Firefox öffnet ständig Tabs mit Werbung

Scuz · 05.05.2010, 14:00

Hallo Leute,

ihr kriegt wahrscheinlich erstmal zuviel, bin wahrsdcheinlich der tausendste der das Problem hat. Suche seit Tagen schon nach einer Lösung für das Problem, bin aber nicht fündig geworden.

Folgendes: Hab mir sicher einen Virus (Malware oder was auch immer bin da nicht so bewandert) eingefangen. Hab mir eine Programm runtergeladen, vor diesem Download wurde jedoch gewarnt, übermütig wie ich bin wollt ichs trotzdem testen weil ich keinen alternativen Download hatte. Tja, das war ein Fehler. Seitdem öffnet Firefox alle paar Minuten ein Tab mit irgendwelchen Casino oder Antivirus Seiten. Nachdem Malwarebytes nicht geholfen hat (ANtivir sowieso nichts gefunden hat) hab ich versucht einfach die Seite auf meine Blacklist (BlockSite AddOn) zu setzen, jedoch suchen die sich dann einfach neue Seiten.

Die meisten Probleme im Internet beinhalten keinen endgültigen Lösungsweg oder wenigstens mal eine Typifizierung des Schädlings, auch wenn die Symptome immer gleich sind.

Da ich keinen Systemwiederherstellungspunkt vor dem Befall habe fällt das auch schonmal weg.

Hier mal mein Log:

Zitat:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:49:01, on 05.05.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\QIP 2010\qip.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SparweltGutscheinAlarm.Sparwelt_Gutschein_Tool - {10945114-b19f-4614-8450-b25e444a1020} - mscoree.dll (file missing)
O2 - BHO: profitmuse - {5a552cfb-eaa8-e230-3059-278bddc37f8d} - C:\Windows\system32\4bd1b7e3.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: profitizeme browser enhancer - {EE92DE2C-0B4A-0BA6-1B0E-047F64534584} - C:\Windows\system32\koglwmfmqldqsv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [oxxrraptksbfj] C:\Windows\System32\regsvr32.exe /s "C:\Windows\system32\koglwmfmqldqsv.dll"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

--
End of file - 4578 bytes

cosinus · 06.05.2010, 16:22

Hallo und

Poste das Malwarebytes Logfile. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

Scuz · 07.05.2010, 10:52

Nachdem ich Malwarebytes Quickscan gemacht habe hat er 10 Treffer gefunden, komisch als ich vor 3 Tagen das schonmal probiert hatte warens nurnoch null. Naja hab die auswahl entfernen lassen und starte jetzt neu danach mach ich den Scan mit OLT

Zitat:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4073

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

07.05.2010 11:50:10
mbam-log-2010-05-07 (11-50-10).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 118724
Laufzeit: 13 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5a552cfb-eaa8-e230-3059-278bddc37f8d} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5a552cfb-eaa8-e230-3059-278bddc37f8d} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ee92de2c-0b4a-0ba6-1b0e-047f64534584} (Adware.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ee92de2c-0b4a-0ba6-1b0e-047f64534584} (Adware.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\lyufidetrbmkj (Adware.AdRotator) -> No action taken.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\oxxrraptksbfj (Adware.BHO) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\System32\4bd1b7e3.dll (Trojan.Vundo.H) -> No action taken.
C:\Windows\System32\koglwmfmqldqsv.dll (Adware.BHO) -> No action taken.
C:\Windows\System32\lyufidetrbmkj.exe (Adware.AdRotator) -> No action taken.
C:\Windows\Temp\ubfo.tmp\svchost.exe (Adware.Agent) -> No action taken.

So, Malwarebytes sagt alles deleted successfully, OLT läuft grade

Zitat:

OTL logfile created on: 07.05.2010 12:07:14 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\christopher\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 68,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 57,17 Gb Total Space | 28,72 Gb Free Space | 50,24% Space Free | Partition Type: NTFS
Drive D: | 153,38 Gb Total Space | 108,75 Gb Free Space | 70,90% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRISTOPHER-PC
Current User Name: christopher
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\christopher\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Users\christopher\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (NMSAccess) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (osppsvc) -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (vmm) -- C:\Windows\System32\drivers\VMM.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Sun Microsystems, Inc.)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (VPCNetS2) -- C:\Windows\System32\drivers\VMNetSrv.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4B 85 3F 01 B8 E0 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "ard.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {84b24861-62f6-364b-eba5-2e5e2061d7e6}:0.9.3
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {e1d6946e-c5be-9a9c-d39e-254ae8d904b0}:4.6.6.7

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.22 23:24:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.05.04 18:16:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.04.22 11:54:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.05.04 18:16:37 | 000,000,000 | ---D | M]

[2010.04.22 11:54:25 | 000,000,000 | ---D | M] -- C:\Users\christopher\AppData\Roaming\mozilla\Extensions
[2010.04.22 11:54:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christopher\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.05.06 15:07:56 | 000,000,000 | ---D | M] -- C:\Users\christopher\AppData\Roaming\mozilla\Firefox\Profiles\bj025td3.default\extensions
[2010.04.20 22:31:35 | 000,000,000 | ---D | M] (mediaplayerconnectivity) -- C:\Users\christopher\AppData\Roaming\mozilla\Firefox\Profiles\bj025td3.default\extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6}
[2010.05.01 12:06:18 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\christopher\AppData\Roaming\mozilla\Firefox\Profiles\bj025td3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.04.25 17:43:26 | 000,000,000 | ---D | M] (BlockSite) -- C:\Users\christopher\AppData\Roaming\mozilla\Firefox\Profiles\bj025td3.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2010.04.25 18:48:15 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\christopher\AppData\Roaming\mozilla\Firefox\Profiles\bj025td3.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010.04.25 18:00:19 | 000,000,000 | ---D | M] -- C:\Users\christopher\AppData\Roaming\mozilla\Firefox\Profiles\bj025td3.default\extensions\youtube2mp3@mondayx.de
[2010.05.06 15:07:56 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010.04.25 19:11:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.05.04 17:52:13 | 000,000,000 | ---D | M] (z) -- C:\Program Files\mozilla firefox\extensions\{e1d6946e-c5be-9a9c-d39e-254ae8d904b0}
[2010.04.25 19:10:49 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.05.04 18:16:10 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2010.01.14 00:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{c8957872-4cb3-11df-b8d4-000ea6222cb9}\Shell - "" = AutoRun
O33 - MountPoints2\{c8957872-4cb3-11df-b8d4-000ea6222cb9}\Shell\AutoRun\command - "" = F:\setup\rsrc\Autorun.exe -- File not found
O33 - MountPoints2\{c8957872-4cb3-11df-b8d4-000ea6222cb9}\Shell\dinstall\command - "" = F:\Directx\dxsetup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.05.07 11:35:35 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\christopher\Desktop\OTL.exe
[2010.05.07 11:34:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.05.07 11:34:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.05.07 11:34:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.05.07 11:31:32 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\christopher\Desktop\mbam-setup.exe
[2010.05.06 14:08:36 | 000,000,000 | ---D | C] -- C:\Program Files\Classic Menu for Office
[2010.05.05 23:22:14 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010.05.05 23:19:20 | 000,000,000 | ---D | C] -- C:\Users\christopher\AppData\Local\Adobe
[2010.05.05 23:18:59 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010.05.05 18:25:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010.05.05 18:24:10 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010.05.05 18:14:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2010.05.05 18:12:41 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010.05.05 18:11:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010.05.05 18:10:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010.05.05 17:14:00 | 000,000,000 | ---D | C] -- C:\Users\christopher\Documents\schattens_rec
[2010.05.05 17:13:55 | 000,000,000 | ---D | C] -- C:\Users\christopher\Documents\schule
[2010.05.05 17:13:55 | 000,000,000 | ---D | C] -- C:\Users\christopher\Documents\Religion
[2010.05.05 17:13:55 | 000,000,000 | ---D | C] -- C:\Users\christopher\Documents\Bewerbungen
[2010.05.04 18:16:36 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2010.05.04 12:45:50 | 000,229,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\VMM.sys
[2010.05.03 18:40:51 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010.05.03 18:08:26 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010.05.03 18:08:26 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010.05.03 18:08:25 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010.05.03 18:08:20 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010.05.03 18:08:20 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010.05.03 18:08:20 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010.05.03 18:08:20 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010.05.03 18:08:20 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010.05.03 18:08:19 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010.05.03 18:08:19 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010.05.03 18:08:19 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010.05.02 22:34:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010.05.02 22:34:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010.05.02 22:33:40 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010.05.02 22:33:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010.05.02 22:33:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010.05.02 22:33:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010.05.02 22:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010.05.02 22:29:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2010.05.02 22:27:51 | 000,000,000 | ---D | C] -- C:\Users\christopher\AppData\Local\Microsoft Help
[2010.05.02 22:27:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010.05.02 22:27:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010.05.02 22:26:50 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010.05.02 21:35:45 | 000,000,000 | ---D | C] -- C:\Users\christopher\.gimp-2.6
[2010.05.02 21:27:30 | 000,000,000 | ---D | C] -- C:\Users\christopher\AppData\Roaming\OpenOffice.org
[2010.05.02 21:24:10 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2010.05.02 19:40:30 | 000,000,000 | ---D | C] -- C:\Users\christopher\AppData\Roaming\Avira
[2010.05.01 12:42:10 | 000,000,000 | ---D | C] -- C:\Users\christopher\Documents\Activision
[2010.04.30 00:28:20 | 000,000,000 | ---D | C] -- C:\Program Files\Activision
[2010.04.30 00:05:14 | 000,000,000 | ---D | C] -- C:\Program Files\Codemasters
[2010.04.29 22:59:10 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010.04.29 21:04:51 | 000,000,000 | ---D | C] -- C:\Users\christopher\Documents\Ghost Pirates
[2010.04.29 20:46:11 | 000,000,000 | ---D | C] -- C:\Program Files\Ghost Pirates
[2010.04.28 13:46:51 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010.04.28 13:46:51 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys
[2010.04.27 13:48:42 | 000,000,000 | ---D | C] -- C:\Users\christopher\AppData\Roaming\QIP
[2010.04.27 13:46:22 | 000,000,000 | ---D | C] -- C:\Program Files\QIP 2010
[2010.04.27 13:32:43 | 000,000,000 | ---D | C] -- C:\Users\christopher\AppData\Roaming\Malwarebytes
[2010.04.27 13:32:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.04.26 22:57:26 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.04.26 20:21:55 | 000,000,000 | ---D | C] -- C:\Program Files\ANNO 1503
[2010.04.26 19:50:44 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010.04.26 19:50:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010.04.26 01:08:25 | 000,000,000 | ---D | C] -- C:\Users\christopher\Documents\Eigene virtuelle Computer
[2010.04.26 01:06:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Virtual PC
[2010.04.25 22:47:07 | 000,000,000 | ---D | C] -- C:\Program Files\ANNO 1602 Königs-Edition
[2010.04.25 22:44:56 | 000,328,704 | ---- | C] (InstallShield Software Corporation ) -- C:\Windows\IsUn0407.exe
[2010.04.25 19:48:27 | 000,000,000 | ---D | C] -- C:\Users\christopher\AppData\Roaming\WinRAR
[2010.04.25 19:13:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.04.25 19:13:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010.04.25 19:11:49 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2010.04.25 19:11:20 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.04.25 19:11:20 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.04.25 19:11:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.04.25 19:11:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.04.25 19:10:43 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010.04.25 17:53:40 | 000,000,000 | ---D | C] -- C:\Users\christopher\dwhelper
[2010.04.22 13:06:28 | 000,000,000 | ---D | C] -- C:\Users\christopher\Documents\UseNeXT
[2010.04.22 13:06:27 | 000,000,000 | ---D | C] -- C:\Users\christopher\AppData\Roaming\UseNeXT
[2010.04.22 13:05:57 | 000,000,000 | ---D | C] -- C:\Program Files\UseNeXT
[2010.04.22 12:59:48 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2010.04.22 12:33:24 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2010.04.22 12:33:24 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2010.04.22 12:33:24 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2010.04.22 12:33:23 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2010.04.22 12:33:23 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2010.04.22 12:33:23 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2010.04.22 12:33:22 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2010.04.22 12:33:22 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2010.04.22 12:33:22 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2010.04.22 12:33:22 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2010.04.22 12:33:21 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2010.04.22 12:33:21 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2010.04.22 12:33:20 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2010.04.22 12:33:20 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2010.04.22 12:33:20 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2010.04.22 12:33:20 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2010.04.22 12:33:20 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2010.04.22 12:33:19 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2010.04.22 12:33:19 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2010.04.22 12:33:19 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2010.04.22 12:33:19 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2010.04.22 12:33:19 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2010.04.22 12:33:19 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2010.04.22 12:33:19 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2010.04.22 12:33:18 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2010.04.22 12:33:18 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2010.04.22 12:33:18 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2010.04.22 12:33:18 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2010.04.22 12:33:18 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2010.04.22 12:33:18 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2010.04.22 12:33:17 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2010.04.22 12:33:17 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2010.04.22 12:33:17 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2010.04.22 12:33:17 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2010.04.22 12:33:17 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2010.04.22 12:33:17 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2010.04.22 12:33:17 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2010.04.22 12:33:16 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2010.04.22 12:33:16 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2010.04.22 12:33:16 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2010.04.22 12:33:16 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2010.04.22 12:33:16 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2010.04.22 12:33:16 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2010.04.22 12:33:15 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2010.04.22 12:33:15 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2010.04.22 12:33:15 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2010.04.22 12:33:14 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2010.04.22 12:33:14 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2010.04.22 12:33:14 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2010.04.22 12:33:14 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2010.04.22 12:33:14 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2010.04.22 12:33:13 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2010.04.22 12:33:13 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2010.04.22 12:33:13 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2010.04.22 12:33:13 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2010.04.22 12:33:13 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2010.04.22 12:33:13 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2010.04.22 12:33:12 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2010.04.22 12:33:12 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2010.04.22 12:33:12 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2010.04.22 12:33:12 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2010.04.22 12:33:12 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2010.04.22 12:33:11 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2010.04.22 12:33:11 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2010.04.22 12:33:11 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2010.04.22 12:33:11 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2010.04.22 12:33:11 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2010.04.22 12:33:09 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2010.04.22 12:33:09 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2010.04.22 12:33:09 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2010.04.22 12:33:09 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2010.04.22 12:33:09 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2010.04.22 12:33:01 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2010.04.22 12:33:01 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2010.04.22 12:33:01 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2010.04.22 12:33:01 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2010.04.22 12:33:00 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2010.04.22 12:33:00 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2010.04.22 12:33:00 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2010.04.22 12:33:00 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2010.04.22 12:32:59 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2010.04.22 11:54:22 | 000,000,000 | ---D | C] -- C:\Users\christopher\AppData\Roaming\Thunderbird
[2010.04.22 11:54:22 | 000,000,000 | ---D | C] -- C:\Users\christopher\AppData\Local\Thunderbird
[2010.04.21 23:52:01 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010.04.21 23:00:04 | 000,000,000 | ---D | C] -- C:\Program Files\EA SPORTS
[2010.04.21 22:23:30 | 000,000,000 | ---D | C] -- C:\Users\christopher\AppData\Roaming\Canneverbe Limited
[2010.04.21 22:23:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2010.04.21 22:23:07 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2010.04.21 17:59:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2010.04.21 17:55:20 | 000,000,000 | ---D | C] -- C:\Users\christopher\AppData\Roaming\Miranda
[2010.04.21 13:50:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010.04.21 07:15:12 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010.04.21 04:22:28 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010.04.20 23:28:25 | 000,000,000 | ---D | C] -- C:\Program Files\Easy-Shutdown
[2010.04.20 23:28:14 | 000,000,000 | ---D | C] -- C:\Windows\uninstall
[2010.04.20 23:21:08 | 000,000,000 | ---D | C] -- C:\Users\christopher\.VirtualBox
[2010.04.20 23:20:07 | 000,123,856 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\drivers\VBoxDrv.sys
[2010.04.20 23:19:50 | 000,041,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\drivers\VBoxUSBMon.sys
[2010.04.20 23:19:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010.04.20 22:59:16 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010.04.20 22:58:34 | 000,000,000 | ---D | C] -- C:\Users\christopher\AppData\Roaming\uTorrent
[2010.04.20 22:49:55 | 000,000,000 | ---D | C] -- C:\Users\christopher\Documents\SimCity 4
[2010.04.20 22:48:10 | 000,000,000 | ---D | C] -- C:\Program Files\Maxis
[2010.04.20 22:36:31 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2010.04.20 22:36:28 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2010.04.20 22:35:52 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2010.04.20 22:35:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2010.04.20 22:35:26 | 000,000,000 | ---D | C] -- C:\Users\christopher\AppData\Roaming\Winamp
[2010.04.20 22:35:26 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2010.04.20 22:29:20 | 000,000,000 | ---D | C] -- C:\Users\christopher\AppData\Roaming\vlc
[2010.04.20 22:28:43 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010.04.20 22:17:05 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.04.20 22:17:03 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.04.20 22:17:02 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.04.20 22:17:02 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.04.20 22:17:02 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.04.20 22:17:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.04.20 22:17:01 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010.04.20 22:13:13 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010.04.20 22:10:26 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010.04.20 21:33:26 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010.04.20 21:33:00 | 000,000,000 | ---D | C] -- C:\Users\christopher\AppData\Roaming\DAEMON Tools Lite
[2010.04.20 21:32:58 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010.04.20 21:28:11 | 000,000,000 | ---D | C] -- C:\Users\christopher\AppData\Roaming\Macromedia
[2010.04.20 21:28:11 | 000,000,000 | ---D | C] -- C:\Users\christopher\AppData\Roaming\Adobe
[2010.04.20 21:28:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010.04.20 21:11:59 | 000,000,000 | ---D | C] -- C:\Users\christopher\AppData\Roaming\ATI
[2010.04.20 21:11:59 | 000,000,000 | ---D | C] -- C:\Users\christopher\AppData\Local\ATI
[2010.04.20 21:11:59 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010.04.20 21:11:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.04.20 21:10:28 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010.04.20 21:10:27 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010.04.20 21:09:50 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010.04.20 20:56:01 | 000,181,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.04.20 20:54:21 | 000,000,000 | ---D | C] -- C:\Windows\de-DE
[2010.04.20 20:54:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\XPSViewer
[2010.04.20 20:54:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\0407
[2010.04.20 20:54:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\de-DE
[2010.04.20 20:54:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\de
[2010.04.20 20:49:44 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\volsnap.sys.mui
[2010.04.20 20:49:44 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\usbport.sys.mui
[2010.04.20 20:49:44 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\usbhub.sys.mui
[2010.04.20 20:49:44 | 000,004,096 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\System32\drivers\de-DE\pscr.sys.mui
[2010.04.20 20:49:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\vhdmp.sys.mui
[2010.04.20 20:49:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\tpm.sys.mui
[2010.04.20 20:49:44 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\portcls.sys.mui
[2010.04.20 20:49:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\umbus.sys.mui
[2010.04.20 20:49:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\serscan.sys.mui
[2010.04.20 20:49:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\wd.sys.mui
[2010.04.20 20:49:42 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\pcmcia.sys.mui
[2010.04.20 20:49:41 | 000,033,280 | ---- | C] (Marvell) -- C:\Windows\System32\drivers\de-DE\yk62x86.sys.mui
[2010.04.20 20:49:41 | 000,013,312 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\de-DE\k57nd60x.sys.mui
[2010.04.20 20:49:41 | 000,003,072 | ---- | C] (VIA Technologies, Inc. ) -- C:\Windows\System32\drivers\de-DE\getn62.sys.mui
[2010.04.20 20:49:41 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\rndismpx.sys.mui
[2010.04.20 20:49:41 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\rndismp6.sys.mui
[2010.04.20 20:49:41 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\vwifibus.sys.mui
[2010.04.20 20:49:40 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\mpio.sys.mui
[2010.04.20 20:49:40 | 000,025,088 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\de-DE\e1y6032.sys.mui
[2010.04.20 20:49:40 | 000,025,088 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\de-DE\e1e6032.sys.mui
[2010.04.20 20:49:40 | 000,022,016 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\de-DE\E1G60I32.sys.mui
[2010.04.20 20:49:40 | 000,013,312 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\de-DE\e1q6032.sys.mui
[2010.04.20 20:49:40 | 000,013,312 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\de-DE\e1k6032.sys.mui
[2010.04.20 20:49:40 | 000,013,312 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\de-DE\b57nd60x.sys.mui
[2010.04.20 20:49:40 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\serial.sys.mui
[2010.04.20 20:49:40 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\i8042prt.sys.mui
[2010.04.20 20:49:40 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\msdsm.sys.mui
[2010.04.20 20:49:40 | 000,006,144 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\de-DE\bcm4sbxp.sys.mui
[2010.04.20 20:49:40 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\sermouse.sys.mui
[2010.04.20 20:49:40 | 000,005,120 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\de-DE\e100b325.sys.mui
[2010.04.20 20:49:40 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\mouclass.sys.mui
[2010.04.20 20:49:40 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\parport.sys.mui
[2010.04.20 20:49:40 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ataport.sys.mui
[2010.04.20 20:49:40 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\scsiport.sys.mui
[2010.04.20 20:49:40 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\parvdm.sys.mui
[2010.04.20 20:49:40 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\mouhid.sys.mui
[2010.04.20 20:49:40 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\MTConfig.sys.mui
[2010.04.20 20:49:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\amdide.sys.mui
[2010.04.20 20:49:39 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\afd.sys.mui
[2010.04.20 20:49:38 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\bfe.dll.mui
[2010.04.20 20:49:38 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\wdf01000.sys.mui
[2010.04.20 20:49:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ws2ifsl.sys.mui
[2010.04.20 20:49:37 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\tcpip.sys.mui
[2010.04.20 20:49:37 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\tunnel.sys.mui
[2010.04.20 20:49:37 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\modem.sys.mui
[2010.04.20 20:49:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\usbrpm.sys.mui
[2010.04.20 20:49:35 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\srv.sys.mui
[2010.04.20 20:49:34 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\fvevol.sys.mui
[2010.04.20 20:49:34 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\scfilter.sys.mui
[2010.04.20 20:49:30 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\pacer.sys.mui
[2010.04.20 20:49:30 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\rdbss.sys.mui
[2010.04.20 20:49:30 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\RNDISMP.sys.mui
[2010.04.20 20:49:30 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\qwavedrv.sys.mui
[2010.04.20 20:49:30 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\partmgr.sys.mui
[2010.04.20 20:49:28 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ntfs.sys.mui
[2010.04.20 20:49:28 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ndis.sys.mui
[2010.04.20 20:49:28 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\nwifi.sys.mui
[2010.04.20 20:49:28 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ndisuio.sys.mui
[2010.04.20 20:49:26 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ndiscap.sys.mui
[2010.04.20 20:49:25 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\mountmgr.sys.mui
[2010.04.20 20:49:24 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\luafv.sys.mui
[2010.04.20 20:49:24 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ipnat.sys.mui
[2010.04.20 20:49:22 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\http.sys.mui
[2010.04.20 20:49:20 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\fltmgr.sys.mui
[2010.04.20 20:49:20 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\volmgrx.sys.mui
[2010.04.20 20:49:16 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\viac7.sys.mui
[2010.04.20 20:49:16 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\processr.sys.mui
[2010.04.20 20:49:16 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\intelppm.sys.mui
[2010.04.20 20:49:16 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\amdppm.sys.mui
[2010.04.20 20:49:16 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\amdk8.sys.mui
[2010.04.20 20:49:16 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ohci1394.sys.mui
[2010.04.20 20:49:16 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\1394ohci.sys.mui
[2010.04.20 20:49:16 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\de-DE\BrSerId.sys.mui
[2010.04.20 20:49:16 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\de-DE\BrSerIb.sys.mui
[2010.04.20 20:49:16 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\acpi.sys.mui
[2010.04.20 20:49:16 | 000,010,752 | ---- | C] (Agere Systems) -- C:\Windows\System32\drivers\de-DE\ltmdmnt.sys.mui
[2010.04.20 20:49:16 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\battc.sys.mui
[2010.04.20 20:49:16 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\pci.sys.mui
[2010.04.20 20:49:16 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\bthport.sys.mui
[2010.04.20 20:49:16 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\IPMIDrv.sys.mui
[2010.04.20 20:49:16 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\kbdclass.sys.mui
[2010.04.20 20:49:16 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\bthpan.sys.mui
[2010.04.20 20:49:16 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\wacompen.sys.mui
[2010.04.20 20:49:16 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\vdrvroot.sys.mui
[2010.04.20 20:49:16 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\isapnp.sys.mui
[2010.04.20 20:49:16 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\hdaudbus.sys.mui
[2010.04.20 20:49:16 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\HdAudio.sys.mui
[2010.04.20 20:49:16 | 000,003,584 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\de-DE\atikmdag.sys.mui
[2010.04.20 20:49:16 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\mssmbios.sys.mui
[2010.04.20 20:49:16 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\hidbth.sys.mui
[2010.04.20 20:49:16 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\VIAAGP.SYS.mui
[2010.04.20 20:49:16 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ULIAGPKX.SYS.mui
[2010.04.20 20:49:16 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\UAGP35.SYS.mui
[2010.04.20 20:49:16 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\SISAGP.SYS.mui
[2010.04.20 20:49:16 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\pnpmem.sys.mui
[2010.04.20 20:49:16 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\NV_AGP.SYS.mui
[2010.04.20 20:49:16 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\kbdhid.sys.mui
[2010.04.20 20:49:16 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\GAGP30KX.SYS.mui
[2010.04.20 20:49:16 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\Dot4usb.sys.mui
[2010.04.20 20:49:16 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\BTHUSB.SYS.mui
[2010.04.20 20:49:16 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\AMDAGP.SYS.mui
[2010.04.20 20:49:16 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\AGP440.sys.mui
[2010.04.20 20:49:16 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\de-DE\BrParwdm.sys.mui
[2010.04.20 20:49:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\disk.sys.mui
[2010.04.20 20:49:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\cdrom.sys.mui
[2010.04.20 20:49:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\bthenum.sys.mui
[2010.04.20 20:47:12 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2010.04.20 20:47:12 | 000,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2010.04.20 20:47:12 | 000,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2010.04.20 20:47:06 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.04.20 20:47:05 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.04.20 20:47:05 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.04.20 20:47:04 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.04.20 20:47:04 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.04.20 20:47:03 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010.04.20 20:47:03 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.04.20 20:47:03 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.04.20 20:47:03 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010.04.20 20:47:03 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010.04.20 20:47:03 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.04.20 20:47:02 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010.04.20 20:47:02 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010.04.20 20:46:19 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.04.20 20:46:19 | 000,000,000 | ---D | C] -- C:\Users\christopher\AppData\Local\Mozilla
[2010.04.20 20:46:18 | 000,000,000 | ---D | C] -- C:\Users\christopher\AppData\Roaming\Mozilla
[2010.04.20 20:36:19 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010.04.20 20:33:49 | 000,000,000 | ---D | C] -- C:\Users\christopher\AppData\Local\ElevatedDiagnostics
[2010.04.20 20:32:33 | 000,000,000 | R--D | C] -- C:\Users\christopher\Searches
[2010.04.20 20:32:23 | 000,000,000 | ---D | C] -- C:\Users\christopher\AppData\Roaming\Identities
[2010.04.20 20:32:21 | 000,000,000 | R--D | C] -- C:\Users\christopher\Contacts
[2010.04.20 20:32:13 | 000,000,000 | ---D | C] -- C:\Users\christopher\AppData\Local\VirtualStore
[2010.04.20 20:32:12 | 000,000,000 | -HSD | C] -- C:\Users\christopher\AppData\Local\Temporary Internet Files
[2010.04.20 20:32:12 | 000,000,000 | -HSD | C] -- C:\Users\christopher\Templates
[2010.04.20 20:32:12 | 000,000,000 | -HSD | C] -- C:\Users\christopher\Start Menu
[2010.04.20 20:32:12 | 000,000,000 | -HSD | C] -- C:\Users\christopher\SendTo
[2010.04.20 20:32:12 | 000,000,000 | -HSD | C] -- C:\Users\christopher\Recent
[2010.04.20 20:32:12 | 000,000,000 | -HSD | C] -- C:\Users\christopher\PrintHood
[2010.04.20 20:32:12 | 000,000,000 | -HSD | C] -- C:\Users\christopher\NetHood
[2010.04.20 20:32:12 | 000,000,000 | -HSD | C] -- C:\Users\christopher\Documents\My Videos
[2010.04.20 20:32:12 | 000,000,000 | -HSD | C] -- C:\Users\christopher\Documents\My Pictures
[2010.04.20 20:32:12 | 000,000,000 | -HSD | C] -- C:\Users\christopher\Documents\My Music
[2010.04.20 20:32:12 | 000,000,000 | -HSD | C] -- C:\Users\christopher\My Documents
[2010.04.20 20:32:12 | 000,000,000 | -HSD | C] -- C:\Users\christopher\Local Settings
[2010.04.20 20:32:12 | 000,000,000 | -HSD | C] -- C:\Users\christopher\AppData\Local\History
[2010.04.20 20:32:12 | 000,000,000 | -HSD | C] -- C:\Users\christopher\Cookies
[2010.04.20 20:32:12 | 000,000,000 | -HSD | C] -- C:\Users\christopher\Application Data
[2010.04.20 20:32:12 | 000,000,000 | -HSD | C] -- C:\Users\christopher\AppData\Local\Application Data
[2010.04.20 20:32:11 | 000,000,000 | --SD | C] -- C:\Users\christopher\AppData\Roaming\Microsoft
[2010.04.20 20:32:11 | 000,000,000 | R--D | C] -- C:\Users\christopher\Videos
[2010.04.20 20:32:11 | 000,000,000 | R--D | C] -- C:\Users\christopher\Saved Games
[2010.04.20 20:32:11 | 000,000,000 | R--D | C] -- C:\Users\christopher\Pictures
[2010.04.20 20:32:11 | 000,000,000 | R--D | C] -- C:\Users\christopher\Links
[2010.04.20 20:32:11 | 000,000,000 | R--D | C] -- C:\Users\christopher\Favorites
[2010.04.20 20:32:11 | 000,000,000 | R--D | C] -- C:\Users\christopher\Downloads
[2010.04.20 20:32:11 | 000,000,000 | R--D | C] -- C:\Users\christopher\Documents
[2010.04.20 20:32:11 | 000,000,000 | R--D | C] -- C:\Users\christopher\Desktop
[2010.04.20 20:32:11 | 000,000,000 | -H-D | C] -- C:\Users\christopher\AppData
[2010.04.20 20:32:11 | 000,000,000 | ---D | C] -- C:\Users\christopher\AppData\Local\Temp
[2010.04.20 20:32:11 | 000,000,000 | ---D | C] -- C:\Users\christopher\AppData\Local\Microsoft
[2010.04.20 20:32:11 | 000,000,000 | ---D | C] -- C:\Users\christopher\AppData\Roaming\Media Center Programs
[2010.04.20 20:31:55 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010.04.20 18:26:48 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010.04.20 18:24:40 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010.04.20 18:23:47 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2010.05.07 12:04:46 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.07 12:04:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.07 12:04:28 | 1609,670,656 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.07 12:03:41 | 000,009,776 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.07 12:03:41 | 000,009,776 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.07 12:03:35 | 001,835,008 | -HS- | M] () -- C:\Users\christopher\NTUSER.DAT
[2010.05.07 12:03:28 | 001,739,103 | -H-- | M] () -- C:\Users\christopher\AppData\Local\IconCache.db
[2010.05.07 11:35:38 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\christopher\Desktop\OTL.exe
[2010.05.07 11:34:52 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.07 11:31:40 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\christopher\Desktop\mbam-setup.exe
[2010.05.07 03:40:27 | 000,322,940 | ---- | M] () -- C:\Users\christopher\Desktop\Religion und Fußball.pdf
[2010.05.07 03:25:26 | 000,195,634 | ---- | M] () -- C:\Users\christopher\Desktop\Bildquellen.pdf
[2010.05.05 23:18:01 | 000,114,216 | ---- | M] () -- C:\Users\christopher\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.05.05 23:17:19 | 001,767,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.05.05 14:48:18 | 000,002,991 | ---- | M] () -- C:\Users\christopher\Desktop\HiJackThis.lnk
[2010.05.04 17:52:14 | 000,096,761 | ---- | M] () -- C:\Windows\System32\7f5f96b.exe
[2010.05.04 17:47:29 | 001,472,002 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.05.04 17:47:29 | 000,643,144 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.05.04 17:47:29 | 000,607,666 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.05.04 17:47:29 | 000,126,572 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.05.04 17:47:29 | 000,104,044 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.05.04 12:45:50 | 000,229,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\VMM.sys
[2010.05.02 22:30:37 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini
[2010.04.30 00:34:39 | 000,001,696 | ---- | M] () -- C:\Users\Public\Desktop\GUN.lnk
[2010.04.30 00:33:57 | 000,000,264 | ---- | M] () -- C:\Windows\game.ini
[2010.04.30 00:09:15 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Worms 4 Mayhem.lnk
[2010.04.29 20:59:55 | 000,001,850 | ---- | M] () -- C:\Users\christopher\Desktop\Ghost Pirates.lnk
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.27 13:47:04 | 000,000,934 | ---- | M] () -- C:\Users\christopher\Desktop\QIP 2010.lnk
[2010.04.25 19:10:47 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.04.25 19:10:47 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.04.25 19:10:47 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.04.25 19:10:47 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.04.22 12:51:17 | 000,007,605 | ---- | M] () -- C:\Users\christopher\AppData\Local\Resmon.ResmonCfg
[2010.04.22 11:54:25 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010.04.21 22:59:59 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010.04.21 22:59:59 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010.04.21 22:23:13 | 000,001,899 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2010.04.20 23:28:25 | 000,001,917 | ---- | M] () -- C:\Users\christopher\Desktop\Easy-Shutdown.lnk
[2010.04.20 22:48:14 | 000,000,531 | ---- | M] () -- C:\Windows\eReg.dat
[2010.04.20 21:33:49 | 000,691,696 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys
[2010.04.20 20:53:43 | 000,295,922 | ---- | M] () -- C:\Windows\System32\perfi007.dat
[2010.04.20 20:53:43 | 000,038,104 | ---- | M] () -- C:\Windows\System32\perfd007.dat
[2010.04.20 20:39:48 | 000,524,288 | -HS- | M] () -- C:\Users\christopher\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010.04.20 20:39:48 | 000,524,288 | -HS- | M] () -- C:\Users\christopher\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010.04.20 20:39:48 | 000,065,536 | -HS- | M] () -- C:\Users\christopher\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010.04.20 20:36:25 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.04.20 20:32:12 | 000,000,020 | -HS- | M] () -- C:\Users\christopher\ntuser.ini
[2010.04.20 18:27:48 | 000,042,045 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010.04.20 18:26:03 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin

========== Files Created - No Company Name ==========

[2010.05.07 11:34:52 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.07 03:26:02 | 000,322,940 | ---- | C] () -- C:\Users\christopher\Desktop\Religion und Fußball.pdf
[2010.05.07 03:25:24 | 000,195,634 | ---- | C] () -- C:\Users\christopher\Desktop\Bildquellen.pdf
[2010.05.05 17:11:22 | 004,024,901 | ---- | C] () -- C:\Users\christopher\Documents\Atzen-Party.wmv
[2010.05.05 14:48:18 | 000,002,991 | ---- | C] () -- C:\Users\christopher\Desktop\HiJackThis.lnk
[2010.05.04 17:52:14 | 000,096,761 | ---- | C] () -- C:\Windows\System32\7f5f96b.exe
[2010.04.30 00:34:39 | 000,001,696 | ---- | C] () -- C:\Users\Public\Desktop\GUN.lnk
[2010.04.30 00:33:57 | 000,000,264 | ---- | C] () -- C:\Windows\game.ini
[2010.04.30 00:09:15 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Worms 4 Mayhem.lnk
[2010.04.29 20:59:55 | 000,001,850 | ---- | C] () -- C:\Users\christopher\Desktop\Ghost Pirates.lnk
[2010.04.29 12:39:24 | 002,918,582 | ---- | C] () -- C:\Users\christopher\Documents\WRACKBPC.sfx.exe
[2010.04.27 13:47:04 | 000,000,934 | ---- | C] () -- C:\Users\christopher\Desktop\QIP 2010.lnk
[2010.04.22 12:51:17 | 000,007,605 | ---- | C] () -- C:\Users\christopher\AppData\Local\Resmon.ResmonCfg
[2010.04.22 11:54:25 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.04.21 22:59:59 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010.04.21 22:59:59 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010.04.21 22:23:13 | 000,001,899 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2010.04.21 22:23:11 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010.04.20 23:28:25 | 000,001,917 | ---- | C] () -- C:\Users\christopher\Desktop\Easy-Shutdown.lnk
[2010.04.20 22:48:14 | 000,000,531 | ---- | C] () -- C:\Windows\eReg.dat
[2010.04.20 21:33:49 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010.04.20 20:55:29 | 000,643,144 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010.04.20 20:55:29 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010.04.20 20:55:29 | 000,126,572 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010.04.20 20:55:29 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010.04.20 20:36:25 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.04.20 20:32:12 | 000,524,288 | -HS- | C] () -- C:\Users\christopher\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010.04.20 20:32:12 | 000,524,288 | -HS- | C] () -- C:\Users\christopher\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010.04.20 20:32:12 | 000,000,020 | -HS- | C] () -- C:\Users\christopher\ntuser.ini
[2010.04.20 20:32:11 | 001,835,008 | -HS- | C] () -- C:\Users\christopher\NTUSER.DAT
[2010.04.20 20:32:11 | 000,262,144 | -HS- | C] () -- C:\Users\christopher\ntuser.dat.LOG1
[2010.04.20 20:32:11 | 000,065,536 | -HS- | C] () -- C:\Users\christopher\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010.04.20 20:32:11 | 000,000,000 | -HS- | C] () -- C:\Users\christopher\ntuser.dat.LOG2
[2010.04.20 18:26:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.04.20 18:23:47 | 1609,670,656 | -HS- | C] () -- C:\hiberfil.sys
[2009.07.14 02:55:09 | 000,587,776 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.02.25 23:34:55 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:ADCAEB69
< End of report >

cosinus · 07.05.2010, 15:38

Mach bitte nen Vollscan mit Malwarebytes.

Scuz · 07.05.2010, 19:05

Ok hab ich gemacht, 1 Fund aber ich weiß genau dass es diese Datei nicht war

Zitat:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4073

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

07.05.2010 20:03:16
mbam-log-2010-05-07 (20-03-16).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 263441
Laufzeit: 1 Stunde(n), 40 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
D:\Spiele\Call of Duty 4 Modern Warfare (2007)\rzr-cd4f\rzr-cod4.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

Also Problem mit den sich öffnenden Tabs besteht weiterhin.
Anscheinend gibt es ja Leute die dieses Problem gelöst haben, warum kann man dann nicht sagen um was es sich handelt, denn wenn man mal bei google danach sucht, hört sich das alles ziemlich ähnlich an !

cosinus · 07.05.2010, 21:13

Zitat:

D:\Spiele\Call of Duty 4 Modern Warfare (2007)\rzr-cd4f\rzr-cod4.exe

Was soll denn das sein?

Scuz · 08.05.2010, 04:20

Naja ich denk ihr wisst was das ist, jedenfalls kann das unmöglich der virus sein.
Malwarebytes hat jetzt 2 stunden gescannt und außerdém bekannten nichts gefunden.
Wir sind ja alle keine Unschuldslämmer,sollte ich den Virus nicht finden müsste ich alle neu formatieren, was einer Katastrophe gleichkommt. War nun jahrelang Ubuntu und teilweise Suse User, hab Wochen gebrauht bis ich Windows 7 so hatte, dass es miur einigermaßen gefällt. Der einzige Grund warum ich überhaupt gewechselt bin war übrigens Fußball Manager 10, aufgrund meiner etwas älteren ATI Grafikkarte kann ich den unter Wine nicht spielen.
Ich hoffe jemand hat noch ne Patentlösung

cosinus · 09.05.2010, 12:48

Zitat:

Naja ich denk ihr wisst was das ist, jedenfalls kann das unmöglich der virus sein.

Falls es das ist was ich denke, ist der Support außer dem Hinweis auf format c: eh vorbei

07.05.2010, 15:38	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Firefox öffnet ständig Tabs mit Werbung Mach bitte nen Vollscan mit Malwarebytes. __________________ Logfiles bitte immer in CODE-Tags posten

Firefox öffnet ständig Tabs mit Werbung

Plagegeister aller Art und deren Bekämpfung: Firefox öffnet ständig Tabs mit Werbung