Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Antivir findet Trojaner: "TR/Crypt.ZPACK.Gen in C:\WINDOWS\system32\drivers\vevemzh.sys

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 18.06.2010, 00:31   #1
gina25
 
Antivir findet Trojaner: "TR/Crypt.ZPACK.Gen in C:\WINDOWS\system32\drivers\vevemzh.sys - Standard

Antivir findet Trojaner: "TR/Crypt.ZPACK.Gen in C:\WINDOWS\system32\drivers\vevemzh.sys



Hi, auch ich habe ein Problem mit o.g. Trojaner.

"Avira Antivir" und auch "Malwarebytes' Anti-Maleware" kann ihn nicht entfernen (beides mehrfach versucht).

Keine Ahnung wie ich mir den eingefangen habe. Ich habe mich nicht auf "dubiosen" Seiten herumg getrieben und benutze auch keine Cracks o.ä.


Vielleicht kann mir einer von euch helfen den Trojaner wieder weg zu bekommen. *hoff*

Nach Anleitungen in diesem Forum (die übrigens sehr gut erklärt sind, so dass Leute wie ich die kaum Ahnung haben es trotzdem hin bekommen - Danke!) habe ich inzwischen folgendes gemacht:

1. CCleaner benutzt
2. Malwarebytes-Anti-Malware -> Logfile (siehe unten)
3. OTL - Systemscan durchgeführt -> Logfiles (siehe unten)
4. O s a m -Report erstellt

Ich musste die Logfile-Daten auf mehrerer Postings aufteilen, da mir teilweise immer Fehlermeldungen angezeitgt wurden "Fatal Error: ..." Vielleicht lag es an der Länge ?
----------------------------------------------------
zu 2:

Malwarebytes' Anti-Malware 1.46
w**w.malwarebytes.org

Datenbank Version: 4209

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

17.06.2010 22:32:13
Malewarebytes - Trojaner-mbam-log-2010-06-17 (22-32-13).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 123687
Laufzeit: 5 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\WINDOWS\system32\drivers\vevemzh.sys (Backdoor.IEbooot) -> No action taken.
----------------------------------------------------------------------

Fortsetzung folgt....

Geändert von gina25 (18.06.2010 um 01:06 Uhr)

Alt 18.06.2010, 00:47   #2
gina25
 
Antivir findet Trojaner: "TR/Crypt.ZPACK.Gen in C:\WINDOWS\system32\drivers\vevemzh.sys - Standard

Antivir findet Trojaner: "TR/Crypt.ZPACK.Gen in C:\WINDOWS\system32\drivers\vevemzh.sys



zu 3 (zweites Logfile):

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 17.06.2010 23:36:46 - Run 2
OTL by OldTimer - Version 3.2.6.0     Folder = E:\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,55 Gb Total Space | 62,49 Gb Free Space | 83,83% Space Free | Partition Type: NTFS
Drive D: | 233,76 Gb Total Space | 67,07 Gb Free Space | 28,69% Space Free | Partition Type: NTFS
Drive E: | 204,91 Gb Total Space | 186,36 Gb Free Space | 90,95% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: GINA
Current User Name: user
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_USERS\S-1-5-21-1390067357-1284227242-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3233:TCP" = 3233:TCP:*:Enabled:backburner1
"3234:TCP" = 3234:TCP:*:Enabled:backburner2
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Programme\1&1\1&1 SoftPhone\IPPHONEUI.EXE" = C:\Programme\1&1\1&1 SoftPhone\IPPHONEUI.EXE:*:Enabled:1&1 SoftPhone -- (1&1 Internet AG)
"C:\Programme\Miranda IM\miranda32.exe" = C:\Programme\Miranda IM\miranda32.exe:*:Enabled:Miranda IM -- ( )
"C:\HP color LaserJet 3600\Temp\InstEng\Setup.exe" = C:\HP color LaserJet 3600\Temp\InstEng\Setup.exe:*:Enabled:Hewlett-Packard Installer -- (Hewlett-Packard)
"C:\Programme\Autodesk\Backburner\monitor.exe" = C:\Programme\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor -- (Autodesk, Inc.)
"C:\Programme\Autodesk\Backburner\manager.exe" = C:\Programme\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager -- (Autodesk, Inc.)
"C:\Programme\Autodesk\Backburner\server.exe" = C:\Programme\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server -- (Autodesk, Inc.)
"C:\Programme\Autodesk\3ds Max 2008\3dsmax.exe" = C:\Programme\Autodesk\3ds Max 2008\3dsmax.exe:*:Enabled:Autodesk 3ds Max 2008 32-bit -- (Autodesk, Inc.)
"C:\Programme\Autodesk\Backburner\serversvc.exe" = C:\Programme\Autodesk\Backburner\serversvc.exe:*:Enabled:serversvc.exe -- (Autodesk, Inc.)
"C:\Programme\RealVNC\VNC4\winvnc4.exe" = C:\Programme\RealVNC\VNC4\winvnc4.exe:LocalSubNet:Enabled:winvnc4.exe -- (RealVNC Ltd.)
"D:\WoW\WoW-3.1.3.9947-to-3.2.0.10192-deDE-downloader.exe" = D:\WoW\WoW-3.1.3.9947-to-3.2.0.10192-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"D:\WoW\WoW-3.2.0.10192-to-3.2.0.10314-deDE-downloader.exe" = D:\WoW\WoW-3.2.0.10192-to-3.2.0.10314-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"D:\WoW\Launcher.exe" = D:\WoW\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"D:\WoW\WoW-3.2.0.10314-to-3.2.2.10482-deDE-downloader.exe" = D:\WoW\WoW-3.2.0.10314-to-3.2.2.10482-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"D:\WoW\WoW-3.2.2.10482-to-3.2.2.10505-deDE-downloader.exe" = D:\WoW\WoW-3.2.2.10482-to-3.2.2.10505-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\WINDOWS\Temp\occ.exe" = C:\WINDOWS\Temp\occ.exe:*:Enabled:OneCC Module -- (eStara, Inc.)
"D:\WoW\BackgroundDownloader.exe" = D:\WoW\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Dokumente und Einstellungen\user\Anwendungsdaten\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Dokumente und Einstellungen\user\Anwendungsdaten\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Disabled:Main program for Octoshape client -- (Octoshape ApS)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0E3CCCDC-3BB2-B5D5-A547-5F157E1BADB8}" = Catalyst Control Center Core Implementation
"{131C976E-E991-40FA-163F-B29022346F01}" = CCC Help English
"{17A87ED9-129A-4516-A3BF-5E513D23C3BB}" = Aureon 5.1 Fun ControlPanel
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38EC4486-44FF-49da-8FFF-87DA9DCBC06B}" = Autodesk 3ds Max 2008 32-bit Help
"{3C106CBD-3E5A-4275-94F9-23FFE687D090}" = Autodesk 3ds Max 2008 32-bit Architectural Materials Library
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Backburner
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{556DF27F-5B74-11D5-B876-004005E12EF1}" = GPSoftware Directory Opus
"{5A53992C-48D6-D4DB-75A7-5D13388DAB9A}" = ccc-core-static
"{679035C8-CEB8-4a5c-847A-5FB3FFADC0EB}" = Autodesk 3ds Max 2008 32-bit Vault 2008 Plug-In
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{72019134-3A61-4C39-A540-245600C4CDFA}" = Turbo Squid Tentacles 3ds Max 2008
"{7AE858CD-7AD6-D9E6-627E-E452A71896E7}" = Catalyst Control Center Graphics Full Existing
"{8BC8DA36-302D-14FA-55AE-5CAAF1CA4F25}" = Catalyst Control Center Graphics Light
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A44C8D37-B36B-D378-2201-97137494E339}" = ccc-utility
"{AB2037C6-FE46-41fd-B1B2-4D62FBB1E57A}" = Autodesk 3ds Max 2008 32-bit Videos
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.2 - Deutsch
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{BB37C263-9B7F-6A1C-A1B8-333C3FB80614}" = ccc-core-preinstall
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{BF658A51-6D4F-4CB0-8D40-D183692B995D}" = Autodesk 3ds Max 2008 32-bit
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1B7094B-8CAC-492a-9EE6-D1576ED35208}" = Autodesk 3ds Max 2008 32-bit Vault 5 Plug-In
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{DE5CD0E9-9296-788D-F082-54454791A65E}" = Catalyst Control Center Graphics Previews Common
"{EBB15EA8-B7CF-E90C-B977-18777AFC63F0}" = Catalyst Control Center HydraVision Full
"{EC27630A-EAFB-AB2A-56CC-7F5189845D85}" = Catalyst Control Center Graphics Full New
"{EDC8D89C-DC3D-4a3d-ABE7-97D281C0A13A}" = Autodesk 3ds Max 2008 32-bit Additional Maps and Material Libraries
"{EED52BB5-3A22-42F2-9B76-BB743F6739B7}" = HP Color LaserJet 3600
"{F722209B-739E-40E4-ADB1-062BD032A0DB}" = Personal ID
"09FF29D71EA03FC1D2C745E1A767A6625475E6FB" = Windows Driver Package - OPTO ELECTRONICS CO.,LTD (optousb) Ports  (07/25/2007 2.0.3.3)
"1&1 SoftPhone" = 1&1 SoftPhone
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.5
"ATI Display Driver" = ATI Display Driver
"AudioCS" = Creative-Audiokonsole
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BPM Analyse" = BPM Analyse 0.5.4
"CCleaner" = CCleaner
"C-Media Audio Driver" = C-Media WDM Audio Driver
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"EasyCash&Tax_is1" = EasyCash&Tax 1.48
"ElsterFormular 11.2.0.4074" = ElsterFormular
"FBX Plugin 2006.11.1 for Max 2008" = FBX Plugin 2006.11.1 for Max 2008
"HP Color LaserJet 3600" = HP Color LaserJet 3600
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.9.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Miranda IM" = Miranda IM 0.8.1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Panel Client_is1" = Panel Client 3.2
"RealVNC_is1" = VNC Free Edition 4.1.2
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Tweak UI 2.10" = Tweak UI
"WaveStudio 7" = Creative WaveStudio 7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.6.6
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1390067357-1284227242-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape Streaming Services" = Octoshape Streaming Services
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 11.06.2010 02:02:37 | Computer Name = GINA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mplayerc.exe, Version 6.4.9.1, fehlgeschlagenes
 Modul mplayerc.exe, Version 6.4.9.1, Fehleradresse 0x000c0a1e.
 
Error - 11.06.2010 03:09:10 | Computer Name = GINA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mplayerc.exe, Version 6.4.9.1, fehlgeschlagenes
 Modul mplayerc.exe, Version 6.4.9.1, Fehleradresse 0x000c0a1e.
 
Error - 11.06.2010 21:04:02 | Computer Name = GINA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mplayerc.exe, Version 6.4.9.1, fehlgeschlagenes
 Modul mplayerc.exe, Version 6.4.9.1, Fehleradresse 0x000c0a1e.
 
Error - 11.06.2010 21:20:39 | Computer Name = GINA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mplayerc.exe, Version 6.4.9.1, fehlgeschlagenes
 Modul mplayerc.exe, Version 6.4.9.1, Fehleradresse 0x000c0a1e.
 
Error - 11.06.2010 21:21:20 | Computer Name = GINA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mplayerc.exe, Version 6.4.9.1, fehlgeschlagenes
 Modul mplayerc.exe, Version 6.4.9.1, Fehleradresse 0x000c0a1e.
 
Error - 11.06.2010 21:38:49 | Computer Name = GINA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mplayerc.exe, Version 6.4.9.1, fehlgeschlagenes
 Modul mplayerc.exe, Version 6.4.9.1, Fehleradresse 0x000c0a1e.
 
Error - 11.06.2010 21:38:53 | Computer Name = GINA | Source = Application Error | ID = 1001
Description = Fehlerhafter Speicherbereich 1173209126.
 
Error - 12.06.2010 05:25:54 | Computer Name = GINA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mplayerc.exe, Version 6.4.9.1, fehlgeschlagenes
 Modul mplayerc.exe, Version 6.4.9.1, Fehleradresse 0x000c0a1e.
 
Error - 12.06.2010 05:39:44 | Computer Name = GINA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mplayerc.exe, Version 6.4.9.1, fehlgeschlagenes
 Modul mplayerc.exe, Version 6.4.9.1, Fehleradresse 0x000c0a1e.
 
Error - 15.06.2010 10:14:10 | Computer Name = GINA | Source = ESENT | ID = 490
Description = svchost (940) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
[ System Events ]
Error - 16.06.2010 10:09:44 | Computer Name = GINA | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "D:" aus.
 
Error - 17.06.2010 01:51:08 | Computer Name = GINA | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "SENS"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
 
Error - 17.06.2010 01:51:08 | Computer Name = GINA | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "SENS"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
 
Error - 17.06.2010 01:55:18 | Computer Name = GINA | Source = Setup | ID = 60055
Description = Während der Installation sind Fehler aufgetreten. Weitere Informationen
 finden Sie in der Datei "setuperr.log" im Windows-Verzeichni
 
Error - 17.06.2010 05:10:21 | Computer Name = GINA | Source = BITS | ID = 1654791
Description = Die BITS-Auftragsliste hat ein unzulässiges Format. Möglicherweise
 wurde die Liste mit einer anderen BITS-Version erstellt. Die Auftragsliste wurde
 gelöscht.
 
Error - 17.06.2010 10:06:59 | Computer Name = GINA | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   PCIIde
 
Error - 17.06.2010 10:19:43 | Computer Name = GINA | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   PCIIde
 
Error - 17.06.2010 10:36:48 | Computer Name = GINA | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   PCIIde
 
Error - 17.06.2010 11:28:46 | Computer Name = GINA | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   PCIIde
 
Error - 17.06.2010 16:34:58 | Computer Name = GINA | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   PCIIde
 
 
< End of report >
         
--- --- ---



---------------------------------------------------------------------
zu 4:

Code:
ATTFilter
Report of O S A M: Autorun Manager v5.0.11926.0
hxxp://w**.online-solutions.ru/en/
Saved at 20:45:47 on 17.06.2010
OS: Windows XP Professional Service Pack 2 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.3

Scanner Settings
Rootkits detection (hidden registry)
Rootkits detection (hidden files)
Retrieve files information
Check Microsoft signatures

Filters
Trusted entries
Empty entries
Hidden registry entries (rootkit activity)
Exclusively opened files
Not found files
Files without detailed information
Existing files
Non-startable services
Non-startable drivers
Active entries
Disabled entries

  	Risk 	Name 	Publisher 	Full Path 	Status
Common
%SystemRoot%\Tasks
	||||   	"AppleSoftwareUpdate.job" 	"Apple Inc." 	C:\Programme\Apple Software Update\SoftwareUpdate.exe 	File exists
Control Panel Objects
%SystemRoot%\system32
	|||||| 	"infocardcpl.cpl" 	"Microsoft Corporation" 	C:\WINDOWS\system32\infocardcpl.cpl 	File exists
	|||||| 	"javacpl.cpl" 	"Sun Microsystems, Inc." 	C:\WINDOWS\system32\javacpl.cpl 	File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls
	|||||| 	"Avira AntiVir Personal - Free Antivirus " 	"Avira GmbH" 	C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl 	File exists
	|||||| 	"CreativeAudioConsole" 	"Creative Technology Ltd" 	C:\Programme\Creative\AudioCS\CTAudCS.cpl 	File exists
	|||||| 	"QuickTime" 	"Apple Inc." 	C:\Programme\QuickTime\QTSystem\QuickTime.cpl 	File exists
Drivers
HKLM\SYSTEM\CurrentControlSet\Services
	|||||| 	"avgio" (avgio) 	"Avira GmbH" 	C:\Programme\Avira\AntiVir Desktop\avgio.sys 	File exists
	|||||| 	"avgntflt" (avgntflt) 	"Avira GmbH" 	C:\WINDOWS\System32\DRIVERS\avgntflt.sys 	File exists
	|||||| 	"avipbb" (avipbb) 	"Avira GmbH" 	C:\WINDOWS\System32\DRIVERS\avipbb.sys 	File exists
	       	"Changer" (Changer) 		C:\WINDOWS\system32\drivers\Changer.sys 	File not found
	||     	"cmigameport" (cmigameport) 		C:\WINDOWS\System32\drivers\cmigameport.sys 	File found, but it contains no detailed information
	       	"i2omgmt" (i2omgmt) 		C:\WINDOWS\system32\drivers\i2omgmt.sys 	File not found
	       	"lbrtfdc" (lbrtfdc) 		C:\WINDOWS\system32\drivers\lbrtfdc.sys 	File not found
	       	"PCIDump" (PCIDump) 		C:\WINDOWS\system32\drivers\PCIDump.sys 	File not found
	       	"PDCOMP" (PDCOMP) 		C:\WINDOWS\system32\drivers\PDCOMP.sys 	File not found
	       	"PDFRAME" (PDFRAME) 		C:\WINDOWS\system32\drivers\PDFRAME.sys 	File not found
	       	"PDRELI" (PDRELI) 		C:\WINDOWS\system32\drivers\PDRELI.sys 	File not found
	       	"PDRFRAME" (PDRFRAME) 		C:\WINDOWS\system32\drivers\PDRFRAME.sys 	File not found
	|||||| 	"Secdrv" (Secdrv) 		C:\WINDOWS\System32\DRIVERS\secdrv.sys 	File signed by Microsoft | File found, but it contains no detailed information
	|||||| 	"ssmdrv" (ssmdrv) 	"Avira GmbH" 	C:\WINDOWS\System32\DRIVERS\ssmdrv.sys 	File exists
	|||||| 	"TerraTec Aureon 5.1 (WDM)" (cmpci) 	"C-Media Inc" 	C:\WINDOWS\System32\drivers\cmaudio.sys 	File exists
	       	"vevemzh" (vevemzh) 		C:\WINDOWS\system32\drivers\vevemzh.sys 	Hidden file | Hidden registry entry, rootkit activity | File found, but it contains no detailed information
	       	"WDICA" (WDICA) 		C:\WINDOWS\system32\drivers\WDICA.sys 	File not found
Explorer
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
	|||||| 	{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" 	"Microsoft Corporation" 	C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install 	File exists
	|||||| 	<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} "Versions-Update für Internet Explorer" 	"Microsoft Corporation" 	C:\WINDOWS\system32\ieudinit.exe 	File exists
HKLM\Software\Classes\Folder\shellex\ColumnHandlers
	|||||| 	{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" 	"Adobe Systems, Inc." 	C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll 	File exists
	|||||| 	{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" 		C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll 	File exists
HKLM\Software\Classes\Protocols\Filter
	|||||| 	{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" 	"Microsoft Corporation" 	C:\WINDOWS\system32\mscoree.dll 	File exists
	|||||| 	{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" 	"Microsoft Corporation" 	C:\WINDOWS\system32\mscoree.dll 	File exists
	|||||| 	{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" 	"Microsoft Corporation" 	C:\WINDOWS\system32\mscoree.dll 	File exists
HKLM\Software\Classes\Protocols\Handler
	|||||| 	{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" 	"Skype Technologies" 	C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL 	File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
	|||||| 	{3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} "Directory Opus Shell Execute Hook" 	"GP Software" 	C:\Programme\GPSoftware\Directory Opus\dopuslib.dll 	File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
	       	{F2CF5485-4E02-4f68-819C-B92DE9277049} "&Links" 	"Microsoft Corporation" 	C:\WINDOWS\system32\ieframe.dll 	File exists
	       	{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" 		deskpan.dll 	File not found
	|||||| 	{E9FE4040-3C93-11d4-8006-00201860E88A} "Directory Opus Context Menu" 	"GP Software" 	C:\Programme\GPSoftware\Directory Opus\dopuslib.dll 	File exists
	|||||| 	{B9DD4945-1BED-4cb7-994C-F40B72B7725A} "Directory Opus Desktop Context Menu" 	"GP Software" 	C:\Programme\GPSoftware\Directory Opus\dopuslib.dll 	File exists
	|||||| 	{F85D7E1E-9662-4b38-B1AE-3CF1E9581A3C} "Directory Opus Drop Target" 	"GP Software" 	C:\Programme\GPSoftware\Directory Opus\dopuslib.dll 	File exists
	|||||| 	{D2FCA36D-93CD-46f2-8324-6308F6E31B53} "Directory Opus File Collection Shell Extension" 	"GP Software" 	C:\Programme\GPSoftware\Directory Opus\dopuslib.dll 	File exists
	|||||| 	{42BEF283-A10E-472D-B105-9F2B59AFBFC8} "Directory Opus Find Extension" 	"GP Software" 	C:\Programme\GPSoftware\Directory Opus\dopuslib.dll 	File exists
	|||||| 	{BBD5F00E-26A6-4fb2-BAE1-31543C0BEA47} "Directory Opus Icon Handler" 	"GP Software" 	C:\Programme\GPSoftware\Directory Opus\dopuslib.dll 	File exists
	|||||| 	{2DF394BA-1955-4a52-900E-303836135F67} "Directory Opus Info Tip Handler" 	"GP Software" 	C:\Programme\GPSoftware\Directory Opus\dopuslib.dll 	File exists
	|||||| 	{3CF9ECE0-1A9F-11d2-8C73-00C06C2005DE} "Directory Opus Shell Execute Hook" 	"GP Software" 	C:\Programme\GPSoftware\Directory Opus\dopuslib.dll 	File exists
	       	{3028902F-6374-48b2-8DC6-9725E775B926} "IE AutoComplete" 	"Microsoft Corporation" 	C:\WINDOWS\system32\ieframe.dll 	File exists
	       	{73CFD649-CD48-4fd8-A272-2070EA56526B} "IE BandProxy" 	"Microsoft Corporation" 	C:\WINDOWS\system32\ieframe.dll 	File exists
	       	{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} "IE Custom MRU AutoCompleted List" 	"Microsoft Corporation" 	C:\WINDOWS\system32\ieframe.dll 	File exists
	       	{1C1EDB47-CE22-4bbb-B608-77B48F83C823} "IE Fade Task" 	"Microsoft Corporation" 	C:\WINDOWS\system32\ieframe.dll 	File exists
	       	{11016101-E366-4D22-BC06-4ADA335C892B} "IE History and Feeds Shell Data Source for Windows Search" 	"Microsoft Corporation" 	C:\WINDOWS\system32\ieframe.dll 	File exists
	       	{6CF48EF8-44CD-45d2-8832-A16EA016311B} "IE IShellFolderBand" 	"Microsoft Corporation" 	C:\WINDOWS\system32\ieframe.dll 	File exists
	       	{4B78D326-D922-44f9-AF2A-07805C2A3560} "IE Menu Band" 	"Microsoft Corporation" 	C:\WINDOWS\system32\ieframe.dll 	File exists
	       	{205D7A97-F16D-4691-86EF-F3075DCCA57D} "IE Menu Desk Bar" 	"Microsoft Corporation" 	C:\WINDOWS\system32\ieframe.dll 	File exists
	       	{44C76ECD-F7FA-411c-9929-1B77BA77F524} "IE Menu Site" 	"Microsoft Corporation" 	C:\WINDOWS\system32\ieframe.dll 	File exists
	       	{07C45BB1-4A8C-4642-A1F5-237E7215FF66} "IE Microsoft BrowserBand" 	"Microsoft Corporation" 	C:\WINDOWS\system32\ieframe.dll 	File exists
	       	{6038EF75-ABFC-4e59-AB6F-12D397F6568D} "IE Microsoft History AutoComplete List" 	"Microsoft Corporation" 	C:\WINDOWS\system32\ieframe.dll 	File exists
	       	{B31C5FAE-961F-415b-BAF0-E697A5178B94} "IE Microsoft Multiple AutoComplete List Container" 	"Microsoft Corporation" 	C:\WINDOWS\system32\ieframe.dll 	File exists
	       	{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} "IE Microsoft Shell Folder AutoComplete List" 	"Microsoft Corporation" 	C:\WINDOWS\system32\ieframe.dll 	File exists
	       	{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} "IE MRU AutoComplete List" 	"Microsoft Corporation" 	C:\WINDOWS\system32\ieframe.dll 	File exists
	       	{43886CD5-6529-41c4-A707-7B3C92C05E68} "IE Navigation Bar" 	"Microsoft Corporation" 	C:\WINDOWS\system32\ieframe.dll 	File exists
	       	{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} "IE Registry Tree Options Utility" 	"Microsoft Corporation" 	C:\WINDOWS\system32\ieframe.dll 	File exists
	       	{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} "IE RSS Feeds Folder" 	"Microsoft Corporation" 	C:\WINDOWS\system32\ieframe.dll 	File exists
	       	{E6EE9AAC-F76B-4947-8260-A9F136138E11} "IE Shell Band Site Menu" 	"Microsoft Corporation" 	C:\WINDOWS\system32\ieframe.dll 	File exists
	       	{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} "IE Shell Rebar BandSite" 	"Microsoft Corporation" 	C:\WINDOWS\system32\ieframe.dll 	File exists
	       	{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} "IE Tracking Shell Menu" 	"Microsoft Corporation" 	C:\WINDOWS\system32\ieframe.dll 	File exists
	       	{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" 			File not found | COM-object registry key not found
	       	{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" 			File not found | COM-object registry key not found
	|||||| 	{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" 		C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll 	File exists
	|||||| 	{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" 		C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll 	File exists
	|||||| 	{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" 		C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll 	File exists
	|||||| 	{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" 		C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll 	File exists
	|||||| 	{35786D3C-B075-49b9-88DD-029876E11C01} "Portable Devices" 	"Microsoft Corporation" 	C:\WINDOWS\system32\wpdshext.dll 	File exists
	|||||| 	{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} "Portable Devices Menu" 	"Microsoft Corporation" 	C:\WINDOWS\system32\wpdshext.dll 	File exists
	|||||| 	{640167b4-59b0-47a6-b335-a6b3c0695aea} "Portable Media Devices" 	"Microsoft Corporation" 	C:\WINDOWS\system32\Audiodev.dll 	File exists
	|||||| 	{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" 	"Avira GmbH" 	C:\Programme\Avira\AntiVir Desktop\shlext.dll 	File exists
	|||||| 	{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" 	"Microsoft Corporation" 	C:\WINDOWS\system32\dfshim.dll 	File exists
	       	{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" 			File not found | COM-object registry key not found
	|||||| 	{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" 	"Microsoft Corporation" 	C:\WINDOWS\system32\dfshim.dll 	File exists
	|||||| 	{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" 	"Advanced Micro Devices, Inc." 	C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll 	File exists
	|||||| 	{45670FA8-ED97-4F44-BC93-305082590BFB} "Windows XPS Document Metadata Handler" 	"Microsoft Corporation" 	C:\WINDOWS\System32\XPSSHHDR.DLL 	File exists
	|||||| 	{44121072-A222-48f2-A58A-6D9AD51EBBE9} "Windows XPS Document Thumbnail Handler" 	"Microsoft Corporation" 	C:\WINDOWS\System32\XPSSHHDR.DLL 	File exists
	|||||| 	{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" 		C:\Programme\WinRAR\rarext.dll 	File found, but it contains no detailed information
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
	|||||| 	{AAA288BA-9A4C-45B0-95D7-94D524869DB5} "WPDShServiceObj Class" 	"Microsoft Corporation" 	C:\WINDOWS\system32\WPDShServiceObj.dll 	File exists
Internet Explorer
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
	       	ITBar7Height "ITBar7Height" 			File not found | COM-object registry key not found
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units
	||||   	{F6ACF75C-C32C-447B-9BEF-46B766368D29} "Creative Software AutoUpdate Support Package"
hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab 	"Creative Technology Ltd" 	C:\PROGRA~1\Creative\SHARED~1\SOFTWA~1\CTPID.ocx 	File exists
	||||   	{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_13"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab 	"Sun Microsystems, Inc." 	C:\Programme\Java\jre6\bin\npjpi160_13.dll 	File exists
	||||   	{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab 	"Sun Microsystems, Inc." 	C:\Programme\Java\jre6\bin\npjpi160_13.dll 	File exists
	||||   	{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab 	"Sun Microsystems, Inc." 	C:\Programme\Java\jre6\bin\npjpi160_13.dll 	File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
	|||||| 	"Exec" 	"Microsoft Corporation" 	C:\WINDOWS\Network Diagnostic\xpnetdiag.exe 	File exists
	||||   	"Messenger" 	"Microsoft Corporation" 	C:\Programme\Messenger\msmsgs.exe 	File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
	|||||| 	{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" 	"Adobe Systems Incorporated" 	C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll 	File exists
	||||   	{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" 	"Sun Microsystems, Inc." 	C:\Programme\Java\jre6\bin\jp2ssv.dll 	File exists
	||||   	{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" 	"Sun Microsystems, Inc." 	C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll 	File exists
Logon
%AllUsersProfile%\Startmenü\Programme\Autostart
	|||||| 	"desktop.ini" 		C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini 	File exists
%UserProfile%\Startmenü\Programme\Autostart
	|||||| 	"desktop.ini" 		C:\Dokumente und Einstellungen\user\Startmenü\Programme\Autostart\desktop.ini 	File exists
	|||||| 	"Directory Opus.lnk" 	"GP Software" 	C:\Programme\GPSoftware\Directory Opus\dopus.exe 	Shortcut exists | File exists
	||||   	"OpenOffice.org 3.1.lnk" 		C:\Programme\OpenOffice.org 3\program\quickstart.exe 	Shortcut exists | File found, but it contains no detailed information | File exists
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
	||||   	"Directory Opus Desktop Dblclk" 	"GP Software" 	"C:\Programme\GPSoftware\Directory Opus\dopusrt.exe" /dblclk 	File exists
	||     	"Octoshape Streaming Services" 	"Octoshape ApS" 	"C:\Dokumente und Einstellungen\user\Anwendungsdaten\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun 	File exists
	       	"Personal ID" 	"coolspot AG, Düsseldorf" 	C:\COOLSP~1\PERSON~1\PID.EXE 	File exists
	       	"Skype" 	"Skype Technologies S.A." 	"C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized 	File exists
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
	       	"1&1_1&1 SoftPhone" 	"1&1 Internet AG" 	"C:\Programme\1&1\1&1 SoftPhone\IPPHONEUI.EXE" /hide 	File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
	||||   	"Adobe Reader Speed Launcher" 	"Adobe Systems Incorporated" 	"C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" 	File exists
	|||||| 	"avgnt" 	"Avira GmbH" 	"C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min 	File exists
	||||   	"QuickTime Task" 	"Apple Inc." 	"C:\Programme\QuickTime\QTTask.exe" -atboottime 	File exists
	||||   	"StartCCC" 	"Advanced Micro Devices, Inc." 	"C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun 	File exists
	||||   	"SunJavaUpdateSched" 	"Sun Microsystems, Inc." 	"C:\Programme\Java\jre6\bin\jusched.exe" 	File exists
Print Monitors
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
	|||||| 	"HP Standard TCP/IP Port" 	"Hewlett Packard" 	C:\WINDOWS\system32\HpTcpMon.dll 	File exists
Services
HKLM\SYSTEM\CurrentControlSet\Services
	|||||| 	".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) 	"Microsoft Corporation" 	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 	File exists
	|||||| 	"ASP.NET State Service" (aspnet_state) 	"Microsoft Corporation" 	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 	File exists
	|||||| 	"ATI Smart" (ATI Smart) 		C:\WINDOWS\system32\ati2sgag.exe 	File exists
	|||||| 	"Autodesk Licensing Service" (Autodesk Licensing Service) 	"Autodesk" 	C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe 	File exists
	|||||| 	"Automatische Konfiguration (verkabelt)" (Dot3svc) 	"Microsoft Corporation" 	C:\WINDOWS\System32\dot3svc.dll 	File exists
	|||||| 	"Avira AntiVir Guard" (AntiVirService) 	"Avira GmbH" 	C:\Programme\Avira\AntiVir Desktop\avguard.exe 	File exists
	|||||| 	"Avira AntiVir Planer" (AntiVirSchedulerService) 	"Avira GmbH" 	C:\Programme\Avira\AntiVir Desktop\sched.exe 	File exists
	|||||| 	"Creative Service for CDROM Access" (Creative Service for CDROM Access) 	"Creative Technology Ltd" 	C:\WINDOWS\system32\CTsvcCDA.exe 	File exists
	|||||| 	"Extensible Authentication-Protokolldienst" (EapHost) 	"Microsoft Corporation" 	C:\WINDOWS\System32\eapsvc.dll 	File exists
	|||||| 	"Integritätsschlüssel- und Zertifikatverwaltungsdienst" (hkmsvc) 	"Microsoft Corporation" 	C:\WINDOWS\System32\kmsvc.dll 	File exists
	|||||| 	"Java Quick Starter" (JavaQuickStarterService) 	"Sun Microsystems, Inc." 	C:\Programme\Java\jre6\bin\jqs.exe 	File exists
	|||||| 	"mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit" (mi-raysat_3dsMax2008_32) 		C:\Programme\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe 	File found, but it contains no detailed information
	|||||| 	"NAP-Agent (Network Access Protection)" (napagent) 	"Microsoft Corporation" 	C:\WINDOWS\System32\qagentrt.dll 	File exists
	|||||| 	"VNC Server Version 4" (WinVNC4) 	"RealVNC Ltd." 	C:\Programme\RealVNC\VNC4\winvnc4.exe 	File exists
	|||||| 	"Windows CardSpace" (idsvc) 	"Microsoft Corporation" 	C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 	File exists
	||||   	"Windows Media Player-Netzwerkfreigabedienst" (WMPNetworkSvc) 	"Microsoft Corporation" 	C:\Programme\Windows Media Player\WMPNetwk.exe 	File exists
	|||||| 	"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) 	"Microsoft Corporation" 	C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 	File exists
Winlogon
HKCU\Control Panel\IOProcs
	       	"MVB" 		mvfs32.dll 	File not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions
	|||||| 	{B587E2B1-4D59-4e7e-AED9-22B9DF11D053} "802.3 Group Policy" 	"Microsoft Corporation" 	C:\WINDOWS\system32\dot3gpclnt.dll 	File exists
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
	|||||| 	"dimsntfy" 	"Microsoft Corporation" 	C:\WINDOWS\System32\dimsntfy.dll 	File exists
	||||   	"WgaLogon" 	"Microsoft Corporation" 	C:\WINDOWS\system32\WgaLogon.dll 	File exists

-----------------------------------------------------------------------
         
__________________


Geändert von gina25 (18.06.2010 um 01:03 Uhr)

Alt 18.06.2010, 00:57   #3
gina25
 
Antivir findet Trojaner: "TR/Crypt.ZPACK.Gen in C:\WINDOWS\system32\drivers\vevemzh.sys - Standard

Antivir findet Trojaner: "TR/Crypt.ZPACK.Gen in C:\WINDOWS\system32\drivers\vevemzh.sys



OTL logfile created on: 17.06.2010 23:36:46 - Run 2
OTL by OldTimer - Version 3.2.6.0 Folder = E:\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,55 Gb Total Space | 62,49 Gb Free Space | 83,83% Space Free | Partition Type: NTFS
Drive D: | 233,76 Gb Total Space | 67,07 Gb Free Space | 28,69% Space Free | Partition Type: NTFS
Drive E: | 204,91 Gb Total Space | 186,36 Gb Free Space | 90,95% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GINA
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - E:\Eigene Dateien\Downloads\O T L. exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
PRC - C:\Programme\GPSoftware\Directory Opus\dopusrt.exe (GP Software)
PRC - C:\Programme\GPSoftware\Directory Opus\dopus.exe (GP Software)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\coolspot AG\Personal ID\pid.exe (coolspot AG, Düsseldorf)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Dokumente und Einstellungen\user\Anwendungsdaten\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
PRC - C:\Programme\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe ()
PRC - C:\Programme\1&1\1&1 SoftPhone\IPPHONEUI.EXE (1&1 Internet AG)
PRC - C:\Programme\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd.)
PRC - C:\WINDOWS\system32\hpzipm12.exe (HP)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Outlook Express\msimn.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - E:\Eigene Dateien\Downloads\O T L. exe (OldTimer Tools)
MOD - C:\Programme\GPSoftware\Directory Opus\dopushlp.dll (GP Software)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Autodesk Licensing Service) -- C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (mi-raysat_3dsMax2008_32) -- C:\Programme\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe ()
SRV - (WinVNC4) -- C:\Programme\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\hpzipm12.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (NuidFltr) -- C:\WINDOWS\system32\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (P17xfi) -- C:\WINDOWS\system32\drivers\P17xfi.sys (Creative Technology Ltd.)
DRV - (p17xfilt) -- C:\WINDOWS\system32\drivers\p17xfilt.sys (Creative)
DRV - (optovcm) -- C:\WINDOWS\system32\drivers\optovcm.sys (OPTO ELECTRONICS CO.,LTD.)
DRV - (optousb) -- C:\WINDOWS\system32\drivers\optousb.sys (OPTO ELECTRONICS CO.,LTD.)
DRV - (CTUSFSYN) -- C:\WINDOWS\system32\drivers\ctusfsyn.sys (Creative Technology Ltd.)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (cmpci) TerraTec Aureon 5.1 (WDM) -- C:\WINDOWS\system32\drivers\cmaudio.sys (C-Media Inc)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (cmigameport) -- C:\WINDOWS\system32\drivers\cmigameport.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1390067357-1284227242-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5

FF - HKLM\software\mozilla\Firefox\Extensions\\{5FE7198A-5950-4068-9FBF-1A60395CC4E9}: C:\Programme\1&1\1&1 SoftPhone\Firefox [2009.07.08 23:55:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.06.17 17:37:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.06.17 17:37:38 | 000,000,000 | ---D | M]

[2009.07.07 15:51:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Extensions
[2010.06.17 17:01:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\uqnnlq29.default\extensions
[2010.05.12 11:03:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\uqnnlq29.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.04 14:55:13 | 000,000,000 | ---D | M] (eBay Sidebar for Firefox) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\uqnnlq29.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
[2010.02.19 21:08:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\uqnnlq29.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2009.07.09 00:41:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\z5lf07c2.default\extensions
[2009.07.07 17:24:14 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\z5lf07c2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.07.07 17:24:13 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\z5lf07c2.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.06.17 17:01:03 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.01 09:52:45 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.03.14 12:55:59 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.14 12:55:59 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.14 12:56:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.14 12:56:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.14 12:56:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2007.07.27 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Cmaudio] File not found
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\SPIRun.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1390067357-1284227242-682003330-1003..\Run: [Directory Opus Desktop Dblclk] C:\Programme\GPSoftware\Directory Opus\dopusrt.exe (GP Software)
O4 - HKU\S-1-5-21-1390067357-1284227242-682003330-1003..\Run: [Octoshape Streaming Services] C:\Dokumente und Einstellungen\user\Anwendungsdaten\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKU\S-1-5-21-1390067357-1284227242-682003330-1003..\Run: [Personal ID] C:\coolspot AG\Personal ID\pid.exe (coolspot AG, Düsseldorf)
O4 - HKU\S-1-5-21-1390067357-1284227242-682003330-1003..\RunOnce: [1&1_1&1 SoftPhone] C:\Programme\1&1\1&1 SoftPhone\IPPHONEUI.EXE (1&1 Internet AG)
O4 - Startup: C:\Dokumente und Einstellungen\user\Startmenü\Programme\Autostart\Directory Opus.lnk = C:\Programme\GPSoftware\Directory Opus\dopus.exe (GP Software)
O4 - Startup: C:\Dokumente und Einstellungen\user\Startmenü\Programme\Autostart\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1390067357-1284227242-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: In 1&&1 SoftPhone wählen - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1&1\1&1 SoftPhone\ContextMenuHandler.html ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O28 - HKLM ShellExecuteHooks: {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Programme\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.07.07 14:46:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: calckdsk - (C:\WINDOWS\system32\mscdping.dll) - C:\WINDOWS\System32\mscdping.dll File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010.06.17 09:26:24 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000 begin_of_the_skype_highlighting**************056-444553540000******end_of_the_skype_highlighting} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (www)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16620634377289728)

========== Files/Folders - Created Within 30 Days ==========

[2010.06.17 22:36:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010.06.17 20:33:36 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\user\Recent
[2010.06.17 20:28:23 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.06.17 17:37:16 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010.06.17 17:37:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
[2010.06.17 15:45:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Malwarebytes
[2010.06.17 15:44:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.06.17 15:44:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.06.17 15:44:53 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.06.17 15:44:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.06.17 07:56:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010.06.17 07:54:24 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2010.06.17 07:54:23 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2010.06.17 07:54:23 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2010.06.17 07:54:23 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2010.06.17 07:54:22 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2010.06.17 07:54:22 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2010.06.17 07:54:22 | 000,031,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2010.06.17 07:54:21 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wam51.dll
[2010.06.17 07:54:21 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamreg51.dll
[2010.06.17 07:54:21 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2010.06.17 07:54:21 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2010.06.17 07:54:19 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svc.dll
[2010.06.17 07:54:19 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2010.06.17 07:54:19 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2010.06.17 07:54:19 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2010.06.17 07:54:19 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2010.06.17 07:54:18 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2010.06.17 07:54:18 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2010.06.17 07:54:13 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2010.06.17 07:54:12 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uihelper.dll
[2010.06.17 07:54:12 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2010.06.17 07:54:11 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2010.06.17 07:54:10 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tools.dll
[2010.06.17 07:54:10 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2010.06.17 07:54:09 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2010.06.17 07:54:09 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2010.06.17 07:54:09 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2010.06.17 07:54:09 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2010.06.17 07:54:08 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2010.06.17 07:54:08 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2010.06.17 07:54:08 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2010.06.17 07:54:06 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svcext51.dll
[2010.06.17 07:54:06 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sspifilt.dll
[2010.06.17 07:54:06 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssinc51.dll
[2010.06.17 07:54:06 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2010.06.17 07:54:05 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2010.06.17 07:54:03 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2010.06.17 07:54:03 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2010.06.17 07:54:03 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2010.06.17 07:54:03 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2010.06.17 07:54:03 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2010.06.17 07:54:02 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2010.06.17 07:54:02 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2010.06.17 07:54:02 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2010.06.17 07:54:02 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2010.06.17 07:54:02 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2010.06.17 07:54:02 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2010.06.17 07:54:01 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2010.06.17 07:54:01 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2010.06.17 07:54:01 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2010.06.17 07:54:01 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2010.06.17 07:54:01 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2010.06.17 07:54:00 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2010.06.17 07:54:00 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2010.06.17 07:54:00 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2010.06.17 07:54:00 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2010.06.17 07:54:00 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2010.06.17 07:54:00 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2010.06.17 07:54:00 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2010.06.17 07:54:00 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2010.06.17 07:54:00 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2010.06.17 07:54:00 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2010.06.17 07:53:59 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2010.06.17 07:53:59 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2010.06.17 07:53:59 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2010.06.17 07:53:57 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2010.06.17 07:53:54 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2010.06.17 07:53:53 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2010.06.17 07:53:51 | 000,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010.06.17 07:53:51 | 000,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010.06.17 07:53:51 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2010.06.17 07:53:51 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2010.06.17 07:53:50 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2010.06.17 07:53:50 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcref.dll
[2010.06.17 07:53:49 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2010.06.17 07:53:49 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2010.06.17 07:53:47 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2010.06.17 07:53:47 | 000,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2010.06.17 07:53:47 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2010.06.17 07:53:46 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2010.06.17 07:53:46 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pwsdata.dll
[2010.06.17 07:53:45 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2010.06.17 07:53:44 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2010.06.17 07:53:44 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2010.06.17 07:53:44 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2010.06.17 07:53:44 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2010.06.17 07:53:44 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2010.06.17 07:53:44 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2010.06.17 07:53:43 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2010.06.17 07:53:43 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2010.06.17 07:53:42 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2010.06.17 07:53:42 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2010.06.17 07:53:42 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2010.06.17 07:53:42 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2010.06.17 07:53:42 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2010.06.17 07:53:38 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2010.06.17 07:53:37 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2010.06.17 07:53:37 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsepm.dll
[2010.06.17 07:53:34 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2010.06.17 07:53:33 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2010.06.17 07:53:30 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2010.06.17 07:53:30 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2010.06.17 07:53:24 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2010.06.17 07:53:23 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2010.06.17 07:53:23 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2010.06.17 07:53:23 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\metada51.dll
[2010.06.17 07:53:23 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2010.06.17 07:53:22 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2010.06.17 07:53:22 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\md5filt.dll
[2010.06.17 07:53:21 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2010.06.17 07:53:21 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2010.06.17 07:53:21 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2010.06.17 07:53:21 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lonsint.dll
[2010.06.17 07:53:20 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2010.06.17 07:53:19 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2010.06.17 07:53:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2010.06.17 07:53:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2010.06.17 07:53:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2010.06.17 07:53:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2010.06.17 07:53:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2010.06.17 07:53:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2010.06.17 07:53:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2010.06.17 07:53:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2010.06.17 07:53:17 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2010.06.17 07:53:17 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2010.06.17 07:53:17 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2010.06.17 07:53:17 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2010.06.17 07:53:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2010.06.17 07:53:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2010.06.17 07:53:16 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2010.06.17 07:53:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2010.06.17 07:53:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2010.06.17 07:53:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2010.06.17 07:53:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2010.06.17 07:53:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2010.06.17 07:53:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2010.06.17 07:53:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2010.06.17 07:53:15 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2010.06.17 07:53:15 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2010.06.17 07:53:15 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2010.06.17 07:53:15 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2010.06.17 07:53:15 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2010.06.17 07:53:15 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2010.06.17 07:53:14 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2010.06.17 07:53:14 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2010.06.17 07:53:14 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2010.06.17 07:53:14 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2010.06.17 07:53:14 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2010.06.17 07:53:14 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2010.06.17 07:53:14 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2010.06.17 07:53:14 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2010.06.17 07:53:14 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2010.06.17 07:53:13 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iscomlog.dll
[2010.06.17 07:53:13 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2010.06.17 07:53:13 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2010.06.17 07:53:13 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2010.06.17 07:53:11 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2010.06.17 07:53:10 | 000,315,452 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2010.06.17 07:53:10 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infocomm.dll
[2010.06.17 07:53:10 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetin51.exe
[2010.06.17 07:53:10 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2010.06.17 07:53:09 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2010.06.17 07:53:09 | 000,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2010.06.17 07:53:09 | 000,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2010.06.17 07:53:09 | 000,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2010.06.17 07:53:09 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2010.06.17 07:53:09 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2010.06.17 07:53:09 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2010.06.17 07:53:08 | 000,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2010.06.17 07:53:08 | 000,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2010.06.17 07:53:08 | 000,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2010.06.17 07:53:08 | 000,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2010.06.17 07:53:08 | 000,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2010.06.17 07:53:08 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2010.06.17 07:53:07 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2010.06.17 07:53:07 | 000,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2010.06.17 07:53:07 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2010.06.17 07:53:07 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2010.06.17 07:53:07 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2010.06.17 07:53:07 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2010.06.17 07:53:07 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2010.06.17 07:53:07 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2010.06.17 07:53:06 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2010.06.17 07:53:06 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iislog51.dll
[2010.06.17 07:53:06 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2010.06.17 07:53:06 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2010.06.17 07:53:06 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisfecnv.dll
[2010.06.17 07:53:06 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2010.06.17 07:53:06 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2010.06.17 07:53:05 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iische51.dll
[2010.06.17 07:53:05 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisadmin.dll
[2010.06.17 07:53:01 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2010.06.17 07:52:56 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2010.06.17 07:52:55 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll
[2010.06.17 07:52:55 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpod51.dll
[2010.06.17 07:52:55 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpmb51.dll
[2010.06.17 07:52:54 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2010.06.17 07:52:52 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2010.06.17 07:52:52 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gzip.dll
[2010.06.17 07:52:50 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2010.06.17 07:52:50 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2010.06.17 07:52:50 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe
[2010.06.17 07:52:50 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2010.06.17 07:52:50 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2010.06.17 07:52:50 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2010.06.17 07:52:49 | 000,563,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2010.06.17 07:52:49 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2010.06.17 07:52:49 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2010.06.17 07:52:49 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2010.06.17 07:52:49 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2010.06.17 07:52:49 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2010.06.17 07:52:49 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2010.06.17 07:52:49 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll
[2010.06.17 07:52:49 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2010.06.17 07:52:49 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2010.06.17 07:52:49 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2010.06.17 07:52:48 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2010.06.17 07:52:48 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe
[2010.06.17 07:52:48 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2010.06.17 07:52:48 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsv251.dll
[2010.06.17 07:52:48 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2010.06.17 07:52:48 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2010.06.17 07:52:47 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2010.06.17 07:52:47 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2010.06.17 07:52:47 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpmib.dll
[2010.06.17 07:52:47 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2010.06.17 07:52:46 | 000,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe
[2010.06.17 07:52:46 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2010.06.17 07:52:45 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2010.06.17 07:52:45 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exstrace.dll
[2010.06.17 07:52:45 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2010.06.17 07:52:44 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2010.06.17 07:52:44 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2010.06.17 07:52:44 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2010.06.17 07:52:44 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2010.06.17 07:52:44 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2010.06.17 07:52:44 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2010.06.17 07:52:44 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2010.06.17 07:52:38 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2010.06.17 07:52:37 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\davcdata.exe
[2010.06.17 07:52:36 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2010.06.17 07:52:35 | 000,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2010.06.17 07:52:35 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2010.06.17 07:52:35 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2010.06.17 07:52:35 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2010.06.17 07:52:34 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compfilt.dll
[2010.06.17 07:52:33 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2010.06.17 07:52:33 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2010.06.17 07:52:33 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2010.06.17 07:52:32 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2010.06.17 07:52:32 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2010.06.17 07:52:32 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2010.06.17 07:52:32 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2010.06.17 07:52:31 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2010.06.17 07:52:31 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2010.06.17 07:52:31 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2010.06.17 07:52:31 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2010.06.17 07:52:31 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2010.06.17 07:52:30 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010.06.17 07:52:29 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll
[2010.06.17 07:52:29 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2010.06.17 07:52:29 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2010.06.17 07:52:22 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2010.06.17 07:52:20 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2010.06.17 07:52:13 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2010.06.17 07:52:13 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2010.06.17 07:52:12 | 000,375,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asp51.dll
[2010.06.17 07:52:12 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2010.06.17 07:52:12 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\appconf.dll
[2010.06.17 07:52:12 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2010.06.17 07:52:10 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2010.06.17 07:52:10 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2010.06.17 07:52:10 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2010.06.17 07:52:10 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2010.06.17 07:52:10 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2010.06.17 07:52:10 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2010.06.17 07:52:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2010.06.17 07:52:04 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2010.06.17 07:52:04 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admexs.dll
[2010.06.17 07:52:04 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2010.06.17 07:52:00 | 000,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
[2010.06.17 07:52:00 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2010.06.17 07:52:00 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2010.06.17 07:51:59 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\staxmem.dll
[2010.06.17 07:51:58 | 000,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2010.06.17 07:51:58 | 000,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
[2010.06.17 07:51:54 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logui.ocx
[2010.06.17 07:51:54 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isatq.dll
[2010.06.17 07:51:53 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.dll
[2010.06.17 07:51:53 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2010.06.17 07:51:53 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2010.06.17 07:51:53 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoadmn.dll
[2010.06.17 07:51:53 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2010.06.17 07:51:52 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrtl.dll
[2010.06.17 07:51:52 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisext51.dll
[2010.06.17 07:51:52 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismap.dll
[2010.06.17 07:51:52 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstas.exe
[2010.06.17 07:51:52 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2010.06.17 07:51:52 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2010.06.17 07:51:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2010.06.17 07:51:51 | 000,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2010.06.17 07:51:51 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2010.06.17 07:51:51 | 000,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2010.06.17 07:51:51 | 000,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2010.06.17 07:51:51 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2010.06.17 07:51:51 | 000,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2010.06.17 07:51:50 | 000,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2010.06.17 07:51:50 | 000,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2010.06.17 07:51:50 | 000,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2010.06.17 07:51:50 | 000,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2010.06.17 07:51:50 | 000,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2010.06.17 07:51:50 | 000,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2010.06.17 07:51:50 | 000,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2010.06.17 07:51:49 | 000,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2010.06.17 07:51:49 | 000,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2010.06.17 07:51:49 | 000,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2010.06.17 07:51:48 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certwiz.ocx
[2010.06.17 07:51:48 | 000,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2010.06.17 07:51:48 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2010.06.17 07:51:48 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnfgprts.ocx
[2010.06.17 07:51:48 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\coadmin.dll
[2010.06.17 07:51:47 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiis51.dll
[2010.06.17 07:51:47 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2010.06.17 07:51:47 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2010.06.17 07:51:46 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admwprox.dll
[2010.06.17 07:51:46 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2010.06.17 07:51:45 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2010.06.17 07:50:05 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2010.06.17 07:37:46 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\RTL8139.sys
[2010.06.17 07:33:57 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2010.06.17 07:33:57 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2010.06.17 07:33:57 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2010.06.17 07:33:57 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2010.05.31 00:27:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Octoshape
[2001.11.23 19:08:20 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

Fortsetzung im nächsten Posting....
__________________

Geändert von gina25 (18.06.2010 um 01:09 Uhr)

Alt 18.06.2010, 01:01   #4
gina25
 
Antivir findet Trojaner: "TR/Crypt.ZPACK.Gen in C:\WINDOWS\system32\drivers\vevemzh.sys - Standard

Antivir findet Trojaner: "TR/Crypt.ZPACK.Gen in C:\WINDOWS\system32\drivers\vevemzh.sys



2. Teil vom O T L Logfile:


========== Files - Modified Within 30 Days ==========

[2010.06.17 23:39:54 | 000,772,096 | ---- | M] () -- C:\WINDOWS\System32\drivers\vevemzh.sys
[2010.06.17 22:35:00 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.06.17 22:34:41 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.06.17 22:34:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.06.17 22:33:47 | 003,407,872 | -H-- | M] () -- C:\Dokumente und Einstellungen\user\NTUSER.DAT
[2010.06.17 22:33:24 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\user\ntuser.ini
[2010.06.17 20:45:47 | 000,043,963 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Desktop\o s a m. html
[2010.06.17 20:40:37 | 000,000,082 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Desktop\cc_20100617_204035.reg
[2010.06.17 20:40:17 | 000,000,206 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Desktop\cc_20100617_204013.reg
[2010.06.17 20:40:03 | 000,000,206 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Desktop\cc_20100617_203958.reg
[2010.06.17 20:39:47 | 000,000,290 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Desktop\cc_20100617_203942.reg
[2010.06.17 20:39:30 | 000,000,710 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Desktop\cc_20100617_203919.reg
[2010.06.17 20:38:54 | 000,018,306 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Desktop\cc_20100617_203725.reg
[2010.06.17 20:28:24 | 000,001,512 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Desktop\CCleaner.lnk
[2010.06.17 17:37:31 | 000,001,584 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
[2010.06.17 17:33:02 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.06.17 15:44:59 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.17 08:00:03 | 000,017,280 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2010.06.17 07:59:59 | 006,408,654 | -H-- | M] () -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.06.17 07:59:49 | 000,448,396 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.06.17 07:59:49 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.06.17 07:59:49 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.06.17 07:59:48 | 000,080,092 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.06.17 07:59:47 | 001,042,162 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.06.17 07:56:13 | 000,112,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.06.17 07:54:56 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010.06.17 07:51:33 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010.06.17 07:51:32 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010.06.17 07:51:32 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010.06.17 07:51:21 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010.06.17 07:50:29 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010.06.17 07:50:29 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010.06.17 07:50:22 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010.06.17 07:50:22 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010.06.17 07:50:22 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010.06.17 07:50:22 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010.06.17 07:50:22 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010.06.17 07:50:22 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010.06.17 07:50:12 | 000,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.06.17 07:48:41 | 000,022,880 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010.06.17 07:47:16 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010.06.17 07:34:04 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.06.16 12:36:51 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2010.06.15 14:33:52 | 000,638,370 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2010.06.14 03:14:36 | 000,000,649 | ---- | M] () -- C:\WINDOWS\EasyCT.INI
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.06.17 20:45:47 | 000,043,963 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Desktop\o s a m. html
[2010.06.17 20:40:37 | 000,000,082 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Desktop\cc_20100617_204035.reg
[2010.06.17 20:40:14 | 000,000,206 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Desktop\cc_20100617_204013.reg
[2010.06.17 20:40:00 | 000,000,206 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Desktop\cc_20100617_203958.reg
[2010.06.17 20:39:43 | 000,000,290 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Desktop\cc_20100617_203942.reg
[2010.06.17 20:39:22 | 000,000,710 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Desktop\cc_20100617_203919.reg
[2010.06.17 20:38:00 | 000,018,306 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Desktop\cc_20100617_203725.reg
[2010.06.17 20:28:24 | 000,001,512 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Desktop\CCleaner.lnk
[2010.06.17 17:37:31 | 000,001,584 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
[2010.06.17 15:44:59 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.17 07:54:30 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010.06.17 07:53:45 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010.06.17 07:53:45 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010.06.17 07:53:43 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010.06.17 07:53:19 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010.06.17 07:53:19 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010.06.17 07:53:09 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010.06.17 07:53:08 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010.06.17 07:53:06 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010.06.17 07:52:58 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010.06.17 07:52:52 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010.06.17 07:52:47 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010.06.17 07:52:33 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010.06.17 07:52:29 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010.06.17 07:52:29 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010.06.17 07:52:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2010.06.17 07:52:28 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2010.06.17 07:52:28 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010.06.17 07:52:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010.06.17 07:52:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010.06.17 07:52:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2010.06.17 07:52:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2010.06.17 07:52:27 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2010.06.17 07:52:27 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2010.06.17 07:52:27 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2010.06.17 07:52:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2010.06.17 07:52:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2010.06.17 07:52:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2010.06.17 07:52:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2010.06.17 07:52:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2010.06.17 07:52:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2010.06.17 07:52:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2010.06.17 07:52:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2010.06.17 07:52:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2010.06.17 07:52:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2010.06.17 07:52:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2010.06.17 07:52:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2010.06.17 07:52:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2010.06.17 07:52:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2010.06.17 07:52:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2010.06.17 07:52:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2010.06.17 07:52:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2010.06.17 07:52:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2010.06.17 07:52:25 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2010.06.17 07:52:25 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2010.06.17 07:52:25 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2010.06.17 07:52:25 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2010.06.17 07:52:25 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2010.06.17 07:52:25 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2010.06.17 07:52:25 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2010.06.17 07:52:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2010.06.17 07:52:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2010.06.17 07:52:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2010.06.17 07:52:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2010.06.17 07:52:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2010.06.17 07:52:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2010.06.17 07:52:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2010.06.17 07:52:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2010.06.17 07:52:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2010.06.17 07:52:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2010.06.17 07:52:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2010.06.17 07:52:23 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2010.06.17 07:52:23 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2010.06.17 07:52:23 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2010.06.17 07:52:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2010.06.17 07:52:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2010.06.17 07:52:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2010.06.17 07:52:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010.06.17 07:52:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010.06.17 07:52:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010.06.17 07:52:22 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2010.06.17 07:52:22 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010.06.17 07:52:21 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010.06.17 07:50:29 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010.06.17 07:50:22 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010.06.17 07:50:22 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010.06.17 07:50:22 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010.06.17 07:50:22 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010.06.17 07:50:22 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010.06.17 07:33:44 | 000,817,199 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010.06.17 07:33:44 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010.06.17 07:33:44 | 000,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2010.06.17 07:33:44 | 000,103,124 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2010.06.17 07:33:44 | 000,041,270 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010.06.17 07:33:44 | 000,031,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2010.06.17 07:33:44 | 000,030,983 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2010.06.17 07:33:44 | 000,018,989 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010.06.17 07:33:44 | 000,014,043 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010.06.17 07:33:44 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010.06.17 07:33:44 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010.06.17 07:33:44 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010.06.17 07:33:44 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010.06.17 07:33:44 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010.06.17 07:33:44 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010.06.17 07:33:43 | 001,899,936 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010.06.17 07:33:43 | 001,014,663 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2010.06.17 07:33:43 | 000,618,406 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010.06.09 20:41:51 | 000,000,012 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\qcopjv.dat
[2010.06.06 02:52:24 | 000,772,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\vevemzh.sys
[2010.06.06 02:51:00 | 000,000,016 | ---- | C] () -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\qcopjv.dat
[2009.07.25 02:03:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2009.07.25 01:26:11 | 000,023,273 | ---- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2009.07.25 01:26:11 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009.07.25 01:25:05 | 000,137,216 | ---- | C] () -- C:\WINDOWS\System32\OemSpi.dll
[2009.07.25 01:25:05 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2009.07.25 01:25:05 | 000,008,251 | ---- | C] () -- C:\WINDOWS\sfsyn.ini
[2009.07.09 19:52:27 | 000,000,231 | ---- | C] () -- C:\WINDOWS\System32\3dsmax.ini
[2009.07.09 19:52:27 | 000,000,043 | ---- | C] () -- C:\WINDOWS\System32\InstallSettings.ini
[2009.07.09 02:09:13 | 000,000,141 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2009.07.09 02:08:49 | 000,000,011 | ---- | C] () -- C:\WINDOWS\hpclj3600g.ini
[2009.07.09 02:04:07 | 000,000,011 | ---- | C] () -- C:\WINDOWS\hpclj3600m.ini
[2009.07.09 00:41:28 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.07.09 00:41:28 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009.07.09 00:41:26 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.07.09 00:41:26 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.07.09 00:41:25 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009.07.09 00:41:24 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.07.09 00:41:24 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009.07.09 00:28:25 | 000,000,138 | ---- | C] () -- C:\WINDOWS\EasyCash.ini
[2009.07.09 00:00:27 | 000,000,649 | ---- | C] () -- C:\WINDOWS\EasyCT.INI
[2004.08.04 14:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004.08.04 14:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003.02.19 01:26:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2002.02.07 16:54:34 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\cmigameport.sys
[2001.07.06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2001.03.14 06:22:21 | 000,000,080 | --S- | C] () -- C:\WINDOWS\System32\argtmp39.dll

========== LOP Check ==========

[2009.07.07 20:47:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1&1
[2009.07.10 15:38:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Autodesk
[2010.03.31 12:10:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2009.07.07 20:04:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GPSoftware
[2006.11.29 14:28:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\1&1
[2009.07.13 02:21:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Amazon
[2009.07.11 02:00:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Autodesk
[2010.03.31 12:19:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\elsterformular
[2009.07.07 20:04:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\GPSoftware
[2009.07.09 02:28:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Miranda
[2010.05.31 00:27:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Octoshape
[2009.08.20 10:28:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\OpenOffice.org

========== Purity Check ==========



========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2006.11.29 14:28:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\1&1
[2010.03.01 02:52:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Adobe
[2009.07.13 02:21:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Amazon
[2009.07.07 17:27:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\ATI
[2009.07.11 02:00:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Autodesk
[2009.07.25 02:15:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Creative
[2010.03.31 12:19:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\elsterformular
[2009.07.07 20:04:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\GPSoftware
[2009.07.09 02:46:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Identities
[2009.07.09 03:41:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Macromedia
[2010.06.17 15:45:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Malwarebytes
[2010.06.17 20:34:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Media Player Classic
[2009.07.09 19:55:32 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Microsoft
[2009.07.09 02:28:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Miranda
[2010.05.31 00:27:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla
[2010.05.31 00:27:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Octoshape
[2009.08.20 10:28:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\OpenOffice.org
[2010.01.04 04:17:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Real
[2010.06.17 23:35:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Skype
[2010.06.17 17:29:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\skypePM
[2009.08.20 10:25:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Sun
[2008.10.22 22:17:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\teamspeak2

< %APPDATA%\*.exe /s >
[2009.07.09 19:55:32 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Microsoft\Installer\{72019134-3A61-4C39-A540-245600C4CDFA}\ARPPRODUCTICON.exe
[2009.07.09 19:55:32 | 000,532,480 | R--- | M] (Turbo Squid) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Microsoft\Installer\{72019134-3A61-4C39-A540-245600C4CDFA}\TSStore.exe21_720191343A614C39A540245600C4CDFA.exe
[2009.07.09 19:55:32 | 000,532,480 | R--- | M] (Turbo Squid) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Microsoft\Installer\{72019134-3A61-4C39-A540-245600C4CDFA}\TSStore.exe2_720191343A614C39A540245600C4CDFA.exe
[2009.01.08 15:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004.08.04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USERINIT.EXE >
[2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WS2IFSL.SYS >
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.06.17 23:42:11 | 000,772,096 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\vevemzh.sys

< %systemroot%\System32\config\*.sav >
[2010.06.17 09:31:38 | 000,524,288 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010.06.16 16:08:29 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2010.06.17 09:31:38 | 021,495,808 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010.06.17 09:31:38 | 004,980,736 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009.05.16 05:39:20 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

========== Alternate Data Streams ==========

@Alternate Data Stream - 80 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sdpsenv.dat:naughtypirates
< End of report >

Geändert von gina25 (18.06.2010 um 01:13 Uhr)

Alt 18.06.2010, 13:17   #5
markusg
/// Malware-holic
 
Antivir findet Trojaner: "TR/Crypt.ZPACK.Gen in C:\WINDOWS\system32\drivers\vevemzh.sys - Standard

Antivir findet Trojaner: "TR/Crypt.ZPACK.Gen in C:\WINDOWS\system32\drivers\vevemzh.sys



download den avenger.
Avenger

füge dort ein script ein, wie du es auf der seite beschrieben siehst.

drivers to disable:
vevemzh
drivers to delete:
vevemzh
Files to delete:
C:\WINDOWS\system32\drivers\vevemzh.sys


führe das script wie beschrieben aus, poste das ergebniss.

Fixen mit OTL

• Starte bitte die OTL.exe.
Vista-User mit Rechtsklick "als Administrator starten"
• Kopiere nun das Folgende in die Textbox.

:OTL
O36 - AppCertDlls: calckdsk - (C:\WINDOWS\system32\mscdping.dll) - C:\WINDOWS\System32\mscdping.dll File not found
:Files
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Run Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument dieses posten


Alt 18.06.2010, 16:20   #6
gina25
 
Antivir findet Trojaner: "TR/Crypt.ZPACK.Gen in C:\WINDOWS\system32\drivers\vevemzh.sys - Standard

Antivir findet Trojaner: "TR/Crypt.ZPACK.Gen in C:\WINDOWS\system32\drivers\vevemzh.sys



Hallo markusg,

vielen Dank schon mal für dein Posting.
Leider muss ich gleich weg und kann deine Anweisungen jetzt nicht ausführen. Ich komme frühestens heute spät am Abend oder sogar erst morgen dazu.
Sobald ich das erledigt habe, werde ich mich wieder melden.

Alt 19.06.2010, 13:10   #7
gina25
 
Antivir findet Trojaner: "TR/Crypt.ZPACK.Gen in C:\WINDOWS\system32\drivers\vevemzh.sys - Standard

Antivir findet Trojaner: "TR/Crypt.ZPACK.Gen in C:\WINDOWS\system32\drivers\vevemzh.sys



So, erstes Zwischenergenisss:

-> avenger plus script abgeschlossen. Hier erst einmal das Logfile:

Logfile of The Avenger Version 2.0, (c) by Swandog46
h**p://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "vevemzh" disabled successfully.
Driver "vevemzh" deleted successfully.
File "C:\WINDOWS\system32\drivers\vevemzh.sys" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

---------------------------------------------

Beim Neustart des PC's (nach Ausführung des Scriptes) hat sich Antivir automatisch gemeldet mit dem Hinweis, dass dieser Trojaner gefunden wurde (-> ich habe auf "löschen" geklickt). Ich erwähne dies nur, weil sich Antivir die ganze Zeit, seit ich weiß dass der Trojaner auf meinem PC ist, beim Starten nicht gemeldet hat, obwohl der Trojaner vorhanden war.

Aah...ich glaube ich habe die Erklärung....ich habe gerade mal bei Antivir im Bericht nachgelesen...dort steht: ->

In der Datei 'C:\Avenger\vevemzh.sys'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen' [trojan] gefunden.
Ausgeführte Aktion: Datei löschen

Ich werde nun noch gleich die OTL-Anweisung ausführen und mich dann nochmals melden und das Ergebniss posten, sobald ich damit fertig bin.

Alt 19.06.2010, 13:46   #8
gina25
 
Antivir findet Trojaner: "TR/Crypt.ZPACK.Gen in C:\WINDOWS\system32\drivers\vevemzh.sys - Standard

Antivir findet Trojaner: "TR/Crypt.ZPACK.Gen in C:\WINDOWS\system32\drivers\vevemzh.sys



So, hier kommt nun auch das OTL-Textdokument:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\calckdsk:C:\WINDOWS\system32\mscdping.dll deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: user
->Flash cache emptied: 2388 bytes

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 42341625 bytes

User: user
->Temp folder emptied: 787820747 bytes
->Temporary Internet Files folder emptied: 5310737 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 109547693 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 4269571 bytes
%systemroot%\System32 .tmp files removed: 3771271 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3599547 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 912,00 mb


OTL by OldTimer - Version 3.2.6.0 log created on 06192010_132145

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

----------------------------------------------------

Zusätzlich habe ich nun nochmals Malewarebytes' Anti-Malware laufen lassen: ->

Malwarebytes' Anti-Malware 1.46
w**w.malwarebytes.org

Datenbank Version: 4209

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

19.06.2010 13:32:49
mbam-log-2010-06-19 (13-32-49).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 118499
Laufzeit: 6 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
-------------------------------------------------

Juhuu!! Er ist endlich weg!! (Und ohne alles neuinstallieren zu müssen!!)

@markusg: Tausend Dank für deine Hilfe. :-)

Ich werde gleich mal auf euren Spenden-Button gehen und was spenden.
Toll, dass ihr hier im Forum eure Hilfe anbietet. Und, dass ihr das so ganz genau erklärt, was zu machen ist, so dass auch die "Computer-Doofen" (so wie ich) es ebenfalls problemlos ausführen können.

Nachtrag:
Ich hoffe, dass ich den avanger erfolgreich vom PC entfernt habe...ich bin nach Anleitung vorgegangen und habe im Laufwerk C, sowohl den avanger-Ordner als auch das avanger-Textdokument entfernt. Ich erwähne es nur deshalb, weil weder beim Installieren noch beim Entfernen etwas von Zip (so wie es in der Anleitung dort stand) für mich zu sehen war.

Falls ich wieder erwarten noch irgendwelche Fragen oder Probleme habe, werde ich mich erneut melden.

Nochmals Danke!

Antwort

Themen zu Antivir findet Trojaner: "TR/Crypt.ZPACK.Gen in C:\WINDOWS\system32\drivers\vevemzh.sys
ahnung, antivir, avira, avira antivir, backdoor.iebooot, c:\windows, ccleaner, dateien, entfernen, erstellt, explorer, fatal error, folge, forum, gen, leute, logfile, logfiles, malwarebytes, problem, service, system, system32, tr/crypt.zpack.gen, trojaner, version, wieder weg, windows



Ähnliche Themen: Antivir findet Trojaner: "TR/Crypt.ZPACK.Gen in C:\WINDOWS\system32\drivers\vevemzh.sys


  1. Win7 nach AntiVir Funden "TR/Crypt.zpack.Gen7" und "Adspy.Gen2" stark verlangsamt
    Log-Analyse und Auswertung - 13.04.2014 (28)
  2. AVG erkennt andauernd potentielle Bedrohungen. z.B. C:\Windows\System32\Drivers\spgc.sys";"Infiziert"
    Plagegeister aller Art und deren Bekämpfung - 16.10.2013 (13)
  3. AVG findet Rootkits in C:\Windows\System32\drivers und kann sie nicht entfernen
    Log-Analyse und Auswertung - 24.06.2012 (8)
  4. TR/Crypt.ZPACK.Gen2 in C:\WINDOWS\system32\jpgvve4z.dll
    Log-Analyse und Auswertung - 15.04.2012 (14)
  5. TR/Crypt.ZPACK.Gen2 in C:\WINDOWS\system32\jpglkaly.dll
    Plagegeister aller Art und deren Bekämpfung - 04.04.2012 (3)
  6. TR/Crypt.ZPACK.Gen in C:\WINDOWS\system32\drivers\gyhmiej.sys und TR/Autorun.AJH bzw .INF.184
    Plagegeister aller Art und deren Bekämpfung - 21.08.2010 (25)
  7. TR/Crypt.ZPACK.Gen - in system32/drivers
    Plagegeister aller Art und deren Bekämpfung - 23.06.2010 (3)
  8. TR/Crypt.ZPACK.Gen in C:\WINDOWS\system32\drivers\dbjrhi.sys
    Plagegeister aller Art und deren Bekämpfung - 22.06.2010 (12)
  9. Antivir findet Trojaner: "TR/Crypt.ZPACK.Gen (trojan)" - Was nun? (inkl. Hjackthis-File)
    Plagegeister aller Art und deren Bekämpfung - 17.06.2010 (1)
  10. Svchost.exe lastet CPU zu fast 100% aus / AntiVir findet 'TR/Crypt.ZPACK.Gen'
    Plagegeister aller Art und deren Bekämpfung - 14.06.2010 (8)
  11. TR/Crypt.ZPACK.Gen in C:\windows\system32\msekgh.exe
    Plagegeister aller Art und deren Bekämpfung - 02.03.2010 (5)
  12. Antivir findet TR/Crypt.ZPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 05.01.2010 (3)
  13. AVG findet Rootkit-Pakes.U in C:\WINDOWS\system32\drivers\atapi.sys
    Plagegeister aller Art und deren Bekämpfung - 05.11.2009 (10)
  14. 'TR/Crypt.ZPACK.Gen' in der Datei 'C:\WINDOWS\System32\twext.exe'
    Plagegeister aller Art und deren Bekämpfung - 31.08.2009 (2)
  15. Trojaner "TR/Crypt.ZPACK.Gen" in C:\Windows\System32\
    Plagegeister aller Art und deren Bekämpfung - 15.04.2009 (1)
  16. AntiVir meldet TR/Crypt.XDR.Gen' in 'C:\WINDOWS\system32\drivers\amd64si.sys'
    Log-Analyse und Auswertung - 09.04.2009 (50)
  17. Problem mit "C:\WINDOWS\system32\drivers\etc\hosts"
    Plagegeister aller Art und deren Bekämpfung - 15.06.2008 (5)

Zum Thema Antivir findet Trojaner: "TR/Crypt.ZPACK.Gen in C:\WINDOWS\system32\drivers\vevemzh.sys - Hi, auch ich habe ein Problem mit o.g. Trojaner. "Avira Antivir" und auch "Malwarebytes' Anti-Maleware" kann ihn nicht entfernen (beides mehrfach versucht). Keine Ahnung wie ich mir den eingefangen habe. - Antivir findet Trojaner: "TR/Crypt.ZPACK.Gen in C:\WINDOWS\system32\drivers\vevemzh.sys...
Archiv
Du betrachtest: Antivir findet Trojaner: "TR/Crypt.ZPACK.Gen in C:\WINDOWS\system32\drivers\vevemzh.sys auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.