| Walksindream | 04.10.2010 08:44 |
Undefinierbarer Rundll32-Virus
Hi Trojaner-Community,
ich bin gerade bei den Eltern einer Freundin zu Besuch und deren Computer ist von n nem fiesen Trojaner/Virus befallen.
Antivir ist schaltet sich von selbst ab...Malwarebytes lässt sich garnicht erst installieren und beim beenden eines jeden Programms kommt ne Fehlermeldung!
Antivir hat im letzten Scan folgende Viren/Trojaner/etc gefunden:
Riner.WD
Riner.VX
Crypt.JR.49
Spy.275968
Sasfis.arww
Backdoor: BDS/Agent278528.A
HTML: Infected Webpage.Nespage.Gen
Die Log files von gmer, otl und hijackthis sehen so aus:
GMER Logfile: Code:
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-10-04 09:11:42
Windows 5.1.2600
Running: gmer.exe; Driver: C:\DOKUME~1\Gaby\LOKALE~1\Temp\kxtdipoc.sys
---- System - GMER 1.0.15 ----
SSDT F8C0DE56 ZwCreateKey
SSDT F8C0DE4C ZwCreateThread
SSDT F8C0DE5B ZwDeleteKey
SSDT F8C0DE65 ZwDeleteValueKey
SSDT sptd.sys ZwEnumerateKey [0xF8431FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xF8432340]
SSDT F8C0DE6A ZwLoadKey
SSDT sptd.sys ZwOpenKey [0xF842C0B0]
SSDT F8C0DE38 ZwOpenProcess
SSDT F8C0DE3D ZwOpenThread
SSDT sptd.sys ZwQueryKey [0xF8432418]
SSDT sptd.sys ZwQueryValueKey [0xF8432298]
SSDT F8C0DE74 ZwReplaceKey
SSDT F8C0DE6F ZwRestoreKey
SSDT F8C0DE60 ZwSetValueKey
SSDT F8C0DE47 ZwTerminateProcess
SSDT F8C0DE42 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!KeInitializeInterrupt + B79 804D4F8E 1 Byte [06]
.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 1B0 804FC6C8 4 Bytes [56, DE, C0, F8] {PUSH ESI; FADDP ST(0), ST; CLC }
.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 1E0 804FC6F8 4 Bytes [4C, DE, C0, F8] {DEC ESP; FADDP ST(0), ST; CLC }
.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 208 804FC720 4 Bytes [5B, DE, C0, F8] {POP EBX; FADDP ST(0), ST; CLC }
.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 210 804FC728 4 Bytes [65, DE, C0, F8]
.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 228 804FC740 4 Bytes [B2, 1F, 43, F8] {MOV DL, 0x1f; INC EBX; CLC }
.text ...
? C:\WINDOWS\system32\drivers\sptd.sys Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
.text USBPORT.SYS!DllUnload F7C5FDBC 5 Bytes JMP 821F41C8
---- User code sections - GMER 1.0.15 ----
.text C:\Dokumente und Einstellungen\Gaby\Desktop\gmer.exe[1192] ntdll.dll!NtCreateThread 77F6E703 5 Bytes CALL 00A50000
.text C:\Dokumente und Einstellungen\Gaby\Desktop\gmer.exe[1192] ntdll.dll!NtProtectVirtualMemory 77F6EC43 5 Bytes CALL 00A30000
.text C:\Dokumente und Einstellungen\Gaby\Desktop\gmer.exe[1192] kernel32.dll!ExitProcess 77E55CB5 5 Bytes CALL 00A70000
.text C:\Dokumente und Einstellungen\Gaby\Desktop\gmer.exe[1192] user32.dll!PeekMessageW 77D13ECD 5 Bytes CALL 00D20000
.text C:\Dokumente und Einstellungen\Gaby\Desktop\gmer.exe[1192] ADVAPI32.dll!CryptImportKey 77DB0BB2 5 Bytes CALL 00D80000
.text C:\Dokumente und Einstellungen\Gaby\Desktop\gmer.exe[1192] ADVAPI32.dll!CryptDeriveKey 77DB1961 5 Bytes CALL 00DC0000
.text C:\Dokumente und Einstellungen\Gaby\Desktop\gmer.exe[1192] ADVAPI32.dll!CryptGenKey 77DDD0A5 5 Bytes CALL 00DA0000
.text C:\Dokumente und Einstellungen\Gaby\Desktop\gmer.exe[1192] ws2_32.dll!send 009F1AF4 5 Bytes CALL 00D40000
.text C:\Dokumente und Einstellungen\Gaby\Desktop\gmer.exe[1192] wininet.dll!InternetCloseHandle 761A4E4D 5 Bytes CALL 00D00000
.text C:\Dokumente und Einstellungen\Gaby\Desktop\gmer.exe[1192] wininet.dll!HttpSendRequestA 761A59A3 5 Bytes CALL 00B50000
.text C:\Dokumente und Einstellungen\Gaby\Desktop\gmer.exe[1192] wininet.dll!HttpOpenRequestA 761A6853 5 Bytes CALL 00CC0000
.text C:\Dokumente und Einstellungen\Gaby\Desktop\gmer.exe[1192] wininet.dll!InternetConnectA 761A6B7F 5 Bytes CALL 00B10000
.text C:\Dokumente und Einstellungen\Gaby\Desktop\gmer.exe[1192] wininet.dll!HttpAddRequestHeadersA 761A7DDA 5 Bytes CALL 00C80000
.text C:\Dokumente und Einstellungen\Gaby\Desktop\gmer.exe[1192] wininet.dll!InternetReadFile 761ABD61 5 Bytes CALL 00A90000
.text C:\Dokumente und Einstellungen\Gaby\Desktop\gmer.exe[1192] wininet.dll!HttpAddRequestHeadersW 761B5BFF 5 Bytes CALL 00CA0000
.text C:\Dokumente und Einstellungen\Gaby\Desktop\gmer.exe[1192] wininet.dll!HttpOpenRequestW 761B67F8 5 Bytes CALL 00CE0000
.text C:\Dokumente und Einstellungen\Gaby\Desktop\gmer.exe[1192] wininet.dll!CommitUrlCacheEntryA 761C006D 5 Bytes CALL 00C40000
.text C:\Dokumente und Einstellungen\Gaby\Desktop\gmer.exe[1192] wininet.dll!InternetQueryDataAvailable 761C1691 5 Bytes CALL 00B30000
.text C:\Dokumente und Einstellungen\Gaby\Desktop\gmer.exe[1192] wininet.dll!InternetReadFileExA 761C54C7 5 Bytes CALL 00AD0000
.text C:\Dokumente und Einstellungen\Gaby\Desktop\gmer.exe[1192] wininet.dll!CommitUrlCacheEntryW 761C86D6 5 Bytes CALL 00C60000
.text C:\Dokumente und Einstellungen\Gaby\Desktop\gmer.exe[1192] wininet.dll!HttpSendRequestW 761C8DF7 5 Bytes CALL 00C20000
.text C:\Dokumente und Einstellungen\Gaby\Desktop\gmer.exe[1192] wininet.dll!InternetReadFileExW 761E06BE 5 Bytes CALL 00AF0000
.text C:\WINDOWS\explorer.exe[1960] ntdll.dll!NtCreateThread 77F6E703 5 Bytes CALL 008E0000
.text C:\WINDOWS\explorer.exe[1960] ntdll.dll!NtProtectVirtualMemory 77F6EC43 5 Bytes CALL 008C0000
.text C:\WINDOWS\explorer.exe[1960] kernel32.dll!ExitProcess 77E55CB5 5 Bytes CALL 00900000
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F844306C] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F8443018] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F84659AE] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F844306C] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F842CAD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F842CC1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F842CB9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F842D748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F842D61E] sptd.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F844229A] sptd.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8236D1E8
AttachedDevice \FileSystem\Ntfs \Ntfs avgntmgr.sys (Avira AntiVir File Filter Driver Manager/Avira GmbH)
Device \Driver\usbuhci \Device\USBPDO-0 8215C1E8
Device \Driver\usbuhci \Device\USBPDO-1 8215C1E8
Device \Driver\usbuhci \Device\USBPDO-2 8215C1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 823DB1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 823DB1E8
Device \Driver\Cdrom \Device\CdRom0 821EF1E8
Device \Driver\Cdrom \Device\CdRom1 821EF1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 [F83BE410] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F83BE410] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F83BE410] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F83BE410] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f [F83BE410] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBt_Wins_Export 81FD2790
Device \Driver\NetBT \Device\NetbiosSmb 81FD2790
Device \Driver\usbuhci \Device\USBFDO-0 8215C1E8
Device \Driver\usbuhci \Device\USBFDO-1 8215C1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 81FA51E8
Device \Driver\usbuhci \Device\USBFDO-2 8215C1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 81FA51E8
Device \Driver\Ftdisk \Device\FtControl 823DB1E8
Device \FileSystem\Cdfs \Cdfs 8201E1E8
---- Threads - GMER 1.0.15 ----
Thread gmer.exe [1192:1368] 00170000
Thread explorer.exe [1960:1964] 000B0000
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
---- EOF - GMER 1.0.15 ----
--- --- ---
hijackthis:
HiJackthis Logfile: Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:15:50, on 04.10.2010
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programme\Winamp\winampa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Dokumente und Einstellungen\Gaby\Desktop\HiJackThis204.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S123.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [CHotKey] mHotkey.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Kbddx] C:\Dokumente und Einstellungen\Gaby\Anwendungsdaten\Adobe\Update\traycor.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ISDN Guard.lnk = C:\WINDOWS\agfguard.exe
O4 - Global Startup: Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Programme\NETGEAR\WG111v2\WG111v2.exe
O4 - Global Startup: Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1286045611780
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
--
End of file - 4970 bytes
--- --- ---
OTL:OTL Logfile: Code:
OTL logfile created on: 04.10.2010 09:19:40 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Dokumente und Einstellungen\Gaby\Desktop\MFTools
Windows XP Home Edition (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2600.0000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
511,00 Mb Total Physical Memory | 286,00 Mb Available Physical Memory | 56,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 7,81 Gb Total Space | 4,38 Gb Free Space | 56,08% Space Free | Partition Type: NTFS
Drive D: | 29,49 Gb Total Space | 6,51 Gb Free Space | 22,08% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HEIM-PC
Current User Name: Gaby
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.10.03 20:27:44 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Gaby\desktop\MFTools\OTL.exe
PRC - [2010.07.25 14:31:15 | 000,910,296 | ---- | M] (Mozilla Corporation) -- D:\Programme\Mozilla Downloads\firefox.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2008.04.01 20:49:42 | 000,036,352 | ---- | M] () -- C:\Programme\Winamp\winampa.exe
PRC - [2008.01.11 23:16:38 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2001.10.24 13:42:10 | 000,655,360 | ---- | M] (Roxio) -- C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe
PRC - [2001.08.18 13:00:00 | 001,004,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001.08.18 13:00:00 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sol.exe
========== Modules (SafeList) ==========
MOD - [2010.10.03 20:27:44 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Gaby\desktop\MFTools\OTL.exe
MOD - [2001.08.18 13:00:00 | 001,700,352 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13\GdiPlus.dll
MOD - [2001.08.18 13:00:00 | 000,921,088 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
MOD - [2001.08.18 13:00:00 | 000,106,547 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2001.08.18 13:00:00 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shfolder.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2001.08.10 13:14:14 | 000,192,512 | ---- | M] (Roxio Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\ImapiRox.exe -- (ImapiService)
========== Driver Services (SafeList) ==========
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:29:07 | 000,022,360 | ---- | M] (Avira GmbH) [File_System | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntmgr.sys -- (avgntmgr)
DRV - [2009.02.13 12:17:49 | 000,045,416 | ---- | M] (Avira GmbH) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgntdd.sys -- (avgntdd)
DRV - [2007.10.20 15:30:10 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007.07.27 20:08:15 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2007.03.08 01:51:00 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007.03.08 01:51:00 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006.03.27 17:53:28 | 000,167,808 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111v2.sys -- (RTLWUSB)
DRV - [2003.04.23 18:52:16 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001.10.24 13:54:58 | 000,205,440 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2001.10.24 13:53:22 | 000,233,728 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2001.10.24 13:50:04 | 000,018,406 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2001.10.24 13:49:54 | 000,019,222 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2001.10.24 13:49:44 | 000,079,926 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2K)
DRV - [2001.09.18 12:00:00 | 000,167,816 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\omcamvid.sys -- (OVT511Plus)
DRV - [2001.08.20 11:59:38 | 000,025,472 | ---- | M] (Roxio Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\imapiRox.sys -- (Imapi)
DRV - [2001.08.18 13:00:00 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2001.08.18 13:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001.08.18 13:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001.08.17 15:02:32 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2001.08.17 15:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001.08.17 13:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4.sys -- (nv4)
DRV - [2001.08.17 12:12:42 | 000,023,070 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C)
DRV - [2001.02.07 01:20:00 | 000,044,852 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viaudio.sys -- (VIAudio) VIA AC'97 Enhanced Audio Controller (WDM)
DRV - [2000.08.09 14:57:02 | 000,202,336 | ---- | M] (AGFEO GmbH & Co. KG) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\agfucapi.sys -- (agfucapi)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {E78313ED-E64C-451B-9B5F-8A66A8D08A64}:2.5.10.1
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: D:\Programme\Mozilla Downloads\components [2010.07.25 14:31:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: D:\Programme\Mozilla Downloads\plugins [2010.07.25 14:31:27 | 000,000,000 | ---D | M]
[2008.12.22 19:10:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gaby\Anwendungsdaten\Mozilla\Extensions
[2010.10.03 22:01:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gaby\Anwendungsdaten\Mozilla\Firefox\Profiles\21zkukjq.default\extensions
[2010.07.13 08:50:44 | 000,000,000 | ---D | M] (FireFox accelerator) -- C:\Dokumente und Einstellungen\Gaby\Anwendungsdaten\Mozilla\Firefox\Profiles\21zkukjq.default\extensions\{E78313ED-E64C-451B-9B5F-8A66A8D08A64}
[2010.07.18 22:37:03 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.07.13 08:52:32 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
O1 HOSTS File: ([2010.10.02 22:02:28 | 000,420,661 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14506 more lines...
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx (Microsoft Corporation)
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Programme\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CHotKey] C:\WINDOWS\mHotkey.exe (Chicony)
O4 - HKLM..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe ()
O4 - HKCU..\Run: [Kbddx] C:\Dokumente und Einstellungen\Gaby\Anwendungsdaten\Adobe\Update\traycor.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ISDN Guard.lnk = C:\WINDOWS\agfguard.exe ( )
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\NETGEAR WG111v2 Smart Wizard.lnk = C:\Programme\NETGEAR\WG111v2\WG111v2.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://www.apple.com/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1286045611780 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (RtlGina2.dll) - C:\WINDOWS\System32\RtlGina2.dll ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Gaby\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Gaby\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.07.27 19:38:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010.10.04 09:14:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.10.04 08:26:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gaby\Desktop\Gmer
[2010.10.04 08:24:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.10.04 08:22:46 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2010.10.03 21:57:55 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Gaby\Desktop\HiJackThis204.exe
[2010.10.03 20:16:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gaby\Desktop\MFTools
[2010.10.02 22:10:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010.10.02 21:41:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2010.10.02 20:53:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010.09.13 18:14:42 | 000,000,000 | ---D | C] -- C:\Programme\ACD Systems
========== Files - Modified Within 30 Days ==========
[2010.10.04 09:20:55 | 008,650,752 | -H-- | M] () -- C:\Dokumente und Einstellungen\Gaby\NTUSER.DAT
[2010.10.04 09:14:06 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010.10.04 09:13:27 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.10.04 09:13:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.10.04 09:13:24 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.04 08:19:14 | 000,000,192 | -HS- | M] () -- C:\Dokumente und Einstellungen\Gaby\ntuser.ini
[2010.10.03 21:57:57 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Gaby\Desktop\HiJackThis204.exe
[2010.10.03 21:49:19 | 003,233,626 | -H-- | M] () -- C:\Dokumente und Einstellungen\Gaby\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.10.02 22:30:27 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010.10.02 22:14:12 | 000,000,691 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.10.02 22:14:12 | 000,000,260 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.10.02 22:14:12 | 000,000,194 | -HS- | M] () -- C:\boot.ini
[2010.10.02 22:02:28 | 000,420,661 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.10.02 21:42:09 | 000,000,677 | ---- | M] () -- C:\Dokumente und Einstellungen\Gaby\Desktop\Spybot - Search & Destroy.lnk
[2010.09.29 19:40:05 | 000,827,392 | -H-- | M] () -- C:\ffastun.ffl
[2010.09.29 19:40:05 | 000,483,328 | -H-- | M] () -- C:\ffastun0.ffx
[2010.09.29 19:40:05 | 000,294,912 | -H-- | M] () -- C:\ffastun.ffo
[2010.09.29 19:40:05 | 000,004,379 | -H-- | M] () -- C:\ffastun.ffa
[2010.09.27 19:29:22 | 000,002,184 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.09.20 22:54:47 | 000,726,088 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.09.20 22:54:47 | 000,318,106 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.09.20 22:54:47 | 000,312,946 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.09.20 22:54:47 | 000,049,028 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.09.20 22:54:47 | 000,040,664 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.09.16 17:36:26 | 000,004,529 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.09.13 18:15:12 | 000,002,785 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ACDSee 9 Foto-Manager.lnk
[2010.09.09 21:29:05 | 000,017,408 | ---- | M] () -- C:\Dokumente und Einstellungen\Gaby\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== Files Created - No Company Name ==========
[2010.10.03 19:39:05 | 536,399,872 | -HS- | C] () -- C:\hiberfil.sys
[2010.10.02 22:30:27 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010.10.02 22:14:12 | 000,000,716 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Office-Start.lnk
[2010.10.02 21:42:09 | 000,000,677 | ---- | C] () -- C:\Dokumente und Einstellungen\Gaby\Desktop\Spybot - Search & Destroy.lnk
[2010.09.13 18:15:12 | 000,002,785 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ACDSee 9 Foto-Manager.lnk
[2010.07.25 12:56:20 | 000,000,501 | ---- | C] () -- C:\WINDOWS\CVMiniViewer.ini
[2008.01.02 19:55:42 | 000,000,232 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.01.02 19:54:34 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2007.12.10 22:50:44 | 000,000,072 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2007.10.21 17:17:44 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\Gaby\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.10.20 15:30:08 | 000,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007.10.20 14:48:23 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2007.10.10 12:26:58 | 000,022,660 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007.09.28 16:59:36 | 000,005,632 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2007.09.28 16:59:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2007.08.09 13:38:48 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007.08.09 13:37:52 | 000,000,027 | ---- | C] () -- C:\WINDOWS\CDE DX4000EFDG.ini
[2007.08.08 17:55:30 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007.08.01 13:34:30 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2007.07.27 20:30:03 | 000,000,004 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DirectCDUserName.txt
[2006.05.03 17:44:32 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\RtlGina2.dll
[2002.03.21 14:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2001.09.18 12:00:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\bmpproc.dll
[2001.08.18 13:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2001.08.10 13:14:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ImapiRoxPS.dll
[1999.03.10 02:23:00 | 000,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll
[1998.01.13 14:52:30 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\lotrn13.dll
[1997.11.14 02:23:00 | 000,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll
[1997.10.18 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997.10.18 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1997.02.02 02:23:00 | 000,000,058 | ---- | C] () -- C:\WINDOWS\loss613.ini
[1997.02.02 02:23:00 | 000,000,058 | ---- | C] () -- C:\WINDOWS\loss09.ini
[1996.07.09 02:23:00 | 000,000,038 | ---- | C] () -- C:\WINDOWS\loidp13.ini
[1994.07.25 03:23:00 | 000,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv
[1994.04.07 02:23:00 | 000,000,462 | ---- | C] () -- C:\WINDOWS\lodbf13.ini
< End of report >
--- --- ---
DANKE für eure Hilfe...schon Mal im voraus...
Liebe Grüße
T. |
