| |
| |||||||
Log-Analyse und Auswertung: prozess xy lastet cpu aus. verschiedene namen, immer 491kb groß.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
08.02.2011, 11:54
| #1 |
 |  prozess xy lastet cpu aus. verschiedene namen, immer 491kb groß. Ich bin auf die Sache durch eine Anfrage an meine Windows-Firewall aufmerksam geworden. Momentan nennt sich das Teil "x07009.exe". Es liegt im Ordner C:\Users\name\AppData\Local\Temp. Dort liegen auch noch die exe Dateien mit anderem Namen (zb cpuzz.exe oder cpu-core.exe), unter denen das DIng auch schon versucht hat, durch die Firewall zu kommen. Jede dieser Dateien ist genau 491kb groß. Der Prozess der jeweiligen Datei braucht bis zu 99% CPU. Ich hab mit verschiedenen Anti Spyware und Anti VIrus Programmen gesucht, es hat nichts geholfen. Ich weiss nicht weiter.  |
|
08.02.2011, 12:24
| #2 |
| /// Malware-holic   | prozess xy lastet cpu aus. verschiedene namen, immer 491kb groß. Systemscan mit OTL
__________________download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten
__________________ |
|
08.02.2011, 13:49
| #3 |
| | prozess xy lastet cpu aus. verschiedene namen, immer 491kb groß. so ich lass das grad scannen und poste es unten.
__________________ich habe vorhin einen prozess namens"silverlieght.exe" entdeckt. das mit dem ie stand da auch so. ich hatte silverlight vorher deinstalliert und wunderte mich, warum noch ein prozess läuft. ich hab dann den pfad geöffnet, prozess gekillt und datei gelöscht und papierkorb geleert. seitdem ist ruhe. bisher hat sich der virus/trojan relativ häufig gemeldet und in der zeit die vergangen ist, hätte er sich eigentlich melden müssen. nun ja. vielleicht wars das schon. hier auf jeden fall die logs |
|
08.02.2011, 13:49
| #4 |
| | prozess xy lastet cpu aus. verschiedene namen, immer 491kb groß. OTL Logfile: Code:
ATTFilter OTL logfile created on: 08.02.2011 13:40:38 - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\django\Downloads Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 78,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 59,62 Gb Total Space | 17,61 Gb Free Space | 29,53% Space Free | Partition Type: NTFS Drive D: | 1,75 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive E: | 4,88 Gb Total Space | 4,83 Gb Free Space | 98,83% Space Free | Partition Type: NTFS Drive H: | 634,77 Gb Total Space | 273,40 Gb Free Space | 43,07% Space Free | Partition Type: NTFS Drive J: | 957,63 Mb Total Space | 718,20 Mb Free Space | 75,00% Space Free | Partition Type: FAT Drive N: | 296,74 Gb Total Space | 89,26 Gb Free Space | 30,08% Space Free | Partition Type: NTFS Drive P: | 3,66 Gb Total Space | 3,60 Gb Free Space | 98,25% Space Free | Partition Type: NTFS Computer Name: DJANGO-PC | User Name: django | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\django\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Java\jre6\bin\javaw.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Users\django\Desktop\keepass\KEEPASS\KeePass-2.14\KeePass.exe (Dominik Reichl) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\TeamViewer\Version6\TeamViewer.exe (TeamViewer GmbH) PRC - C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\TeamViewer\Version6\tv_w32.exe (TeamViewer GmbH) PRC - C:\Programme\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe (Highresolution Enterprises) PRC - C:\Programme\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe (Highresolution Enterprises) PRC - C:\Programme\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Users\django\AppData\Roaming\Dropbox\bin\Dropbox.exe () PRC - C:\Windows\System32\XSrvSetup.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.) PRC - C:\Programme\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.) PRC - C:\Programme\Gigabyte\EasySaver\essvr.exe () PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () ========== Modules (SafeList) ========== MOD - C:\Users\django\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (XMouseButton Launcher) -- C:\Programme\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe (Highresolution Enterprises) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (AppleChargerSrv) -- C:\Windows\System32\AppleChargerSrv.exe () SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (JMB36X) -- C:\Windows\System32\XSrvSetup.exe () SRV - (BCUService) -- C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.) SRV - (ES lite Service) -- C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE () SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) 2000 DDK provider) DRV - (GVTDrv) -- C:\Windows\System32\drivers\GVTDrv.sys () DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (AppleCharger) -- C:\Windows\System32\drivers\AppleCharger.sys () DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek ) DRV - (JRAID) -- C:\Windows\system32\DRIVERS\jraid.sys (JMicron Technology Corp.) DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.) DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (nusb3xhc) -- C:\Windows\System32\drivers\nusb3xhc.sys (NEC Electronics Corporation) DRV - (nusb3hub) -- C:\Windows\System32\drivers\nusb3hub.sys (NEC Electronics Corporation) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\System32\drivers\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (Advanced Micro Devices Inc.) DRV - (AN983) -- C:\Windows\System32\drivers\an983.sys (ADMtek Incorporated.) DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60076 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=60076 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-439511251-1354602021-3325364293-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Programme\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) IE - HKU\S-1-5-21-439511251-1354602021-3325364293-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Crawler Search" FF - prefs.js..browser.search.order.1: "Crawler Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5 FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: testpilot@labs.mozilla.com:1.0.4 FF - prefs.js..extensions.enabledItems: mozrepl@hyperstruct.net:1.0.0.2009122217 FF - prefs.js..keyword.URL: "hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60076&qkw=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.01.23 01:51:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.23 18:12:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.01.25 20:11:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.01.25 19:47:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\django\AppData\Roaming\mozilla\Extensions [2011.01.25 19:47:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\django\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.02.07 19:38:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\django\AppData\Roaming\mozilla\Firefox\Profiles\3hvdyx50.default\extensions [2011.01.26 14:10:06 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\django\AppData\Roaming\mozilla\Firefox\Profiles\3hvdyx50.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca} [2011.01.27 13:09:10 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\django\AppData\Roaming\mozilla\Firefox\Profiles\3hvdyx50.default\extensions\foxmarks@kei.com [2011.01.31 14:16:36 | 000,000,000 | ---D | M] (MozRepl) -- C:\Users\django\AppData\Roaming\mozilla\Firefox\Profiles\3hvdyx50.default\extensions\mozrepl@hyperstruct.net [2011.01.31 14:16:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\django\AppData\Roaming\mozilla\Firefox\Profiles\3hvdyx50.default\extensions\staged-xpis [2011.01.31 13:57:12 | 000,000,000 | ---D | M] (Feedback) -- C:\Users\django\AppData\Roaming\mozilla\Firefox\Profiles\3hvdyx50.default\extensions\testpilot@labs.mozilla.com [2011.02.07 16:07:41 | 000,001,331 | ---- | M] () -- C:\Users\django\AppData\Roaming\Mozilla\Firefox\Profiles\3hvdyx50.default\searchplugins\crawlersrch.xml [2011.02.07 16:07:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.01.23 18:02:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.01.23 18:02:22 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.01.23 18:02:18 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.03.02 13:14:36 | 000,164,120 | ---- | M] (Tracker Software Products Ltd.) -- C:\Programme\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll [2010.12.03 19:14:08 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.12.03 19:14:08 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.12.03 19:14:08 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.12.03 19:14:08 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.12.03 19:14:08 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (PDFXChange 4.0 IE Plugin) - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Programme\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware) O3 - HKLM\..\Toolbar: (PDFXChange 4.0 IE Plugin) - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Programme\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.) O4 - HKLM..\Run: [Bonus.SSR.FR10] C:\Program Files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe (ABBYY.) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-439511251-1354602021-3325364293-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-439511251-1354602021-3325364293-1000..\Run: [ISUSPM Startup] C:\Programme\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKU\S-1-5-21-439511251-1354602021-3325364293-1000..\Run: [Silverlieght] File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\django\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\django\AppData\Roaming\Dropbox\bin\Dropbox.exe () O4 - Startup: C:\Users\django\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011.02.06 18:54:50 | 000,202,240 | RHS- | M] () - J:\autorun.exe -- [ FAT ] O32 - Unable to obtain root file information for disk J:\ O32 - AutoRun File - [2011.02.06 18:54:49 | 000,202,240 | RHS- | M] () - P:\autorun.exe -- [ NTFS ] O32 - Unable to obtain root file information for disk P:\ O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation) NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootMin: Primary disk - Driver Group SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - File not found SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) ========== Files/Folders - Created Within 30 Days ========== [2011.02.08 12:09:37 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2011.02.08 12:09:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.02.08 12:04:52 | 000,000,000 | ---D | C] -- C:\Users\django\Desktop\ProcessMonitor [2011.02.08 11:11:16 | 000,000,000 | ---D | C] -- C:\Users\django\AppData\Roaming\Malwarebytes [2011.02.08 11:11:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.02.08 11:11:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.02.08 11:11:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.02.08 11:11:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.02.08 11:11:09 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.02.07 23:44:04 | 000,000,000 | ---D | C] -- C:\Users\django\AppData\Roaming\Avira [2011.02.07 23:41:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.02.07 23:41:21 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2011.02.07 23:41:20 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.02.07 23:41:20 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.02.07 23:41:20 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2011.02.07 23:41:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.02.07 20:46:17 | 000,000,000 | ---D | C] -- C:\Users\django\Desktop\tc header backup [2011.02.07 19:07:06 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2011.02.07 19:04:55 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2011.02.07 17:08:35 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2011.02.07 17:08:35 | 000,000,000 | ---D | C] -- C:\Users\django\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2011.02.07 16:00:52 | 000,000,000 | ---D | C] -- C:\searchplugins [2011.02.06 23:56:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Highresolution Enterprises [2011.02.06 18:55:05 | 000,057,344 | ---- | C] ( ) -- C:\Users\django\AppData\Roaming\MSNMessengerAPI.dll [2011.02.03 15:34:12 | 000,000,000 | ---D | C] -- C:\Users\django\AppData\Roaming\TeraCopy [2011.02.03 15:34:09 | 000,000,000 | ---D | C] -- C:\Programme\TeraCopy [2011.02.03 15:34:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraCopy [2011.02.02 03:47:37 | 000,000,000 | ---D | C] -- C:\Users\django\.ssh [2011.02.01 01:18:08 | 000,000,000 | ---D | C] -- C:\Users\django\Desktop\keepass [2011.01.31 14:06:20 | 000,000,000 | ---D | C] -- C:\Users\django\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Password Safe [2011.01.31 13:53:33 | 000,000,000 | ---D | C] -- C:\Users\django\AppData\Roaming\KeePass [2011.01.31 13:23:14 | 000,000,000 | ---D | C] -- C:\ProgramData\vsosdk [2011.01.31 12:59:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 8 [2011.01.29 23:58:40 | 000,000,000 | ---D | C] -- C:\Users\django\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BootDisk2BootStick [2011.01.29 23:58:40 | 000,000,000 | ---D | C] -- C:\Programme\BootDisk2BootStick [2011.01.29 23:15:49 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET [2011.01.29 23:12:01 | 000,450,560 | ---- | C] (Hewlett-Packard Company) -- C:\Programme\HPUSBF.EXE [2011.01.29 23:12:01 | 000,446,464 | ---- | C] (Hewlett-Packard Company) -- C:\Programme\HPUSBFW.EXE [2011.01.29 23:12:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hewlett-Packard Company [2011.01.29 23:03:08 | 000,000,000 | ---D | C] -- C:\Users\django\Desktop\ablage usb [2011.01.29 18:31:21 | 000,000,000 | ---D | C] -- C:\Users\django\AppData\Roaming\Nero [2011.01.29 18:23:50 | 000,000,000 | ---D | C] -- C:\Programme\Nero [2011.01.29 18:23:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2011.01.29 16:50:57 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll [2011.01.29 16:50:51 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll [2011.01.29 16:50:44 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll [2011.01.29 16:50:38 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll [2011.01.29 16:50:31 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll [2011.01.29 16:50:24 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll [2011.01.29 00:49:15 | 000,000,000 | ---D | C] -- C:\Programme\Elaborate Bytes [2011.01.29 00:49:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes [2011.01.29 00:36:46 | 000,000,000 | ---D | C] -- C:\Users\django\AppData\Roaming\Xilisoft [2011.01.29 00:28:37 | 000,000,000 | ---D | C] -- C:\Users\django\Documents\AnyDVDHD [2011.01.29 00:00:00 | 000,000,000 | ---D | C] -- C:\Users\django\Desktop\stunde null [2011.01.28 23:00:15 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft [2011.01.28 22:45:18 | 000,000,000 | ---D | C] -- C:\Programme\SlySoft [2011.01.28 22:45:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft [2011.01.28 19:18:02 | 000,000,000 | ---D | C] -- C:\Users\django\Documents\DVDFab [2011.01.28 19:17:57 | 000,000,000 | ---D | C] -- C:\Programme\DVDFab 8 [2011.01.28 10:12:18 | 000,000,000 | ---D | C] -- C:\Programme\MSXML 4.0 [2011.01.28 09:46:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\revoSleep v0.2 BETA [2011.01.28 09:46:34 | 000,000,000 | ---D | C] -- C:\Programme\revoSleep [2011.01.27 23:51:43 | 000,000,000 | ---D | C] -- C:\Users\django\AppData\Local\ElevatedDiagnostics [2011.01.27 23:21:40 | 000,701,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml2.dll [2011.01.27 23:21:40 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4r.dll [2011.01.27 23:21:40 | 000,065,536 | ---- | C] (Samsung Electronics) -- C:\Windows\System32\ssdevm.dll [2011.01.27 23:21:40 | 000,049,152 | ---- | C] (Samsung Electronics) -- C:\Windows\System32\ssusbpn.dll [2011.01.27 23:21:40 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4a.dll [2011.01.27 23:21:40 | 000,038,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml2r.dll [2011.01.27 23:21:40 | 000,021,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml2a.dll [2011.01.27 21:07:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung CLP-300 Series [2011.01.27 21:07:10 | 000,022,663 | ---- | C] (Samsung Electronics.) -- C:\Windows\System32\SUGG1LMK.DLL [2011.01.27 21:05:21 | 000,655,360 | ---- | C] (Unified FB) -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1UM.dll [2011.01.27 21:05:21 | 000,224,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1ui.dll [2011.01.27 21:05:20 | 000,837,028 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1.dll [2011.01.27 21:05:20 | 000,204,800 | ---- | C] (SEC) -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1CM.dll [2011.01.27 21:05:20 | 000,151,552 | ---- | C] (Samsung Electronics Co., Ltd.) -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1CI.exe [2011.01.27 21:05:20 | 000,057,344 | ---- | C] (SEC) -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1CI.dll [2011.01.27 21:05:20 | 000,041,984 | ---- | C] (Samsung Electronics Co., Ltd.) -- C:\Windows\System32\drivers\DGIVECP.SYS [2011.01.27 21:05:20 | 000,022,663 | ---- | C] (Samsung Electronics.) -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1lmk.dll [2011.01.27 21:05:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series [2011.01.27 21:05:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Samsung [2011.01.27 21:05:18 | 000,000,000 | ---D | C] -- C:\Programme\Samsung [2011.01.27 21:05:15 | 000,000,000 | ---D | C] -- C:\Windows\Samsung [2011.01.26 14:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2011.01.26 14:10:52 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip [2011.01.26 12:16:10 | 000,000,000 | ---D | C] -- C:\Users\django\AppData\Roaming\WinRAR [2011.01.25 20:28:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView [2011.01.25 20:28:32 | 000,000,000 | ---D | C] -- C:\Users\django\AppData\Roaming\IrfanView [2011.01.25 20:28:32 | 000,000,000 | ---D | C] -- C:\Programme\IrfanView [2011.01.25 20:11:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird [2011.01.25 20:11:29 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Thunderbird [2011.01.25 19:47:58 | 000,000,000 | ---D | C] -- C:\Users\django\AppData\Roaming\Thunderbird [2011.01.25 19:47:58 | 000,000,000 | ---D | C] -- C:\Users\django\AppData\Local\Thunderbird [2011.01.25 19:06:44 | 000,000,000 | ---D | C] -- C:\Users\django\AppData\Roaming\SharePod [2011.01.24 22:17:48 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype [2011.01.24 22:17:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011.01.24 22:17:46 | 000,000,000 | R--D | C] -- C:\Programme\Skype [2011.01.23 23:13:54 | 000,000,000 | ---D | C] -- C:\Users\django\AppData\Roaming\dvdcss [2011.01.23 23:05:36 | 000,000,000 | ---D | C] -- C:\Users\django\AppData\Roaming\vlc [2011.01.23 23:04:10 | 000,000,000 | ---D | C] -- C:\Users\django\AppData\Roaming\TrueCrypt [2011.01.23 21:36:38 | 000,000,000 | ---D | C] -- C:\Windows\Msagent [2011.01.23 21:31:39 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Works [2011.01.23 20:28:29 | 000,000,000 | ---D | C] -- C:\Users\django\AppData\Roaming\TeamViewer [2011.01.23 20:04:14 | 000,000,000 | ---D | C] -- C:\Users\django\Desktop\pbsetup [2011.01.23 19:52:08 | 000,000,000 | ---D | C] -- C:\Users\django\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2011.01.23 19:07:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Tastatur [2011.01.23 19:07:33 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft IntelliType Pro [2011.01.23 19:07:30 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2011.01.23 18:32:37 | 000,231,248 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys [2011.01.23 18:32:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt [2011.01.23 18:32:32 | 000,000,000 | ---D | C] -- C:\Programme\TrueCrypt [2011.01.23 18:31:21 | 000,000,000 | ---D | C] -- C:\Users\django\AppData\Local\PunkBuster [2011.01.23 18:25:40 | 000,000,000 | ---D | C] -- C:\Users\django\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2011.01.23 18:25:32 | 000,000,000 | ---D | C] -- C:\Users\django\AppData\Roaming\Dropbox [2011.01.23 18:25:05 | 000,000,000 | ---D | C] -- C:\Users\django\AppData\Roaming\skypePM [2011.01.23 18:23:45 | 000,000,000 | ---D | C] -- C:\Users\django\AppData\Roaming\Skype [2011.01.23 18:23:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2011.01.23 18:20:13 | 000,000,000 | ---D | C] -- C:\Programme\VideoLAN [2011.01.23 18:19:46 | 000,000,000 | ---D | C] -- C:\Users\django\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wolfenstein - Enemy Territory [2011.01.23 18:19:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfenstein - Enemy Territory [2011.01.23 18:19:36 | 000,000,000 | ---D | C] -- C:\Programme\Wolfenstein - Enemy Territory [2011.01.23 18:17:21 | 000,000,000 | ---D | C] -- C:\Users\django\AppData\Roaming\Highresolution Enterprises [2011.01.23 18:17:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMOUSE [2011.01.23 18:17:20 | 000,000,000 | ---D | C] -- C:\Programme\Highresolution Enterprises [2011.01.23 18:12:27 | 000,053,016 | ---- | C] (Tracker Software Products Ltd.) -- C:\Windows\System32\pxc40pm.dll [2011.01.23 18:12:25 | 000,000,000 | ---D | C] -- C:\Programme\Tracker Software [2011.01.23 18:02:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2011.01.23 18:02:25 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java [2011.01.23 18:02:21 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011.01.23 18:02:21 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.01.23 18:02:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.01.23 18:02:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.01.23 18:02:17 | 000,000,000 | ---D | C] -- C:\Programme\Java [2011.01.23 17:45:40 | 000,000,000 | ---D | C] -- C:\Programme\uTorrent [2011.01.23 17:44:59 | 000,000,000 | ---D | C] -- C:\Users\django\AppData\Roaming\uTorrent [2011.01.23 17:44:45 | 000,000,000 | ---D | C] -- C:\Programme\DAEMON Tools Lite [2011.01.23 17:44:21 | 000,000,000 | ---D | C] -- C:\Users\django\AppData\Roaming\DAEMON Tools Lite [2011.01.23 17:44:18 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2011.01.23 17:43:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon [2011.01.23 17:43:07 | 000,352,256 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNQL1213.DLL [2011.01.23 17:43:07 | 000,057,344 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNQU110.DLL [2011.01.23 17:43:07 | 000,000,000 | -H-D | C] -- C:\CanoScan [2011.01.23 12:01:30 | 000,000,000 | ---D | C] -- C:\Programme\TeamViewer [2011.01.23 11:53:12 | 000,000,000 | ---D | C] -- C:\Users\django\AppData\Local\Adobe [2011.01.23 11:53:11 | 000,000,000 | ---D | C] -- C:\Users\django\AppData\Roaming\ABBYY [2011.01.23 11:52:33 | 000,000,000 | ---D | C] -- C:\Users\django\AppData\Roaming\OpenOffice.org [2011.01.23 11:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 10 [2011.01.23 11:51:51 | 000,000,000 | ---D | C] -- C:\Users\django\AppData\Local\ABBYY [2011.01.23 11:51:50 | 000,000,000 | ---D | C] -- C:\Programme\ABBYY FineReader 10 [2011.01.23 11:51:50 | 000,000,000 | ---D | C] -- C:\ProgramData\ABBYY [2011.01.23 11:48:59 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.2 [2011.01.23 11:48:44 | 000,000,000 | ---D | C] -- C:\Programme\OpenOffice.org 3 [2011.01.23 03:11:36 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2011.01.23 03:11:36 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2011.01.23 03:11:36 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2011.01.23 03:09:34 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe [2011.01.23 03:02:44 | 000,197,632 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll [2011.01.23 03:02:44 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2011.01.23 03:02:43 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2011.01.23 03:02:43 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2011.01.23 03:02:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2011.01.23 03:02:39 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll [2011.01.23 03:02:39 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll [2011.01.23 03:02:39 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll [2011.01.23 03:02:39 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe [2011.01.23 03:02:38 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.01.23 03:02:38 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.01.23 03:02:37 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.01.23 03:02:37 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.01.23 03:02:37 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.01.23 03:02:37 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.01.23 03:02:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.01.23 03:02:37 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.01.23 03:02:37 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.01.23 03:02:37 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.01.23 03:02:37 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.01.23 03:02:36 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll [2011.01.23 03:02:36 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys [2011.01.23 03:02:36 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll [2011.01.23 03:02:35 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [2011.01.23 03:02:33 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll [2011.01.23 03:02:33 | 000,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe [2011.01.23 03:02:33 | 000,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe [2011.01.23 03:02:31 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll [2011.01.23 03:02:31 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll [2011.01.23 03:02:30 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll [2011.01.23 03:02:30 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.01.23 03:02:29 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2011.01.23 03:02:27 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2011.01.23 03:02:27 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll [2011.01.23 03:02:27 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.01.23 03:02:27 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll [2011.01.23 03:02:27 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll [2011.01.23 03:02:27 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [2011.01.23 03:02:27 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.01.23 03:02:26 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.01.23 03:02:26 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.01.23 03:02:22 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll [2011.01.23 03:02:21 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.01.23 03:02:21 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.01.23 03:02:21 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll [2011.01.23 03:02:21 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2011.01.23 03:00:47 | 000,000,000 | ---D | C] -- C:\Users\django\AppData\Roaming\Macromedia [2011.01.23 03:00:47 | 000,000,000 | ---D | C] -- C:\Users\django\AppData\Roaming\Adobe [2011.01.23 03:00:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2011.01.23 02:59:49 | 000,000,000 | ---D | C] -- C:\Users\django\AppData\Local\Google [2011.01.23 02:59:49 | 000,000,000 | ---D | C] -- C:\Programme\Google [2011.01.23 02:59:43 | 000,000,000 | ---D | C] -- C:\Programme\Alwil Software [2011.01.23 02:59:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software [2011.01.23 02:57:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed [2011.01.23 02:07:40 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2011.01.23 01:52:34 | 000,000,000 | ---D | C] -- C:\Programme\Vidalia Bundle [2011.01.23 01:52:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vidalia Bundle [2011.01.23 01:52:34 | 000,000,000 | ---D | C] -- C:\Users\django\AppData\Roaming\Vidalia [2011.01.23 01:52:34 | 000,000,000 | ---D | C] -- C:\Users\django\AppData\Roaming\Tor [2011.01.23 01:51:52 | 000,000,000 | ---D | C] -- C:\Users\django\AppData\Roaming\Mozilla [2011.01.23 01:51:52 | 000,000,000 | ---D | C] -- C:\Users\django\AppData\Local\Mozilla [2011.01.23 01:51:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox [2011.01.23 01:51:49 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2011.01.23 01:50:04 | 000,017,488 | ---- | C] (Windows (R) 2000 DDK provider) -- C:\Windows\gdrv.sys [2011.01.23 01:40:22 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield [2011.01.23 01:40:21 | 000,073,728 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\System32\ISUSPM.cpl [2011.01.23 01:40:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NEC Electronics [2011.01.23 01:39:59 | 000,000,000 | ---D | C] -- C:\Programme\NEC Electronics [2011.01.23 01:39:42 | 000,000,000 | ---D | C] -- C:\Programme\DIFX [2011.01.23 01:39:38 | 000,030,392 | ---- | C] (Advanced Micro Devices) -- C:\Windows\System32\drivers\usbfilter.sys [2011.01.23 01:39:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE [2011.01.23 01:39:38 | 000,000,000 | ---D | C] -- C:\Programme\AMD [2011.01.23 01:39:36 | 000,059,960 | ---- | C] (Advanced Micro Devices) -- C:\Windows\System32\drivers\amdsata.sys [2011.01.23 01:39:36 | 000,024,120 | ---- | C] (Advanced Micro Devices) -- C:\Windows\System32\drivers\amdxata.sys [2011.01.23 01:39:34 | 000,014,392 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\System32\drivers\AtiPcie.sys [2011.01.23 01:39:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gigabyte Technology Corp [2011.01.23 01:39:16 | 001,976,944 | R--- | C] (Gigabyte Technology Corp.) -- C:\Windows\System32\xRaidSetup.exe [2011.01.23 01:39:16 | 000,158,320 | R--- | C] (JMicron Technology Corp.) -- C:\Windows\System32\xRaidAPI.dll [2011.01.23 01:39:15 | 000,000,000 | ---D | C] -- C:\RaidTool [2011.01.23 01:39:12 | 000,098,928 | ---- | C] (JMicron Technology Corp.) -- C:\Windows\System32\drivers\jraid.sys [2011.01.23 01:39:08 | 000,000,000 | ---D | C] -- C:\Windows\RaidTool [2011.01.23 01:38:34 | 000,278,560 | ---- | C] (Realtek ) -- C:\Windows\System32\drivers\Rt86win7.sys [2011.01.23 01:38:34 | 000,094,208 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\System32\RTNUninst32.dll [2011.01.23 01:37:49 | 000,000,000 | ---D | C] -- C:\Users\django\AppData\Roaming\ATI [2011.01.23 01:37:49 | 000,000,000 | ---D | C] -- C:\Users\django\AppData\Local\ATI [2011.01.23 01:37:49 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2011.01.23 01:36:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM [2011.01.23 01:36:33 | 002,622,496 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkHDMI.dll [2011.01.23 01:36:33 | 001,640,480 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RHDMIExt.dll [2011.01.23 01:36:33 | 000,355,528 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32H.dll [2011.01.23 01:36:33 | 000,293,600 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RH3DHT32.dll [2011.01.23 01:36:33 | 000,293,600 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RH3DAA32.dll [2011.01.23 01:36:33 | 000,183,584 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RtHDMIV.sys [2011.01.23 01:36:33 | 000,168,648 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32H.dll [2011.01.23 01:36:33 | 000,073,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32H.dll [2011.01.23 01:36:33 | 000,062,664 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32H.dll [2011.01.23 01:36:33 | 000,057,376 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RHCoInst.dll [2011.01.23 01:36:30 | 001,783,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll [2011.01.23 01:36:30 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll [2011.01.23 01:36:30 | 000,185,584 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll [2011.01.23 01:36:30 | 000,173,296 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll [2011.01.23 01:36:30 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll [2011.01.23 01:36:29 | 001,759,264 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll [2011.01.23 01:36:29 | 000,057,888 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll [2011.01.23 01:36:28 | 002,649,632 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll [2011.01.23 01:36:28 | 000,367,136 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll [2011.01.23 01:36:27 | 000,551,456 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl [2011.01.23 01:36:26 | 003,066,912 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys [2011.01.23 01:36:26 | 001,938,704 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll [2011.01.23 01:36:26 | 000,357,576 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll [2011.01.23 01:36:26 | 000,311,568 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll [2011.01.23 01:36:26 | 000,293,584 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll [2011.01.23 01:36:26 | 000,293,584 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll [2011.01.23 01:36:26 | 000,168,648 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll [2011.01.23 01:36:26 | 000,132,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll [2011.01.23 01:36:26 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll [2011.01.23 01:36:26 | 000,062,664 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll [2011.01.23 01:36:25 | 000,299,936 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll [2011.01.23 01:36:24 | 001,131,280 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2SpeakerDLL.dll [2011.01.23 01:36:24 | 000,961,296 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2HeadphoneDLL.dll [2011.01.23 01:36:24 | 000,900,368 | ---- | C] (DTS) -- C:\Windows\System32\DTSBoostDLL.dll [2011.01.23 01:36:24 | 000,448,272 | ---- | C] (DTS) -- C:\Windows\System32\DTSBassEnhancementDLL.dll [2011.01.23 01:36:24 | 000,427,792 | ---- | C] (DTS) -- C:\Windows\System32\DTSSymmetryDLL.dll [2011.01.23 01:36:24 | 000,405,776 | ---- | C] (DTS) -- C:\Windows\System32\DTSVoiceClarityDLL.dll [2011.01.23 01:36:24 | 000,290,064 | ---- | C] (DTS) -- C:\Windows\System32\DTSNeoPCDLL.dll [2011.01.23 01:36:24 | 000,235,280 | ---- | C] (DTS) -- C:\Windows\System32\DTSGainCompensatorDLL.dll [2011.01.23 01:36:24 | 000,223,504 | ---- | C] (DTS) -- C:\Windows\System32\DTSLimiterDLL.dll [2011.01.23 01:36:24 | 000,103,696 | ---- | C] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll [2011.01.23 01:36:24 | 000,103,696 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll [2011.01.23 01:36:24 | 000,102,160 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPONS.dll [2011.01.23 01:36:24 | 000,096,160 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll [2011.01.23 01:36:23 | 000,145,760 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll [2011.01.23 01:36:23 | 000,000,000 | -H-D | C] -- C:\Programme\Temp [2011.01.23 01:36:23 | 000,000,000 | ---D | C] -- C:\Programme\Realtek [2011.01.23 01:36:22 | 001,247,776 | R--- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll [2011.01.23 01:36:16 | 000,000,000 | ---D | C] -- C:\Programme\ATI [2011.01.23 01:36:15 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\ATI Technologies [2011.01.23 01:36:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2011.01.23 01:35:55 | 000,000,000 | ---D | C] -- C:\Programme\ATI Technologies [2011.01.23 01:35:48 | 000,446,464 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\ATIDEMGX.dll [2011.01.23 01:35:48 | 000,050,176 | ---- | C] (AMD) -- C:\Windows\System32\coinst.dll [2011.01.23 01:35:02 | 000,000,000 | -H-D | C] -- C:\Programme\DeviceVM [2011.01.23 01:35:00 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2011.01.23 01:34:48 | 000,000,000 | -H-D | C] -- C:\Programme\InstallShield Installation Information [2011.01.23 01:34:48 | 000,000,000 | ---D | C] -- C:\Programme\Gigabyte [2011.01.23 01:34:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE [2011.01.23 01:34:41 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\InstallShield [2011.01.23 01:29:47 | 000,000,000 | R--D | C] -- C:\Users\django\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2011.01.23 01:29:47 | 000,000,000 | R--D | C] -- C:\Users\django\Searches [2011.01.23 01:29:47 | 000,000,000 | R--D | C] -- C:\Users\django\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2011.01.23 01:29:41 | 000,000,000 | R--D | C] -- C:\Users\django\Contacts [2011.01.23 01:29:41 | 000,000,000 | ---D | C] -- C:\Users\django\AppData\Roaming\Identities [2011.01.23 01:29:38 | 000,000,000 | ---D | C] -- C:\Users\django\AppData\Local\VirtualStore [2011.01.23 01:29:37 | 000,000,000 | --SD | C] -- C:\Users\django\AppData\Roaming\Microsoft [2011.01.23 01:29:37 | 000,000,000 | R--D | C] -- C:\Users\django\Videos [2011.01.23 01:29:37 | 000,000,000 | R--D | C] -- C:\Users\django\Saved Games [2011.01.23 01:29:37 | 000,000,000 | R--D | C] -- C:\Users\django\Pictures [2011.01.23 01:29:37 | 000,000,000 | R--D | C] -- C:\Users\django\Music [2011.01.23 01:29:37 | 000,000,000 | R--D | C] -- C:\Users\django\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2011.01.23 01:29:37 | 000,000,000 | R--D | C] -- C:\Users\django\Links [2011.01.23 01:29:37 | 000,000,000 | R--D | C] -- C:\Users\django\Favorites [2011.01.23 01:29:37 | 000,000,000 | R--D | C] -- C:\Users\django\Downloads [2011.01.23 01:29:37 | 000,000,000 | R--D | C] -- C:\Users\django\Documents [2011.01.23 01:29:37 | 000,000,000 | R--D | C] -- C:\Users\django\Desktop [2011.01.23 01:29:37 | 000,000,000 | R--D | C] -- C:\Users\django\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2011.01.23 01:29:37 | 000,000,000 | -HSD | C] -- C:\Users\django\Vorlagen [2011.01.23 01:29:37 | 000,000,000 | -HSD | C] -- C:\Users\django\AppData\Local\Verlauf [2011.01.23 01:29:37 | 000,000,000 | -HSD | C] -- C:\Users\django\AppData\Local\Temporary Internet Files [2011.01.23 01:29:37 | 000,000,000 | -HSD | C] -- C:\Users\django\Startmenü [2011.01.23 01:29:37 | 000,000,000 | -HSD | C] -- C:\Users\django\SendTo [2011.01.23 01:29:37 | 000,000,000 | -HSD | C] -- C:\Users\django\Recent [2011.01.23 01:29:37 | 000,000,000 | -HSD | C] -- C:\Users\django\Netzwerkumgebung [2011.01.23 01:29:37 | 000,000,000 | -HSD | C] -- C:\Users\django\Lokale Einstellungen [2011.01.23 01:29:37 | 000,000,000 | -HSD | C] -- C:\Users\django\Documents\Eigene Videos [2011.01.23 01:29:37 | 000,000,000 | -HSD | C] -- C:\Users\django\Documents\Eigene Musik [2011.01.23 01:29:37 | 000,000,000 | -HSD | C] -- C:\Users\django\Eigene Dateien [2011.01.23 01:29:37 | 000,000,000 | -HSD | C] -- C:\Users\django\Documents\Eigene Bilder [2011.01.23 01:29:37 | 000,000,000 | -HSD | C] -- C:\Users\django\Druckumgebung [2011.01.23 01:29:37 | 000,000,000 | -HSD | C] -- C:\Users\django\Cookies [2011.01.23 01:29:37 | 000,000,000 | -HSD | C] -- C:\Users\django\AppData\Local\Anwendungsdaten [2011.01.23 01:29:37 | 000,000,000 | -HSD | C] -- C:\Users\django\Anwendungsdaten [2011.01.23 01:29:37 | 000,000,000 | -H-D | C] -- C:\Users\django\AppData [2011.01.23 01:29:37 | 000,000,000 | ---D | C] -- C:\Users\django\AppData\Local\Temp [2011.01.23 01:29:37 | 000,000,000 | ---D | C] -- C:\Users\django\AppData\Local\Microsoft [2011.01.23 01:29:37 | 000,000,000 | ---D | C] -- C:\Users\django\AppData\Roaming\Media Center Programs [2011.01.23 01:29:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2011.01.23 01:29:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2011.01.23 01:29:32 | 000,000,000 | -HSD | C] -- C:\Recovery [2011.01.23 01:29:32 | 000,000,000 | -HSD | C] -- C:\Programme [2011.01.23 01:29:32 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien [2011.01.23 01:29:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2011.01.23 01:29:32 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2011.01.23 01:29:32 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2011.01.23 01:29:32 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2011.01.23 01:29:32 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2011.01.23 01:29:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2011.01.23 01:29:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2011.01.23 01:29:30 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2011.01.23 01:23:41 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2011.01.23 01:23:36 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2011.01.23 01:22:57 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2011.01.23 01:22:41 | 000,000,000 | -HSD | C] -- C:\Boot [2011.01.21 11:37:05 | 000,000,000 | ---D | C] -- C:\Users\django\Desktop\usb stick transfer ========== Files - Modified Within 30 Days ========== [2011.02.08 13:27:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.02.08 13:04:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.02.08 12:38:48 | 000,137,176 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.02.08 12:38:38 | 000,268,952 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2011.02.08 12:31:38 | 000,014,208 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.02.08 12:31:38 | 000,014,208 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.02.08 12:28:40 | 000,691,294 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.02.08 12:28:40 | 000,647,308 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.02.08 12:28:40 | 000,144,892 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.02.08 12:28:40 | 000,118,438 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.02.08 12:25:08 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.02.08 12:24:31 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\gdrv.sys [2011.02.08 12:24:26 | 2614,505,472 | -HS- | M] () -- C:\hiberfil.sys [2011.02.08 12:11:14 | 000,037,096 | ---- | M] () -- C:\Users\django\Desktop\cc_20110208_121101.reg [2011.02.08 12:09:37 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.02.08 11:11:13 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.02.07 23:41:37 | 000,000,004 | ---- | M] () -- C:\Windows\System32\GVTunner.ref [2011.02.07 23:41:24 | 000,002,018 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.02.07 22:46:14 | 000,268,952 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0 [2011.02.07 19:29:48 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2011.02.07 19:26:13 | 000,024,944 | ---- | M] () -- C:\Windows\System32\drivers\GVTDrv.sys [2011.02.07 19:12:45 | 000,968,332 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB [2011.02.07 17:08:35 | 000,002,969 | ---- | M] () -- C:\Users\django\Desktop\HiJackThis.lnk [2011.02.07 15:34:33 | 000,057,344 | ---- | M] ( ) -- C:\Users\django\AppData\Roaming\MSNMessengerAPI.dll [2011.02.07 00:04:35 | 000,002,286 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2011.02.01 01:18:45 | 000,001,395 | ---- | M] () -- C:\Users\django\Desktop\KeePass - Verknüpfung.lnk [2011.01.31 17:01:00 | 000,000,125 | -HS- | M] () -- C:\ProgramData\.zreglib [2011.01.31 14:06:20 | 000,000,479 | ---- | M] () -- C:\Users\django\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk [2011.01.31 12:59:25 | 000,000,953 | ---- | M] () -- C:\Users\django\Desktop\DVDFab 8.lnk [2011.01.30 16:27:57 | 000,313,639 | ---- | M] () -- C:\Users\django\Desktop\slh_boensch_methodik.pdf [2011.01.30 16:19:34 | 000,647,065 | ---- | M] () -- C:\Users\django\Desktop\ausserschulische-lernorte.pdf [2011.01.29 23:58:40 | 000,001,091 | ---- | M] () -- C:\Users\django\Desktop\BootDisk2BootStick.lnk [2011.01.29 23:12:01 | 000,000,586 | ---- | M] () -- C:\Users\Public\Desktop\HP USB Disk Storage Format Tool.lnk [2011.01.29 22:50:46 | 000,332,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.01.28 22:45:21 | 000,001,059 | ---- | M] () -- C:\Users\Public\Desktop\AnyDVD.lnk [2011.01.27 23:21:43 | 000,000,140 | ---- | M] () -- C:\Users\Public\Desktop\SAMSUNG Dr.Printer.url [2011.01.25 20:28:33 | 000,001,848 | ---- | M] () -- C:\Users\Public\Desktop\IrfanView Thumbnails.lnk [2011.01.25 20:28:33 | 000,000,968 | ---- | M] () -- C:\Users\Public\Desktop\IrfanView.lnk [2011.01.25 20:11:31 | 000,001,951 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2011.01.25 18:53:58 | 000,000,481 | ---- | M] () -- C:\Users\django\Desktop\TCCON - Verknüpfung.lnk [2011.01.25 15:38:38 | 000,001,264 | ---- | M] () -- C:\Users\django\Desktop\bürgerkrieg - Verknüpfung.lnk [2011.01.24 22:17:48 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2011.01.23 21:46:07 | 000,000,080 | ---- | M] () -- C:\Users\django\AppData\Roaming\wklnhst.dat [2011.01.23 21:37:04 | 000,000,400 | ---- | M] () -- C:\Windows\ODBC.INI [2011.01.23 18:33:51 | 000,001,003 | ---- | M] () -- C:\Users\django\Desktop\JDownloader - Verknüpfung.lnk [2011.01.23 18:32:38 | 000,001,028 | ---- | M] () -- C:\Users\Public\Desktop\TrueCrypt.lnk [2011.01.23 18:32:37 | 000,231,248 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys [2011.01.23 18:26:22 | 000,001,041 | ---- | M] () -- C:\Users\django\Desktop\Dropbox.lnk [2011.01.23 18:26:22 | 000,001,021 | ---- | M] () -- C:\Users\django\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2011.01.23 18:25:08 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat [2011.01.23 18:19:48 | 000,001,024 | ---- | M] () -- C:\Users\django\Desktop\Wolfenstein - Enemy Territory.lnk [2011.01.23 18:02:18 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011.01.23 18:02:18 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.01.23 18:02:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.01.23 18:02:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.01.23 17:44:56 | 000,691,696 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys [2011.01.23 12:01:33 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk [2011.01.23 11:48:59 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk [2011.01.23 01:51:50 | 000,001,885 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.01.23 01:45:19 | 000,000,020 | RHS- | M] () -- C:\win7.ld [2011.01.23 01:45:18 | 000,289,130 | RHS- | M] () -- C:\OHUAY [2011.01.23 01:40:55 | 000,001,970 | ---- | M] () -- C:\Users\Public\Desktop\ET6.lnk [2011.01.23 01:37:44 | 000,000,010 | ---- | M] () -- C:\Windows\GSetup.ini [2011.01.23 01:37:34 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin [2011.01.23 01:27:51 | 000,056,735 | ---- | M] () -- C:\Windows\System32\license.rtf [2011.01.23 01:24:11 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2011.01.23 01:22:44 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2011.01.10 14:23:16 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.01.10 14:23:15 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys ========== Files Created - No Company Name ========== [2011.02.08 12:11:04 | 000,037,096 | ---- | C] () -- C:\Users\django\Desktop\cc_20110208_121101.reg [2011.02.08 12:09:37 | 000,000,971 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.02.08 11:11:13 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.02.07 23:41:24 | 000,002,018 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.02.07 19:12:39 | 000,968,332 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB [2011.02.07 17:08:35 | 000,002,969 | ---- | C] () -- C:\Users\django\Desktop\HiJackThis.lnk [2011.01.31 14:20:46 | 000,001,395 | ---- | C] () -- C:\Users\django\Desktop\KeePass - Verknüpfung.lnk [2011.01.31 14:06:20 | 000,000,479 | ---- | C] () -- C:\Users\django\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk [2011.01.31 13:59:01 | 000,002,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox 4.0 Beta 10.lnk [2011.01.30 16:27:57 | 000,313,639 | ---- | C] () -- C:\Users\django\Desktop\slh_boensch_methodik.pdf [2011.01.30 16:19:34 | 000,647,065 | ---- | C] () -- C:\Users\django\Desktop\ausserschulische-lernorte.pdf [2011.01.29 23:58:40 | 000,001,091 | ---- | C] () -- C:\Users\django\Desktop\BootDisk2BootStick.lnk [2011.01.29 23:12:01 | 000,017,730 | ---- | C] () -- C:\Programme\EULA.doc [2011.01.29 23:12:01 | 000,000,586 | ---- | C] () -- C:\Users\Public\Desktop\HP USB Disk Storage Format Tool.lnk [2011.01.28 23:00:08 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.01.28 22:51:22 | 000,000,953 | ---- | C] () -- C:\Users\django\Desktop\DVDFab 8.lnk [2011.01.28 22:45:21 | 000,001,059 | ---- | C] () -- C:\Users\Public\Desktop\AnyDVD.lnk [2011.01.27 23:21:40 | 000,454,656 | ---- | C] () -- C:\Windows\ssndii.exe [2011.01.27 21:07:16 | 000,000,140 | ---- | C] () -- C:\Users\Public\Desktop\SAMSUNG Dr.Printer.url [2011.01.27 21:07:10 | 000,011,502 | ---- | C] () -- C:\Windows\Dr. Printer Icon.ico [2011.01.27 21:07:10 | 000,000,555 | ---- | C] () -- C:\Windows\System32\SUGG1LMK.SMT [2011.01.27 21:05:21 | 000,835,584 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1u2.dll [2011.01.27 21:05:21 | 000,626,874 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1ua.bmp [2011.01.27 21:05:21 | 000,606,208 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1U.dll [2011.01.27 21:05:21 | 000,206,278 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1ub.bmp [2011.01.27 21:05:21 | 000,071,336 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1uC.bmp [2011.01.27 21:05:21 | 000,059,692 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1sp.dat [2011.01.27 21:05:21 | 000,058,736 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\sugg1ucv.bmp [2011.01.27 21:05:21 | 000,058,736 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\sugg1ucs.bmp [2011.01.27 21:05:21 | 000,058,736 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\sugg1ucp.bmp [2011.01.27 21:05:21 | 000,058,736 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\sugg1uco.bmp [2011.01.27 21:05:21 | 000,058,736 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\sugg1ucd.bmp [2011.01.27 21:05:21 | 000,058,736 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\sugg1ucc.bmp [2011.01.27 21:05:21 | 000,057,303 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1ru.dat [2011.01.27 21:05:21 | 000,056,215 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1tk.dat [2011.01.27 21:05:21 | 000,055,410 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1sw.dat [2011.01.27 21:05:21 | 000,031,277 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1ru.chm [2011.01.27 21:05:21 | 000,030,247 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1sw.chm [2011.01.27 21:05:21 | 000,030,229 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1tk.chm [2011.01.27 21:05:21 | 000,030,025 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1sp.chm [2011.01.27 21:05:21 | 000,024,840 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1uG.bmp [2011.01.27 21:05:21 | 000,014,700 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1u1.bmp [2011.01.27 21:05:21 | 000,014,684 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1u.bmp [2011.01.27 21:05:21 | 000,013,951 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1UM.xml [2011.01.27 21:05:21 | 000,009,242 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1u.INI [2011.01.27 21:05:21 | 000,004,072 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1ul.bmp [2011.01.27 21:05:20 | 001,443,440 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1CM.ctd [2011.01.27 21:05:20 | 000,208,896 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1M.DLL [2011.01.27 21:05:20 | 000,062,902 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1fn.dat [2011.01.27 21:05:20 | 000,060,166 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1gr.dat [2011.01.27 21:05:20 | 000,059,873 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1pt.dat [2011.01.27 21:05:20 | 000,058,957 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1it.dat [2011.01.27 21:05:20 | 000,058,276 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1dt.dat [2011.01.27 21:05:20 | 000,058,042 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1hu.dat [2011.01.27 21:05:20 | 000,057,083 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1po.dat [2011.01.27 21:05:20 | 000,056,509 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1fi.dat [2011.01.27 21:05:20 | 000,056,098 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1dn.dat [2011.01.27 21:05:20 | 000,056,046 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1cz.dat [2011.01.27 21:05:20 | 000,055,040 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1nr.dat [2011.01.27 21:05:20 | 000,054,019 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1en.dat [2011.01.27 21:05:20 | 000,053,248 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1lf.dll [2011.01.27 21:05:20 | 000,052,112 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1kr.dat [2011.01.27 21:05:20 | 000,046,843 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1cp.dat [2011.01.27 21:05:20 | 000,046,704 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1ct.dat [2011.01.27 21:05:20 | 000,037,869 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\sugg1.cat [2011.01.27 21:05:20 | 000,031,381 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1po.chm [2011.01.27 21:05:20 | 000,031,241 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1cz.chm [2011.01.27 21:05:20 | 000,031,155 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1hu.chm [2011.01.27 21:05:20 | 000,031,132 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1kr.chm [2011.01.27 21:05:20 | 000,030,711 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1gr.chm [2011.01.27 21:05:20 | 000,030,437 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1fn.chm [2011.01.27 21:05:20 | 000,030,389 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1ct.chm [2011.01.27 21:05:20 | 000,030,383 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1cp.chm [2011.01.27 21:05:20 | 000,030,223 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1fi.chm [2011.01.27 21:05:20 | 000,030,199 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1dn.chm [2011.01.27 21:05:20 | 000,029,945 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1dt.chm [2011.01.27 21:05:20 | 000,029,865 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1pt.chm [2011.01.27 21:05:20 | 000,029,803 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1nr.chm [2011.01.27 21:05:20 | 000,029,737 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1it.chm [2011.01.27 21:05:20 | 000,029,624 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1M3.bmp [2011.01.27 21:05:20 | 000,029,624 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1M2.bmp [2011.01.27 21:05:20 | 000,029,624 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1M1.bmp [2011.01.27 21:05:20 | 000,029,323 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1en.chm [2011.01.27 21:05:20 | 000,003,016 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1.inf [2011.01.27 21:05:20 | 000,000,746 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1.ver [2011.01.27 21:05:20 | 000,000,555 | ---- | C] () -- C:\Windows\System32\drivers\Samsung\Samsung CLP-300 Series\SUGG1lmk.smt [2011.01.25 20:28:33 | 000,001,848 | ---- | C] () -- C:\Users\Public\Desktop\IrfanView Thumbnails.lnk [2011.01.25 20:28:33 | 000,000,968 | ---- | C] () -- C:\Users\Public\Desktop\IrfanView.lnk [2011.01.25 20:11:31 | 000,001,951 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2011.01.25 18:53:58 | 000,000,481 | ---- | C] () -- C:\Users\django\Desktop\TCCON - Verknüpfung.lnk [2011.01.25 15:38:38 | 000,001,264 | ---- | C] () -- C:\Users\django\Desktop\bürgerkrieg - Verknüpfung.lnk [2011.01.24 22:17:48 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2011.01.23 21:37:04 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.01.23 21:35:15 | 000,000,080 | ---- | C] () -- C:\Users\django\AppData\Roaming\wklnhst.dat [2011.01.23 21:26:21 | 000,117,304 | ---- | C] () -- C:\Users\django\Desktop\KATALOGE.wps [2011.01.23 20:08:16 | 000,137,176 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.01.23 20:08:11 | 000,268,952 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2011.01.23 20:08:11 | 000,268,952 | ---- | C] () -- C:\Windows\System32\PnkBstrB.ex0 [2011.01.23 20:07:52 | 000,268,952 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr [2011.01.23 20:07:45 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2011.01.23 18:33:51 | 000,001,003 | ---- | C] () -- C:\Users\django\Desktop\JDownloader - Verknüpfung.lnk [2011.01.23 18:32:38 | 000,001,028 | ---- | C] () -- C:\Users\Public\Desktop\TrueCrypt.lnk [2011.01.23 18:26:22 | 000,001,041 | ---- | C] () -- C:\Users\django\Desktop\Dropbox.lnk [2011.01.23 18:26:22 | 000,001,021 | ---- | C] () -- C:\Users\django\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2011.01.23 18:25:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.01.23 18:19:48 | 000,001,024 | ---- | C] () -- C:\Users\django\Desktop\Wolfenstein - Enemy Territory.lnk [2011.01.23 17:44:56 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2011.01.23 12:01:33 | 000,001,132 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk [2011.01.23 12:01:33 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk [2011.01.23 11:48:59 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk [2011.01.23 03:00:35 | 000,002,286 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2011.01.23 02:59:50 | 000,001,096 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.01.23 02:59:50 | 000,001,092 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.01.23 01:51:50 | 000,001,885 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.01.23 01:50:23 | 000,024,944 | ---- | C] () -- C:\Windows\System32\drivers\GVTDrv.sys [2011.01.23 01:50:23 | 000,000,004 | ---- | C] () -- C:\Windows\System32\GVTunner.ref [2011.01.23 01:45:19 | 000,000,020 | RHS- | C] () -- C:\win7.ld [2011.01.23 01:45:18 | 000,289,130 | RHS- | C] () -- C:\OHUAY [2011.01.23 01:40:55 | 000,001,970 | ---- | C] () -- C:\Users\Public\Desktop\ET6.lnk [2011.01.23 01:40:21 | 000,031,272 | ---- | C] () -- C:\Windows\System32\AppleChargerSrv.exe [2011.01.23 01:40:21 | 000,019,496 | ---- | C] () -- C:\Windows\System32\drivers\AppleCharger.sys [2011.01.23 01:39:15 | 000,072,304 | R--- | C] () -- C:\Windows\System32\XSrvSetup.exe [2011.01.23 01:38:34 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011.01.23 01:37:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.01.23 01:35:48 | 000,038,400 | ---- | C] () -- C:\Windows\System32\atiapfxx.blb [2011.01.23 01:35:48 | 000,020,862 | ---- | C] () -- C:\Windows\atiogl.xml [2011.01.23 01:35:48 | 000,002,023 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011.01.23 01:33:57 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2011.01.23 01:29:48 | 000,001,409 | ---- | C] () -- C:\Users\django\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2011.01.23 01:24:11 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2011.01.23 01:23:36 | 2614,505,472 | -HS- | C] () -- C:\hiberfil.sys [2011.01.23 01:22:44 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK [2011.01.23 01:22:42 | 000,383,562 | RHS- | C] () -- C:\bootmgr [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2006.12.09 04:54:38 | 000,022,723 | ---- | C] () -- C:\Windows\System32\sugg1l3.dll ========== LOP Check ========== [2011.01.29 18:21:24 | 000,000,000 | ---D | M] -- C:\Users\django\AppData\Roaming\DAEMON Tools Lite [2011.02.08 12:25:19 | 000,000,000 | ---D | M] -- C:\Users\django\AppData\Roaming\Dropbox [2011.01.23 18:17:21 | 000,000,000 | ---D | M] -- C:\Users\django\AppData\Roaming\Highresolution Enterprises [2011.01.25 20:28:32 | 000,000,000 | ---D | M] -- C:\Users\django\AppData\Roaming\IrfanView [2011.01.31 13:53:33 | 000,000,000 | ---D | M] -- C:\Users\django\AppData\Roaming\KeePass [2011.01.23 11:52:33 | 000,000,000 | ---D | M] -- C:\Users\django\AppData\Roaming\OpenOffice.org [2011.01.25 19:06:44 | 000,000,000 | ---D | M] -- C:\Users\django\AppData\Roaming\SharePod [2011.01.23 21:49:36 | 000,000,000 | ---D | M] -- C:\Users\django\AppData\Roaming\TeamViewer [2011.02.08 11:21:22 | 000,000,000 | ---D | M] -- C:\Users\django\AppData\Roaming\TeraCopy [2011.01.25 19:47:59 | 000,000,000 | ---D | M] -- C:\Users\django\AppData\Roaming\Thunderbird [2011.01.23 23:31:38 | 000,000,000 | ---D | M] -- C:\Users\django\AppData\Roaming\TrueCrypt [2011.01.24 14:59:08 | 000,000,000 | ---D | M] -- C:\Users\django\AppData\Roaming\uTorrent [2011.01.29 00:36:46 | 000,000,000 | ---D | M] -- C:\Users\django\AppData\Roaming\Xilisoft [2009.07.14 05:53:46 | 000,012,724 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.01.23 11:53:11 | 000,000,000 | ---D | M] -- C:\Users\django\AppData\Roaming\ABBYY [2011.01.23 03:00:47 | 000,000,000 | ---D | M] -- C:\Users\django\AppData\Roaming\Adobe [2011.01.23 01:37:49 | 000,000,000 | ---D | M] -- C:\Users\django\AppData\Roaming\ATI [2011.02.07 23:44:04 | 000,000,000 | ---D | M] -- C:\Users\django\AppData\Roaming\Avira [2011.01.29 18:21:24 | 000,000,000 | ---D | M] -- C:\Users\django\AppData\Roaming\DAEMON Tools Lite [2011.02.08 12:25:19 | 000,000,000 | ---D | M] -- C:\Users\django\AppData\Roaming\Dropbox [2011.02.06 22:41:17 | 000,000,000 | ---D | M] -- C:\Users\django\AppData\Roaming\dvdcss [2011.01.23 18:17:21 | 000,000,000 | ---D | M] -- C:\Users\django\AppData\Roaming\Highresolution Enterprises [2011.01.23 01:29:41 | 000,000,000 | ---D | M] -- C:\Users\django\AppData\Roaming\Identities [2011.01.25 20:28:32 | 000,000,000 | ---D | M] -- C:\Users\django\AppData\Roaming\IrfanView [2011.01.31 13:53:33 | 000,000,000 | ---D | M] -- C:\Users\django\AppData\Roaming\KeePass [2011.01.23 03:00:47 | 000,000,000 | ---D | M] -- C:\Users\django\AppData\Roaming\Macromedia [2011.02.08 11:11:16 | 000,000,000 | ---D | M] -- C:\Users\django\AppData\Roaming\Malwarebytes [2009.07.14 09:56:41 | 000,000,000 | ---D | M] -- C:\Users\django\AppData\Roaming\Media Center Programs [2011.02.07 17:08:35 | 000,000,000 | --SD | M] -- C:\Users\django\AppData\Roaming\Microsoft [2011.01.23 01:51:55 | 000,000,000 | ---D | M] -- C:\Users\django\AppData\Roaming\Mozilla [2011.01.29 22:28:24 | 000,000,000 | ---D | M] -- C:\Users\django\AppData\Roaming\Nero [2011.01.23 11:52:33 | 000,000,000 | ---D | M] -- C:\Users\django\AppData\Roaming\OpenOffice.org [2011.01.25 19:06:44 | 000,000,000 | ---D | M] -- C:\Users\django\AppData\Roaming\SharePod [2011.01.31 17:01:46 | 000,000,000 | ---D | M] -- C:\Users\django\AppData\Roaming\Skype [2011.01.31 16:04:15 | 000,000,000 | ---D | M] -- C:\Users\django\AppData\Roaming\skypePM [2011.01.23 21:49:36 | 000,000,000 | ---D | M] -- C:\Users\django\AppData\Roaming\TeamViewer [2011.02.08 11:21:22 | 000,000,000 | ---D | M] -- C:\Users\django\AppData\Roaming\TeraCopy [2011.01.25 19:47:59 | 000,000,000 | ---D | M] -- C:\Users\django\AppData\Roaming\Thunderbird [2011.01.26 23:28:15 | 000,000,000 | ---D | M] -- C:\Users\django\AppData\Roaming\Tor [2011.01.23 23:31:38 | 000,000,000 | ---D | M] -- C:\Users\django\AppData\Roaming\TrueCrypt [2011.01.24 14:59:08 | 000,000,000 | ---D | M] -- C:\Users\django\AppData\Roaming\uTorrent [2011.01.26 23:28:14 | 000,000,000 | ---D | M] -- C:\Users\django\AppData\Roaming\Vidalia [2011.02.07 22:20:22 | 000,000,000 | ---D | M] -- C:\Users\django\AppData\Roaming\vlc [2011.01.26 12:16:10 | 000,000,000 | ---D | M] -- C:\Users\django\AppData\Roaming\WinRAR [2011.01.29 00:36:46 | 000,000,000 | ---D | M] -- C:\Users\django\AppData\Roaming\Xilisoft < %APPDATA%\*.exe /s > [2010.02.26 06:10:20 | 021,979,992 | ---- | M] () -- C:\Users\django\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011.01.23 18:25:42 | 000,089,831 | ---- | M] () -- C:\Users\django\AppData\Roaming\Dropbox\bin\Uninstall.exe [2011.02.07 17:08:35 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\django\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2010.08.10 22:15:54 | 000,363,520 | ---- | M] () MD5=71CB69BC10E8B6CCCD15C4EF19B9F1EB -- C:\Users\django\Desktop\usb stick transfer\fuckvirus\eXplorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: IASTORV.SYS > [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll < MD5 for: USERINIT.EXE > [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: VIASRAID.SYS > [2003.11.18 14:11:12 | 000,081,764 | ---- | M] (VIA Technologies inc,.ltd) MD5=C2B060310F1A50401E96F57DB88E450C -- C:\Users\django\Desktop\ablage usb\SATA\Winnt40\viasraid.sys [2003.10.31 11:22:36 | 000,078,988 | ---- | M] (VIA Technologies inc,.ltd) MD5=D9B404EEE60FF573459036096D64258E -- C:\Users\django\Desktop\ablage usb\SATA\Win2000\viasraid.sys [2003.10.31 11:22:36 | 000,077,312 | ---- | M] (VIA Technologies inc,.ltd) MD5=EBE101C01D80A42868F57B327BE1B564 -- C:\Users\django\Desktop\ablage usb\SATA\2003IA32\viasraid.sys [2003.10.31 11:22:38 | 000,077,312 | ---- | M] (VIA Technologies inc,.ltd) MD5=EBE101C01D80A42868F57B327BE1B564 -- C:\Users\django\Desktop\ablage usb\SATA\Winxp\viasraid.sys < MD5 for: WINLOGON.EXE > [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2011.01.23 17:44:56 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2010.04.07 03:13:10 | 000,446,464 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll [2009.07.14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\FirewallAPI.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > |
|
08.02.2011, 13:50
| #5 |
| | prozess xy lastet cpu aus. verschiedene namen, immer 491kb groß. OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 08.02.2011 13:40:39 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\django\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 78,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 59,62 Gb Total Space | 17,61 Gb Free Space | 29,53% Space Free | Partition Type: NTFS
Drive D: | 1,75 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 4,88 Gb Total Space | 4,83 Gb Free Space | 98,83% Space Free | Partition Type: NTFS
Drive H: | 634,77 Gb Total Space | 273,40 Gb Free Space | 43,07% Space Free | Partition Type: NTFS
Drive J: | 957,63 Mb Total Space | 718,20 Mb Free Space | 75,00% Space Free | Partition Type: FAT
Drive N: | 296,74 Gb Total Space | 89,26 Gb Free Space | 30,08% Space Free | Partition Type: NTFS
Drive P: | 3,66 Gb Total Space | 3,60 Gb Free Space | 98,25% Space Free | Partition Type: NTFS
Computer Name: DJANGO-PC | User Name: django | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-439511251-1354602021-3325364293-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024FDD4C-B4EE-4CFC-696F-9A36B3BE4D41}" = Catalyst Control Center Graphics Previews Vista
"{05BC432D-819E-86AF-74A9-0622CAD08767}" = Catalyst Control Center Graphics Previews Common
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.1214.1
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A477437-2307-018D-3F3A-AFBDE1D4FF7A}" = Catalyst Control Center HydraVision Full
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3C2739CB-9E0F-8E06-F315-25F9E9AB2763}" = CCC Help English
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D910A56-7F85-4AD5-9865-1A6BD51A057E}" = PDF-XChange Pro 4.0
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0427.1
"{43FC4C9A-9D17-9CAB-FA69-6588AFA5A1B2}" = Catalyst Control Center Core Implementation
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0516.1
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{828CFF5D-054C-D04A-3CB1-0788828CA236}" = Catalyst Control Center Graphics Light
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85B0B11F-7EA3-D9DE-BB18-1B52CE1A3E3B}" = Catalyst Control Center Graphics Full Existing
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8F34BDEC-A384-15DC-C823-F0C835841783}" = ccc-utility
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2F991E7-DDCD-42B7-AFEC-47789A099FDC}" = Browser Configuration Utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B76E8F60-D517-44B1-BFCD-B6C153A60F1B}" = revoSleep
"{B7F293A4-8666-6410-36F4-E47EB2029CCB}" = AMD Drag and Drop Transcoding
"{BE1626CD-4380-40BF-84A5-D8F1B4217CB3}" = Visual C++ 2008 Runtime (x86)
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.0517.1
"{D4CFC5F3-481C-40AA-9944-E7E4E732136C}" = Microsoft IntelliType Pro 8.0
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DF9B7D24-4C6E-C773-3E58-D2FEF49ADD74}" = ccc-core-static
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EAD931B5-129D-2A7E-9FD2-522BF504EAF4}" = Catalyst Control Center Graphics Full New
"{F1000000-0001-0000-0000-074957833700}" = ABBYY FineReader 10 Professional Edition
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"AnyDVD" = AnyDVD
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BootDisk2BootStick" = BootDisk2BootStick 0.12
"CCleaner" = CCleaner
"DVDFab 8_is1" = DVDFab 8.0.7.3 (29/01/2011)
"Google Chrome" = Google Chrome
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0516.1
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.0517.1
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"Polipo" = Polipo 1.0.4.1
"Samsung CLP-300 Series" = Samsung CLP-300 Series
"TeamViewer 6" = TeamViewer 6
"TeraCopy_is1" = TeraCopy 2.12
"Tor" = Tor 0.2.1.29
"TrueCrypt" = TrueCrypt
"uTorrent" = µTorrent
"Vidalia" = Vidalia 0.2.10
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"X-Mouse Button Control" = X-Mouse Button Control 1.52
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-439511251-1354602021-3325364293-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 30.01.2011 14:19:01 | Computer Name = django-PC | Source = Application Hang | ID = 1002
Description = Programm dvdrip.exe, Version 5.0.63.303 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: af0 Startzeit:
01cbc095636fa8c1 Endzeit: 60000 Anwendungspfad: C:\Program Files\Xilisoft\DVD Ripper
Platinum 5\dvdrip.exe Berichts-ID: 3bfaadc0-2c9d-11e0-ac3c-0050bf9f44d6
Error - 31.01.2011 07:59:08 | Computer Name = django-PC | Source = MsiInstaller | ID = 1043
Description =
Error - 31.01.2011 08:46:27 | Computer Name = django-PC | Source = Application Hang | ID = 1002
Description = Programm setup.exe, Version 1.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 17c0 Startzeit:
01cbc144d091b4a2 Endzeit: 7 Anwendungspfad: C:\Users\django\AppData\Local\Temp\7zSFEDA.tmp\setup.exe
Berichts-ID:
1c47384b-2d38-11e0-a032-0050bf9f44d6
Error - 07.02.2011 10:43:06 | Computer Name = django-PC | Source = VSS | ID = 8194
Description =
Error - 07.02.2011 17:26:20 | Computer Name = django-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ntvdm.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc158 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00004b59 ID des fehlerhaften
Prozesses: 0xc04 Startzeit der fehlerhaften Anwendung: 0x01cbc70da98a2297 Pfad der
fehlerhaften Anwendung: C:\Windows\system32\ntvdm.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: e75b3073-3300-11e0-b689-0050bf9f44d6
Error - 07.02.2011 19:39:28 | Computer Name = django-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary
aswMonFlt. System Error: Das System kann die angegebene Datei nicht finden. .
Error - 07.02.2011 19:39:28 | Computer Name = django-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary
avast! Network Shield Support. System Error: Das System kann die angegebene Datei
nicht finden. .
Error - 07.02.2011 19:39:28 | Computer Name = django-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary
aswRdr. System Error: Das System kann die angegebene Datei nicht finden. .
Error - 07.02.2011 19:39:28 | Computer Name = django-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary
aswSP. System Error: Das System kann die angegebene Datei nicht finden. .
Error - 07.02.2011 19:39:28 | Computer Name = django-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary
aswFsBlk. System Error: Das System kann die angegebene Datei nicht finden. .
[ System Events ]
Error - 07.02.2011 18:41:36 | Computer Name = django-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers
fehlgeschlagen: %%5
Error - 07.02.2011 19:20:31 | Computer Name = django-PC | Source = DCOM | ID = 10010
Description =
Error - 07.02.2011 19:20:17 | Computer Name = django-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Netman erreicht.
Error - 07.02.2011 19:23:09 | Computer Name = django-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst AudioEndpointBuilder erreicht.
Error - 07.02.2011 19:26:15 | Computer Name = django-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Netman erreicht.
Error - 07.02.2011 20:03:06 | Computer Name = django-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error - 08.02.2011 06:03:50 | Computer Name = django-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error - 08.02.2011 06:34:24 | Computer Name = django-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error - 08.02.2011 07:15:44 | Computer Name = django-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error - 08.02.2011 07:24:31 | Computer Name = django-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
< End of report >
|
|
08.02.2011, 13:53
| #6 |
| | prozess xy lastet cpu aus. verschiedene namen, immer 491kb groß. du kannst auch ruhig mal abwarten bis du alles durcheckst. ich würd mich dann einfach nochmal melden. bisher scheints ok zu sein. Auf jeden Fall: VIELEN DANK für deine Hilfe. |
|
08.02.2011, 13:56
| #7 |
| /// Malware-holic | prozess xy lastet cpu aus. verschiedene namen, immer 491kb groß. bitte höre auf irgendwelche sachen zu löschen. ich sehe du hast Malwarebytes genutzt, logs posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.02.2011, 13:58
| #8 |
| | prozess xy lastet cpu aus. verschiedene namen, immer 491kb groß. hm. also, die Malwarebytes logs hab ich nicht mehr. ich dachte, wenn er nix findet brauch ich auch keine logs. ich hab noch einen hijack this log HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:39:50, on 08.02.2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16700) Boot mode: Normal Running processes: C:\Program Files\TeamViewer\Version6\TeamViewer.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Windows\Samsung\PanelMgr\SSMMgr.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Users\django\AppData\Roaming\Silverlieght.exe C:\Users\django\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\django\Desktop\keepass\KEEPASS\KeePass-2.14\KeePass.exe C:\Windows\system32\wuauclt.exe C:\Users\django\AppData\Local\Temp\x07009.exe C:\Windows\System32\rundll32.exe C:\Windows\system32\taskmgr.exe C:\program files\avira\antivir desktop\avcenter.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60076 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=60076 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60076 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=60076 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60076 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll O2 - BHO: PXCIEaddin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: PDFXChange 4.0 IE Plugin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll O4 - HKLM\..\Run: [BCU] "C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" O4 - HKLM\..\Run: [Bonus.SSR.FR10] "C:\Program Files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" /autorun O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKCU\..\Run: [Silverlieght] "C:\Users\django\AppData\Roaming\Silverlieght.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - Startup: Dropbox.lnk = django\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Startup: Password Safe.lnk = O:\Password Safe\pwsafe.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: JMB36X - Unknown owner - C:\Windows\System32\XSrvSetup.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe O23 - Service: XMouseButton Launcher - Highresolution Enterprises - C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe -- End of file - 6936 bytes |
|
08.02.2011, 14:00
| #9 |
| /// Malware-holic | prozess xy lastet cpu aus. verschiedene namen, immer 491kb groß. hast du die Silverlieght.exe aus dem papierkorb gelöscht? falls nein nicht löschen sondern erst mal frage beantworten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.02.2011, 14:00
| #10 |
| | prozess xy lastet cpu aus. verschiedene namen, immer 491kb groß. das mit der silverlight deinstallation war nicht so unüberlegt. ich hatte das relativ kurz vorher installiert. ausserdem kamen bei einer neuanmeldung seitdem immer komische windows, die sich beschwerten, dass a: offen wäre und keine disk drin oder so ähnlich. das ist ja nicht normal. deswegn wollte ich es eh nochmal neu installieren. |
|
08.02.2011, 14:02
| #11 |
| | prozess xy lastet cpu aus. verschiedene namen, immer 491kb groß. die silverlieght.exe war schon gelöscht, papierkorb geleert. |
|
08.02.2011, 14:02
| #12 |
| /// Malware-holic | prozess xy lastet cpu aus. verschiedene namen, immer 491kb groß. es war unüberlegt, da wir die dateien im zweifelsfalle zur analyse benötigen. pc neustarten. bitte erstelle und poste ein combofix log. http://www.bleepingcomputer.com/comb...x-benutzt-wird
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.02.2011, 14:15
| #13 |
| | prozess xy lastet cpu aus. verschiedene namen, immer 491kb groß. Combofix Logfile: Code:
ATTFilter ComboFix 11-02-07.02 - django 08.02.2011 14:11:30.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3325.2477 [GMT 1:00]
ausgeführt von:: c:\users\django\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((( Dateien erstellt von 2011-01-08 bis 2011-02-08 ))))))))))))))))))))))))))))))
.
2011-02-08 13:13 . 2011-02-08 13:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-08 11:19 . 2011-01-20 09:39 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FBE38DD-F5AC-4803-A16B-A18A6FF1FFA8}\mpengine.dll
2011-02-08 11:09 . 2011-02-08 11:09 -------- d-----w- c:\program files\CCleaner
2011-02-08 10:11 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-08 10:11 . 2011-02-08 10:11 -------- d-----w- c:\programdata\Malwarebytes
2011-02-08 10:11 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-08 10:11 . 2011-02-08 10:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-07 22:41 . 2011-02-07 22:41 -------- d-----w- c:\programdata\Avira
2011-02-07 22:41 . 2011-02-07 22:41 -------- d-----w- c:\program files\Avira
2011-02-07 22:41 . 2011-01-10 13:23 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-07 22:41 . 2011-01-10 13:23 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-02-07 18:04 . 2011-02-07 18:20 -------- d-----w- c:\programdata\PC Tools
2011-02-07 16:08 . 2011-02-07 16:08 -------- d-----w- c:\program files\Trend Micro
2011-02-07 15:00 . 2011-02-07 15:00 -------- d-----w- C:\searchplugins
2011-02-03 14:34 . 2011-02-03 14:34 -------- d-----w- c:\program files\TeraCopy
2011-01-31 12:23 . 2011-01-31 12:23 -------- d-----w- c:\programdata\vsosdk
2011-01-29 22:58 . 2011-01-29 22:58 -------- d-----w- c:\program files\BootDisk2BootStick
2011-01-29 22:15 . 2011-01-29 22:15 -------- d-----w- c:\program files\Microsoft.NET
2011-01-29 22:12 . 2004-04-21 09:38 446464 ----a-w- c:\program files\HPUSBFW.EXE
2011-01-29 22:12 . 2003-11-13 11:00 450560 ----a-w- c:\program files\HPUSBF.EXE
2011-01-29 17:23 . 2011-01-29 17:23 -------- d-----w- c:\program files\Nero
2011-01-29 17:23 . 2011-01-29 17:23 -------- d-----w- c:\programdata\Nero
2011-01-29 15:50 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-01-29 15:50 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-01-29 15:50 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2011-01-29 15:50 . 2007-07-19 17:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2011-01-29 15:50 . 2007-05-16 15:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2011-01-28 23:49 . 2011-01-29 00:15 -------- d-----w- c:\program files\Elaborate Bytes
2011-01-28 22:00 . 2011-01-28 22:00 -------- d-----w- c:\programdata\SlySoft
2011-01-28 21:45 . 2011-01-28 21:45 -------- d-----w- c:\program files\SlySoft
2011-01-28 18:17 . 2011-01-31 12:00 -------- d-----w- c:\program files\DVDFab 8
2011-01-28 09:12 . 2011-01-28 09:12 -------- d-----w- c:\program files\MSXML 4.0
2011-01-28 08:46 . 2011-01-28 08:46 -------- d-----w- c:\program files\revoSleep
2011-01-27 22:51 . 2006-12-09 03:54 19456 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\sugg1pc.dll
2011-01-26 13:10 . 2011-01-26 13:10 -------- d-----w- c:\program files\7-Zip
2011-01-25 19:28 . 2011-01-25 19:28 -------- d-----w- c:\program files\IrfanView
2011-01-25 19:11 . 2011-01-25 19:11 -------- d-----w- c:\program files\Mozilla Thunderbird
2011-01-24 21:17 . 2011-01-24 21:17 -------- d-----w- c:\program files\Common Files\Skype
2011-01-24 21:17 . 2011-01-24 21:17 -------- d-----r- c:\program files\Skype
2011-01-23 20:36 . 2011-01-23 20:36 -------- d-----w- c:\windows\Msagent
2011-01-23 20:31 . 2011-01-29 18:41 -------- d-----w- c:\program files\Microsoft Works
2011-01-23 19:08 . 2011-02-08 11:38 137176 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-01-23 19:08 . 2011-02-08 11:38 268952 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-01-23 19:08 . 2011-02-07 21:46 268952 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-01-23 19:07 . 2011-02-08 11:38 268952 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-01-23 19:07 . 2011-01-23 19:07 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-01-23 18:07 . 2011-01-23 18:07 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2011-01-23 18:07 . 2011-01-23 18:07 -------- d-----w- c:\windows\PCHEALTH
2011-01-23 17:32 . 2011-01-23 17:32 231248 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2011-01-23 17:32 . 2011-01-23 17:32 -------- d-----w- c:\program files\TrueCrypt
2011-01-23 17:23 . 2011-01-23 17:23 -------- d-----w- c:\programdata\Skype
2011-01-23 17:20 . 2011-02-08 11:21 -------- d-----w- c:\program files\VideoLAN
2011-01-23 17:19 . 2011-01-23 19:09 -------- d-----w- c:\program files\Wolfenstein - Enemy Territory
2011-01-23 17:17 . 2011-01-23 17:17 -------- d-----w- c:\program files\Highresolution Enterprises
2011-01-23 17:12 . 2009-12-30 07:45 53016 ----a-w- c:\windows\system32\pxc40pm.dll
2011-01-23 17:12 . 2011-01-23 17:12 -------- d-----w- c:\program files\Tracker Software
2011-01-23 17:02 . 2011-01-23 17:02 -------- d-----w- c:\program files\Common Files\Java
2011-01-23 17:02 . 2011-01-23 17:02 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-23 17:02 . 2011-01-23 17:02 -------- d-----w- c:\program files\Java
2011-01-23 16:45 . 2011-01-23 16:45 -------- d-----w- c:\program files\uTorrent
2011-01-23 16:44 . 2011-01-23 16:44 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-01-23 16:44 . 2011-01-23 16:44 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-01-23 16:44 . 2011-01-23 16:44 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-01-23 16:43 . 2011-01-23 16:43 -------- d-----w- C:\CanoScan
2011-01-23 16:43 . 2005-06-23 21:17 352256 ----a-w- c:\windows\system32\CNQL1213.DLL
2011-01-23 16:43 . 2005-02-28 12:20 57344 ----a-w- c:\windows\system32\CNQU110.DLL
2011-01-23 11:01 . 2011-01-23 11:01 -------- d-----w- c:\program files\TeamViewer
2011-01-23 10:51 . 2011-01-23 10:53 -------- d-----w- c:\program files\ABBYY FineReader 10
2011-01-23 10:51 . 2011-01-23 10:51 -------- d-----w- c:\programdata\ABBYY
2011-01-23 10:48 . 2011-01-23 10:48 -------- d-----w- c:\program files\OpenOffice.org 3
2011-01-23 02:11 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2011-01-23 02:11 . 2009-11-25 11:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-01-23 02:11 . 2009-11-25 11:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-01-23 02:11 . 2009-11-25 11:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-01-23 02:11 . 2009-11-25 11:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-01-23 02:11 . 2009-11-25 11:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-01-23 02:09 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2011-01-23 01:59 . 2011-01-23 02:00 -------- d-----w- c:\program files\Google
2011-01-23 01:59 . 2011-02-07 22:40 -------- d-----w- c:\programdata\Alwil Software
2011-01-23 01:59 . 2011-01-23 01:59 -------- d-----w- c:\program files\Alwil Software
2011-01-23 01:57 . 2011-01-23 01:57 -------- d-----w- c:\windows\system32\Macromed
2011-01-23 01:07 . 2010-10-19 09:41 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-23 01:00 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2011-01-23 01:00 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2011-01-23 00:52 . 2011-01-23 00:52 -------- d-----w- c:\program files\Vidalia Bundle
2011-01-23 00:50 . 2011-02-07 18:26 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2011-01-23 00:50 . 2011-02-08 13:05 17488 ----a-w- c:\windows\gdrv.sys
2011-01-23 00:39 . 2011-01-23 00:39 -------- d-----w- c:\program files\NEC Electronics
2011-01-23 00:38 . 2010-03-22 09:57 278560 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2011-01-23 00:38 . 2010-02-03 12:24 94208 ----a-w- c:\windows\system32\RTNUninst32.dll
2011-01-23 00:38 . 2009-12-03 09:27 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2011-01-23 00:37 . 2011-01-23 00:37 -------- d-----w- c:\programdata\ATI
2011-01-23 00:37 . 2011-01-23 00:37 0 ----a-w- c:\windows\ativpsrm.bin
2011-01-23 00:35 . 2010-04-07 02:13 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-01-23 00:35 . 2010-04-07 01:46 50176 ----a-w- c:\windows\system32\coinst.dll
2011-01-23 00:35 . 2011-01-23 00:35 -------- d--h--w- c:\program files\DeviceVM
2011-01-23 00:35 . 2011-02-08 11:20 -------- d-sh--w- c:\windows\Installer
2011-01-23 00:34 . 2011-01-29 22:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2011-01-23 00:34 . 2011-01-23 00:41 -------- d-----w- c:\program files\Gigabyte
2011-01-23 00:34 . 2011-01-23 16:43 -------- d-----w- c:\program files\Common Files\InstallShield
2011-01-23 00:33 . 2011-02-08 13:10 -------- d-----w- c:\windows\system32\wbem\Performance
2011-01-23 00:22 . 2011-01-23 00:29 -------- d-----w- c:\windows\Panther
2011-01-23 00:22 . 2011-01-23 00:22 -------- d-----w- C:\Boot
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-16 22:57 . 2010-12-16 22:57 31088 ------w- c:\windows\system32\drivers\ElbyCDIO.sys
2010-12-01 19:06 . 2010-12-01 19:06 108104 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2010-11-25 18:29 . 2010-11-25 18:29 89256 ------w- c:\windows\system32\ElbyCDIO.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\django\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\django\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\django\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-06 102400]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-06 8555040]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"Bonus.SSR.FR10"="c:\program files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" [2010-01-18 941320]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 1778064]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2006-06-08 507904]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
c:\users\django\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\django\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
Password Safe.lnk - o:\password safe\pwsafe.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-23 136176]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 GVTDrv;GVTDrv;c:\windows\system32\Drivers\GVTDrv.sys [2011-02-07 24944]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-01-23 691696]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2010-04-27 19496]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-04-07 172032]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]
S2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
S2 JMB36X;JMB36X;c:\windows\System32\XSrvSetup.exe [2010-01-19 72304]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-11-30 2222376]
S2 XMouseButton Launcher;XMouseButton Launcher;c:\program files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe [2010-11-13 72704]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-04-07 5430272]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-04-07 157184]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 58880]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 137728]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-22 278560]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 30392]
.
Inhalt des "geplante Tasks" Ordners
2011-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-23 01:59]
2011-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-23 01:59]
.
.
------- Zusätzlicher Suchlauf -------
.
FF - ProfilePath - c:\users\django\AppData\Roaming\Mozilla\Firefox\Profiles\3hvdyx50.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60076&qkw=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com
FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
FF - Ext: Feedback: testpilot@labs.mozilla.com - %profile%\extensions\testpilot@labs.mozilla.com
FF - Ext: MozRepl: mozrepl@hyperstruct.net - %profile%\extensions\mozrepl@hyperstruct.net
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKCU-Run-Silverlieght - c:\users\django\AppData\Roaming\Silverlieght.exe
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'Explorer.exe'(1856)
c:\users\django\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
Zeit der Fertigstellung: 2011-02-08 14:14:18
ComboFix-quarantined-files.txt 2011-02-08 13:14
Vor Suchlauf: 8 Verzeichnis(se), 18.861.367.296 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 18.792.878.080 Bytes frei
- - End Of File - - 6A62ECEE2A9F2523B6135F032290D3C1
|
|
08.02.2011, 14:29
| #14 |
| | prozess xy lastet cpu aus. verschiedene namen, immer 491kb groß. ich muss leider mal weg, bin ca um 17:00 wieder hier |
|
08.02.2011, 15:29
| #15 |
| /// Malware-holic | prozess xy lastet cpu aus. verschiedene namen, immer 491kb groß. avira http://www.trojaner-board.de/54192-a...tellungen.html avira 10 so instalieren bzw. dann konfigurieren. wenn du die konfiguration übernommen hast, update das programm. klicke dann auf "lokaler schutz" "lokale laufwerke" eventuelle funde in quarantäne, log posten. bitte auch unter verwaltung, planer, scan auftrag, darauf achten, das dieser über lokale laufwerke läuft! sonst werden die einstellungen nicht gültig. den update auftrag auf 1x pro tag einstellen. und "nachhohlen falls zeit überschritten" auswählen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu prozess xy lastet cpu aus. verschiedene namen, immer 491kb groß. |
| anfrage, anti, appdata, brauch, cpu, dateien, exe dateien, frage, gesuch, gesucht, lastet, namen, nennt, nichts, ordner, programme, programmen, prozess, sache, spyware, tan, users, verschiedene, verschiedenen, versucht, virus, windows-firewall |
Linear-Darstellung
