Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: AV Security Suite - Weitergehende Prüfung nach rkill- und Malwarebytesdurchführung

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.07.2010, 19:31   #1
pe__ka
 
AV Security Suite - Weitergehende Prüfung nach rkill- und Malwarebytesdurchführung - Standard

AV Security Suite - Weitergehende Prüfung nach rkill- und Malwarebytesdurchführung



Hallo,
habe Probleme mit Av Security Suite. Habe die Bereinigung wie beschrieben(http://www.trojaner-board.de/86690-a...entfernen.html) durchgeführt (gestern). Problem trat danach erneut auf, worauf ich nochmals Malwarebytes drüber laufen ließ. CCleaner wurde angewendet.

Hier nun die Logfiles:

RSIT:
Code:
ATTFilter
Logfile of random's system information tool 1.08 (written by random/random)
Run by Versuch at 2010-07-12 19:08:34
Microsoft® Windows Vista™ Home Premium  Service Pack 2
System drive C: has 118 GB (40%) free of 297 GB
Total RAM: 1022 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:09:28, on 12.07.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\mHotkey.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Common Files\aol\1168853550\ee\aolsoftware.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft Office 2007\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\winamp\winampa.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Versuch\Downloads\RSIT(3).exe
C:\Program Files\trend micro\Versuch.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig?hl=de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5577
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) -  - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI69DF~1\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [mHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1168853550\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office 2007\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware  (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI69DF~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI69DF~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI69DF~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI69DF~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 9225 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Erweiterte Garantie.job
C:\Windows\tasks\Recovery DVD Creator.job
C:\Windows\tasks\User_Feed_Synchronization-{0E8EFC26-C431-4765-8592-57102D933EBF}.job
C:\Windows\tasks\User_Feed_Synchronization-{E71D1D21-BEDF-41DD-9481-F025251F282C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-08-26 279944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-07-15 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MI69DF~1\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-08-26 279944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-11-09 3784704]
"mHotkey"=C:\Windows\mHotkey.exe [2006-06-19 559104]
"ATSwpNav"=C:\Program Files\Fingerprint Sensor\ATSwpNav -run []
"HostManager"=C:\Program Files\Common Files\AOL\1168853550\ee\AOLSoftware.exe [2006-11-14 50736]
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2006-11-20 228088]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2006-08-25 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-08-25 81920]
"OmniPass"=C:\Program Files\Softex\OmniPass\scureapp.exe [2006-12-20 2519040]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"GrooveMonitor"=C:\Program Files\Microsoft Office 2007\Office12\GrooveMonitor.exe [2006-10-27 31016]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
" Malwarebytes Anti-Malware  (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2010-01-14 37888]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-04-13 1135912]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MI69DF~1\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-07-12 16:48:37 ----ASH---- C:\hiberfil.sys
2010-07-12 01:58:19 ----A---- C:\mbam-error.txt
2010-06-25 12:57:25 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2010-06-25 12:57:25 ----A---- C:\Windows\system32\PresentationHost.exe
2010-06-25 12:57:24 ----A---- C:\Windows\system32\netfxperf.dll
2010-06-25 12:57:24 ----A---- C:\Windows\system32\mscoree.dll
2010-06-25 12:57:24 ----A---- C:\Windows\system32\dfshim.dll
2010-06-23 12:06:36 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-06-23 12:06:36 ----A---- C:\Windows\system32\Apphlpdm.dll

======List of files/folders modified in the last 1 months======

2010-07-12 19:08:42 ----D---- C:\Program Files\Trend Micro
2010-07-12 19:08:28 ----D---- C:\Windows\temp
2010-07-12 19:08:25 ----D---- C:\Windows\Prefetch
2010-07-12 19:06:39 ----D---- C:\Windows
2010-07-12 16:48:22 ----SD---- C:\Windows\Downloaded Program Files
2010-07-12 16:48:22 ----D---- C:\Windows\system32\drivers
2010-07-12 03:27:08 ----D---- C:\Windows\Debug
2010-07-12 01:58:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-10 15:23:28 ----D---- C:\Users\Versuch\AppData\Roaming\Winamp
2010-07-10 15:19:43 ----AD---- C:\Windows\System32
2010-07-10 15:19:43 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-07-10 15:19:40 ----D---- C:\Windows\inf
2010-07-09 21:41:22 ----D---- C:\Windows\Microsoft.NET
2010-07-09 21:40:41 ----RSD---- C:\Windows\assembly
2010-07-09 14:54:27 ----D---- C:\Windows\ehome
2010-07-09 14:26:35 ----SHD---- C:\System Volume Information
2010-07-09 14:18:07 ----D---- C:\Windows\winsxs
2010-07-09 14:17:49 ----D---- C:\Windows\system32\catroot
2010-07-09 14:17:45 ----D---- C:\Windows\system32\catroot2
2010-07-08 13:07:10 ----D---- C:\Users\Versuch\AppData\Roaming\ICQ
2010-06-29 12:04:58 ----D---- C:\Program Files\Mozilla Firefox
2010-06-27 03:19:07 ----D---- C:\Windows\AppPatch
2010-06-25 13:10:12 ----SHD---- C:\Windows\Installer
2010-06-25 13:09:24 ----D---- C:\Windows\system32\de-DE
2010-06-25 13:05:47 ----D---- C:\Windows\system32\en-US
2010-06-25 13:05:20 ----D---- C:\Program Files\Microsoft.NET
2010-06-16 18:06:12 ----D---- C:\Program Files\ICQ6.5
2010-06-14 04:16:35 ----D---- C:\Program Files\Windows Mail
2010-06-14 04:16:35 ----D---- C:\Program Files\Internet Explorer
2010-06-14 04:16:34 ----D---- C:\Windows\system32\migration
2010-06-14 04:16:31 ----D---- C:\Windows\system32\wbem

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2006-07-24 36528]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2008-01-17 715248]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-11-25 56816]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-09-29 3154944]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\Windows\system32\DRIVERS\ATSwpDrv.sys [2006-12-20 139144]
R3 FETNDIS;VIA Rhine-Familie--Fast-Ethernet-Adaptertreiberdienst; C:\Windows\system32\DRIVERS\fetnd5.sys [2006-11-02 45568]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-11-08 1647976]
R3 StillCam;Treiber für serielle Digitalkamera; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-19 9216]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 61883;61883-Einheitsgerät; C:\Windows\system32\DRIVERS\61883.sys [2008-01-19 45696]
S3 Avc;AVC-Gerät; C:\Windows\system32\DRIVERS\avc.sys [2008-01-19 40448]
S3 catchme;catchme; \??\C:\Users\Versuch\AppData\Local\Temp\catchme.sys []
S3 Dot4;MS IEEE-1284.4-Treiber; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Druckerklassentreiber für IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys [2008-01-19 52608]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 ovt519;D-Link VGA Webcam; C:\Windows\System32\Drivers\ov519vid.sys [2003-10-15 174530]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-09-29 3154944]
S3 usbaudio;USB-Audiotreiber (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 wanatw;WAN Miniport (ATW); C:\Windows\system32\DRIVERS\wanatw4.sys [2006-11-01 33588]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S4 FLMCKUSB;AuthenTec TruePrint USB Driver (AES3400, AES3500, AES4000); C:\Windows\system32\drivers\flmckusb.sys [2006-07-27 69810]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-09-29 610304]
R2 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 omniserv;Softex OmniPass Service; C:\Program Files\Softex\OmniPass\OmniServ.exe [2006-12-20 40960]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-11-20 166648]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office 2007\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-20 887544]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------
         
Malwarebytes (heute):
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4305

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18928

12.07.2010 16:47:28
mbam-log-2010-07-12 (16-47-28).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 339809
Laufzeit: 1 Stunde(n), 3 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 6
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 7

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lhseqeqo (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Versuch\AppData\Local\oioenqrvo\aedomgytssd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
C:\Program Files\pdfforge Toolbar\WidgiHelper.exe (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
C:\Users\Versuch\AppData\Local\temp\ieRs.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Versuch\AppData\Local\temp\LuLU.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Versuch\AppData\Local\temp\RbSm.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Versuch\AppData\Local\temp\YWFO.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
         
Malwarebytes (gestern):
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4052

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18928

12.07.2010 03:14:32
mbam-log-2010-07-12 (03-14-32).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 335883
Laufzeit: 1 Stunde(n), 4 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vmwmgqnp (Rogue.AntivirusSuite.Gen) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\malware Defense (Rogue.MalwareDefense) -> No action taken.

Infizierte Dateien:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\malware Defense\Malware Defense Support.lnk (Rogue.MalwareDefense) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\malware Defense\Malware Defense.lnk (Rogue.MalwareDefense) -> No action taken.
C:\Users\Versuch\AppData\Local\jewwhghfp\xbkbkwktssd.exe (Rogue.AntivirusSuite.Gen) -> No action taken.
         
Ich denke Malwarebytes war jeweils auf dem neuesten Stand. Heute sicher.

Soll ich nun auch http://www.trojaner-board.de/83878-o...processes.html anwenden?

Vielen Dank für die Hilfe im Voraus!

Alt 13.07.2010, 07:02   #2
kira
/// Helfer-Team
 
AV Security Suite - Weitergehende Prüfung nach rkill- und Malwarebytesdurchführung - Standard

AV Security Suite - Weitergehende Prüfung nach rkill- und Malwarebytesdurchführung



Hallo und Herzlich Willkommen!

- Die Anweisungen bitte gründlich lesen und immer streng einhalten, da ich die Reihenfolge nach bestimmten Kriterien vorbereitet habe:
**Vista und Win7 User: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen

1.
Bitte Versteckte - und Systemdateien sichtbar machen den Link hier anklicken:
System-Dateien und -Ordner unter XP und Vista sichtbar machen
Am Ende unserer Arbeit, kannst wieder rückgängig machen!

2.
→ Lade Dir HJTscanlist.zip herunter
→ entpacke die Datei auf deinem Desktop
→ Bei WindowsXP Home musst vor dem Scan zusätzlich tasklist.zip installieren
→ per Doppelklick starten
→ Wähle dein Betriebsystem aus - Vista
→ Wenn Du gefragt wirst, die Option "Einstellung" (1) - scanlist" wählen
→ Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei hjtscanlist.txt präsentieren
→ Bitte kopiere den Inhalt hier in Deinen Thread.

3.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool CCleaner herunter
installieren ("Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du:[code]
hier kommt dein Logfile rein
→ dahinter:[/code]
gruß
Coverflow
__________________


Alt 13.07.2010, 15:43   #3
pe__ka
 
AV Security Suite - Weitergehende Prüfung nach rkill- und Malwarebytesdurchführung - Standard

AV Security Suite - Weitergehende Prüfung nach rkill- und Malwarebytesdurchführung



Hallo und danke für die Hilfe,

HJT Scanlist:
Code:
ATTFilter
 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
                        º                                    º 
                                    hjtscanlist v2.0              
                        º                                    º 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 

Microsoft Windows [Version 6.0.6002]
 
 
C:

       C:\hiberfil.sys ---------    
       C:\pagefile.sys ---------    
  13.07.2010 01:47     C:\System Volume Information --------- 24576   
  12.07.2010 19:06     C:\Windows --------- 28672   
  12.07.2010 15:30     C:\rkill.log --------- 356   
  12.07.2010 01:58     C:\mbam-error.txt --------- 158   
  26.04.2010 20:48     C:\ProgramData --------- 20480   
  26.04.2010 00:13     C:\Program Files --------- 28672   
  18.01.2010 18:37     C:\$RECYCLE.BIN --------- 0   
  18.01.2010 18:37     C:\cofi --------- 0   
  18.01.2010 18:37     C:\Qoobox --------- 4096   
  18.01.2010 18:37     C:\ComboFix.txt --------- 14691   
  15.01.2010 19:51     C:\rsit --------- 0   
  16.09.2009 19:17     C:\boot --------- 4096   
  01.07.2009 18:46     C:\MSOCache --------- 0   
  11.04.2009 08:36     C:\bootmgr --------- 333257   
  25.03.2009 10:16     C:\DVDVideoSoft --------- 8192   
  21.11.2008 14:13     C:\shutdown.log --------- 104   
  26.10.2008 21:38     C:\updatedatfix.log --------- 594   
  06.08.2008 15:19     C:\Games --------- 0   
  28.05.2008 11:10     C:\PerfLogs --------- 0   
  29.04.2008 10:08     C:\MAGIX --------- 0   
  07.11.2007 09:12     C:\VC_RED.MSI --------- 232960   
  07.11.2007 09:09     C:\VC_RED.cab --------- 1442522   
  07.11.2007 09:03     C:\install.res.3082.dll --------- 96272   
  07.11.2007 09:03     C:\install.res.1036.dll --------- 97296   
  07.11.2007 09:03     C:\install.res.1028.dll --------- 76304   
  07.11.2007 09:03     C:\install.res.1031.dll --------- 96272   
  07.11.2007 09:03     C:\install.res.1033.dll --------- 91152   
  07.11.2007 09:03     C:\install.res.2052.dll --------- 75792   
  07.11.2007 09:03     C:\install.res.1040.dll --------- 95248   
  07.11.2007 09:03     C:\install.res.1041.dll --------- 81424   
  07.11.2007 09:03     C:\install.res.1042.dll --------- 79888   
  07.11.2007 09:00     C:\install.ini --------- 843   
  07.11.2007 09:00     C:\vcredist.bmp --------- 5686   
  07.11.2007 09:00     C:\eula.1031.txt --------- 17734   
  07.11.2007 09:00     C:\eula.1033.txt --------- 10134   
  07.11.2007 09:00     C:\globdata.ini --------- 1110   
  07.11.2007 09:00     C:\eula.3082.txt --------- 17734   
  07.11.2007 09:00     C:\eula.1036.txt --------- 17734   
  07.11.2007 09:00     C:\eula.2052.txt --------- 17734   
  07.11.2007 09:00     C:\eula.1028.txt --------- 17734   
  07.11.2007 09:00     C:\eula.1042.txt --------- 17734   
  07.11.2007 09:00     C:\eula.1041.txt --------- 118   
  07.11.2007 09:00     C:\eula.1040.txt --------- 17734   
  06.04.2007 15:09     C:\Temp --------- 0   
  05.03.2007 21:20     C:\ATI --------- 0   
  23.02.2007 01:56     C:\Users --------- 4096   
  16.02.2007 18:08     C:\IO.SYS --------- 0   
  16.02.2007 18:08     C:\MSDOS.SYS --------- 0   
  13.02.2007 21:08     C:\Programme --------- 0   
  13.02.2007 21:08     C:\Dokumente und Einstellungen --------- 0   
  15.01.2007 20:08     C:\BOOTSECT.BAK --------- 8192   
  15.01.2007 20:02     C:\drivers --------- 0   
  15.01.2007 11:34     C:\IPH.PH --------- 1809   
  02.11.2006 15:02     C:\Documents and Settings --------- 0   
  18.09.2006 23:43     C:\config.sys --------- 10   
  18.09.2006 23:43     C:\autoexec.bat --------- 24   
----------------------------------------

 
C:\Windows

  13.07.2010 15:01     C:\Windows\WindowsUpdate.log --------- 1610451   
  13.07.2010 14:22     C:\Windows\bootstat.dat --------- 67584   
  18.01.2010 18:34     C:\Windows\system.ini --------- 215   
  17.01.2010 04:36     C:\Windows\winamp.ini --------- 192   
  09.12.2009 23:54     C:\Windows\PEV.exe --------- 261632   
  25.10.2009 07:11     C:\Windows\MBR.exe --------- 77312   
  01.07.2009 19:01     C:\Windows\win.ini --------- 275   
  01.07.2009 18:44     C:\Windows\ODBC.INI --------- 400   
  10.06.2009 10:24     C:\Windows\hpqins00.dat --------- 119478   
  11.05.2009 18:10     C:\Windows\hpoins18.dat --------- 146190   
  20.04.2009 13:56     C:\Windows\NIRCMD.exe --------- 31232   
  11.04.2009 08:27     C:\Windows\explorer.exe --------- 2926592   
  01.12.2008 18:45     C:\Windows\msoffice.ini --------- 2   
  28.05.2008 11:24     C:\Windows\WindowsShell.Manifest --------- 749   
  29.04.2008 11:51     C:\Windows\videodeLuxe.INI --------- 285   
  29.04.2008 09:54     C:\Windows\magix.ini --------- 88   
  23.04.2008 11:31     C:\Windows\hpqins16.dat --------- 105318   
  10.04.2008 13:29     C:\Windows\QTFont.for --------- 1409   
  10.04.2008 13:29     C:\Windows\QTFont.qfn --------- 54156   
  19.01.2008 09:33     C:\Windows\regedit.exe --------- 134656   
  19.01.2008 09:33     C:\Windows\notepad.exe --------- 151040   
  19.01.2008 09:33     C:\Windows\HelpPane.exe --------- 498176   
  19.01.2008 09:33     C:\Windows\fveupdate.exe --------- 13312   
  19.01.2008 09:33     C:\Windows\bfsvc.exe --------- 58880   
  17.01.2008 16:25     C:\Windows\eReg.dat --------- 541   
  01.01.2008 23:54     C:\Windows\ativpsrm.bin --------- 0   
  17.08.2007 11:56     C:\Windows\atiogl.xml --------- 11557   
  01.03.2007 02:30     C:\Windows\hpomdl18.dat --------- 6600   
  20.02.2007 02:35     C:\Windows\iPlayer.INI --------- 0   
  15.01.2007 11:32     C:\Windows\nsreg.dat --------- 335   
  15.01.2007 11:30     C:\Windows\DIFxAPI.dll --------- 319984   
  02.01.2007 17:27     C:\Windows\Twunk_16.dll --------- 12288   
  02.01.2007 17:27     C:\Windows\Twunk_32.dll --------- 12288   
  09.11.2006 11:57     C:\Windows\RtHDVCpl.exe --------- 3784704   
  02.11.2006 14:35     C:\Windows\WMSysPr9.prx --------- 316640   
  02.11.2006 14:34     C:\Windows\twunk_16.exe --------- 49680   
  02.11.2006 14:34     C:\Windows\twain_32.dll --------- 50688   
  02.11.2006 14:34     C:\Windows\twunk_32.exe --------- 31232   
  02.11.2006 14:34     C:\Windows\twain.dll --------- 94784   
  02.11.2006 11:45     C:\Windows\winhlp32.exe --------- 9216   
  02.11.2006 11:45     C:\Windows\hh.exe --------- 14848   
  02.11.2006 09:46     C:\Windows\mib.bin --------- 43131   
  28.09.2006 15:00     C:\Windows\RtlUpd.exe --------- 1183744   
  19.09.2006 13:41     C:\Windows\HomePremium.xml --------- 8328   
  18.09.2006 23:43     C:\Windows\_default.pif --------- 707   
  18.09.2006 23:43     C:\Windows\winhelp.exe --------- 256192   
  18.09.2006 23:30     C:\Windows\msdfmap.ini --------- 1405   
  12.09.2006 15:34     C:\Windows\RtlExUpd.dll --------- 499712   
  09.09.2006 20:19     C:\Windows\WMPrfDeu.prx --------- 33820   
  19.06.2006 18:31     C:\Windows\mHotkey.exe --------- 559104   
  27.04.2006 16:04     C:\Windows\mhotkey.reg --------- 3148   
  27.04.2006 16:04     C:\Windows\mhotkey_0c09.reg --------- 3148   
  06.07.2005 16:55     C:\Windows\HIDMNT.dll --------- 12800   
  13.08.2004 12:33     C:\Windows\mgxoschk.ini --------- 1208   
  15.10.2003 18:52     C:\Windows\sel3110.exe --------- 200704   
  15.10.2003 18:52     C:\Windows\vidcap32.exe --------- 307200   
  15.10.2003 18:52     C:\Windows\ov519dib.dll --------- 61440   
  15.10.2003 18:52     C:\Windows\ov519cap.exe --------- 135168   
  15.10.2003 18:52     C:\Windows\CleanDev.exe --------- 40960   
  15.10.2003 18:52     C:\Windows\OV519.txt --------- 366   
  15.10.2003 18:52     C:\Windows\amcap.exe --------- 32528   
  03.07.2003 15:21     C:\Windows\PIC.dll --------- 294912   
  31.08.2000 09:00     C:\Windows\sed.exe --------- 98816   
  31.08.2000 09:00     C:\Windows\SWSC.exe --------- 136704   
  31.08.2000 09:00     C:\Windows\SWXCACLS.exe --------- 212480   
  31.08.2000 09:00     C:\Windows\grep.exe --------- 80412   
  31.08.2000 09:00     C:\Windows\zip.exe --------- 68096   
  31.08.2000 09:00     C:\Windows\SWREG.exe --------- 161792   
  21.10.1998 18:43     C:\Windows\IsUn0407.exe --------- 328704   
----------------------------------------

 
C:\Windows\System

 02.11.2006 14:34      C:\Windows\System\mciseq.drv --------- 25264 
 02.11.2006 14:34      C:\Windows\System\mciwave.drv --------- 28160 
 02.11.2006 14:34      C:\Windows\System\avifile.dll --------- 109456 
 02.11.2006 14:34      C:\Windows\System\avicap.dll --------- 69584 
 02.11.2006 14:34      C:\Windows\System\mciavi.drv --------- 73376 
 02.11.2006 14:34      C:\Windows\System\msvideo.dll --------- 126912 
 02.11.2006 09:10      C:\Windows\System\OLESVR.DLL --------- 24064 
 02.11.2006 09:10      C:\Windows\System\WFWNET.DRV --------- 12704 
 02.11.2006 09:10      C:\Windows\System\COMMDLG.DLL --------- 32816 
 02.11.2006 09:10      C:\Windows\System\TIMER.DRV --------- 4048 
 02.11.2006 09:10      C:\Windows\System\MMSYSTEM.DLL --------- 68992 
 02.11.2006 09:10      C:\Windows\System\mmtask.tsk --------- 1152 
 02.11.2006 09:10      C:\Windows\System\mouse.drv --------- 2032 
 02.11.2006 09:10      C:\Windows\System\vga.drv --------- 2176 
 02.11.2006 09:10      C:\Windows\System\sound.drv --------- 1744 
 02.11.2006 09:10      C:\Windows\System\keyboard.drv --------- 2000 
 02.11.2006 09:10      C:\Windows\System\SHELL.DLL --------- 5120 
 02.11.2006 09:10      C:\Windows\System\system.drv --------- 3360 
 18.09.2006 23:43      C:\Windows\System\ver.dll --------- 9008 
 18.09.2006 23:43      C:\Windows\System\olecli.dll --------- 82944 
 18.09.2006 23:43      C:\Windows\System\lzexpand.dll --------- 9936 
 18.09.2006 23:35      C:\Windows\System\stdole.tlb --------- 5532 
----------------------------------------

 
C:\Windows\System32

 13.07.2010 15:36     C:\Windows\system32\hjtscanlist.txt --------- 9954  
 13.07.2010 14:22     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 --------- 3168  
 13.07.2010 14:22     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 --------- 3168  
 12.07.2010 16:48     C:\Windows\system32\drivers --------- 61440  
 12.07.2010 03:17     C:\Windows\system32\FNTCACHE.DAT --------- 466472  
 10.07.2010 15:19     C:\Windows\system32\perfh009.dat --------- 604126  
 10.07.2010 15:19     C:\Windows\system32\perfc009.dat --------- 107562  
 10.07.2010 15:19     C:\Windows\system32\perfh007.dat --------- 638510  
 10.07.2010 15:19     C:\Windows\system32\perfc007.dat --------- 130462  
 10.07.2010 15:19     C:\Windows\system32\PerfStringBackup.INI --------- 1472290  
 09.07.2010 14:17     C:\Windows\system32\catroot --------- 4096  
 09.07.2010 14:17     C:\Windows\system32\catroot2 --------- 40960  
 25.06.2010 13:09     C:\Windows\system32\de-DE --------- 262144  
 25.06.2010 13:05     C:\Windows\system32\en-US --------- 258048  
 14.06.2010 04:16     C:\Windows\system32\migration --------- 0  
 14.06.2010 04:16     C:\Windows\system32\wbem --------- 61440  
 28.05.2010 21:37     C:\Windows\system32\mrt.exe --------- 32472008  
 26.05.2010 19:06     C:\Windows\system32\atmlib.dll --------- 34304  
 26.05.2010 16:47     C:\Windows\system32\atmfd.dll --------- 289792  
 21.05.2010 14:14     C:\Windows\system32\MpSigStub.exe --------- 221568  
 04.05.2010 07:59     C:\Windows\system32\wininet.dll --------- 916480  
 04.05.2010 07:59     C:\Windows\system32\urlmon.dll --------- 1209344  
 04.05.2010 07:58     C:\Windows\system32\occache.dll --------- 206848  
 04.05.2010 07:56     C:\Windows\system32\mstime.dll --------- 611840  
 04.05.2010 07:56     C:\Windows\system32\mshtml.dll --------- 5950976  
 04.05.2010 07:56     C:\Windows\system32\msfeedsbs.dll --------- 55296  
 04.05.2010 07:56     C:\Windows\system32\msfeeds.dll --------- 599040  
 04.05.2010 07:55     C:\Windows\system32\jsproxy.dll --------- 25600  
 04.05.2010 07:55     C:\Windows\system32\inetcpl.cpl --------- 1469440  
 04.05.2010 07:55     C:\Windows\system32\ieui.dll --------- 164352  
 04.05.2010 07:55     C:\Windows\system32\iesysprep.dll --------- 109056  
 04.05.2010 07:55     C:\Windows\system32\iertutil.dll --------- 1985536  
 04.05.2010 07:55     C:\Windows\system32\iesetup.dll --------- 71680  
 04.05.2010 07:55     C:\Windows\system32\iernonce.dll --------- 55808  
 04.05.2010 07:55     C:\Windows\system32\iepeers.dll --------- 184320  
 04.05.2010 07:55     C:\Windows\system32\ieframe.dll --------- 11076096  
 04.05.2010 07:55     C:\Windows\system32\iedkcs32.dll --------- 387584  
 04.05.2010 06:31     C:\Windows\system32\ieUnatt.exe --------- 133632  
 04.05.2010 06:30     C:\Windows\system32\ie4uinit.exe --------- 173056  
 04.05.2010 06:30     C:\Windows\system32\msfeedssync.exe --------- 13312  
 04.05.2010 06:30     C:\Windows\system32\mshtml.tlb --------- 1638912  
 02.05.2010 13:58     C:\Windows\system32\Tasks --------- 8192  
 01.05.2010 16:13     C:\Windows\system32\win32k.sys --------- 2037248  
 23.04.2010 16:13     C:\Windows\system32\tzres.dll --------- 2048  
 16.04.2010 18:43     C:\Windows\system32\Apphlpdm.dll --------- 28672  
 16.04.2010 16:39     C:\Windows\system32\GameUXLegacyGDFs.dll --------- 4240384  
 05.04.2010 19:01     C:\Windows\system32\asycfilt.dll --------- 67072  
 31.03.2010 03:58     C:\Windows\system32\DivXControlPanelApplet.cpl --------- 353592  
 31.03.2010 03:58     C:\Windows\system32\pxinsi64.exe --------- 125424  
 31.03.2010 03:58     C:\Windows\system32\PxMas.dll --------- 219632  
 31.03.2010 03:58     C:\Windows\system32\PxAFS.DLL --------- 133616  
 31.03.2010 03:58     C:\Windows\system32\pxdrv.dll --------- 559600  
 31.03.2010 03:58     C:\Windows\system32\pxcpya64.exe --------- 68080  
 31.03.2010 03:58     C:\Windows\system32\pxcpyi64.exe --------- 123888  
 31.03.2010 03:58     C:\Windows\system32\pxinsa64.exe --------- 68080  
 31.03.2010 03:58     C:\Windows\system32\PxSFS.DLL --------- 2083312  
 31.03.2010 03:58     C:\Windows\system32\PxWave.dll --------- 440816  
 31.03.2010 03:58     C:\Windows\system32\Px.dll --------- 678384  
 31.03.2010 03:58     C:\Windows\system32\pxhpinst.exe --------- 72176  
 31.03.2010 03:58     C:\Windows\system32\VXBLOCK.dll --------- 100848  
 18.03.2010 13:16     C:\Windows\system32\msvcr100_clr0400.dll --------- 771424  
 08.03.2010 19:59     C:\Windows\system32\dpl100.dll --------- 94208  
 05.03.2010 16:01     C:\Windows\system32\vbscript.dll --------- 420352  
 21.02.2010 01:06     C:\Windows\system32\nshhttp.dll --------- 24064  
 21.02.2010 01:05     C:\Windows\system32\httpapi.dll --------- 30720  
 19.02.2010 21:27     C:\Windows\system32\DivX.dll --------- 720384  
 19.02.2010 21:27     C:\Windows\system32\divx_xx11.dll --------- 839680  
 19.02.2010 21:27     C:\Windows\system32\divx_xx0a.dll --------- 847872  
 19.02.2010 21:27     C:\Windows\system32\divx_xx16.dll --------- 843776  
 19.02.2010 21:27     C:\Windows\system32\divx_xx0c.dll --------- 856064  
 19.02.2010 21:27     C:\Windows\system32\divx_xx07.dll --------- 856064  
 18.02.2010 20:17     C:\Windows\system32\~.inf --------- 151  
 18.02.2010 20:17     C:\Windows\system32\~.tmp --------- 93765765  
 18.02.2010 16:07     C:\Windows\system32\ntkrnlpa.exe --------- 3600776  
 18.02.2010 16:07     C:\Windows\system32\ntoskrnl.exe --------- 3548040  
 18.02.2010 15:30     C:\Windows\system32\iphlpsvc.dll --------- 200704  
 12.02.2010 12:32     C:\Windows\system32\browserchoice.exe --------- 293376  
 29.01.2010 17:40     C:\Windows\system32\inetcomm.dll --------- 738816  
 25.01.2010 14:00     C:\Windows\system32\secproc_ssp_isv.dll --------- 152576  
 25.01.2010 14:00     C:\Windows\system32\secproc_ssp.dll --------- 152064  
 25.01.2010 14:00     C:\Windows\system32\secproc_isv.dll --------- 471552  
 25.01.2010 14:00     C:\Windows\system32\secproc.dll --------- 471552  
 25.01.2010 13:58     C:\Windows\system32\msdrm.dll --------- 332288  
 25.01.2010 10:21     C:\Windows\system32\RMActivate_ssp_isv.exe --------- 346624  
 25.01.2010 10:21     C:\Windows\system32\RMActivate_isv.exe --------- 526336  
 25.01.2010 10:21     C:\Windows\system32\RMActivate_ssp.exe --------- 347136  
 25.01.2010 10:21     C:\Windows\system32\RMActivate.exe --------- 518144  
 21.01.2010 17:05     C:\Windows\system32\l3codeca.acm --------- 62464  
 15.01.2010 21:37     C:\Windows\system32\spsys.log --------- 296  
 13.01.2010 19:34     C:\Windows\system32\cabview.dll --------- 98304  
 06.01.2010 17:39     C:\Windows\system32\gameux.dll --------- 1696256  
 23.12.2009 13:33     C:\Windows\system32\wintrust.dll --------- 172032  
 04.12.2009 20:30     C:\Windows\system32\tsbyuv.dll --------- 12288  
 04.12.2009 20:29     C:\Windows\system32\quartz.dll --------- 1314816  
 04.12.2009 20:28     C:\Windows\system32\msyuv.dll --------- 22528  
 04.12.2009 20:28     C:\Windows\system32\msvidc32.dll --------- 31744  
 04.12.2009 20:28     C:\Windows\system32\msvfw32.dll --------- 123904  
 04.12.2009 20:28     C:\Windows\system32\msrle32.dll --------- 13312  
 04.12.2009 20:28     C:\Windows\system32\mciavi32.dll --------- 82944  
 04.12.2009 20:28     C:\Windows\system32\iyuv_32.dll --------- 50176  
----------------------------------------

 
C:\Windows\Prefetch

 13.07.2010 15:36     C:\Windows\Prefetch\CMD.EXE-4A81B364.pf --------- 5506  
 13.07.2010 15:35     C:\Windows\Prefetch\DLLHOST.EXE-766398D2.pf --------- 16870  
 13.07.2010 15:35     C:\Windows\Prefetch\CONSENT.EXE-531BD9EA.pf --------- 82132  
 13.07.2010 15:34     C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf --------- 77724  
 13.07.2010 15:34     C:\Windows\Prefetch\RUNDLL32.EXE-F31ADC6D.pf --------- 34306  
 13.07.2010 15:34     C:\Windows\Prefetch\ALZIP.EXE-0A6586EA.pf --------- 57850  
 13.07.2010 15:34     C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-77482212.pf --------- 17202  
 13.07.2010 15:34     C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf --------- 23908  
 13.07.2010 15:34     C:\Windows\Prefetch\ALUPDATE.EXE-0D61E9FA.pf --------- 46092  
 13.07.2010 15:34     C:\Windows\Prefetch\ALBNCOLLECTOR.EXE-4FC09DEB.pf --------- 33202  
 13.07.2010 15:26     C:\Windows\Prefetch\AVWSC.EXE-4630B658.pf --------- 36100  
 13.07.2010 15:26     C:\Windows\Prefetch\WMPNSCFG.EXE-FC0D39BF.pf --------- 10962  
 13.07.2010 15:25     C:\Windows\Prefetch\RUNDLL32.EXE-A7519C6C.pf --------- 42878  
 13.07.2010 15:24     C:\Windows\Prefetch\SKYPENAMES.EXE-52288AB3.pf --------- 14938  
 13.07.2010 15:23     C:\Windows\Prefetch\AgGlFgAppHistory.db --------- 1786333  
 13.07.2010 15:23     C:\Windows\Prefetch\AgGlFaultHistory.db --------- 664603  
 13.07.2010 15:23     C:\Windows\Prefetch\AgGlGlobalHistory.db --------- 2831551  
 13.07.2010 15:23     C:\Windows\Prefetch\AgRobust.db --------- 526572  
 13.07.2010 15:22     C:\Windows\Prefetch\SNDVOL.EXE-5D4CC7D6.pf --------- 24960  
 13.07.2010 15:21     C:\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf --------- 315180  
 13.07.2010 15:21     C:\Windows\Prefetch\SSVAGENT.EXE-42E515EF.pf --------- 22538  
 13.07.2010 15:21     C:\Windows\Prefetch\ICQ.EXE-F70A496D.pf --------- 695496  
 13.07.2010 15:09     C:\Windows\Prefetch\ADOBEARM.EXE-719325FF.pf --------- 56928  
 13.07.2010 15:00     C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-3CC531E5.pf --------- 49532  
 13.07.2010 14:45     C:\Windows\Prefetch\PLUGIN-CONTAINER.EXE-7226D1F8.pf --------- 63476  
 13.07.2010 14:43     C:\Windows\Prefetch\HPQSTE08.EXE-8FA26316.pf --------- 37964  
 13.07.2010 14:37     C:\Windows\Prefetch\TASKENG.EXE-48D4E289.pf --------- 26654  
 13.07.2010 14:35     C:\Windows\Prefetch\WERCON.EXE-E36BD04E.pf --------- 505458  
 13.07.2010 14:35     C:\Windows\Prefetch\WERMGR.EXE-0F2AC88C.pf --------- 60780  
 13.07.2010 14:33     C:\Windows\Prefetch\ACRORD32.EXE-172CF576.pf --------- 64462  
 13.07.2010 14:30     C:\Windows\Prefetch\WMIPRVSE.EXE-1628051C.pf --------- 37564  
 13.07.2010 14:30     C:\Windows\Prefetch\UNSECAPP.EXE-A02905A6.pf --------- 36264  
 13.07.2010 14:27     C:\Windows\Prefetch\FIREFOX.EXE-A606B53C.pf --------- 257026  
 13.07.2010 14:27     C:\Windows\Prefetch\WMIADAP.EXE-F8DFDFA2.pf --------- 19214  
 13.07.2010 14:26     C:\Windows\Prefetch\MSCORSVW.EXE-C3C515BD.pf --------- 54868  
 13.07.2010 14:25     C:\Windows\Prefetch\HPQBAM08.EXE-5B656772.pf --------- 17622  
 13.07.2010 14:25     C:\Windows\Prefetch\CPSHELPRUNNER.EXE-FB8E8874.pf --------- 15724  
 13.07.2010 14:25     C:\Windows\Prefetch\ROXMEDIADB9.EXE-BF9477FF.pf --------- 31764  
 13.07.2010 14:24     C:\Windows\Prefetch\WMPSHARE.EXE-90B956F1.pf --------- 25806  
 13.07.2010 14:24     C:\Windows\Prefetch\IPODSERVICE.EXE-37C43D64.pf --------- 16854  
 13.07.2010 14:24     C:\Windows\Prefetch\WMPNETWK.EXE-D9F2A96F.pf --------- 98376  
 13.07.2010 14:24     C:\Windows\Prefetch\CONIME.EXE-9781FD5F.pf --------- 11400  
 13.07.2010 14:24     C:\Windows\Prefetch\ReadyBoot --------- 0  
 13.07.2010 14:24     C:\Windows\Prefetch\CSC.EXE-A3B8D95D.pf --------- 50326  
 13.07.2010 14:24     C:\Windows\Prefetch\CVTRES.EXE-069169FB.pf --------- 12142  
 13.07.2010 14:23     C:\Windows\Prefetch\CCC.EXE-AE792174.pf --------- 138008  
 13.07.2010 14:23     C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf --------- 2380422  
 13.07.2010 03:55     C:\Windows\Prefetch\PfSvPerfStats.bin --------- 508  
 13.07.2010 03:55     C:\Windows\Prefetch\LOGONUI.EXE-09140401.pf --------- 91170  
 13.07.2010 03:41     C:\Windows\Prefetch\CALC.EXE-77FDF17F.pf --------- 16262  
 13.07.2010 02:42     C:\Windows\Prefetch\RUNDLL32.EXE-B321059F.pf --------- 50622  
 13.07.2010 01:48     C:\Windows\Prefetch\MPCMDRUN.EXE-F401FBB4.pf --------- 1488  
 13.07.2010 01:47     C:\Windows\Prefetch\MPSIGSTUB.EXE-6CB27A06.pf --------- 38224  
 13.07.2010 01:47     C:\Windows\Prefetch\MPMINISIGSTUB.EXE-87C042B4.pf --------- 6286  
 13.07.2010 01:47     C:\Windows\Prefetch\MPAS-D_BD1.EXE-97E29C40.pf --------- 24094  
 13.07.2010 01:47     C:\Windows\Prefetch\WUAUCLT.EXE-70318591.pf --------- 34142  
 13.07.2010 01:47     C:\Windows\Prefetch\SVCHOST.EXE-7CFEDEA3.pf --------- 18938  
 13.07.2010 01:46     C:\Windows\Prefetch\VSSVC.EXE-B8AFC319.pf --------- 36068  
 13.07.2010 01:06     C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-2978858628-215539607-716368754-1003.db --------- 917730  
 13.07.2010 01:06     C:\Windows\Prefetch\AgGlUAD_S-1-5-21-2978858628-215539607-716368754-1003.db --------- 1310089  
 13.07.2010 01:03     C:\Windows\Prefetch\AgCx_SC1.db --------- 849865  
 13.07.2010 01:02     C:\Windows\Prefetch\AVNOTIFY.EXE-FEC2FEC4.pf --------- 110266  
 13.07.2010 01:02     C:\Windows\Prefetch\UPDATE.EXE-026DCA13.pf --------- 74278  
 13.07.2010 01:02     C:\Windows\Prefetch\MSFEEDSSYNC.EXE-6E6FBDF4.pf --------- 72888  
 13.07.2010 01:02     C:\Windows\Prefetch\AgCx_SC1.db.trx --------- 436466  
 12.07.2010 20:50     C:\Windows\Prefetch\DLLHOST.EXE-6BCB9FAA.pf --------- 23138  
 12.07.2010 20:50     C:\Windows\Prefetch\CONTROL.EXE-817F8F1D.pf --------- 36354  
 12.07.2010 20:49     C:\Windows\Prefetch\RUNDLL32.EXE-BD2B28D7.pf --------- 273162  
 12.07.2010 20:49     C:\Windows\Prefetch\RUNDLL32.EXE-863FBE31.pf --------- 21524  
 12.07.2010 20:49     C:\Windows\Prefetch\VERCLSID.EXE-7C52E31C.pf --------- 14990  
 12.07.2010 19:27     C:\Windows\Prefetch\WORDPAD.EXE-D7FD7414.pf --------- 30930  
 12.07.2010 19:23     C:\Windows\Prefetch\NOTEPAD.EXE-D8414F97.pf --------- 18402  
 12.07.2010 19:22     C:\Windows\Prefetch\MBAM.EXE-305FF92C.pf --------- 77958  
 12.07.2010 19:21     C:\Windows\Prefetch\RUNDLL32.EXE-AFA1E1B2.pf --------- 42284  
 12.07.2010 19:08     C:\Windows\Prefetch\VERSUCH.EXE-8B888BF9.pf --------- 142706  
 12.07.2010 19:08     C:\Windows\Prefetch\RSIT(3).EXE-E370D11A.pf --------- 37904  
 12.07.2010 19:05     C:\Windows\Prefetch\CCLEANER.EXE-D4D76A60.pf --------- 30432  
 12.07.2010 03:52     C:\Windows\Prefetch\RUNDLL32.EXE-1304AE86.pf --------- 33386  
 12.07.2010 03:50     C:\Windows\Prefetch\AEDOMGYTSSD.EXE-8E506E41.pf --------- 24076  
 12.07.2010 03:49     C:\Windows\Prefetch\LULU.EXE-B27238EB.pf --------- 23226  
 12.07.2010 03:49     C:\Windows\Prefetch\JAVA.EXE-E27B75C2.pf --------- 127126  
 12.07.2010 03:49     C:\Windows\Prefetch\JP2LAUNCHER.EXE-7C1F11C1.pf --------- 16322  
 12.07.2010 03:37     C:\Windows\Prefetch\AVCENTER.EXE-C4AEDCEC.pf --------- 120282  
 12.07.2010 03:37     C:\Windows\Prefetch\SSVAGENT.EXE-D0A26E22.pf --------- 15074  
 12.07.2010 03:31     C:\Windows\Prefetch\TASKMGR.EXE-5F5F473D.pf --------- 36706  
 12.07.2010 03:28     C:\Windows\Prefetch\RSIT(2).EXE-7DFE5FDD.pf --------- 36824  
 12.07.2010 03:27     C:\Windows\Prefetch\DLLHOST.EXE-7ED62AA2.pf --------- 18400  
 12.07.2010 03:27     C:\Windows\Prefetch\SOFTWAREUPDATE.EXE-631B74E4.pf --------- 26330  
 12.07.2010 03:22     C:\Windows\Prefetch\MOBSYNC.EXE-C5E2284F.pf --------- 28420  
 12.07.2010 03:22     C:\Windows\Prefetch\WMPLAYER.EXE-BAD6BD53.pf --------- 221826  
 12.07.2010 03:19     C:\Windows\Prefetch\EHMSAS.EXE-2D3B2F21.pf --------- 12864  
 12.07.2010 03:19     C:\Windows\Prefetch\MSASCUI.EXE-07E0123F.pf --------- 5716  
 12.07.2010 03:18     C:\Windows\Prefetch\RUNONCE.EXE-D0649312.pf --------- 17772  
 12.07.2010 03:18     C:\Windows\Prefetch\MBAMGUI.EXE-4FE652ED.pf --------- 9302  
 12.07.2010 03:18     C:\Windows\Prefetch\GUARDGUI.EXE-84F705BC.pf --------- 21440  
 12.07.2010 03:17     C:\Windows\Prefetch\SVCHOST.EXE-DD9DE812.pf --------- 12158  
 12.07.2010 03:17     C:\Windows\Prefetch\SVCHOST.EXE-EB62CAD5.pf --------- 19658  
 12.07.2010 03:17     C:\Windows\Prefetch\SVCHOST.EXE-3AB35CA7.pf --------- 20382  
 12.07.2010 03:17     C:\Windows\Prefetch\MDNSRESPONDER.EXE-321C1F3D.pf --------- 18536  
 12.07.2010 03:17     C:\Windows\Prefetch\APPLEMOBILEDEVICESERVICE.EXE-80C393E5.pf --------- 14794  
 12.07.2010 03:17     C:\Windows\Prefetch\AVGUARD.EXE-037D9CD6.pf --------- 126854  
 12.07.2010 01:41     C:\Windows\Prefetch\WERFAULT.EXE-E69F695A.pf --------- 9304  
 12.07.2010 01:32     C:\Windows\Prefetch\OPVAPP.EXE-0DBBBD87.pf --------- 16074  
 12.07.2010 01:27     C:\Windows\Prefetch\MSCONFIG.EXE-3A52734E.pf --------- 15838  
 12.07.2010 01:04     C:\Windows\Prefetch\RUNDLL32.EXE-317D4CD6.pf --------- 22736  
 12.07.2010 00:53     C:\Windows\Prefetch\XBKBKWKTSSD.EXE-229C2B0F.pf --------- 24088  
 12.07.2010 00:53     C:\Windows\Prefetch\IERS.EXE-588E00B8.pf --------- 24066  
 10.07.2010 15:31     C:\Windows\Prefetch\ITUNES.EXE-2A42B776.pf --------- 23748  
 10.07.2010 15:23     C:\Windows\Prefetch\LASTFM.EXE-CB596DEA.pf --------- 54706  
 10.07.2010 15:23     C:\Windows\Prefetch\WINAMP.EXE-BD925B2E.pf --------- 17330  
 10.07.2010 15:19     C:\Windows\Prefetch\MFPMP.EXE-26F35380.pf --------- 36856  
 10.07.2010 15:18     C:\Windows\Prefetch\RUNDLL32.EXE-A993DC28.pf --------- 114462  
 10.07.2010 15:16     C:\Windows\Prefetch\LAUNCHU3.EXE-8715E9E5.pf --------- 21412  
 10.07.2010 14:51     C:\Windows\Prefetch\RUNDLL32.EXE-6D4A5E4A.pf --------- 44810  
 10.07.2010 13:32     C:\Windows\Prefetch\SVCHOST.EXE-05F624AB.pf --------- 15682  
 10.07.2010 13:32     C:\Windows\Prefetch\ATI2EVXX.EXE-0327F1E7.pf --------- 14142  
 10.07.2010 13:32     C:\Windows\Prefetch\SVCHOST.EXE-1D23BA00.pf --------- 17160  
 10.07.2010 13:32     C:\Windows\Prefetch\OMNISERV.EXE-AACAB8D0.pf --------- 39022  
 10.07.2010 13:32     C:\Windows\Prefetch\SVCHOST.EXE-E2D039A7.pf --------- 24216  
 10.07.2010 13:32     C:\Windows\Prefetch\WINLOGON.EXE-B020DC41.pf --------- 54560  
 09.07.2010 22:00     C:\Windows\Prefetch\RUNDLL32.EXE-230FC512.pf --------- 750  
 09.07.2010 21:51     C:\Windows\Prefetch\Layout.ini --------- 1660054  
 14.01.2010 23:26     C:\Windows\Prefetch\AgCx_S1_S-1-5-21-2978858628-215539607-716368754-1003.snp.db --------- 1130552  
 22.02.2007 23:10     C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-2978858628-215539607-716368754-1002.db --------- 1151051  
 22.02.2007 23:10     C:\Windows\Prefetch\AgGlUAD_S-1-5-21-2978858628-215539607-716368754-1002.db --------- 740946  
 13.02.2007 21:01     C:\Windows\Prefetch\AgAppLaunch.db --------- 332116  
----------------------------------------

 
C:\Windows\Tasks

 13.07.2010 15:35     C:\Windows\Tasks\User_Feed_Synchronization-{E71D1D21-BEDF-41DD-9481-F025251F282C}.job --------- 446  
 13.07.2010 15:30     C:\Windows\Tasks\Erweiterte Garantie.job --------- 368  
 13.07.2010 15:30     C:\Windows\Tasks\Recovery DVD Creator.job --------- 368  
 13.07.2010 14:22     C:\Windows\Tasks\SA.DAT --------- 6  
 13.07.2010 03:55     C:\Windows\Tasks\SCHEDLGU.TXT --------- 32628  
 13.07.2010 01:02     C:\Windows\Tasks\User_Feed_Synchronization-{0E8EFC26-C431-4765-8592-57102D933EBF}.job --------- 422  
----------------------------------------

 
C:\Windows\Temp

 13.07.2010 14:24     C:\Windows\Temp\hpqddsvc.log --------- 9828  
 13.07.2010 01:48     C:\Windows\Temp\MpCmdRun.log --------- 2310  
 13.07.2010 01:48     C:\Windows\Temp\MpSigStub.log --------- 3300  
----------------------------------------

 
C:\Users\Versuch\AppData\Local\Temp

 13.07.2010 15:33     C:\Users\Versuch\AppData\Local\Temp\AdobeARM.log --------- 316764  
 13.07.2010 15:29     C:\Users\Versuch\AppData\Local\Temp\plugtmp-1 --------- 0  
 13.07.2010 14:43     C:\Users\Versuch\AppData\Local\Temp\hpqddusr.log --------- 1188  
 13.07.2010 14:34     C:\Users\Versuch\AppData\Local\Temp\Adobe --------- 0  
 13.07.2010 14:33     C:\Users\Versuch\AppData\Local\Temp\AdobeARM_NotLocked.log --------- 740  
 13.07.2010 14:33     C:\Users\Versuch\AppData\Local\Temp\LVB-Linien mit Haustarif.pdf --------- 40635  
 13.07.2010 14:25     C:\Users\Versuch\AppData\Local\Temp\MARA966.tmp --------- 1285  
 13.07.2010 14:25     C:\Users\Versuch\AppData\Local\Temp\MARA8D8.tmp --------- 1342  
 13.07.2010 14:25     C:\Users\Versuch\AppData\Local\Temp\divB16D.tmp --------- 0  
 13.07.2010 14:24     C:\Users\Versuch\AppData\Local\Temp\wmplog01.sqm --------- 1496  
 13.07.2010 14:24     C:\Users\Versuch\AppData\Local\Temp\WPDNSE --------- 0  
 13.07.2010 14:22     C:\Users\Versuch\AppData\Local\Temp\Versuch.bmp --------- 31832  
 13.07.2010 03:35     C:\Users\Versuch\AppData\Local\Temp\plugtmp --------- 0  
 12.07.2010 22:15     C:\Users\Versuch\AppData\Local\Temp\Low --------- 0  
 12.07.2010 20:50     C:\Users\Versuch\AppData\Local\Temp\Gast.bmp --------- 49208  
 12.07.2010 16:51     C:\Users\Versuch\AppData\Local\Temp\divB229.tmp --------- 0  
 12.07.2010 16:51     C:\Users\Versuch\AppData\Local\Temp\MARD2B8.tmp --------- 1285  
 12.07.2010 16:51     C:\Users\Versuch\AppData\Local\Temp\MARD1BD.tmp --------- 1342  
 12.07.2010 16:51     C:\Users\Versuch\AppData\Local\Temp\wmplog00.sqm --------- 1496  
 12.07.2010 15:33     C:\Users\Versuch\AppData\Local\Temp\~DF5DFD.tmp --------- 65536  
 12.07.2010 15:30     C:\Users\Versuch\AppData\Local\Temp\4DD4.tmp --------- 0  
 12.07.2010 15:29     C:\Users\Versuch\AppData\Local\Temp\4AEB.tmp --------- 0  
 12.07.2010 03:49     C:\Users\Versuch\AppData\Local\Temp\jar_cache1645983427462349222.tmp --------- 3335  
 12.07.2010 03:49     C:\Users\Versuch\AppData\Local\Temp\java_install_reg.log --------- 790  
 12.07.2010 03:20     C:\Users\Versuch\AppData\Local\Temp\MAR3F29.tmp --------- 1285  
 12.07.2010 03:20     C:\Users\Versuch\AppData\Local\Temp\MAR3C98.tmp --------- 1342  
 12.07.2010 03:20     C:\Users\Versuch\AppData\Local\Temp\divCD49.tmp --------- 0  
 12.07.2010 02:01     C:\Users\Versuch\AppData\Local\Temp\D.tmp --------- 0  
 12.07.2010 02:01     C:\Users\Versuch\AppData\Local\Temp\D766.tmp --------- 0  
 12.07.2010 01:58     C:\Users\Versuch\AppData\Local\Temp\~DF1013.tmp --------- 311296  
 12.07.2010 01:56     C:\Users\Versuch\AppData\Local\Temp\D1B2.tmp --------- 0  
 12.07.2010 01:55     C:\Users\Versuch\AppData\Local\Temp\FF10.tmp --------- 0  
 12.07.2010 01:53     C:\Users\Versuch\AppData\Local\Temp\8541.tmp --------- 0  
 12.07.2010 01:41     C:\Users\Versuch\AppData\Local\Temp\MAR868C.tmp --------- 1285  
 12.07.2010 01:41     C:\Users\Versuch\AppData\Local\Temp\MAR8226.tmp --------- 1342  
 12.07.2010 01:39     C:\Users\Versuch\AppData\Local\Temp\~DF57F8.tmp --------- 81920  
 12.07.2010 01:39     C:\Users\Versuch\AppData\Local\Temp\divF155.tmp --------- 0  
 12.07.2010 01:35     C:\Users\Versuch\AppData\Local\Temp\divF2DB.tmp --------- 0  
 12.07.2010 01:27     C:\Users\Versuch\AppData\Local\Temp\MARAFCF.tmp --------- 1285  
 12.07.2010 01:27     C:\Users\Versuch\AppData\Local\Temp\MARAEB4.tmp --------- 1342  
 12.07.2010 01:25     C:\Users\Versuch\AppData\Local\Temp\~DFF806.tmp --------- 81920  
 12.07.2010 01:25     C:\Users\Versuch\AppData\Local\Temp\div402.tmp --------- 0  
 12.07.2010 01:22     C:\Users\Versuch\AppData\Local\Temp\divF30A.tmp --------- 0  
 12.07.2010 01:10     C:\Users\Versuch\AppData\Local\Temp\MARCF4D.tmp --------- 1285  
 12.07.2010 01:10     C:\Users\Versuch\AppData\Local\Temp\MARCE43.tmp --------- 1342  
 12.07.2010 01:10     C:\Users\Versuch\AppData\Local\Temp\divAF5A.tmp --------- 0  
 12.07.2010 00:53     C:\Users\Versuch\AppData\Local\Temp\jar_cache6784308085301456602.tmp --------- 3335  
 11.07.2010 23:51     C:\Users\Versuch\AppData\Local\Temp\divA1AE.tmp --------- 0  
 11.07.2010 23:51     C:\Users\Versuch\AppData\Local\Temp\MAR9DCE.tmp --------- 1285  
 11.07.2010 23:51     C:\Users\Versuch\AppData\Local\Temp\MAR9CA4.tmp --------- 1342  
----------------------------------------

 
C:\Program Files

 12.07.2010 19:08     C:\Program Files\Trend Micro --------- 0  
 12.07.2010 01:58     C:\Program Files\Malwarebytes' Anti-Malware --------- 4096  
 29.06.2010 12:04     C:\Program Files\Mozilla Firefox --------- 32768  
 25.06.2010 13:05     C:\Program Files\Microsoft.NET --------- 0  
 16.06.2010 18:06     C:\Program Files\ICQ6.5 --------- 16384  
 14.06.2010 04:16     C:\Program Files\Windows Mail --------- 0  
 14.06.2010 04:16     C:\Program Files\Internet Explorer --------- 4096  
 26.04.2010 20:52     C:\Program Files\DivX --------- 8192  
 06.04.2010 21:27     C:\Program Files\ATI --------- 0  
 12.03.2010 22:38     C:\Program Files\Movie Maker --------- 0  
 02.03.2010 14:50     C:\Program Files\Full Tilt Poker --------- 0  
 25.02.2010 20:47     C:\Program Files\PokerStars.NET --------- 8192  
 18.02.2010 20:24     C:\Program Files\PDFCreator --------- 0  
 18.02.2010 19:24     C:\Program Files\MSECache --------- 0  
 20.01.2010 16:22     C:\Program Files\winamp --------- 4096  
 20.01.2010 16:17     C:\Program Files\Winamp Detect --------- 0  
 18.01.2010 18:28     C:\Program Files\Common Files --------- 8192  
 18.01.2010 12:27     C:\Program Files\Spyware Doctor --------- 0  
 12.01.2010 13:23     C:\Program Files\pdfforge Toolbar --------- 0  
 18.11.2009 02:43     C:\Program Files\Windows Portable Devices --------- 0  
 08.11.2009 16:57     C:\Program Files\Free Video Converter --------- 4096  
 07.11.2009 00:30     C:\Program Files\CCleaner --------- 0  
 30.10.2009 02:39     C:\Program Files\Windows Media Player --------- 4096  
 16.09.2009 19:07     C:\Program Files\Windows Calendar --------- 0  
 16.09.2009 19:07     C:\Program Files\Windows Sidebar --------- 0  
 16.09.2009 19:07     C:\Program Files\Windows Collaboration --------- 0  
 16.09.2009 19:07     C:\Program Files\Windows Journal --------- 0  
 16.09.2009 19:07     C:\Program Files\Windows Photo Gallery --------- 4096  
 16.09.2009 19:07     C:\Program Files\Windows Defender --------- 4096  
 05.09.2009 20:23     C:\Program Files\Java --------- 4096  
 21.08.2009 09:44     C:\Program Files\Astonsoft --------- 0  
 14.08.2009 22:13     C:\Program Files\Google --------- 0  
 14.08.2009 17:00     C:\Program Files\InstallShield Installation Information --------- 0  
 04.08.2009 18:00     C:\Program Files\Last.fm --------- 8192  
 31.07.2009 20:11     C:\Program Files\iTunes --------- 4096  
 31.07.2009 20:11     C:\Program Files\iPod --------- 0  
 31.07.2009 20:10     C:\Program Files\QuickTime --------- 4096  
 22.07.2009 21:14     C:\Program Files\Skype --------- 0  
 18.07.2009 12:49     C:\Program Files\ICQ6 --------- 0  
 07.07.2009 15:36     C:\Program Files\NVIDIA Corporation --------- 0  
 02.07.2009 16:15     C:\Program Files\Electronic Arts --------- 0  
 02.07.2009 16:12     C:\Program Files\Microsoft WSE --------- 0  
 01.07.2009 18:55     C:\Program Files\Microsoft Works --------- 0  
 01.07.2009 18:55     C:\Program Files\MSBuild --------- 0  
 01.07.2009 18:54     C:\Program Files\Microsoft Office 2007 --------- 4096  
 01.07.2009 18:54     C:\Program Files\Microsoft Visual Studio --------- 0  
 01.07.2009 18:50     C:\Program Files\Microsoft Visual Studio 8 --------- 0  
 01.07.2009 18:41     C:\Program Files\Microsoft Office --------- 4096  
 10.06.2009 21:41     C:\Program Files\Avira --------- 0  
 24.04.2009 12:41     C:\Program Files\DVDVideoSoft --------- 0  
 29.03.2009 23:25     C:\Program Files\OpenOffice.org 3 --------- 0  
 10.03.2009 18:03     C:\Program Files\AskBarDis --------- 0  
 02.03.2009 17:59     C:\Program Files\Opera --------- 0  
 26.02.2009 23:29     C:\Program Files\Microsoft Nachschlagewerke --------- 0  
 23.02.2009 18:42     C:\Program Files\Paint.NET --------- 0  
 23.02.2009 13:38     C:\Program Files\Bonjour --------- 0  
 15.12.2008 14:34     C:\Program Files\RegCleaner --------- 0  
 21.11.2008 14:03     C:\Program Files\SudokuSweep --------- 0  
 21.11.2008 13:59     C:\Program Files\Adobe --------- 4096  
 11.11.2008 20:25     C:\Program Files\ICQ6Toolbar --------- 0  
 02.11.2008 19:53     C:\Program Files\SopCast --------- 0  
 05.10.2008 19:46     C:\Program Files\Apple Software Update --------- 4096  
 05.10.2008 19:33     C:\Program Files\Safari --------- 8192  
 11.08.2008 01:19     C:\Program Files\SkillJam Technologies --------- 0  
 01.07.2008 20:01     C:\Program Files\Xvid --------- 0  
 28.05.2008 11:24     C:\Program Files\desktop.ini --------- 174  
 29.04.2008 10:11     C:\Program Files\MAGIX Online Druck Service --------- 0  
 23.04.2008 11:30     C:\Program Files\HP --------- 4096  
 10.04.2008 00:09     C:\Program Files\Ubisoft --------- 0  
 07.02.2008 22:27     C:\Program Files\Power Tab Software --------- 0  
 21.01.2008 18:32     C:\Program Files\ANNO 1602 K”nigs-Edition --------- 0  
 17.01.2008 17:46     C:\Program Files\GameSpy Arcade --------- 0  
 17.01.2008 17:41     C:\Program Files\Crave --------- 0  
 10.01.2008 14:42     C:\Program Files\ESTsoft --------- 0  
 10.01.2008 14:42     C:\Program Files\AlZip --------- 0  
 01.01.2008 23:59     C:\Program Files\ATI Technologies --------- 0  
 18.12.2007 12:12     C:\Program Files\Guitar Pro 5 --------- 0  
 04.12.2007 12:17     C:\Program Files\Real --------- 0  
 27.11.2007 19:33     C:\Program Files\ModTheSims2.com --------- 0  
 27.11.2007 17:47     C:\Program Files\WinRAR --------- 8192  
 18.09.2007 19:00     C:\Program Files\ZDF --------- 0  
 23.04.2007 19:04     C:\Program Files\AllTimeSudoku_Demo --------- 0  
 16.04.2007 14:47     C:\Program Files\Hewlett-Packard --------- 0  
 04.04.2007 14:48     C:\Program Files\VLC --------- 0  
 04.04.2007 13:57     C:\Program Files\Alwil Software --------- 0  
 04.04.2007 12:53     C:\Program Files\MSXML 4.0 --------- 0  
 26.02.2007 23:51     C:\Program Files\Firaxis Games --------- 0  
 26.02.2007 23:41     C:\Program Files\DirectX9 --------- 0  
 23.02.2007 20:52     C:\Program Files\EA SPORTS --------- 0  
 20.02.2007 02:31     C:\Program Files\InterActual --------- 0  
 19.02.2007 01:54     C:\Program Files\EA GAMES --------- 0  
 13.02.2007 21:08     C:\Program Files\Windows NT --------- 4096  
 13.02.2007 21:08     C:\Program Files\Gemeinsame Dateien --------- 0  
 15.01.2007 11:48     C:\Program Files\Packard Bell --------- 0  
 15.01.2007 11:45     C:\Program Files\Softex --------- 0  
 15.01.2007 11:37     C:\Program Files\Roxio --------- 4096  
 15.01.2007 11:33     C:\Program Files\Viewpoint --------- 0  
 15.01.2007 11:32     C:\Program Files\HDReg --------- 0  
 15.01.2007 11:31     C:\Program Files\Fingerprint Sensor --------- 0  
 15.01.2007 11:31     C:\Program Files\AuthenTec --------- 0  
 15.01.2007 11:30     C:\Program Files\Realtek --------- 0  
 02.11.2006 15:01     C:\Program Files\Uninstall Information --------- 0  
 02.11.2006 14:37     C:\Program Files\Microsoft Games --------- 0  
 02.11.2006 14:37     C:\Program Files\Reference Assemblies --------- 0  
 27.04.2003 22:02     C:\Program Files\tetris.exe --------- 647168  
----------------------------------------

 
C:\ProgramData\.. 

Versuch    
Default    
Public    
desktop.ini    
Default User    
All Users    
----------------------------------------

 
C:\Windows\system32\drivers\etc\hosts

::1             localhost

----------------------------------------

 

Abbildname                     PID Sitzungsname       Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process              0 Services                   0            24 K
System                           4 Services                   0         1.168 K
smss.exe                       424 Services                   0           552 K
csrss.exe                      556 Services                   0         3.680 K
wininit.exe                    612 Services                   0         2.976 K
csrss.exe                      624 Console                    1         7.712 K
services.exe                   656 Services                   0         5.816 K
lsass.exe                      668 Services                   0         2.608 K
lsm.exe                        676 Services                   0         3.096 K
winlogon.exe                   832 Console                    1         4.324 K
svchost.exe                    856 Services                   0         5.872 K
OmniServ.exe                   924 Services                   0         7.692 K
svchost.exe                   1000 Services                   0         6.008 K
svchost.exe                   1056 Services                   0        24.712 K
Ati2evxx.exe                  1136 Services                   0         2.728 K
svchost.exe                   1152 Services                   0         8.884 K
svchost.exe                   1196 Services                   0        51.148 K
svchost.exe                   1212 Services                   0        45.104 K
audiodg.exe                   1352 Services                   0        12.712 K
svchost.exe                   1376 Services                   0         3.724 K
SLsvc.exe                     1396 Services                   0         3.176 K
svchost.exe                   1432 Services                   0         9.692 K
svchost.exe                   1612 Services                   0        11.696 K
Ati2evxx.exe                  1672 Console                    1         4.368 K
spoolsv.exe                   1892 Services                   0         6.912 K
sched.exe                     1924 Services                   0         1.288 K
dwm.exe                       1968 Console                    1        32.228 K
explorer.exe                  2000 Console                    1        51.288 K
svchost.exe                   2040 Services                   0         8.924 K
taskeng.exe                    212 Console                    1         9.112 K
MSASCui.exe                   1656 Console                    1         5.604 K
RtHDVCpl.exe                  1748 Console                    1         5.412 K
mHotkey.exe                   1936 Console                    1         5.764 K
ATSwpNav.exe                  2032 Console                    1         3.292 K
aolsoftware.exe                536 Console                    1         4.112 K
RoxWatchTray9.exe              564 Console                    1         6.332 K
hpwuSchd2.exe                 2080 Console                    1         2.760 K
GrooveMonitor.exe             2096 Console                    1         7.444 K
opvapp.exe                    2104 Console                    1         4.116 K
iTunesHelper.exe              2124 Console                    1         5.660 K
avgnt.exe                     2136 Console                    1         2.384 K
MOM.exe                       2148 Console                    1         3.444 K
winampa.exe                   2172 Console                    1         2.956 K
DivXUpdate.exe                2228 Console                    1         9.392 K
ehtray.exe                    2268 Console                    1         2.304 K
wmpnscfg.exe                  2344 Console                    1         4.228 K
ehmsas.exe                    2768 Console                    1         3.252 K
avguard.exe                   2948 Services                   0        12.568 K
AppleMobileDeviceService.     2992 Services                   0         2.828 K
mDNSResponder.exe             3004 Services                   0         4.068 K
svchost.exe                   3048 Services                   0         5.096 K
svchost.exe                   3144 Services                   0         2.356 K
svchost.exe                   3224 Services                   0         2.220 K
svchost.exe                   3240 Services                   0         3.588 K
svchost.exe                   3424 Services                   0         4.736 K
svchost.exe                   3468 Services                   0         1.448 K
SearchIndexer.exe             3500 Services                   0        15.364 K
WUDFHost.exe                  3768 Services                   0         3.136 K
mobsync.exe                   1780 Console                    1         5.088 K
CCC.exe                       2356 Console                    1        12.136 K
taskeng.exe                   3884 Services                   0         4.640 K
conime.exe                    2740 Console                    1         3.396 K
wmpnetwk.exe                  2544 Services                   0        13.352 K
iPodService.exe                292 Services                   0         3.992 K
CPSHelpRunner.exe             4560 Console                    1         2.696 K
hpqste08.exe                  4700 Console                    1         6.104 K
hpqbam08.exe                  4764 Console                    1         4.400 K
firefox.exe                   5840 Console                    1       129.012 K
unsecapp.exe                  4900 Console                    1         4.172 K
WmiPrvSE.exe                  4144 Services                   0         4.748 K
cmd.exe                       2520 Console                    1         2.800 K
tasklist.exe                  1088 Console                    1         4.816 K
WmiPrvSE.exe                  3392 Services                   0         5.860 K

 
***** Ende des Scans 13.07.2010 um 15:36:49,25 ***
         
Programmliste von Ccleaner:
Code:
ATTFilter
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	22.02.2010		10.0.45.2
Adobe Flash Player 10 Plugin	Adobe Systems Incorporated	19.07.2009		10.0.22.87
Adobe Photoshop 7.0	Adobe Systems, Inc.	08.05.2008	144,8MB	7.0
Adobe Reader 9.3.2 - Deutsch	Adobe Systems Incorporated	20.04.2010	162,6MB	9.3.2
ALUpdate	ESTsoft Corp.	09.01.2008	2,05MB	
ALZip	ESTsoft Corp.	09.01.2008	11,8MB	7.0 beta1
Apple Mobile Device Support	Apple Inc.	30.07.2009	39,9MB	2.5.2.2
Apple Software Update	Apple Inc.	04.10.2008	2,16MB	2.1.1.116
Ask Toolbar	Ask.com	09.03.2009	1,11MB	4.1.0.2
ATI Catalyst Install Manager	ATI Technologies, Inc.	05.04.2010	13,7MB	3.0.708.0
Avira AntiVir Personal - Free Antivirus	Avira GmbH	14.01.2010	65,3MB	
Bonjour	Apple Inc.	22.02.2009	0,49MB	1.0.106
CCleaner	Piriform	14.01.2010	2,73MB	2.27
Creator 9		12.02.2007		
D-Link VGA Webcam		16.01.2008		
DeepBurner v1.9.0.228		20.08.2009	7,68MB	
DIE SIEDLER - Das Erbe der Könige - Gold Edition	Blue Byte	09.04.2008	2.106,0MB	1.00.0000
Die Sims™ 3	Electronic Arts	01.07.2009	5.617,7MB	1.2.7
DivX Converter	DivX, Inc.	25.04.2010	52,7MB	7.1.0
DivX Plus DirectShow Filters	DivX, Inc.	25.04.2010	1,22MB	
DivX-Setup	DivX, Inc. 	25.04.2010	1,77MB	1.0.0.450
Free Studio version 4.2	DVDVideoSoft Limited.	06.11.2009	41,4MB	
Free Video Converter V 2.3	Koyote Soft	07.11.2009	13,1MB	2.3.0.0
Free Video to Mp3 Converter version 3.1	DVD Video Soft Limited.	22.08.2008	2,50MB	
Free YouTube Download 2.2	DVDVideoSoft Limited.	09.03.2009	2,30MB	
Full Tilt Poker		03.02.2010	66,5MB	4.24.1.WIN.FullTilt.COM
FUSSBALL MANAGER 06		22.02.2007	1.806,7MB	
Google Earth	Google	14.04.2007	32,0MB	4.0.2744
Guitar Pro 5.0	Arobas Music	17.12.2007	363,3MB	
HijackThis 2.0.2	TrendMicro	14.01.2010	0,39MB	2.0.2
HP Customer Participation Program 8.0	HP	15.04.2007	192,2MB	8.0
HP Imaging Device Functions 8.0	HP	15.04.2007	1,54MB	8.0
HP OCR Software 8.0	HP	15.04.2007	1,53MB	8.0
HP Photosmart Essential	HP	15.04.2007	10,2MB	1.12.0.46
HP Photosmart.All-In-One Driver Software 8.0 .A	HP	15.04.2007	30,7MB	8.0
HP Solution Center 8.0	HP	15.04.2007	1,53MB	8.0
HP Update	Hewlett-Packard	25.10.2008	3,71MB	4.000.012.001
ICQ6.5	ICQ	17.07.2009	45,3MB	6.5
Infocentre Rev. 2.0		12.02.2007	59,4MB	
InterActual Player		19.02.2007	22,6MB	
iTunes	Apple Inc.	30.07.2009	112,6MB	8.2.1.6
Java(TM) 6 Update 13	Sun Microsystems, Inc.	12.01.2009	94,4MB	6.0.130
Keyboard Hotkey V1.03		12.02.2007		
Last.fm 1.5.4.24567	Last.fm	03.08.2009	18,3MB	
MAGIX Online Druck Service	Silverwire Software GmbH	28.04.2008	6,36MB	
MAGIX Video deLuxe 2005 PLUS	MAGIX AG	28.04.2008	25.521,3MB	4.5.0.76
Malwarebytes' Anti-Malware	Malwarebytes Corporation	11.07.2010	4,09MB	
Microsoft .NET Framework 1.1	Microsoft	14.01.2007	35,1MB	1.1.4322
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU	Microsoft Corporation	09.08.2009	37,1MB	
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	15.06.2009	27,8MB	
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	24.06.2010	120,3MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	24.06.2010	24,5MB	4.0.30319
Microsoft Encarta 99 Enzyklopädie	Microsoft Corporation	25.02.2009	13,3MB	99D
Microsoft Office Enterprise 2007	Microsoft Corporation	30.06.2009	614,6MB	12.0.4518.1014
Microsoft Office XP Professional mit FrontPage	Microsoft Corporation	30.06.2009	267,5MB	10.0.2701.0
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	05.04.2010	2,37MB	8.0.56336
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022	Microsoft Corporation	03.11.2009	1,41MB	9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	09.06.2009	0,58MB	9.0.30729
Microsoft WSE 3.0 Runtime	Microsoft Corp.	01.07.2009	0,92MB	3.0.5305.0
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme	Microsoft Corporation	17.02.2010	0,13MB	12.0.4518.1014
Mozilla Firefox (3.6.6)	Mozilla	28.06.2010	35,0MB	3.6.6 (de)
MSXML 4.0 SP2 (KB927978)	Microsoft Corporation	03.04.2007	1,24MB	4.20.9841.0
MSXML 4.0 SP2 (KB936181)	Microsoft Corporation	14.08.2007	1,27MB	4.20.9848.0
MSXML 4.0 SP2 (KB941833)	Microsoft Corporation	09.10.2007	1,27MB	4.20.9849.0
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	12.11.2008	1,28MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	02.12.2009	1,34MB	4.20.9876.0
NIS2007		12.02.2007		
NVIDIA Photoshop Plug-ins		06.07.2009	1,61MB	1.00.000
Omnipass 5		12.02.2007	23,5MB	
OpenOffice.org 3.0	OpenOffice.org	28.03.2009	333,2MB	3.0.9379
Packard Bell Updator		12.02.2007	68,4MB	
Paint.NET v3.36	dotPDN LLC	22.02.2009	3,97MB	3.36.0
pdfforge Toolbar v1.1.1	Spigot, Inc.	30.11.2009	4,75MB	1.1.1
PokerStars.net	PokerStars.net	24.02.2010	24,4MB	
Power Tab Editor 1.7	Power Tab Software	06.02.2008	3,59MB	1.7.0
QuickTime	Apple Inc.	30.07.2009	74,6MB	7.62.14.0
Realtek HD Audio V6.0.1.5322		12.02.2007		
RTC Client API v1.2	Microsoft	14.01.2007	0,11MB	1.2.0000
Safari	Apple Inc.	04.10.2008	60,9MB	3.525.21.0
SetUp My PC		12.02.2007		
Shop for HP Supplies	HP	22.04.2008	195,4MB	10.0
Sicherer Spieltreiber		10.08.2008	1,28MB	
Sid Meier's Civilization 4	Firaxis Games	04.04.2007	1.498,7MB	1.61
Skype 2.5.2.151		12.02.2007	20,7MB	
Skype web features	Skype Technologies S.A.	22.07.2009	4,96MB	1.0.3810
Skype™ 4.1	Skype Technologies S.A.	21.07.2009	31,1MB	4.1.141
Spelling Dictionaries Support For Adobe Reader 9	Adobe Systems Incorporated	27.11.2008	30,3MB	9.0.0
SPORE™	Electronic Arts	07.10.2008	3.862,4MB	1.00.0000
Uninstall 1.0.0.1		06.11.2009	16,3MB	
Video ATI v8.31		12.02.2007		
VideoLAN VLC media player 0.8.5	VideoLAN Team	13.02.2007	34,4MB	0.8.5
Winamp	Nullsoft, Inc	19.01.2010	19,5MB	5.572 
Winamp Erkennungs-Plug-in	Nullsoft, Inc	19.01.2010	0,13MB	1.0.0.1
Windows Media Player Firefox Plugin	Microsoft Corp	13.04.2009	0,29MB	1.0.0.8
WinRAR		26.11.2007	3,40MB	
Works 8.5 DE		12.02.2007		
Xvid 1.1.3 final uninstall	Xvid team (Koepi)	30.06.2008	0,77MB	1.1
         
__________________

Alt 14.07.2010, 08:41   #4
kira
/// Helfer-Team
 
AV Security Suite - Weitergehende Prüfung nach rkill- und Malwarebytesdurchführung - Standard

AV Security Suite - Weitergehende Prüfung nach rkill- und Malwarebytesdurchführung



1.
Deinstalliere unter `Start→ Systemsteuereung→ Ändern/Entfernen...`
Code:
ATTFilter
Ask Toolbar und pdfforge Toolbar  <- Adware  -Toolbar
         
2.
wenn du keinen Proxyserver lokal installiert hast, nimm die Proxyeinstellungen aus den Interneteinstellungen raus
oder/und mit HJT fixen:

Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis starten→ "Do a system scan only"→ Einträge auswählenHäckhen setzen→ "Fix checked" klicken→ PC neu aufstarten):
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen
Code:
ATTFilter
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5577

ausserdem fixe noch, was davon existiert:
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
         
3.
Windows und die installierten Programme auf den neuesten Stand zu halten,sind Garanten für eine erhöhte Sicherheit!
Java aktualisieren `Start→ Systemsteuereung→ Java→ Aktualisierung...(Update 20 schon fällig!)

4.
alle Anwendungen schließen → Ordner für temporäre Dateien bitte leeren
lösche nur den Inhalt der Ordner, nicht die Ordner selbst! - Dateien, die noch in Benutzung sind, nicht löschbar.
c:\windows\temp
- anschließend den Papierkorb leeren

5.
reinige dein System mit Ccleaner:
  • "Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

6.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

7.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Also alle vorhandenen externen Laufwerke inkl. evtl. vorhandener USB-Sticks an den Rechner anschließen, aber dabei die Shift-Taste gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird.
Außerdem kann man die Autostarteigenschaft auch ausschalten:
Windows-Sicherheit: Datenträger-Autorun deaktivieren- bebilderte Anleitung v.Leonidas/3dcenter.org
Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten/wintotal.de
→ Diese Silly -Beschreibung stützt die Annahme, dass er über einen USB-Stick kam. Die Ursache ist durch formatieren des Sticks aus der Welt geschafft, Du solltest darauf achten, dass dort keine Datei autorun.inf wieder auftaucht und etwas wählerisch sein, wo Du deinen Stick reinsteckst.

→ Den kompletten Rechner (also das ganze System) zu überprüfen (Systemprüfung ohne Säuberung) mit Kaspersky Online Scanner/klicke hier
→ um mit dem Vorgang fortzufahren klicke auf "Accept"
→ dann wähle "My computer" aus - Es dauert einige Zeit, bis ein Komplett-Scan durch gelaufen ist, also bitte um Geduld!
Es kann einige Zeit dauern, bis der Scan abgeschlossen ist - je nach Größe der Festplatte eine oder mehrere Stunden - also Geduld...
→ Report angezeigt, klicke auf "Save as" - den bitte kopieren und in deinem Thread hier einfügen
Vor dem Scan Einstellungen im Internet Explorer:
→ "Extras→ InternetoptionenSicherheit":
→ alles auf Standardstufe stellen
Active X erlauben - damit die neue Virendefinitionen installiert werden können

8.
poste erneut - nach der vorgenommenen Reinigungsaktion:
TrendMicro™ HijackThis™ -Logfile - Keine offenen Fenster, solang bis HijackThis läuft!!

** Wie ist den aktuellen Zustand des Rechners?

Alt 14.07.2010, 16:01   #5
pe__ka
 
AV Security Suite - Weitergehende Prüfung nach rkill- und Malwarebytesdurchführung - Standard

AV Security Suite - Weitergehende Prüfung nach rkill- und Malwarebytesdurchführung



Wollte gerade die Liste abarbeiten, aber ich bleibe schon beim Löschern der pdfforge Toolbar hängen. Es kommt die Meldung. "Der Systemadministrator hat Richtlinien erlassen, um diese Installation zu verhindern". Da steht tatsächlich Installation, nicht Deinstallation! Als nächstes kommt: "Sie verfügen nicht über ausreichende Berechtigungen, um pdfforge Toolbar v1.1.1 zu deinstallieren. Wenden sie sich an den Systemadministrator".

Irgendwie hat mein PC zwei Benutzer, die gleich benannt sind, aber ich kann das Programm von beiden Benutzern aus nicht löschen und es kommt jeweils die Fehler-/Warnmeldung.

Außerdem:
Ich hab keine Ahnung, ob ein Proxyserver lokal installiert ist, aber ich habe die Proxyeinstellungen aus den Interneteinstellungen rausgenommen.

Ich würde deine Liste gern abarbeiten, bin aber durch oben angeführte Probleme verhindert

PS: Java ist aktualisiert
Und zum aktuellen Zustand des Rechners: Scheint normal zu laufen. AV security hat sich nach dem zweiten Malwarebytesdurchgang nicht mehr gemeldet!


Geändert von pe__ka (14.07.2010 um 16:13 Uhr)

Alt 14.07.2010, 17:10   #6
pe__ka
 
AV Security Suite - Weitergehende Prüfung nach rkill- und Malwarebytesdurchführung - Standard

AV Security Suite - Weitergehende Prüfung nach rkill- und Malwarebytesdurchführung



pdfforge Toolbar ist deinstalliert mit Hilfe von CCleaner (Extras-Programme deinstallieren).

Ich versuche jetzt fortzufahren.

Alt 15.07.2010, 02:16   #7
pe__ka
 
AV Security Suite - Weitergehende Prüfung nach rkill- und Malwarebytesdurchführung - Standard

AV Security Suite - Weitergehende Prüfung nach rkill- und Malwarebytesdurchführung



Hallo,

die Punkte 1, 2, 3, 4, 5, 6 sind abgearbeitet.
Das mit Kaspersky muss ich morgen machen.
Die Autorun Funktion hab ich versucht auszuschalten. Aber irgendwie startet der Stick immer noch automatisch, er leuchtet nur nicht mehr. Einstellungen siehe Anhang! Eigentlich wie in der Bescheibung.

Hier der SUPERAntiSpyware log:
Code:
ATTFilter
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/14/2010 at 07:23 PM

Application Version : 4.40.1002

Core Rules Database Version : 5198
Trace Rules Database Version: 3010

Scan type       : Complete Scan
Total Scan Time : 00:58:58

Memory items scanned      : 789
Memory threats detected   : 0
Registry items scanned    : 10515
Registry threats detected : 5
File items scanned        : 37130
File threats detected     : 13

Trojan.Agent/Gen-Alureon
	HKU\.DEFAULT\Software\h8srt
	HKU\S-1-5-19\Software\h8srt
	HKU\S-1-5-20\Software\h8srt
	HKU\S-1-5-21-2978858628-215539607-716368754-1003\Software\h8srt
	HKU\S-1-5-18\Software\h8srt

Adware.Tracking Cookie
	.doubleclick.net [ C:\Users\Versuch\AppData\Roaming\Mozilla\Firefox\Profiles\iqnh3kfq.default\cookies.sqlite ]
	.adfarm1.adition.com [ C:\Users\Versuch\AppData\Roaming\Mozilla\Firefox\Profiles\iqnh3kfq.default\cookies.sqlite ]
	.webmasterplan.com [ C:\Users\Versuch\AppData\Roaming\Mozilla\Firefox\Profiles\iqnh3kfq.default\cookies.sqlite ]
	.webmasterplan.com [ C:\Users\Versuch\AppData\Roaming\Mozilla\Firefox\Profiles\iqnh3kfq.default\cookies.sqlite ]
	.zanox-affiliate.de [ C:\Users\Versuch\AppData\Roaming\Mozilla\Firefox\Profiles\iqnh3kfq.default\cookies.sqlite ]
	ad.yieldmanager.com [ C:\Users\Versuch\AppData\Roaming\Mozilla\Firefox\Profiles\iqnh3kfq.default\cookies.sqlite ]
	ad.yieldmanager.com [ C:\Users\Versuch\AppData\Roaming\Mozilla\Firefox\Profiles\iqnh3kfq.default\cookies.sqlite ]
	ad.yieldmanager.com [ C:\Users\Versuch\AppData\Roaming\Mozilla\Firefox\Profiles\iqnh3kfq.default\cookies.sqlite ]
	ad.yieldmanager.com [ C:\Users\Versuch\AppData\Roaming\Mozilla\Firefox\Profiles\iqnh3kfq.default\cookies.sqlite ]
	.content.yieldmanager.com [ C:\Users\Versuch\AppData\Roaming\Mozilla\Firefox\Profiles\iqnh3kfq.default\cookies.sqlite ]
	.webmasterplan.com [ C:\Users\Versuch\AppData\Roaming\Mozilla\Firefox\Profiles\iqnh3kfq.default\cookies.sqlite ]
	.zanox.com [ C:\Users\Versuch\AppData\Roaming\Mozilla\Firefox\Profiles\iqnh3kfq.default\cookies.sqlite ]
	ad.zanox.com [ C:\Users\Versuch\AppData\Roaming\Mozilla\Firefox\Profiles\iqnh3kfq.default\cookies.sqlite ]
         
Grüße
Angehängte Grafiken
Dateityp: png Unbenannt.png (7,3 KB, 174x aufgerufen)

Alt 15.07.2010, 15:14   #8
pe__ka
 
AV Security Suite - Weitergehende Prüfung nach rkill- und Malwarebytesdurchführung - Standard

AV Security Suite - Weitergehende Prüfung nach rkill- und Malwarebytesdurchführung



Hallo,
hier nun der Kaspersky Report und das Hijack log.

Kaspersky:
Code:
ATTFilter
Thursday, July 15, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, July 15, 2010 01:35:22
Records in database: 4220276
 
 
Scan settings 
scan using the following database extended 
Scan archives yes 
Scan e-mail databases yes 
 
Scan area My Computer 
C:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\  
 
Scan statistics 
Objects scanned 216617 
Threats found 4 
Infected objects found 5 
Suspicious objects found 0 
Scan duration 03:52:18 

File name Threat Threats count 
C:\Users\Versuch\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\4839f1b9-1ade3c63 Infected: Trojan-Downloader.Java.OpenConnection.at 1  
 
C:\Users\Versuch\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\4839f1b9-1ade3c63 Infected: Exploit.Java.Agent.f 1  
 
C:\Users\Versuch\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\5a289588-1a114c90 Infected: Exploit.Java.Agent.f 1  
 
C:\Users\Versuch\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\5a289588-1a114c90 Infected: Trojan-Downloader.Java.Agent.cd 1  
 
C:\Users\Versuch\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\5a289588-1a114c90 Infected: Trojan-Downloader.Java.OpenStream.al 1  
 
Selected area has been scanned.
         

HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:16:20, on 15.07.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\mHotkey.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Common Files\aol\1168853550\ee\aolsoftware.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft Office 2007\Office12\GrooveMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\winamp\winampa.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ig?hl=de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI69DF~1\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [mHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1168853550\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office 2007\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware  (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI69DF~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI69DF~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI69DF~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI69DF~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 8677 bytes
         
--- --- ---

Grüße

Geändert von pe__ka (15.07.2010 um 15:20 Uhr)

Alt 15.07.2010, 15:30   #9
kira
/// Helfer-Team
 
AV Security Suite - Weitergehende Prüfung nach rkill- und Malwarebytesdurchführung - Standard

AV Security Suite - Weitergehende Prüfung nach rkill- und Malwarebytesdurchführung



hi

den Java-Cache leeren - wie unter Punkt 7. u. 8. beschrieben *klick*
über Systemsteuerung -> Java...

gibt`s noch Probleme..Auffälligkeiten?

Alt 15.07.2010, 15:44   #10
pe__ka
 
AV Security Suite - Weitergehende Prüfung nach rkill- und Malwarebytesdurchführung - Standard

AV Security Suite - Weitergehende Prüfung nach rkill- und Malwarebytesdurchführung



Java Cache gelehrt.

Zitat:
Zitat von Coverflow Beitrag anzeigen
gibt`s noch Probleme..Auffälligkeiten?
Ich hab eigentlich das Gefühl, dass der Rechner wieder normal läuft.
Also keine mir offensichtlichen Auffälligkeiten.

Alt 15.07.2010, 18:01   #11
kira
/// Helfer-Team
 
AV Security Suite - Weitergehende Prüfung nach rkill- und Malwarebytesdurchführung - Standard

AV Security Suite - Weitergehende Prüfung nach rkill- und Malwarebytesdurchführung



hi

Ich bin auf etwas noch gestoßen was mich sehr stutzig macht, also auf Nummer sicher gehen ...:
1.
Achtung!:
WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten!
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
  • - also lade Dir Gmer herunter und entpacke es auf deinen Desktop
    - starte gmer.exe
    - [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
    - bitte nichts am Pc machen während der Scan läuft!
    - klicke auf "Scan", um das Tool zu starten
    - wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
    - mit "Ok" wird GMER beendet.
    - das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!

2.
Lade und installiere das Tool RootRepeal herunter
  • setze einen Hacken bei: "Drivers"-> "Scan"-> Save Report"...
  • "Stealth Objects" -> "Scan"-> Save Report"...
  • "Hidden Services" -> "Scan"-> Save Report"...
  • speichere das Logfile als "RootRepeal.txt" auf dem Desktop und Kopiere den Inhalt hier in den Thread

Alt 15.07.2010, 21:56   #12
pe__ka
 
AV Security Suite - Weitergehende Prüfung nach rkill- und Malwarebytesdurchführung - Standard

AV Security Suite - Weitergehende Prüfung nach rkill- und Malwarebytesdurchführung



Also GMER ist abgestürtzt. Hat nicht funktioniert.


ROOTREPEAL

Driverslog:
Code:
ATTFilter
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:		2010/07/15 21:44
Program Version:		Version 1.3.5.0
Windows Version:		Windows Vista SP2
==================================================

Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\Windows\system32\DRIVERS\1394BUS.SYS
Address: 0x8CB84000	Size: 57344	File Visible: -	Signed: -
Status: -

Name: acpi.sys
Image Path: C:\Windows\system32\drivers\acpi.sys
Address: 0x807B2000	Size: 286720	File Visible: -	Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x83434000	Size: 3903488	File Visible: -	Signed: -
Status: -

Name: afd.sys
Image Path: C:\Windows\system32\drivers\afd.sys
Address: 0x8D03C000	Size: 294912	File Visible: -	Signed: -
Status: -

Name: atapi.sys
Image Path: C:\Windows\system32\drivers\atapi.sys
Address: 0x84081000	Size: 32768	File Visible: -	Signed: -
Status: -

Name: ataport.SYS
Image Path: C:\Windows\system32\drivers\ataport.SYS
Address: 0x84089000	Size: 122880	File Visible: -	Signed: -
Status: -

Name: atikmdag.sys
Image Path: C:\Windows\system32\DRIVERS\atikmdag.sys
Address: 0x8C409000	Size: 7729152	File Visible: -	Signed: -
Status: -

Name: ATSwpDrv.sys
Image Path: C:\Windows\system32\DRIVERS\ATSwpDrv.sys
Address: 0x8D007000	Size: 132224	File Visible: -	Signed: -
Status: -

Name: avgio.sys
Image Path: C:\Program Files\Avira\AntiVir Desktop\avgio.sys
Address: 0x8D194000	Size: 6144	File Visible: -	Signed: -
Status: -

Name: avgntflt.sys
Image Path: C:\Windows\system32\DRIVERS\avgntflt.sys
Address: 0x8D1CF000	Size: 81920	File Visible: -	Signed: -
Status: -

Name: avipbb.sys
Image Path: C:\Windows\system32\DRIVERS\avipbb.sys
Address: 0x8D178000	Size: 114688	File Visible: -	Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\Windows\System32\Drivers\Beep.SYS
Address: 0x8CE00000	Size: 28672	File Visible: -	Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\Windows\system32\BOOTVID.dll
Address: 0x80689000	Size: 32768	File Visible: -	Signed: -
Status: -

Name: bowser.sys
Image Path: C:\Windows\system32\DRIVERS\bowser.sys
Address: 0x9935D000	Size: 102400	File Visible: -	Signed: -
Status: -

Name: cdd.dll
Image Path: C:\Windows\System32\cdd.dll
Address: 0x95250000	Size: 57344	File Visible: -	Signed: -
Status: -

Name: cdfs.sys
Image Path: C:\Windows\system32\DRIVERS\cdfs.sys
Address: 0x993CB000	Size: 90112	File Visible: -	Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\Windows\system32\DRIVERS\cdrom.sys
Address: 0x8CB92000	Size: 98304	File Visible: -	Signed: -
Status: -

Name: CI.dll
Image Path: C:\Windows\system32\CI.dll
Address: 0x806D2000	Size: 917504	File Visible: -	Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\Windows\system32\drivers\CLASSPNP.SYS
Address: 0x87DA0000	Size: 135168	File Visible: -	Signed: -
Status: -

Name: CLFS.SYS
Image Path: C:\Windows\system32\CLFS.SYS
Address: 0x80691000	Size: 266240	File Visible: -	Signed: -
Status: -

Name: crashdmp.sys
Image Path: C:\Windows\System32\Drivers\crashdmp.sys
Address: 0x8D196000	Size: 53248	File Visible: -	Signed: -
Status: -

Name: crcdisk.sys
Image Path: C:\Windows\system32\drivers\crcdisk.sys
Address: 0x87DC1000	Size: 36864	File Visible: -	Signed: -
Status: -

Name: dfsc.sys
Image Path: C:\Windows\System32\Drivers\dfsc.sys
Address: 0x8D161000	Size: 94208	File Visible: -	Signed: -
Status: -

Name: disk.sys
Image Path: C:\Windows\system32\drivers\disk.sys
Address: 0x87D8F000	Size: 69632	File Visible: -	Signed: -
Status: -

Name: drmk.sys
Image Path: C:\Windows\system32\drivers\drmk.sys
Address: 0x8CFCB000	Size: 151552	File Visible: -	Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x8D1AE000	Size: 32768	File Visible: No	Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8D1A3000	Size: 45056	File Visible: No	Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\Windows\System32\drivers\Dxapi.sys
Address: 0x8D1B6000	Size: 40960	File Visible: -	Signed: -
Status: -

Name: dxgkrnl.sys
Image Path: C:\Windows\System32\drivers\dxgkrnl.sys
Address: 0x87B17000	Size: 659456	File Visible: -	Signed: -
Status: -

Name: ecache.sys
Image Path: C:\Windows\System32\drivers\ecache.sys
Address: 0x87D68000	Size: 159744	File Visible: -	Signed: -
Status: -

Name: fetnd5.sys
Image Path: C:\Windows\system32\DRIVERS\fetnd5.sys
Address: 0x87BC7000	Size: 45568	File Visible: -	Signed: -
Status: -

Name: fileinfo.sys
Image Path: C:\Windows\system32\drivers\fileinfo.sys
Address: 0x840D9000	Size: 65536	File Visible: -	Signed: -
Status: -

Name: fltmgr.sys
Image Path: C:\Windows\system32\drivers\fltmgr.sys
Address: 0x840A7000	Size: 204800	File Visible: -	Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\Windows\System32\Drivers\Fs_Rec.SYS
Address: 0x8CFF0000	Size: 36864	File Visible: -	Signed: -
Status: -

Name: fwpkclnt.sys
Image Path: C:\Windows\System32\drivers\fwpkclnt.sys
Address: 0x87AED000	Size: 110592	File Visible: -	Signed: -
Status: -

Name: fwxyqfob.sys
Image Path: C:\Users\Versuch\AppData\Local\Temp\fwxyqfob.sys
Address: 0x993E1000	Size: 93056	File Visible: No	Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\Windows\System32\Drivers\GEARAspiWDM.sys
Address: 0x8CBAA000	Size: 40960	File Visible: -	Signed: -
Status: -

Name: hal.dll
Image Path: C:\Windows\system32\hal.dll
Address: 0x83401000	Size: 208896	File Visible: -	Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\Windows\system32\DRIVERS\HDAudBus.sys
Address: 0x84373000	Size: 577536	File Visible: -	Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDCLASS.SYS
Address: 0x8CD4C000	Size: 65536	File Visible: -	Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDPARSE.SYS
Address: 0x8CD0F000	Size: 28672	File Visible: -	Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\Windows\system32\DRIVERS\hidusb.sys
Address: 0x8CD43000	Size: 36864	File Visible: -	Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\Windows\system32\drivers\HTTP.sys
Address: 0x992D3000	Size: 446464	File Visible: -	Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\Windows\system32\DRIVERS\intelppm.sys
Address: 0x87B08000	Size: 61440	File Visible: -	Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\Windows\system32\DRIVERS\kbdclass.sys
Address: 0x8CC54000	Size: 45056	File Visible: -	Signed: -
Status: -

Name: kbdhid.sys
Image Path: C:\Windows\system32\DRIVERS\kbdhid.sys
Address: 0x8CDD8000	Size: 36864	File Visible: -	Signed: -
Status: -

Name: kdcom.dll
Image Path: C:\Windows\system32\kdcom.dll
Address: 0x80601000	Size: 28672	File Visible: -	Signed: -
Status: -

Name: ks.sys
Image Path: C:\Windows\system32\DRIVERS\ks.sys
Address: 0x8CC6C000	Size: 172032	File Visible: -	Signed: -
Status: -

Name: ksecdd.sys
Image Path: C:\Windows\System32\Drivers\ksecdd.sys
Address: 0x840F2000	Size: 462848	File Visible: -	Signed: -
Status: -

Name: lltdio.sys
Image Path: C:\Windows\system32\DRIVERS\lltdio.sys
Address: 0x992B0000	Size: 65536	File Visible: -	Signed: -
Status: -

Name: mcupdate_GenuineIntel.dll
Image Path: C:\Windows\system32\mcupdate_GenuineIntel.dll
Address: 0x80608000	Size: 458752	File Visible: -	Signed: -
Status: -

Name: monitor.sys
Image Path: C:\Windows\system32\DRIVERS\monitor.sys
Address: 0x8D1C0000	Size: 61440	File Visible: -	Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\Windows\system32\DRIVERS\mouclass.sys
Address: 0x8CC5F000	Size: 45056	File Visible: -	Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\Windows\system32\DRIVERS\mouhid.sys
Address: 0x8CD5C000	Size: 32768	File Visible: -	Signed: -
Status: -

Name: mountmgr.sys
Image Path: C:\Windows\System32\drivers\mountmgr.sys
Address: 0x84071000	Size: 65536	File Visible: -	Signed: -
Status: -

Name: mpsdrv.sys
Image Path: C:\Windows\System32\drivers\mpsdrv.sys
Address: 0x99376000	Size: 86016	File Visible: -	Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\Windows\system32\drivers\mrxdav.sys
Address: 0x9938B000	Size: 135168	File Visible: -	Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb.sys
Address: 0x993AC000	Size: 126976	File Visible: -	Signed: -
Status: -

Name: mrxsmb10.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Address: 0x9CA0F000	Size: 233472	File Visible: -	Signed: -
Status: -

Name: mrxsmb20.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Address: 0x9CA48000	Size: 98304	File Visible: -	Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\Windows\System32\Drivers\Msfs.SYS
Address: 0x8CD89000	Size: 45056	File Visible: -	Signed: -
Status: -

Name: msisadrv.sys
Image Path: C:\Windows\system32\drivers\msisadrv.sys
Address: 0x83BC2000	Size: 32768	File Visible: -	Signed: -
Status: -

Name: msiscsi.sys
Image Path: C:\Windows\system32\DRIVERS\msiscsi.sys
Address: 0x84163000	Size: 192512	File Visible: -	Signed: -
Status: -

Name: msrpc.sys
Image Path: C:\Windows\system32\drivers\msrpc.sys
Address: 0x8430D000	Size: 176128	File Visible: -	Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\Windows\system32\DRIVERS\mssmbios.sys
Address: 0x8CC96000	Size: 40960	File Visible: -	Signed: -
Status: -

Name: mup.sys
Image Path: C:\Windows\System32\Drivers\mup.sys
Address: 0x87D59000	Size: 61440	File Visible: -	Signed: -
Status: -

Name: ndis.sys
Image Path: C:\Windows\system32\drivers\ndis.sys
Address: 0x84202000	Size: 1093632	File Visible: -	Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\Windows\system32\DRIVERS\ndistapi.sys
Address: 0x87BF5000	Size: 45056	File Visible: -	Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\Windows\system32\DRIVERS\ndiswan.sys
Address: 0x841D3000	Size: 143360	File Visible: -	Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\Windows\System32\Drivers\NDProxy.SYS
Address: 0x8CCE2000	Size: 69632	File Visible: -	Signed: -
Status: -

Name: netbios.sys
Image Path: C:\Windows\system32\DRIVERS\netbios.sys
Address: 0x8D0CC000	Size: 57344	File Visible: -	Signed: -
Status: -

Name: netbt.sys
Image Path: C:\Windows\System32\DRIVERS\netbt.sys
Address: 0x8D084000	Size: 204800	File Visible: -	Signed: -
Status: -

Name: NETIO.SYS
Image Path: C:\Windows\system32\drivers\NETIO.SYS
Address: 0x84338000	Size: 241664	File Visible: -	Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\Windows\System32\Drivers\Npfs.SYS
Address: 0x8CD94000	Size: 57344	File Visible: -	Signed: -
Status: -

Name: nsiproxy.sys
Image Path: C:\Windows\system32\drivers\nsiproxy.sys
Address: 0x8D157000	Size: 40960	File Visible: -	Signed: -
Status: -

Name: Ntfs.sys
Image Path: C:\Windows\System32\Drivers\Ntfs.sys
Address: 0x87C08000	Size: 1114112	File Visible: -	Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\Windows\system32\ntkrnlpa.exe
Address: 0x83434000	Size: 3903488	File Visible: -	Signed: -
Status: -

Name: Null.SYS
Image Path: C:\Windows\System32\Drivers\Null.SYS
Address: 0x8CFF9000	Size: 28672	File Visible: -	Signed: -
Status: -

Name: ohci1394.sys
Image Path: C:\Windows\system32\DRIVERS\ohci1394.sys
Address: 0x8CB74000	Size: 62208	File Visible: -	Signed: -
Status: -

Name: pacer.sys
Image Path: C:\Windows\system32\DRIVERS\pacer.sys
Address: 0x8D0B6000	Size: 90112	File Visible: -	Signed: -
Status: -

Name: partmgr.sys
Image Path: C:\Windows\System32\drivers\partmgr.sys
Address: 0x83BF1000	Size: 61440	File Visible: -	Signed: -
Status: -

Name: pci.sys
Image Path: C:\Windows\system32\drivers\pci.sys
Address: 0x83BCA000	Size: 159744	File Visible: -	Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\Windows\system32\drivers\PCIIDEX.SYS
Address: 0x84063000	Size: 57344	File Visible: -	Signed: -
Status: -

Name: peauth.sys
Image Path: C:\Windows\system32\drivers\peauth.sys
Address: 0x9CAD5000	Size: 909312	File Visible: -	Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x83434000	Size: 3903488	File Visible: -	Signed: -
Status: -

Name: portcls.sys
Image Path: C:\Windows\system32\drivers\portcls.sys
Address: 0x8CF9E000	Size: 184320	File Visible: -	Signed: -
Status: -

Name: PSHED.dll
Image Path: C:\Windows\system32\PSHED.dll
Address: 0x80678000	Size: 69632	File Visible: -	Signed: -
Status: -

Name: PxHelp20.sys
Image Path: C:\Windows\System32\Drivers\PxHelp20.sys
Address: 0x840E9000	Size: 35648	File Visible: -	Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\Windows\System32\DRIVERS\rasacd.sys
Address: 0x8CDA2000	Size: 36864	File Visible: -	Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\Windows\system32\DRIVERS\rasl2tp.sys
Address: 0x87BDE000	Size: 94208	File Visible: -	Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\Windows\system32\DRIVERS\raspppoe.sys
Address: 0x8CC0C000	Size: 61440	File Visible: -	Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\Windows\system32\DRIVERS\raspptp.sys
Address: 0x8CC1B000	Size: 81920	File Visible: -	Signed: -
Status: -

Name: rassstp.sys
Image Path: C:\Windows\system32\DRIVERS\rassstp.sys
Address: 0x8CC2F000	Size: 86016	File Visible: -	Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x83434000	Size: 3903488	File Visible: -	Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\Windows\system32\DRIVERS\rdbss.sys
Address: 0x8D11B000	Size: 245760	File Visible: -	Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\Windows\System32\DRIVERS\RDPCDD.sys
Address: 0x8CD64000	Size: 32768	File Visible: -	Signed: -
Status: -

Name: rdpencdd.sys
Image Path: C:\Windows\system32\drivers\rdpencdd.sys
Address: 0x8CD6C000	Size: 32768	File Visible: -	Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x9CBF0000	Size: 49152	File Visible: No	Signed: -
Status: -

Name: rspndr.sys
Image Path: C:\Windows\system32\DRIVERS\rspndr.sys
Address: 0x992C0000	Size: 77824	File Visible: -	Signed: -
Status: -

Name: RTKVHDA.sys
Image Path: C:\Windows\system32\drivers\RTKVHDA.sys
Address: 0x8CE0D000	Size: 1641024	File Visible: -	Signed: -
Status: -

Name: SASDIFSV.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Address: 0x8D115000	Size: 24576	File Visible: -	Signed: -
Status: -

Name: SASKUTIL.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
Address: 0x8D0F3000	Size: 139264	File Visible: -	Signed: -
Status: -

Name: SCSIPORT.SYS
Image Path: C:\Windows\System32\Drivers\SCSIPORT.SYS
Address: 0x83B9C000	Size: 155648	File Visible: -	Signed: -
Status: -

Name: secdrv.SYS
Image Path: C:\Windows\System32\Drivers\secdrv.SYS
Address: 0x9CBB3000	Size: 40960	File Visible: -	Signed: -
Status: -

Name: serscan.sys
Image Path: C:\Windows\system32\DRIVERS\serscan.sys
Address: 0x8C400000	Size: 32768	File Visible: -	Signed: -
Status: -

Name: smb.sys
Image Path: C:\Windows\system32\DRIVERS\smb.sys
Address: 0x8D028000	Size: 81920	File Visible: -	Signed: -
Status: -

Name: sphx.sys
Image Path: C:\Windows\System32\Drivers\sphx.sys
Address: 0x83A95000	Size: 1040384	File Visible: No	Signed: -
Status: -

Name: spldr.sys
Image Path: C:\Windows\System32\Drivers\spldr.sys
Address: 0x87D51000	Size: 32768	File Visible: -	Signed: -
Status: -

Name: spsys.sys
Image Path: C:\Windows\system32\drivers\spsys.sys
Address: 0x99200000	Size: 720896	File Visible: -	Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000	Size: 0	File Visible: No	Signed: -
Status: -

Name: srv.sys
Image Path: C:\Windows\System32\DRIVERS\srv.sys
Address: 0x9CA87000	Size: 319488	File Visible: -	Signed: -
Status: -

Name: srv2.sys
Image Path: C:\Windows\System32\DRIVERS\srv2.sys
Address: 0x9CA60000	Size: 159744	File Visible: -	Signed: -
Status: -

Name: srvnet.sys
Image Path: C:\Windows\System32\DRIVERS\srvnet.sys
Address: 0x99340000	Size: 118784	File Visible: -	Signed: -
Status: -

Name: ssmdrv.sys
Image Path: C:\Windows\system32\DRIVERS\ssmdrv.sys
Address: 0x8D0ED000	Size: 23040	File Visible: -	Signed: -
Status: -

Name: storport.sys
Image Path: C:\Windows\system32\DRIVERS\storport.sys
Address: 0x84192000	Size: 266240	File Visible: -	Signed: -
Status: -

Name: swenum.sys
Image Path: C:\Windows\system32\DRIVERS\swenum.sys
Address: 0x8CC6A000	Size: 4992	File Visible: -	Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\Windows\System32\drivers\tcpip.sys
Address: 0x87A03000	Size: 958464	File Visible: -	Signed: -
Status: -

Name: tcpipreg.sys
Image Path: C:\Windows\System32\drivers\tcpipreg.sys
Address: 0x9CBBD000	Size: 49152	File Visible: -	Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\Windows\system32\DRIVERS\TDI.SYS
Address: 0x87BD3000	Size: 45056	File Visible: -	Signed: -
Status: -

Name: tdx.sys
Image Path: C:\Windows\system32\DRIVERS\tdx.sys
Address: 0x8CDAB000	Size: 90112	File Visible: -	Signed: -
Status: -

Name: termdd.sys
Image Path: C:\Windows\system32\DRIVERS\termdd.sys
Address: 0x8CC44000	Size: 65536	File Visible: -	Signed: -
Status: -

Name: TSDDD.dll
Image Path: C:\Windows\System32\TSDDD.dll
Address: 0x95230000	Size: 36864	File Visible: -	Signed: -
Status: -

Name: tunmp.sys
Image Path: C:\Windows\system32\DRIVERS\tunmp.sys
Address: 0x87DF5000	Size: 36864	File Visible: -	Signed: -
Status: -

Name: umbus.sys
Image Path: C:\Windows\system32\DRIVERS\umbus.sys
Address: 0x8CCA0000	Size: 53248	File Visible: -	Signed: -
Status: -

Name: usbccgp.sys
Image Path: C:\Windows\system32\DRIVERS\usbccgp.sys
Address: 0x8CDC1000	Size: 94208	File Visible: -	Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\Windows\system32\DRIVERS\USBD.SYS
Address: 0x8CE07000	Size: 8192	File Visible: -	Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\Windows\system32\DRIVERS\usbehci.sys
Address: 0x87BB8000	Size: 61440	File Visible: -	Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\Windows\system32\DRIVERS\usbhub.sys
Address: 0x8CCAD000	Size: 217088	File Visible: -	Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\Windows\system32\DRIVERS\USBPORT.SYS
Address: 0x8CBBF000	Size: 253952	File Visible: -	Signed: -
Status: -

Name: USBSTOR.SYS
Image Path: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Address: 0x8CD74000	Size: 86016	File Visible: -	Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\Windows\system32\DRIVERS\usbuhci.sys
Address: 0x8CBB4000	Size: 45056	File Visible: -	Signed: -
Status: -

Name: vga.sys
Image Path: C:\Windows\System32\drivers\vga.sys
Address: 0x8CD16000	Size: 49152	File Visible: -	Signed: -
Status: -

Name: viaide.sys
Image Path: C:\Windows\system32\drivers\viaide.sys
Address: 0x8405B000	Size: 32768	File Visible: -	Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\Windows\System32\drivers\VIDEOPRT.SYS
Address: 0x8CD22000	Size: 135168	File Visible: -	Signed: -
Status: -

Name: volmgr.sys
Image Path: C:\Windows\system32\drivers\volmgr.sys
Address: 0x84002000	Size: 61440	File Visible: -	Signed: -
Status: -

Name: volmgrx.sys
Image Path: C:\Windows\System32\drivers\volmgrx.sys
Address: 0x84011000	Size: 303104	File Visible: -	Signed: -
Status: -

Name: volsnap.sys
Image Path: C:\Windows\system32\drivers\volsnap.sys
Address: 0x87D18000	Size: 233472	File Visible: -	Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\Windows\system32\DRIVERS\wanarp.sys
Address: 0x8D0DA000	Size: 77824	File Visible: -	Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\Windows\System32\drivers\watchdog.sys
Address: 0x8CB68000	Size: 49152	File Visible: -	Signed: -
Status: -

Name: Wdf01000.sys
Image Path: C:\Windows\system32\drivers\Wdf01000.sys
Address: 0x83A0C000	Size: 507904	File Visible: -	Signed: -
Status: -

Name: WDFLDR.SYS
Image Path: C:\Windows\system32\drivers\WDFLDR.SYS
Address: 0x83A88000	Size: 53248	File Visible: -	Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0x95010000	Size: 2109440	File Visible: -	Signed: -
Status: -

Name: win32k.sys
Image Path: C:\Windows\System32\win32k.sys
Address: 0x95010000	Size: 2109440	File Visible: -	Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\Windows\System32\Drivers\WMILIB.SYS
Address: 0x83B93000	Size: 36864	File Visible: -	Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x83434000	Size: 3903488	File Visible: -	Signed: -
Status: -

Name: WUDFPf.sys
Image Path: C:\Windows\system32\DRIVERS\WUDFPf.sys
Address: 0x9CBDE000	Size: 73728	File Visible: -	Signed: -
Status: -

Name: WUDFRd.sys
Image Path: C:\Windows\system32\DRIVERS\WUDFRd.sys
Address: 0x9CBC9000	Size: 83328	File Visible: -	Signed: -
Status: -
         
Stealthlog:
Code:
ATTFilter
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:		2010/07/15 21:44
Program Version:		Version 1.3.5.0
Windows Version:		Windows Vista SP2
==================================================

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System	Address: 0x855a11f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System	Address: 0x855a11f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System	Address: 0x855a11f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System	Address: 0x855a11f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x855a11f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x855a11f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System	Address: 0x855a11f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System	Address: 0x855a11f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x855a11f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x855a11f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System	Address: 0x855a11f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x855a11f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x855a11f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x855a11f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x855a11f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x855a11f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System	Address: 0x855a11f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System	Address: 0x855a11f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System	Address: 0x855a11f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System	Address: 0x855a11f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System	Address: 0x855a11f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System	Address: 0x855a11f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System	Address: 0x855a01f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System	Address: 0x855a01f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x855a01f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x855a01f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System	Address: 0x855a01f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x855a01f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System	Address: 0x855a01f8	Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_CREATE]
Process: System	Address: 0x872f61f8	Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_CLOSE]
Process: System	Address: 0x872f61f8	Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_READ]
Process: System	Address: 0x872f61f8	Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_WRITE]
Process: System	Address: 0x872f61f8	Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x872f61f8	Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x872f61f8	Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x872f61f8	Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x872f61f8	Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_POWER]
Process: System	Address: 0x872f61f8	Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x872f61f8	Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_PNP]
Process: System	Address: 0x872f61f8	Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CREATE]
Process: System	Address: 0x873681f8	Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CLOSE]
Process: System	Address: 0x873681f8	Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_READ]
Process: System	Address: 0x873681f8	Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_WRITE]
Process: System	Address: 0x873681f8	Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x873681f8	Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x873681f8	Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_POWER]
Process: System	Address: 0x873681f8	Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x873681f8	Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_PNP]
Process: System	Address: 0x873681f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System	Address: 0x8729a1f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System	Address: 0x8729a1f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8729a1f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8729a1f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System	Address: 0x8729a1f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x8729a1f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System	Address: 0x8729a1f8	Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_CREATE]
Process: System	Address: 0x8754a1f8	Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_CLOSE]
Process: System	Address: 0x8754a1f8	Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8754a1f8	Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8754a1f8	Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_CLEANUP]
Process: System	Address: 0x8754a1f8	Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_PNP]
Process: System	Address: 0x8754a1f8	Size: 121

Object: Hidden Code [Driver: netbt蛢呤前Є呁獳犐蜀䣰蝗ꀀ蝗, IRP_MJ_CREATE]
Process: System	Address: 0x875821f8	Size: 121

Object: Hidden Code [Driver: netbt蛢呤前Є呁獳犐蜀䣰蝗ꀀ蝗, IRP_MJ_CLOSE]
Process: System	Address: 0x875821f8	Size: 121

Object: Hidden Code [Driver: netbt蛢呤前Є呁獳犐蜀䣰蝗ꀀ蝗, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x875821f8	Size: 121

Object: Hidden Code [Driver: netbt蛢呤前Є呁獳犐蜀䣰蝗ꀀ蝗, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x875821f8	Size: 121

Object: Hidden Code [Driver: netbt蛢呤前Є呁獳犐蜀䣰蝗ꀀ蝗, IRP_MJ_CLEANUP]
Process: System	Address: 0x875821f8	Size: 121

Object: Hidden Code [Driver: netbt蛢呤前Є呁獳犐蜀䣰蝗ꀀ蝗, IRP_MJ_PNP]
Process: System	Address: 0x875821f8	Size: 121

Object: Hidden Code [Driver: Ndis, IRP_MJ_CREATE]
Process: System	Address: 0x8729e1f8	Size: 121

Object: Hidden Code [Driver: Ndis, IRP_MJ_CLOSE]
Process: System	Address: 0x8729e1f8	Size: 121

Object: Hidden Code [Driver: Ndis, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8729e1f8	Size: 121

Object: Hidden Code [Driver: Ndis, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8729e1f8	Size: 121

Object: Hidden Code [Driver: Ndis, IRP_MJ_POWER]
Process: System	Address: 0x8729e1f8	Size: 121

Object: Hidden Code [Driver: Ndis, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x8729e1f8	Size: 121

Object: Hidden Code [Driver: Ndis, IRP_MJ_PNP]
Process: System	Address: 0x8729e1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CREATE]
Process: System	Address: 0x854ae1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_READ]
Process: System	Address: 0x854ae1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_WRITE]
Process: System	Address: 0x854ae1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x854ae1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x854ae1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x854ae1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x854ae1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CLEANUP]
Process: System	Address: 0x854ae1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_POWER]
Process: System	Address: 0x854ae1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x854ae1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_PNP]
Process: System	Address: 0x854ae1f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System	Address: 0x872c01f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System	Address: 0x872c01f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x872c01f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x872c01f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System	Address: 0x872c01f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x872c01f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System	Address: 0x872c01f8	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_CREATE]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_CREATE_NAMED_PIPE]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_CLOSE]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_READ]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_WRITE]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_QUERY_EA]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_SET_EA]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_CLEANUP]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_CREATE_MAILSLOT]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_QUERY_SECURITY]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_SET_SECURITY]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_POWER]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_DEVICE_CHANGE]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_QUERY_QUOTA]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_SET_QUOTA]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_PNP]
Process: System	Address: 0x87193500	Size: 121
         
Rootrepeal.txt:
Code:
ATTFilter
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:		2010/07/15 21:48
Program Version:		Version 1.3.5.0
Windows Version:		Windows Vista SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x8D1AE000	Size: 32768	File Visible: No	Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8D1A3000	Size: 45056	File Visible: No	Signed: -
Status: -

Name: fwxyqfob.sys
Image Path: C:\Users\Versuch\AppData\Local\Temp\fwxyqfob.sys
Address: 0x993E1000	Size: 93056	File Visible: No	Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x9CA00000	Size: 49152	File Visible: No	Signed: -
Status: -

Name: sphx.sys
Image Path: C:\Windows\System32\Drivers\sphx.sys
Address: 0x83A95000	Size: 1040384	File Visible: No	Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000	Size: 0	File Visible: No	Signed: -
Status: -

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System	Address: 0x855a11f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System	Address: 0x855a11f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System	Address: 0x855a11f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System	Address: 0x855a11f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x855a11f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x855a11f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System	Address: 0x855a11f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System	Address: 0x855a11f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x855a11f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x855a11f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System	Address: 0x855a11f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x855a11f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x855a11f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x855a11f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x855a11f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x855a11f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System	Address: 0x855a11f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System	Address: 0x855a11f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System	Address: 0x855a11f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System	Address: 0x855a11f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System	Address: 0x855a11f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System	Address: 0x855a11f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System	Address: 0x855a01f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System	Address: 0x855a01f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x855a01f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x855a01f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System	Address: 0x855a01f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x855a01f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System	Address: 0x855a01f8	Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_CREATE]
Process: System	Address: 0x872f61f8	Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_CLOSE]
Process: System	Address: 0x872f61f8	Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_READ]
Process: System	Address: 0x872f61f8	Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_WRITE]
Process: System	Address: 0x872f61f8	Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x872f61f8	Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x872f61f8	Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x872f61f8	Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x872f61f8	Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_POWER]
Process: System	Address: 0x872f61f8	Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x872f61f8	Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_PNP]
Process: System	Address: 0x872f61f8	Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CREATE]
Process: System	Address: 0x873681f8	Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CLOSE]
Process: System	Address: 0x873681f8	Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_READ]
Process: System	Address: 0x873681f8	Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_WRITE]
Process: System	Address: 0x873681f8	Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x873681f8	Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x873681f8	Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_POWER]
Process: System	Address: 0x873681f8	Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x873681f8	Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_PNP]
Process: System	Address: 0x873681f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System	Address: 0x8729a1f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System	Address: 0x8729a1f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8729a1f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8729a1f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System	Address: 0x8729a1f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x8729a1f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System	Address: 0x8729a1f8	Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_CREATE]
Process: System	Address: 0x8754a1f8	Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_CLOSE]
Process: System	Address: 0x8754a1f8	Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8754a1f8	Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8754a1f8	Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_CLEANUP]
Process: System	Address: 0x8754a1f8	Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_PNP]
Process: System	Address: 0x8754a1f8	Size: 121

Object: Hidden Code [Driver: netbt蛢呤前Є呁獳犐蜀䣰蝗ꀀ蝗, IRP_MJ_CREATE]
Process: System	Address: 0x875821f8	Size: 121

Object: Hidden Code [Driver: netbt蛢呤前Є呁獳犐蜀䣰蝗ꀀ蝗, IRP_MJ_CLOSE]
Process: System	Address: 0x875821f8	Size: 121

Object: Hidden Code [Driver: netbt蛢呤前Є呁獳犐蜀䣰蝗ꀀ蝗, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x875821f8	Size: 121

Object: Hidden Code [Driver: netbt蛢呤前Є呁獳犐蜀䣰蝗ꀀ蝗, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x875821f8	Size: 121

Object: Hidden Code [Driver: netbt蛢呤前Є呁獳犐蜀䣰蝗ꀀ蝗, IRP_MJ_CLEANUP]
Process: System	Address: 0x875821f8	Size: 121

Object: Hidden Code [Driver: netbt蛢呤前Є呁獳犐蜀䣰蝗ꀀ蝗, IRP_MJ_PNP]
Process: System	Address: 0x875821f8	Size: 121

Object: Hidden Code [Driver: Ndis, IRP_MJ_CREATE]
Process: System	Address: 0x8729e1f8	Size: 121

Object: Hidden Code [Driver: Ndis, IRP_MJ_CLOSE]
Process: System	Address: 0x8729e1f8	Size: 121

Object: Hidden Code [Driver: Ndis, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8729e1f8	Size: 121

Object: Hidden Code [Driver: Ndis, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8729e1f8	Size: 121

Object: Hidden Code [Driver: Ndis, IRP_MJ_POWER]
Process: System	Address: 0x8729e1f8	Size: 121

Object: Hidden Code [Driver: Ndis, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x8729e1f8	Size: 121

Object: Hidden Code [Driver: Ndis, IRP_MJ_PNP]
Process: System	Address: 0x8729e1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CREATE]
Process: System	Address: 0x854ae1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_READ]
Process: System	Address: 0x854ae1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_WRITE]
Process: System	Address: 0x854ae1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x854ae1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x854ae1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x854ae1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x854ae1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CLEANUP]
Process: System	Address: 0x854ae1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_POWER]
Process: System	Address: 0x854ae1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x854ae1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_PNP]
Process: System	Address: 0x854ae1f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System	Address: 0x872c01f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System	Address: 0x872c01f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x872c01f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x872c01f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System	Address: 0x872c01f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x872c01f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System	Address: 0x872c01f8	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_CREATE]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_CREATE_NAMED_PIPE]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_CLOSE]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_READ]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_WRITE]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_QUERY_EA]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_SET_EA]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_CLEANUP]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_CREATE_MAILSLOT]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_QUERY_SECURITY]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_SET_SECURITY]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_POWER]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_DEVICE_CHANGE]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_QUERY_QUOTA]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_SET_QUOTA]
Process: System	Address: 0x87193500	Size: 121

Object: Hidden Code [Driver: mrxsmb￿Њ捓㥃館蝐, IRP_MJ_PNP]
Process: System	Address: 0x87193500	Size: 121

==EOF==
         
Du wolltest das wahrscheinlich anders aufgelistet haben. Aber ich wusste nicht, wie ich das umsetzen sollte. Irgendwie waren es ja mehrere Logfiles. Die letzte Logfile hab ich mit dem Programm unter "Report" erstellt. Ist sicherlich falsch.

Alt 16.07.2010, 00:43   #13
kira
/// Helfer-Team
 
AV Security Suite - Weitergehende Prüfung nach rkill- und Malwarebytesdurchführung - Standard

AV Security Suite - Weitergehende Prüfung nach rkill- und Malwarebytesdurchführung



1.
Bitte Versteckte - und Systemdateien sichtbar machen den Link hier anklicken:
System-Dateien und -Ordner unter XP und Vista sichtbar machen
Am Ende unserer Arbeit, kannst wieder rückgängig machen!

2.
Mach bitte einen Rechtsklick auf die im folgenden genannten Dateien (mit der Maus), schau dir an, was unter Eigenschaften steht, kopiere diese Angaben (Datei Version, Beschreibung der Datei, Copyright bei wem? FirmenName) hier in deinen Thread von diesen Anwendungen (bebilderte Anleitung *hier*:
Zitat:
C:\Users\Versuch\AppData\Local\Temp\fwxyqfob.sys
3.
→ besuche die Seite von virustotal und die Datei/en aus Codebox bitte prüfen lassen - inklusive Dateigröße und Name, MD5 und SHA1 auch mitkopieren:
Tipps für die Suche nach Dateien
Code:
ATTFilter
C:\Users\Versuch\AppData\Local\Temp\fwxyqfob.sys

         
→ Klicke auf "Durchsuchen"
→ Suche die Datei auf deinem Rechner→ Doppelklick auf die zu prüfende Datei (oder kopiere den Inhalt ab aus der Codebox)
→ "Senden der Datei" und Warte, bis der Scandurchlauf aller Virenscanner beendet ist
das Ergebnis wie Du es bekommst (NICHT AUSLASSEN!) da reinkoperen (inklusive <geprüfter Dateiname> + Dateigröße und Name, MD5 und SHA1)

** Beispiel - das zu postende Logfile von Virustotal soll so wie hier aussehen Also nicht auslassen, sondern wie Du es bekommst da reinkopieren!:
Code:
ATTFilter
Datei <hier kommt die Dateiname> empfangen 2009.xx.xx xx:xx:xx (CET)
Antivirus	Version	letzte aktualisierung	Ergebnis
a-squared	4.0.0.73	2009.01.28	-
AhnLab-V3	5.0.0.2	2009.01.28	-
AntiVir	7.9.0.60	2009.01.28	-
Authentium	5.1.0.4	2009.01.27	-

...über 40 Virenscannern...also Geduld!!
         

Alt 16.07.2010, 10:45   #14
pe__ka
 
AV Security Suite - Weitergehende Prüfung nach rkill- und Malwarebytesdurchführung - Standard

AV Security Suite - Weitergehende Prüfung nach rkill- und Malwarebytesdurchführung



Hallo,
kann bis Montag nicht an den PC, da nicht daheim. Danach kümmer ich mich sofort. Danke

Alt 17.07.2010, 06:41   #15
kira
/// Helfer-Team
 
AV Security Suite - Weitergehende Prüfung nach rkill- und Malwarebytesdurchführung - Standard

AV Security Suite - Weitergehende Prüfung nach rkill- und Malwarebytesdurchführung



Ok, bis Montag bin auch nicht on

Antwort

Themen zu AV Security Suite - Weitergehende Prüfung nach rkill- und Malwarebytesdurchführung
adobe, adware.widgitoolbar, antivir, antivir guard, ask toolbar, avg, avgntflt.sys, avira, bho, browser, defender, desktop, diagnostics, excel, fontcache, hijack, hijackthis, home, home premium, internet, internet explorer, local\temp, malwarebytes' anti-malware, mozilla, nodrives, notepad.exe, office 2007, pdfforge toolbar, programdata, realtek, registry, security, security suite, senden, sptd.sys, start menu, svchost.exe, symantec, system, trojan.dropper, windows



Ähnliche Themen: AV Security Suite - Weitergehende Prüfung nach rkill- und Malwarebytesdurchführung


  1. Weitergehende Prüfung nach Windows Recovery
    Log-Analyse und Auswertung - 06.06.2011 (17)
  2. Security Shield vollständig entfernen > Weitergehende Prüfung
    Plagegeister aller Art und deren Bekämpfung - 31.01.2011 (1)
  3. Mircosoft Security Alert, weitergehende Prüfung
    Plagegeister aller Art und deren Bekämpfung - 30.09.2010 (3)
  4. av security suite, gelöscht nach anleitung, jetzt alles in ordnung ?
    Log-Analyse und Auswertung - 30.08.2010 (3)
  5. Pc sehr langsam nach löschen von AV Security Suite / WinXP
    Log-Analyse und Auswertung - 29.08.2010 (60)
  6. Nach AV Security Suite kein Internet mehr
    Plagegeister aller Art und deren Bekämpfung - 09.08.2010 (26)
  7. Probleme nach AV Security Suite
    Plagegeister aller Art und deren Bekämpfung - 01.08.2010 (2)
  8. WIN XP: langsamer PC nach Löschen von AV Security Suite
    Log-Analyse und Auswertung - 28.07.2010 (43)
  9. AV-Security-Suite entfernt -> Weitergehende Prüfung
    Plagegeister aller Art und deren Bekämpfung - 26.07.2010 (5)
  10. AV Security Suite nach Anleitung entfernt, kommt bei Neustart immer wieder
    Plagegeister aller Art und deren Bekämpfung - 16.07.2010 (2)
  11. AV-Security-Suite: Weitergehende Prüfung erforderlich
    Plagegeister aller Art und deren Bekämpfung - 15.07.2010 (24)
  12. Nachkontrolle Systemreinigung nach AV Security Suite
    Plagegeister aller Art und deren Bekämpfung - 12.07.2010 (2)
  13. AV Security Suite - Systemprüfung nach Entfernung gemäß FAQ
    Plagegeister aller Art und deren Bekämpfung - 12.07.2010 (1)
  14. AV Security Suite nach Anleitung entfernt. Alles ok jetzt?
    Plagegeister aller Art und deren Bekämpfung - 12.07.2010 (1)
  15. AV Security Suite nach Anleitung entfernt. Alles weg jetzt?
    Plagegeister aller Art und deren Bekämpfung - 11.07.2010 (0)
  16. AV-Security-Suite: Weitergehende Prüfung erforderlich
    Mülltonne - 11.07.2010 (1)
  17. Weitergehende Prüfung nach Entfernung von MY Security Engine
    Plagegeister aller Art und deren Bekämpfung - 27.05.2010 (7)

Zum Thema AV Security Suite - Weitergehende Prüfung nach rkill- und Malwarebytesdurchführung - Hallo, habe Probleme mit Av Security Suite. Habe die Bereinigung wie beschrieben( http://www.trojaner-board.de/86690-a...entfernen.html ) durchgeführt (gestern). Problem trat danach erneut auf, worauf ich nochmals Malwarebytes drüber laufen ließ. CCleaner wurde - AV Security Suite - Weitergehende Prüfung nach rkill- und Malwarebytesdurchführung...
Archiv
Du betrachtest: AV Security Suite - Weitergehende Prüfung nach rkill- und Malwarebytesdurchführung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.