- | M] () -- C:\Users\nici8880\AppData\Local\housecall.guid.cache [2010.04.02 20:34:19 | 000,000,680 | ---- | M] () -- C:\Users\nici8880\AppData\Local\d3d9caps.dat [2010.04.02 01:08:47 | 000,525,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll [2010.04.01 15:17:42 | 000,034,632 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe [2010.04.01 15:11:42 | 000,025,928 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2010.04.01 15:11:38 | 000,021,320 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll [2010.04.01 15:11:34 | 000,036,168 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll [2010.04.01 15:11:26 | 000,030,024 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll [2010.03.31 14:46:27 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys [2010.03.31 14:41:44 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job [2010.03.31 09:23:05 | 000,038,804 | ---- | M] () -- C:\Users\nici8880\Desktop\a3ubiisb43i.jpg [2010.03.31 09:21:26 | 000,053,549 | ---- | M] () -- C:\Users\nici8880\Desktop\9060t8qfv93.gif [2010.03.31 09:15:43 | 000,062,111 | ---- | M] () -- C:\Users\nici8880\Desktop\ypml8i7ywd3.gif [2010.03.31 09:14:40 | 000,018,282 | ---- | M] () -- C:\Users\nici8880\Desktop\v3ialvs4659.gif [2010.03.31 09:10:36 | 000,057,498 | ---- | M] () -- C:\Users\nici8880\Desktop\yg6rebghqc4.gif [2010.03.31 09:08:54 | 000,030,460 | ---- | M] () -- C:\Users\nici8880\Desktop\e7n70oh4rfn.gif [2010.03.31 08:42:41 | 000,015,039 | ---- | M] () -- C:\Users\nici8880\Desktop\id07qo9bg8s.gif [2010.03.31 08:42:01 | 000,026,312 | ---- | M] () -- C:\Users\nici8880\Desktop\m6w7t18c13r.jpg [2010.03.31 08:37:54 | 000,012,317 | ---- | M] () -- C:\Users\nici8880\Desktop\9ucicxigug2.gif [2010.03.31 08:32:26 | 000,150,568 | ---- | M] () -- C:\Users\nici8880\Desktop\5wjl3v8nk6j.gif [2010.03.30 01:24:20 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.03.29 21:46:11 | 000,000,052 | ---- | M] () -- C:\Windows\SysNative\ashttpstats.csv [2010.03.29 21:19:34 | 000,381,182 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2010.03.29 17:59:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.03.29 15:24:46 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.03.29 13:34:39 | 000,008,704 | ---- | M] () -- C:\Users\nici8880\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.03.29 12:28:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\ab_bl.sig [2010.03.29 10:40:04 | 000,000,016 | ---- | M] () -- C:\Windows\SysNative\asdict.dat [2010.03.29 10:40:04 | 000,000,004 | ---- | M] () -- C:\Windows\SysNative\aspdict-en.dat [2010.03.29 10:36:00 | 000,000,025 | ---- | M] () -- C:\Users\nici8880\AppData\Roaming\bdfvconp.ini [2010.03.28 20:04:52 | 000,524,288 | -HS- | M] () -- C:\Users\nici8880\ntuser.dat{e89cff25-3a91-11df-bf04-00248ca96ef0}.TMContainer00000000000000000002.regtrans-ms [2010.03.28 19:02:59 | 000,524,288 | -HS- | M] () -- C:\Users\nici8880\ntuser.dat{c1d7cc60-3a83-11df-843f-00248ca96ef0}.TMContainer00000000000000000002.regtrans-ms [2010.03.28 19:02:59 | 000,524,288 | -HS- | M] () -- C:\Users\nici8880\ntuser.dat{c1d7cc60-3a83-11df-843f-00248ca96ef0}.TMContainer00000000000000000001.regtrans-ms [2010.03.28 19:02:59 | 000,065,536 | -HS- | M] () -- C:\Users\nici8880\ntuser.dat{c1d7cc60-3a83-11df-843f-00248ca96ef0}.TM.blf [2010.03.28 17:49:10 | 000,524,288 | -HS- | M] () -- C:\Users\nici8880\ntuser.dat{a5d2f094-3a77-11df-9e80-00248ca96ef0}.TMContainer00000000000000000002.regtrans-ms [2010.03.28 17:49:10 | 000,524,288 | -HS- | M] () -- C:\Users\nici8880\ntuser.dat{a5d2f094-3a77-11df-9e80-00248ca96ef0}.TMContainer00000000000000000001.regtrans-ms [2010.03.28 17:49:10 | 000,065,536 | -HS- | M] () -- C:\Users\nici8880\ntuser.dat{a5d2f094-3a77-11df-9e80-00248ca96ef0}.TM.blf [2010.03.28 16:47:50 | 000,524,288 | -HS- | M] () -- C:\Users\nici8880\ntuser.dat{29874273-3a68-11df-8d4b-00248ca96ef0}.TMContainer00000000000000000001.regtrans-ms [2010.03.28 16:47:50 | 000,065,536 | -HS- | M] () -- C:\Users\nici8880\ntuser.dat{29874273-3a68-11df-8d4b-00248ca96ef0}.TM.blf [2010.03.28 16:11:15 | 000,524,288 | -HS- | M] () -- C:\Users\nici8880\ntuser.dat{29874273-3a68-11df-8d4b-00248ca96ef0}.TMContainer00000000000000000002.regtrans-ms [2010.03.28 15:28:02 | 000,524,288 | -HS- | M] () -- C:\Users\nici8880\NTUSER.DAT{15820bbe-34c2-11df-b845-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms [2010.03.28 15:28:02 | 000,065,536 | -HS- | M] () -- C:\Users\nici8880\NTUSER.DAT{15820bbe-34c2-11df-b845-806e6f6e6963}.TM.blf [2010.03.28 11:33:03 | 000,000,732 | ---- | M] () -- C:\Users\nici8880\AppData\Local\d3d9caps64.dat [2010.03.26 22:28:39 | 000,000,063 | ---- | M] () -- C:\Users\nici8880\Desktop\Heimatmelodie.pls [2010.03.25 23:59:39 | 000,143,387 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat [2010.03.25 23:59:38 | 000,104,987 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat [2010.03.25 11:21:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2010.03.24 21:27:32 | 000,000,032 | ---- | M] () -- C:\Windows\0 [2010.03.24 19:55:13 | 000,000,192 | ---- | M] () -- C:\Windows\win.ini [2010.03.23 13:52:15 | 3067,838,464 | ---- | M] () -- C:\Users\nici8880\Documents\mydiscimage.iso [2010.03.22 21:08:15 | 000,000,005 | ---- | M] () -- C:\Users\nici8880\AppData\Roaming\closedListSW.awt [2010.03.22 02:26:39 | 000,524,288 | -HS- | M] () -- C:\Users\nici8880\NTUSER.DAT{15820bbe-34c2-11df-b845-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms [2010.03.21 10:20:35 | 004,194,304 | ---- | M] () -- C:\Users\nici8880\NTUSER.DAT_tureg_old [2010.03.21 10:20:34 | 000,524,288 | -HS- | M] () -- C:\Users\nici8880\NTUSER.DAT{0c0b15cb-0b6a-11df-ae73-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms [2010.03.21 10:20:34 | 000,065,536 | -HS- | M] () -- C:\Users\nici8880\NTUSER.DAT{0c0b15cb-0b6a-11df-ae73-806e6f6e6963}.TM.blf [2010.03.19 16:02:19 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\0 [2010.03.17 16:54:36 | 000,612,384 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl [2010.03.17 01:28:39 | 000,000,204 | ---- | M] () -- C:\Users\nici8880\Documents\Dokument.rtf [2010.03.16 12:24:36 | 000,035,938 | ---- | M] () -- C:\Users\nici8880\bookmarks-2010-03-16.json [2010.03.16 08:51:59 | 000,239,208 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod1910.dll [2010.03.16 08:51:59 | 000,009,832 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2010.03.16 02:09:00 | 004,332,136 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NVStWiz.exe [2010.03.12 11:26:42 | 000,657,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvuninst.exe [2010.03.11 00:18:22 | 000,087,936 | ---- | M] () -- C:\Users\nici8880\AppData\Local\GDIPFONTCACHEV1.DAT [2010.03.11 00:16:39 | 000,338,736 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.03.11 00:12:23 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_phaudlwr_01005.Wdf [2010.03.11 00:10:10 | 000,000,207 | ---- | M] () -- C:\ProgramData\CamSuite.ini [2010.03.11 00:03:37 | 000,614,424 | ---- | M] () -- C:\spc1030-001.raw [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] |
========== Files Created - No Company Name ========== [2010.04.07 11:38:32 | 000,001,964 | ---- | C] () -- C:\Users\nici8880\Desktop\HiJackThis.lnk [2010.04.07 11:34:28 | 000,000,814 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.04.07 11:24:58 | 000,041,827 | ---- | C] () -- C:\Users\nici8880\Desktop\spyfalcon.reg [2010.04.07 11:23:47 | 000,001,434 | ---- | C] () -- C:\Windows\SysWow64\tmp.reg [2010.04.07 11:23:20 | 000,075,776 | ---- | C] () -- C:\Windows\SysWow64\WS2Fix.exe [2010.04.07 11:23:19 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\dumphive.exe [2010.04.07 11:23:18 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\swsc.exe [2010.04.07 10:29:00 | 000,001,655 | ---- | C] () -- C:\Users\Public\Desktop\AVG 9.0.lnk [2010.04.07 10:28:52 | 000,113,461 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm [2010.04.07 10:28:51 | 058,637,906 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm [2010.04.07 10:21:39 | 000,001,580 | ---- | C] () -- C:\Users\nici8880\Desktop\CHANGELOG [2010.04.07 10:21:39 | 000,000,026 | ---- | C] () -- C:\Users\nici8880\Desktop\arl-version [2010.04.03 16:26:45 | 000,001,744 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.04.03 16:15:44 | 000,068,243 | ---- | C] () -- C:\Users\nici8880\bookmarks.html [2010.04.03 16:13:29 | 009,182,984 | R--- | C] () -- C:\Users\nici8880\Documents\Firefox 3.6.3 (de) - 2010-04-03.pcv [2010.04.03 16:07:06 | 009,182,984 | ---- | C] () -- C:\Users\nici8880\Firefox 3.6.3 (de) - 2010-04-03.pcv [2010.04.03 15:07:18 | 000,000,191 | ---- | C] () -- C:\Users\nici8880\Desktop\QuickStores.url [2010.04.03 15:02:44 | 000,001,873 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk [2010.04.03 12:00:22 | 000,000,036 | ---- | C] () -- C:\Users\nici8880\AppData\Local\housecall.guid.cache [2010.04.02 21:31:30 | 000,032,156 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010.04.02 21:30:17 | 000,032,156 | ---- | C] () -- C:\ProgramData\nvModes.dat [2010.04.02 20:34:19 | 000,000,680 | ---- | C] () -- C:\Users\nici8880\AppData\Local\d3d9caps.dat [2010.04.02 00:50:11 | 000,009,832 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2010.03.31 09:23:03 | 000,038,804 | ---- | C] () -- C:\Users\nici8880\Desktop\a3ubiisb43i.jpg [2010.03.31 09:21:24 | 000,053,549 | ---- | C] () -- C:\Users\nici8880\Desktop\9060t8qfv93.gif [2010.03.31 09:15:40 | 000,062,111 | ---- | C] () -- C:\Users\nici8880\Desktop\ypml8i7ywd3.gif [2010.03.31 09:14:35 | 000,018,282 | ---- | C] () -- C:\Users\nici8880\Desktop\v3ialvs4659.gif [2010.03.31 09:10:35 | 000,057,498 | ---- | C] () -- C:\Users\nici8880\Desktop\yg6rebghqc4.gif [2010.03.31 09:08:50 | 000,030,460 | ---- | C] () -- C:\Users\nici8880\Desktop\e7n70oh4rfn.gif [2010.03.31 08:42:41 | 000,015,039 | ---- | C] () -- C:\Users\nici8880\Desktop\id07qo9bg8s.gif [2010.03.31 08:42:01 | 000,026,312 | ---- | C] () -- C:\Users\nici8880\Desktop\m6w7t18c13r.jpg [2010.03.31 08:37:54 | 000,012,317 | ---- | C] () -- C:\Users\nici8880\Desktop\9ucicxigug2.gif [2010.03.31 08:32:24 | 000,150,568 | ---- | C] () -- C:\Users\nici8880\Desktop\5wjl3v8nk6j.gif [2010.03.29 12:28:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\ab_bl.sig [2010.03.29 12:07:08 | 000,008,704 | ---- | C] () -- C:\Users\nici8880\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.03.29 10:40:04 | 000,000,016 | ---- | C] () -- C:\Windows\SysNative\asdict.dat [2010.03.29 10:40:04 | 000,000,004 | ---- | C] () -- C:\Windows\SysNative\aspdict-en.dat [2010.03.29 10:36:00 | 000,000,025 | ---- | C] () -- C:\Users\nici8880\AppData\Roaming\bdfvconp.ini [2010.03.29 10:35:47 | 000,000,052 | ---- | C] () -- C:\Windows\SysNative\ashttpstats.csv [2010.03.28 23:51:43 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\actskn43.ocx [2010.03.28 23:51:34 | 000,569,368 | ---- | C] () -- C:\Windows\SysWow64\olelib.tlb [2010.03.28 19:47:33 | 000,524,288 | -HS- | C] () -- C:\Users\nici8880\ntuser.dat{e89cff25-3a91-11df-bf04-00248ca96ef0}.TMContainer00000000000000000002.regtrans-ms [2010.03.28 19:47:33 | 000,524,288 | -HS- | C] () -- C:\Users\nici8880\ntuser.dat{e89cff25-3a91-11df-bf04-00248ca96ef0}.TMContainer00000000000000000001.regtrans-ms [2010.03.28 19:47:33 | 000,065,536 | -HS- | C] () -- C:\Users\nici8880\ntuser.dat{e89cff25-3a91-11df-bf04-00248ca96ef0}.TM.blf [2010.03.28 18:06:56 | 000,524,288 | -HS- | C] () -- C:\Users\nici8880\ntuser.dat{a5d2f094-3a77-11df-9e80-00248ca96ef0}.TMContainer00000000000000000002.regtrans-ms [2010.03.28 18:06:56 | 000,524,288 | -HS- | C] () -- C:\Users\nici8880\ntuser.dat{a5d2f094-3a77-11df-9e80-00248ca96ef0}.TMContainer00000000000000000001.regtrans-ms [2010.03.28 18:06:56 | 000,065,536 | -HS- | C] () -- C:\Users\nici8880\ntuser.dat{a5d2f094-3a77-11df-9e80-00248ca96ef0}.TM.blf [2010.03.28 18:03:40 | 000,524,288 | -HS- | C] () -- C:\Users\nici8880\ntuser.dat{c1d7cc60-3a83-11df-843f-00248ca96ef0}.TMContainer00000000000000000002.regtrans-ms [2010.03.28 18:03:40 | 000,524,288 | -HS- | C] () -- C:\Users\nici8880\ntuser.dat{c1d7cc60-3a83-11df-843f-00248ca96ef0}.TMContainer00000000000000000001.regtrans-ms [2010.03.28 18:03:40 | 000,065,536 | -HS- | C] () -- C:\Users\nici8880\ntuser.dat{c1d7cc60-3a83-11df-843f-00248ca96ef0}.TM.blf [2010.03.28 15:30:35 | 000,524,288 | -HS- | C] () -- C:\Users\nici8880\ntuser.dat{29874273-3a68-11df-8d4b-00248ca96ef0}.TMContainer00000000000000000002.regtrans-ms [2010.03.28 15:30:35 | 000,524,288 | -HS- | C] () -- C:\Users\nici8880\ntuser.dat{29874273-3a68-11df-8d4b-00248ca96ef0}.TMContainer00000000000000000001.regtrans-ms [2010.03.28 15:30:35 | 000,065,536 | -HS- | C] () -- C:\Users\nici8880\ntuser.dat{29874273-3a68-11df-8d4b-00248ca96ef0}.TM.blf [2010.03.28 12:00:55 | 000,004,182 | ---- | C] () -- C:\Users\nici8880\AppData\Local\dd_vcredistMSI1E66.txt [2010.03.28 12:00:51 | 000,010,662 | ---- | C] () -- C:\Users\nici8880\AppData\Local\dd_vcredistUI1E6A.txt [2010.03.28 12:00:50 | 000,011,208 | ---- | C] () -- C:\Users\nici8880\AppData\Local\dd_vcredistUI1E66.txt [2010.03.28 00:23:38 | 000,000,732 | ---- | C] () -- C:\Users\nici8880\AppData\Local\d3d9caps64.dat [2010.03.26 22:28:24 | 000,000,063 | ---- | C] () -- C:\Users\nici8880\Desktop\Heimatmelodie.pls [2010.03.25 23:59:39 | 000,143,387 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat [2010.03.25 23:59:38 | 000,104,987 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat [2010.03.25 23:40:12 | 000,004,985 | ---- | C] () -- C:\Users\nici8880\Desktop\deutsch.lng [2010.03.25 11:21:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2010.03.25 11:20:49 | 000,369,206 | ---- | C] () -- C:\Users\nici8880\AppData\Local\dd_vcredistMSI1553.txt [2010.03.25 11:20:45 | 000,011,402 | ---- | C] () -- C:\Users\nici8880\AppData\Local\dd_vcredistUI1553.txt [2010.03.25 10:49:00 | 000,441,672 | ---- | C] () -- C:\Users\nici8880\AppData\Local\dd_vcredistMSI7D02.txt [2010.03.25 10:48:59 | 000,011,706 | ---- | C] () -- C:\Users\nici8880\AppData\Local\dd_vcredistUI7D02.txt [2010.03.23 13:49:33 | 3067,838,464 | ---- | C] () -- C:\Users\nici8880\Documents\mydiscimage.iso [2010.03.22 21:08:15 | 000,000,005 | ---- | C] () -- C:\Users\nici8880\AppData\Roaming\closedListSW.awt [2010.03.21 19:35:29 | 000,367,220 | ---- | C] () -- C:\Users\nici8880\AppData\Local\dd_vcredistMSI576F.txt [2010.03.21 19:35:28 | 000,013,994 | ---- | C] () -- C:\Users\nici8880\AppData\Local\dd_vcredistUI576F.txt [2010.03.21 10:21:40 | 000,524,288 | -HS- | C] () -- C:\Users\nici8880\NTUSER.DAT{15820bbe-34c2-11df-b845-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms [2010.03.21 10:21:40 | 000,524,288 | -HS- | C] () -- C:\Users\nici8880\NTUSER.DAT{15820bbe-34c2-11df-b845-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms [2010.03.21 10:21:40 | 000,065,536 | -HS- | C] () -- C:\Users\nici8880\NTUSER.DAT{15820bbe-34c2-11df-b845-806e6f6e6963}.TM.blf [2010.03.21 00:05:48 | 000,001,112 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.03.21 00:05:47 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.03.19 16:02:19 | 000,000,032 | ---- | C] () -- C:\Windows\0 [2010.03.19 16:02:19 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\0 [2010.03.18 09:56:15 | 000,057,667 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2010.03.18 09:56:15 | 000,057,667 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2010.03.17 01:28:39 | 000,000,204 | ---- | C] () -- C:\Users\nici8880\Documents\Dokument.rtf [2010.03.16 12:24:36 | 000,035,938 | ---- | C] () -- C:\Users\nici8880\bookmarks-2010-03-16.json [2010.03.15 01:25:20 | 000,434,236 | ---- | C] () -- C:\Users\nici8880\AppData\Local\dd_vcredistMSI4044.txt [2010.03.15 01:25:19 | 000,015,526 | ---- | C] () -- C:\Users\nici8880\AppData\Local\dd_vcredistUI4044.txt [2010.03.11 00:12:23 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_phaudlwr_01005.Wdf [2010.03.11 00:09:50 | 000,000,207 | ---- | C] () -- C:\ProgramData\CamSuite.ini [2010.03.11 00:03:37 | 000,614,424 | ---- | C] () -- C:\spc1030-001.raw [2010.03.08 03:30:09 | 000,001,936 | ---- | C] () -- C:\Users\nici8880\Für einen guten Freund ein Gedicht.rtf [2010.03.06 13:54:54 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2010.03.03 17:44:18 | 000,001,370 | ---- | C] () -- C:\Users\nici8880\IncrediMail Exported Contacts (csv format).csv [2010.02.26 23:20:58 | 000,000,017 | ---- | C] () -- C:\Windows\gd.ini [2010.02.21 23:45:19 | 000,000,554 | ---- | C] () -- C:\Users\nici8880\Reftausch Text.txt [2010.02.15 23:16:23 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2010.02.15 23:00:56 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX8400DEFGIPS.ini [2010.02.12 12:58:45 | 000,329,101 | ---- | C] () -- C:\Users\nici8880\img009.jpg [2010.02.05 15:01:21 | 000,001,197 | ---- | C] () -- C:\Users\nici8880\Brief an Angelique.rtf [2010.01.28 14:12:14 | 000,000,027 | ---- | C] () -- C:\Users\nici8880\.gtkrc-2.0 [2010.01.28 14:11:31 | 000,000,218 | ---- | C] () -- C:\Users\nici8880\.recently-used.xbel [2010.01.27 21:55:27 | 000,000,054 | ---- | C] () -- C:\Windows\Player.INI [2010.01.27 19:38:15 | 000,524,288 | -HS- | C] () -- C:\Users\nici8880\NTUSER.DAT{0c0b15cb-0b6a-11df-ae73-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms [2010.01.27 19:38:14 | 000,524,288 | -HS- | C] () -- C:\Users\nici8880\NTUSER.DAT{0c0b15cb-0b6a-11df-ae73-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms [2010.01.27 19:38:14 | 000,065,536 | -HS- | C] () -- C:\Users\nici8880\NTUSER.DAT{0c0b15cb-0b6a-11df-ae73-806e6f6e6963}.TM.blf [2010.01.27 19:37:06 | 000,000,000 | -H-- | C] () -- C:\Users\nici8880\NTUSER.DAT_tureg_new.LOG2 [2010.01.27 19:37:06 | 000,000,000 | -H-- | C] () -- C:\Users\nici8880\NTUSER.DAT_tureg_new.LOG1 [2010.01.19 01:44:43 | 000,000,077 | ---- | C] () -- C:\Windows\nwplayer.ini [2010.01.07 01:46:14 | 000,000,622 | ---- | C] () -- C:\Windows\DMN.INI [2009.12.11 02:21:00 | 000,000,106 | ---- | C] () -- C:\Windows\Podcasts.INI [2009.12.05 19:52:10 | 000,000,760 | ---- | C] () -- C:\Users\nici8880\AppData\Roaming\setup_ldm.iss [2009.12.03 13:25:02 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009.12.03 13:23:26 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.12.02 01:47:02 | 000,000,111 | ---- | C] () -- C:\Windows\wininit.ini [2009.11.26 23:42:17 | 000,000,704 | ---- | C] () -- C:\ProgramData\Installer.log [2009.11.26 23:31:41 | 000,001,120 | ---- | C] () -- C:\Windows\_delis32.ini [2009.11.22 14:21:32 | 000,423,490 | ---- | C] () -- C:\Users\nici8880\Danksagung von Onkel Manfred.jpg [2009.11.07 10:54:01 | 000,000,870 | ---- | C] () -- C:\Windows\disney.ini [2009.11.07 10:52:58 | 000,000,025 | ---- | C] () -- C:\Windows\Dgs_32.dll [2009.11.02 12:51:09 | 001,002,132 | ---- | C] () -- C:\Users\nici8880\Totesanzeige Onkel Manfred.jpg [2009.11.02 12:50:39 | 000,000,000 | ---- | C] () -- C:\Users\nici8880\Sti_Trace.log [2009.10.25 10:24:40 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.10.23 15:27:45 | 000,001,556 | ---- | C] () -- C:\Users\nici8880\AppData\Roaming\wklnhst.dat [2009.10.23 15:21:35 | 000,033,280 | ---- | C] () -- C:\Users\nici8880\Anleitung.doc [2009.10.23 15:18:23 | 000,196,096 | ---- | C] () -- C:\Program Files (x86)\b1guninst100.exe [2009.10.23 15:17:25 | 000,000,167 | ---- | C] () -- C:\Users\nici8880\udownload.dat [2009.10.21 18:45:40 | 000,417,828 | ---- | C] () -- C:\Users\nici8880\AppData\Local\dd_vcredistMSI1B3C.txt [2009.10.21 18:45:40 | 000,011,426 | ---- | C] () -- C:\Users\nici8880\AppData\Local\dd_vcredistUI1B3C.txt [2009.10.21 16:51:32 | 000,000,020 | -HS- | C] () -- C:\Users\nici8880\ntuser.ini [2009.10.21 16:51:31 | 008,126,464 | ---- | C] () -- C:\Users\nici8880\ntuser.dat [2009.10.21 16:51:31 | 004,194,304 | ---- | C] () -- C:\Users\nici8880\NTUSER.DAT_tureg_old [2009.10.21 16:51:31 | 000,524,288 | -HS- | C] () -- C:\Users\nici8880\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002.regtrans-ms [2009.10.21 16:51:31 | 000,524,288 | -HS- | C] () -- C:\Users\nici8880\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms [2009.10.21 16:51:31 | 000,262,144 | -H-- | C] () -- C:\Users\nici8880\ntuser.dat.LOG1 [2009.10.21 16:51:31 | 000,065,536 | -HS- | C] () -- C:\Users\nici8880\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf [2009.10.21 16:51:31 | 000,000,000 | -H-- | C] () -- C:\Users\nici8880\ntuser.dat.LOG2 [2009.05.19 06:10:11 | 000,354,816 | ---- | C] () -- C:\Windows\SysWow64\pythoncom26.dll [2009.05.19 06:10:11 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\pywintypes26.dll [2009.03.02 12:33:32 | 000,067,584 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2009.03.02 12:33:32 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest [2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2007.10.08 17:46:14 | 000,851,968 | ---- | C] () -- C:\Windows\SysWow64\Dll_Volume_Ctrl.dll [2007.04.27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2006.05.19 10:39:58 | 000,015,497 | ---- | C] () -- C:\Windows\spc1030.ini [2005.08.18 15:23:22 | 000,293,376 | RHS- | C] () -- C:\Users\nici8880\AppData\Roaming\plugin.dat [1999.11.11 03:39:00 | 000,481,792 | ---- | C] () -- C:\Windows\SysWow64\RFFTW2dll.dll [1999.01.27 14:39:06 | 000,065,024 | ---- | C] () -- C:\Windows\SysWow64\indounin.dll [1997.06.13 08:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:513A4CFC @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2 @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:A8ADE5D8 < End of report > |
Hi, du hast bereits CF laufen lassen (hat der was gefunden, dann Log posten), weiterhin Kaspersky und AVG am Laufen. Einen davon solltest Du deinstallieren. Weiterhin ist "NoLowDiskSpaceChecks = 1" ausgeschaltet (d.h. Windows warnt nicht, wenn der Speicher auf Platte ausgeht). Sonst sieht das Log sauber aus. Beide Scanner kontrollieren allerdings je nach Einstellung auch den Internetverkehr, daher für einen entscheiden und den anderen deinstallieren. Wegen Rootkit probieren wir noch Dr. Web (Gmer ist sauber): http://www.trojaner-board.de/59299-a...eb-cureit.html Nach Beendigung des Scans findes Du das Log unter %USERPROFILE%\DoctorWeb\CureIt.log. Bevor du irgendwelche Aktionen unternimmst, kopiere bitte den Inhalt des Logs und poste ihn. Die Log Datei ist sehr groß, ca. über 5MB Text. Benutzt einfach die Suche nach "infiziert" und kopiert betreffende Teile heraus, bevor Du sie postet. chris |
Code: Scanstatistiken |
Hi, Lade das Host-file (C:\WINDOWS\system32\drivers\etc\hosts) in einen Texteditor (im Explorer drauf klicken, rechte Maus, senden an -> editor). Kopiere den Inhalt und poste ihn hier... chris |
Lieber Chris Ich habe zwar die Datei gefunden in meinem System aber die geht nicht zum einfügen hier da es zu lang ist was soll ich nun tun ???? Gruß nici8880 |
Hi, Fileuplod: http://www.file-upload.net/, File hochladen und den Link (mit Löschlink) als "PrivateMail" an mich... Hast Du eine "Immunisierung" mal durchgeführt? Was macht der Rechner? chris |
Hi, es wurde eine Immunisierung von Spybot durchgeführt, das ist Ok. Was macht der Rechnerß chris |
Der macht immer noch so komische zicken ka warum hmmm weiss nicht mehr weiter der bleibt immer wieder alle 2-5 sek stehen aber nur ab und zu und dann geht es normal weiter wie bisher ist schon komisch obwohl der Rechner neu ist habe ihn letztes Jahr im Oktober gekauft beim Mediamarkt um 499 € Gruß nici8880 |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 05:56 Uhr. |
Copyright ©2000-2025, Trojaner-Board