Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   firefox öffnet werbefenster, hoher download (https://www.trojaner-board.de/96367-firefox-oeffnet-werbefenster-hoher-download.html)

chrisi31 08.03.2011 16:49
firefox öffnet werbefenster, hoher download
 
Hallo liebe Trojaner und Trojanerinnen

Ich habe seit 3 Wochen einen neuen Compi und schon die ersten Probleme :daumenrunter:

Der firefox öffnet plötzlich Werbefenster und es werden dauernd Daten runter- und raufgeladen (überwache unseren Datentrqansfer mit NetMeter da wir etwas abseits wohnen und Internet über SAT mit 5 GB pro Monat haben).

Virenscanner Kapersky Internet Security 2010
Betriebssystem Windows 7 (64-Bit)

Habe nun versucht die Logs gemäss Anleitung zu erstellen, ich hoffe jemand kann mir da weiter helfen (darf meine 2 Teenies nicht mehr auf den Compi lassen:kloppen:)

Liebe Grüsse
Chrisi

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5982

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

07.03.2011 20:33:28
mbam-log-2011-03-07 (20-33-28).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|)
Durchsuchte Objekte: 284548
Laufzeit: 27 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)OTL Logfile:
Code:
OTL logfile created on: 3/8/2011 12:01:57 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\fueri\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.30 Gb Total Space | 242.03 Gb Free Space | 84.84% Space Free | Partition Type: NTFS
 
Computer Name: FUERI-PC | User Name: fueri | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/03/08 07:15:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\fueri\Downloads\OTL.exe
PRC - [2011/02/21 06:26:45 | 000,340,520 | ---- | M] (Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
PRC - [2011/01/29 23:11:36 | 003,372,856 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2010/12/10 13:29:00 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/12/10 13:28:56 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2010/09/08 04:06:25 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe
PRC - [2010/08/11 02:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/08/11 02:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/08/11 02:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/07/16 01:05:48 | 000,600,688 | ---- | M] (Chicony) -- C:\Program Files (x86)\Video Web Camera\traybar.exe
PRC - [2010/06/28 23:23:24 | 000,263,936 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
PRC - [2010/06/28 23:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
PRC - [2010/06/10 03:54:04 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/03/03 23:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/03/03 23:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/01/29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
PRC - [2009/10/09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2009/08/09 15:08:02 | 000,293,888 | ---- | M] () -- C:\Program Files (x86)\NetMeter\NetMeter.exe
PRC - [2009/02/28 01:10:32 | 000,349,544 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
PRC - [2004/06/15 09:00:00 | 000,118,784 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files (x86)\WinZip\WZQKPICK.EXE
 
 
========== Modules (SafeList) ==========
 
MOD - [2011/03/08 07:15:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\fueri\Downloads\OTL.exe
MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010/06/11 23:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/01/29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2011/02/21 06:26:45 | 000,340,520 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP)
SRV - [2011/02/19 17:44:17 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/12/10 13:29:00 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/08/11 02:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/06/28 23:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/06/01 23:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/04/04 00:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 23:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/03/03 23:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/01/30 00:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/01/15 22:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/10/09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/02/21 06:26:45 | 000,353,296 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2010/06/10 21:57:20 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2010/06/08 13:36:18 | 000,406,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2010/05/12 03:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/04/24 01:10:32 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/04/24 01:10:28 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/04/24 01:10:28 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/04/24 01:10:20 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/04/21 20:18:44 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/03/04 03:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/27 01:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/03 15:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2009/12/19 14:20:44 | 000,126,440 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qcusbser.sys -- (qcusbser)
DRV:64bit: - [2009/10/14 20:18:38 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\klbg.sys -- (KLBG)
DRV:64bit: - [2009/10/02 18:39:32 | 000,021,008 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/09/18 05:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/09/17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/09/14 13:46:42 | 000,027,152 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2009/09/04 16:38:28 | 000,031,744 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb)
DRV:64bit: - [2009/09/01 14:29:56 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/20 03:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/06 00:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/06 00:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008/06/16 03:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.bluewin.ch/"
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
 
FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2010/11/11 08:28:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/11/11 08:28:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/11/11 08:28:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/03/02 18:03:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/03/05 19:52:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/05 19:52:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2011/02/19 18:14:29 | 000,000,000 | ---D | M]
 
[2011/03/04 21:52:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011/03/04 21:52:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011/03/07 06:37:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3y9s9qq4.default\extensions
[2011/03/05 19:52:30 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3y9s9qq4.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011/02/22 06:40:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011/02/22 06:40:31 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru
[2011/03/05 19:52:19 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/03/05 19:52:19 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/03/05 19:52:19 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/03/05 19:52:19 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/03/05 19:52:19 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\ievkbd.dll (Kaspersky Lab)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files (x86)\Video Web Camera\traybar.exe (Chicony)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKCU..\Run: [C:\Program Files (x86)\NetMeter\NetMeter.exe] C:\Program Files (x86)\NetMeter\NetMeter.exe ()
O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll (Kaspersky Lab)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll (Kaspersky Lab)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/03/07 21:11:16 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\MFTools
[2011/03/07 19:59:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2011/03/07 19:59:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/03/07 19:59:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/07 19:59:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/03/07 19:59:27 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/03/07 19:59:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/03/07 09:15:31 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Betrieb
[2011/03/06 12:53:51 | 000,000,000 | ---D | C] -- C:\unzipped
[2011/03/05 19:53:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\GARMIN
[2011/03/04 21:53:06 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\TomTom
[2011/03/04 21:53:04 | 000,000,000 | ---D | C] -- C:\ProgramData\TomTom
[2011/03/04 21:52:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TomTom
[2011/03/04 21:52:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\TomTom
[2011/03/04 21:52:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
[2011/03/04 21:52:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TomTom International B.V
[2011/03/04 21:52:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TomTom HOME 2
[2011/03/04 12:57:34 | 000,000,000 | ---D | C] -- C:\Users\fueri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mein 1 x 1 Trainer
[2011/03/04 12:57:34 | 000,000,000 | ---D | C] -- C:\1x1_Trainer_Einzel
[2011/03/04 12:57:27 | 000,446,464 | ---- | C] (MatchWare) -- C:\Windows\UniInstall34.exe
[2011/03/03 13:11:37 | 001,355,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSVBVM50.DLL
[2011/03/03 13:11:37 | 000,244,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSFLXGRD.OCX
[2011/03/03 13:11:37 | 000,099,866 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB5DE.DLL
[2011/03/03 13:11:37 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB5DB.DLL
[2011/03/03 13:11:37 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FLXGDDE.DLL
[2011/03/03 13:11:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mathe1x1
[2011/03/03 13:11:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mathe1x1
[2011/03/03 09:58:50 | 000,674,280 | ---- | C] (ScreenTime Media) -- C:\Windows\SysWow64\Weingarten das Meer 2010.scr
[2011/03/03 09:58:50 | 000,674,280 | ---- | C] (ScreenTime Media) -- C:\Windows\SysNative\Weingarten das Meer 2010.scr
[2011/03/03 09:58:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Screentime
[2011/03/03 09:58:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Screentime
[2011/03/03 09:57:33 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2011/03/02 18:20:01 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2011/03/02 18:15:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\HP
[2011/03/02 18:15:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\HP
[2011/03/02 18:03:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\HpUpdate
[2011/03/02 18:02:21 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2011/03/02 18:00:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011/03/02 18:00:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2011/03/02 17:59:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2011/03/02 17:58:35 | 001,408,000 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpost_p04b.dll
[2011/03/02 17:58:35 | 001,175,552 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hposwia_p04b.dll
[2011/03/02 17:58:35 | 000,521,216 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hposc_p04a.dll
[2011/03/02 17:58:24 | 000,643,200 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpzids40.dll
[2011/03/02 17:58:20 | 000,138,752 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\SysNative\hpf3l101.dll
[2011/03/02 17:57:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2011/03/02 17:57:50 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2011/03/02 17:55:10 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011/03/01 15:14:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TeamViewer
[2011/03/01 15:14:08 | 000,000,000 | ---D | C] -- C:\Users\***\temp
[2011/03/01 14:50:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ElevatedDiagnostics
[2011/03/01 13:57:03 | 000,000,000 | ---D | C] -- C:\AGROPLUS
[2011/02/25 09:57:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Samsung
[2011/02/25 09:56:55 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\samsung
[2011/02/25 09:55:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2011/02/25 09:55:45 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
[2011/02/25 09:55:33 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll
[2011/02/25 09:55:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
[2011/02/25 09:54:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Samsung
[2011/02/25 09:54:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2011/02/25 09:54:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2011/02/25 09:54:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Downloaded Installations
[2011/02/24 08:27:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/02/24 08:26:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2011/02/24 08:26:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011/02/24 08:23:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft Help
[2011/02/24 08:23:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011/02/23 15:15:14 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2011/02/23 15:10:32 | 000,000,000 | R--D | C] -- C:\Users\***\Documents\Scanned Documents
[2011/02/23 15:10:32 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Fax
[2011/02/23 12:49:08 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/02/23 12:43:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SoftGrid Client
[2011/02/23 12:43:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\SoftGrid Client
[2011/02/23 12:43:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Deutsch)
[2011/02/23 12:43:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011/02/23 12:43:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/02/23 12:43:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2011/02/23 12:43:02 | 000,000,000 | ---D | C] -- C:\Users\fueri\AppData\Roaming\TP
[2011/02/23 07:06:34 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/02/23 07:06:34 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/02/23 07:06:34 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/02/23 07:06:34 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/02/22 11:18:33 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2011/02/22 09:06:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011/02/22 09:06:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011/02/22 09:04:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2011/02/22 09:04:15 | 000,000,000 | ---D | C] -- C:\Users\fueri\AppData\Local\Google
[2011/02/22 09:04:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2011/02/22 09:02:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\C-CHANNEL e-banking
[2011/02/22 09:02:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\C-CHANNEL
[2011/02/22 09:02:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\C-CHANNEL
[2011/02/22 09:02:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\C-CHANNEL
[2011/02/22 09:02:29 | 000,000,000 | ---D | C] -- C:\ProgramData\C-CHANNEL
[2011/02/22 09:01:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE
[2011/02/22 09:00:49 | 000,000,000 | ---D | C] -- C:\installation
[2011/02/22 06:50:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011/02/22 06:48:51 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2011/02/22 06:48:51 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2011/02/22 06:48:51 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2011/02/22 06:48:51 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2011/02/22 06:48:51 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2011/02/22 06:48:51 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2011/02/22 06:48:51 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2011/02/22 06:48:51 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2011/02/22 06:48:43 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2011/02/21 19:09:26 | 000,000,000 | ---D | C] -- C:\Windows\acerePowerTemp
[2011/02/21 14:39:36 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\WMBackups
[2011/02/21 14:38:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Heiko Schröder Software
[2011/02/21 14:38:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heiko Schröder Software
[2011/02/21 14:38:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WMBackup
[2011/02/21 07:20:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/02/21 07:20:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/02/21 07:20:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/02/21 07:19:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple
[2011/02/21 07:19:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/02/21 07:19:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/02/21 07:19:29 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/02/21 07:19:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/02/21 07:19:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/02/21 07:19:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2011/02/21 06:52:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mozilla
[2011/02/21 06:52:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Mozilla
[2011/02/21 06:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/02/21 06:52:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/02/21 06:45:49 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/02/21 06:45:49 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/02/21 06:45:49 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/02/21 06:45:49 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/02/21 06:45:49 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/02/21 06:45:49 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/02/21 06:45:49 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/02/21 06:45:48 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/02/21 06:45:48 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/02/21 06:45:48 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/02/21 06:45:48 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/02/21 06:45:48 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/02/21 06:44:45 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2011/02/21 06:44:45 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2011/02/21 06:44:44 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2011/02/21 06:44:41 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
[2011/02/21 06:44:41 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
[2011/02/21 06:44:41 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2011/02/21 06:44:41 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
[2011/02/21 06:44:41 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2011/02/21 06:44:41 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2011/02/21 06:44:41 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe
[2011/02/21 06:44:41 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe
[2011/02/21 06:44:36 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2011/02/21 06:30:57 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2011/02/21 06:30:57 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2011/02/21 06:30:57 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2011/02/21 06:30:57 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2011/02/21 06:30:57 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2011/02/21 06:30:57 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2011/02/21 06:30:57 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2011/02/21 06:27:47 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2011/02/21 06:27:36 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll
[2011/02/21 06:27:36 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll
[2011/02/21 06:27:35 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2011/02/21 06:27:35 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\davclnt.dll
[2011/02/21 06:27:35 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
[2011/02/21 06:27:35 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2011/02/21 06:27:35 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2011/02/21 06:27:34 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/02/21 06:27:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/02/21 06:27:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2011/02/21 06:25:52 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/02/21 06:25:10 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2011/02/21 06:25:10 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2011/02/21 06:23:53 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2011/02/21 06:23:53 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2011/02/21 06:22:41 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/02/21 06:22:41 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/02/21 06:22:41 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/02/21 06:21:26 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2011/02/21 06:08:46 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/02/21 06:08:44 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2011/02/21 06:08:43 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2011/02/21 06:08:42 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2011/02/21 06:08:26 | 005,510,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/02/21 06:08:25 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/02/21 06:08:25 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/02/21 06:08:25 | 001,739,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2011/02/21 06:08:10 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011/02/21 06:08:10 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011/02/21 06:08:10 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011/02/21 06:08:10 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011/02/21 06:08:04 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2011/02/21 06:08:02 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2011/02/21 06:08:02 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2011/02/21 06:07:58 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2011/02/21 06:07:57 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2011/02/21 06:07:56 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2011/02/21 06:07:56 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2011/02/21 06:07:52 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2011/02/21 06:07:51 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2011/02/21 06:07:51 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2011/02/19 19:50:56 | 000,000,000 | R-SD | C] -- C:\Users\***\Documents\My Stationery
[2011/02/19 19:37:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Access Runtime
[2011/02/19 19:37:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AGRO-TWIN
[2011/02/19 19:37:09 | 000,000,000 | ---D | C] -- C:\AgroTwin
[2011/02/19 19:35:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2011/02/19 19:34:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip
[2011/02/19 18:14:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/02/19 18:14:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2011/02/19 18:14:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2010
[2011/02/19 18:14:13 | 000,353,296 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2011/02/19 18:05:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2011/02/19 18:05:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\NetMeter
[2011/02/19 18:05:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetMeter
[2011/02/19 18:05:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NetMeter
[2011/02/19 17:59:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Adobe
[2011/02/19 17:56:01 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2011/02/19 17:56:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SNS
[2011/02/19 17:44:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Packard Bell
[2011/02/19 17:44:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2011/02/19 17:44:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Adobe
[2011/02/19 17:43:57 | 000,055,024 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\PxHlpa64.sys
[2011/02/19 17:41:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2011/02/19 17:41:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2011/02/19 17:40:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2011/02/19 17:38:15 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2011/02/19 17:38:15 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2011/02/19 17:37:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011/02/19 17:37:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011/02/19 17:36:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2011/02/19 17:36:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2011/02/19 17:36:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2011/02/19 17:36:21 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/02/19 17:34:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Macromedia
[2011/02/19 17:34:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2011/02/19 17:31:46 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/02/19 17:31:46 | 000,000,000 | R--D | C] -- C:\Users\***\Searches
[2011/02/19 17:31:46 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/02/19 17:29:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Identities
[2011/02/19 17:28:46 | 000,000,000 | R--D | C] -- C:\Users\***\Contacts
[2011/02/19 17:28:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\VirtualStore
[2011/02/19 17:24:27 | 000,000,000 | --SD | C] -- C:\Users\***\AppData\Roaming\Microsoft
[2011/02/19 17:24:27 | 000,000,000 | R--D | C] -- C:\Users\***\Videos
[2011/02/19 17:24:27 | 000,000,000 | R--D | C] -- C:\Users\***\Saved Games
[2011/02/19 17:24:27 | 000,000,000 | R--D | C] -- C:\Users\***\Pictures
[2011/02/19 17:24:27 | 000,000,000 | R--D | C] -- C:\Users\***\Music
[2011/02/19 17:24:27 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/02/19 17:24:27 | 000,000,000 | R--D | C] -- C:\Users\***\Links
[2011/02/19 17:24:27 | 000,000,000 | R--D | C] -- C:\Users\***\Favorites
[2011/02/19 17:24:27 | 000,000,000 | R--D | C] -- C:\Users\***\Downloads
[2011/02/19 17:24:27 | 000,000,000 | R--D | C] -- C:\Users\***\Documents
[2011/02/19 17:24:27 | 000,000,000 | R--D | C] -- C:\Users\***\Desktop
[2011/02/19 17:24:27 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/02/19 17:24:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Vorlagen
[2011/02/19 17:24:27 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Verlauf
[2011/02/19 17:24:27 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Temporary Internet Files
[2011/02/19 17:24:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Startmenü
[2011/02/19 17:24:27 | 000,000,000 | -HSD | C] -- C:\Users\***\SendTo
[2011/02/19 17:24:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Recent
[2011/02/19 17:24:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Netzwerkumgebung
[2011/02/19 17:24:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Lokale Einstellungen
[2011/02/19 17:24:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Videos
[2011/02/19 17:24:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Musik
[2011/02/19 17:24:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Eigene Dateien
[2011/02/19 17:24:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Bilder
[2011/02/19 17:24:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Druckumgebung
[2011/02/19 17:24:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Cookies
[2011/02/19 17:24:27 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Anwendungsdaten
[2011/02/19 17:24:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Anwendungsdaten
[2011/02/19 17:24:27 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData
[2011/02/19 17:24:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Temp
[2011/02/19 17:24:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft
[2011/02/19 17:24:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2011/02/19 17:23:00 | 000,000,000 | -HSD | C] -- C:\Recovery
 
========== Files - Modified Within 30 Days ==========
 
[2011/03/08 11:50:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/08 06:32:28 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/08 06:32:28 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/08 06:24:33 | 2960,519,168 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/07 19:59:32 | 000,001,125 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/07 11:09:00 | 000,073,911 | ---- | M] () -- C:\Users\Public\Documents\CC4Backup20110307_110900.zip
[2011/03/07 11:04:14 | 000,143,356 | ---- | M] () -- C:\Users\fueri\Documents\110307_WS_A_MIDI_1_E_6077077.pdf
[2011/03/07 10:04:55 | 000,146,748 | ---- | M] () -- C:\Users\fueri\Documents\110307_WS_A_STANDARD_4_E_6076414.pdf
[2011/03/07 09:10:59 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/03/07 09:10:59 | 000,654,610 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011/03/07 09:10:59 | 000,616,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/03/07 09:10:59 | 000,130,192 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011/03/07 09:10:59 | 000,106,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/03/05 19:32:08 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_androidusb_01005.Wdf
[2011/03/04 12:57:35 | 000,001,637 | ---- | M] () -- C:\Users\fueri\Desktop\Mein 1 x 1 Trainer.lnk
[2011/03/03 14:10:55 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2011/03/03 13:11:37 | 000,001,041 | ---- | M] () -- C:\Users\***\Desktop\Mathe1x1.lnk
[2011/03/03 13:02:53 | 000,075,122 | ---- | M] () -- C:\Users\Public\Documents\CC4Backup20110303_130253.zip
[2011/03/03 09:58:50 | 000,674,280 | ---- | M] (ScreenTime Media) -- C:\Windows\SysWow64\Weingarten das Meer 2010.scr
[2011/03/03 09:58:50 | 000,674,280 | ---- | M] (ScreenTime Media) -- C:\Windows\SysNative\Weingarten das Meer 2010.scr
[2011/03/03 08:11:24 | 000,316,408 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/03/02 18:18:58 | 000,233,464 | ---- | M] () -- C:\Windows\hpoins47.dat
[2011/03/02 18:03:05 | 000,001,201 | ---- | M] () -- C:\Users\Public\Desktop\Shop für HP Zubehör.lnk
[2011/03/02 18:02:13 | 000,001,363 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2011/03/02 18:01:48 | 000,002,111 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/03/02 18:00:57 | 000,002,006 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrinterCenter.lnk
[2011/03/02 10:09:43 | 000,160,705 | ---- | M] () -- C:\Users\***\Documents\rezept basler mehlsuppe.pdf
[2011/03/01 13:38:41 | 000,070,724 | ---- | M] () -- C:\Users\Public\Documents\CC4Backup20110301_133841.zip
[2011/03/01 10:27:14 | 000,000,000 | ---- | M] () -- C:\Windows\ccwinpay.INI
[2011/02/25 09:56:46 | 000,001,969 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2011/02/24 20:54:25 | 001,500,444 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/24 13:08:52 | 000,002,703 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Excel 2007.lnk
[2011/02/24 13:08:46 | 000,002,697 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Word 2007.lnk
[2011/02/22 09:04:19 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2011/02/22 09:02:55 | 000,001,878 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\C-CHANNEL OnlineUpdate.lnk
[2011/02/22 09:02:55 | 000,001,806 | ---- | M] () -- C:\Users\Public\Desktop\C-CHANNEL OnlineUpdate.lnk
[2011/02/22 09:02:45 | 000,002,141 | ---- | M] () -- C:\Users\Public\Desktop\NetBanking BCV Edition.lnk
[2011/02/21 14:38:29 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\WMBackup.lnk
[2011/02/21 07:20:11 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/02/21 06:52:47 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2011/02/21 06:52:43 | 000,001,955 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/02/21 06:26:45 | 000,353,296 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2011/02/21 06:26:42 | 000,150,083 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2011/02/21 06:26:42 | 000,107,075 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2011/02/20 10:19:51 | 000,002,254 | ---- | M] () -- C:\Users\***\Desktop\Windows Live Mail.lnk
[2011/02/20 08:21:21 | 000,052,953 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011/02/20 08:21:21 | 000,052,953 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011/02/19 19:37:13 | 000,002,715 | ---- | M] () -- C:\Users\Public\Desktop\AGRO-TWIN.lnk
[2011/02/19 19:35:11 | 000,001,853 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2011/02/19 19:35:11 | 000,001,055 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2011/02/19 17:45:54 | 000,000,202 | ---- | M] () -- C:\Windows\USER.XML
[2011/02/19 17:44:26 | 000,000,213 | ---- | M] () -- C:\Windows\Factory.xml
[2011/02/19 17:43:59 | 000,001,225 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 8.0.lnk
[2011/02/19 17:34:27 | 000,000,212 | RHS- | M] () -- C:\Preload.rev
[2011/02/19 17:34:27 | 000,000,167 | ---- | M] () -- C:\Windows\WisLangCode.ini
[2011/02/19 17:28:25 | 000,000,926 | ---- | M] () -- C:\Windows\MOD01SET74DE0N0003.XML
 
========== Files Created - No Company Name ==========
 
[2011/03/07 19:59:32 | 000,001,125 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/07 11:09:00 | 000,073,911 | ---- | C] () -- C:\Users\Public\Documents\CC4Backup20110307_110900.zip
[2011/03/07 11:04:14 | 000,143,356 | ---- | C] () -- C:\Users\***\Documents\110307_WS_A_MIDI_1_E_6077077.pdf
[2011/03/07 10:04:55 | 000,146,748 | ---- | C] () -- C:\Users\***\Documents\110307_WS_A_STANDARD_4_E_6076414.pdf
[2011/03/05 19:32:08 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_androidusb_01005.Wdf
[2011/03/04 12:57:35 | 000,001,637 | ---- | C] () -- C:\Users\***\Desktop\Mein 1 x 1 Trainer.lnk
[2011/03/03 13:11:37 | 000,001,041 | ---- | C] () -- C:\Users\***\Desktop\Mathe1x1.lnk
[2011/03/03 13:02:53 | 000,075,122 | ---- | C] () -- C:\Users\Public\Documents\CC4Backup20110303_130253.zip
[2011/03/02 18:03:05 | 000,001,201 | ---- | C] () -- C:\Users\Public\Desktop\Shop für HP Zubehör.lnk
[2011/03/02 18:02:13 | 000,001,363 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2011/03/02 18:01:48 | 000,002,111 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/03/02 18:00:57 | 000,002,006 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrinterCenter.lnk
[2011/03/02 17:55:53 | 000,233,464 | ---- | C] () -- C:\Windows\hpoins47.dat
[2011/03/02 10:09:43 | 000,160,705 | ---- | C] () -- C:\Users\***\Documents\rezept basler mehlsuppe.pdf
[2011/03/01 13:58:50 | 000,000,683 | ---- | C] () -- C:\Users\Public\Desktop\AGROPLUS.LNK
[2011/03/01 13:38:41 | 000,070,724 | ---- | C] () -- C:\Users\Public\Documents\CC4Backup20110301_133841.zip
[2011/03/01 10:27:14 | 000,000,000 | ---- | C] () -- C:\Windows\ccwinpay.INI
[2011/02/25 09:56:46 | 000,001,969 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2011/02/24 13:08:52 | 000,002,703 | ---- | C] () -- C:\Users\***\Desktop\Microsoft Office Excel 2007.lnk
[2011/02/24 13:08:46 | 000,002,697 | ---- | C] () -- C:\Users\***\Desktop\Microsoft Office Word 2007.lnk
[2011/02/23 12:43:24 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/22 09:04:19 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2011/02/22 09:02:55 | 000,001,878 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\C-CHANNEL OnlineUpdate.lnk
[2011/02/22 09:02:55 | 000,001,806 | ---- | C] () -- C:\Users\Public\Desktop\C-CHANNEL OnlineUpdate.lnk
[2011/02/22 09:02:45 | 000,002,141 | ---- | C] () -- C:\Users\Public\Desktop\NetBanking BCV Edition.lnk
[2011/02/21 14:38:29 | 000,000,959 | ---- | C] () -- C:\Users\Public\Desktop\WMBackup.lnk
[2011/02/21 07:20:11 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/02/21 07:19:57 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/02/21 06:52:47 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/02/21 06:52:43 | 000,001,955 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/02/20 10:19:51 | 000,002,254 | ---- | C] () -- C:\Users\***\Desktop\Windows Live Mail.lnk
[2011/02/19 19:37:13 | 000,002,715 | ---- | C] () -- C:\Users\Public\Desktop\AGRO-TWIN.lnk
[2011/02/19 19:35:11 | 000,001,853 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2011/02/19 19:35:11 | 000,001,055 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2011/02/19 19:05:13 | 000,013,030 | ---- | C] () -- C:\PDOXUSRS.NET
[2011/02/19 19:04:24 | 000,000,683 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AGROPLUS.LNK
[2011/02/19 18:14:47 | 000,150,083 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2011/02/19 18:14:47 | 000,107,075 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2011/02/19 17:43:59 | 000,001,237 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 8.0.lnk
[2011/02/19 17:43:59 | 000,001,225 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 8.0.lnk
[2011/02/19 17:40:10 | 000,002,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
[2011/02/19 17:34:40 | 000,001,455 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/02/19 17:34:40 | 000,001,421 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/02/19 17:28:31 | 000,000,926 | ---- | C] () -- C:\Windows\MOD01SET74DE0N0003.XML
[2011/01/29 17:00:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/01/29 17:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/01/29 17:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/01/29 17:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/01/29 17:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010/11/11 08:49:41 | 000,000,266 | ---- | C] () -- C:\Windows\LaunApp.ini
[2010/11/11 08:47:45 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/11/11 08:47:45 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/11/11 08:47:45 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/11/11 08:47:45 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/11/11 08:47:45 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/11/11 08:47:20 | 000,001,370 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2010/11/11 08:27:14 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010/11/11 08:27:14 | 000,000,302 | ---- | C] () -- C:\Windows\PidList_C.ini
[2010/09/08 04:16:07 | 000,000,325 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2010/09/08 04:16:07 | 000,000,271 | ---- | C] () -- C:\Windows\WisPriority.ini
[2010/09/08 04:16:07 | 000,000,167 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2010/04/01 00:39:01 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl47.dat
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/13 22:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 22:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 22:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/07/22 21:27:42 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\PTQL5F.DLL
 
========== LOP Check ==========
 
[2011/03/05 22:16:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GARMIN
[2011/02/19 18:08:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NetMeter
[2011/02/25 09:54:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2011/02/19 17:56:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SNS
[2011/02/23 17:29:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client
[2011/03/01 15:14:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2011/03/04 21:52:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom
[2011/02/23 12:44:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP
[2011/03/07 09:57:25 | 000,012,414 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
< End of report >
--- --- ---

cosinus 09.03.2011 15:21
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle davon posten. Du findest diese im Reiter Logdateien in Malwarebytes.

chrisi31 09.03.2011 18:42
Hallo Arne

Habe heute morten nochmals einen Scann gemacht da hat Malware eine infizierte Datei gefunden und diese ist nun in Quarantäne.
Dank dir für deine Hilfe.

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 5996

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

09.03.2011 07:55:16
mbam-log-2011-03-09 (07-55-16).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|)
Durchsuchte Objekte: 280619
Laufzeit: 29 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\***\AppData\Local\microsoft\Windows\temporary internet files\Low\Content.IE5\DX8SW3TB\TFC[1].exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.

cosinus 10.03.2011 11:36
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
[2011/02/19 17:28:25 | 000,000,926 | ---- | M] () -- C:\Windows\MOD01SET74DE0N0003.XML
O4 - HKLM..\Run: [] File not found
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

chrisi31 10.03.2011 13:53
Danke habe ich so gemacht... zuerst wurde eine Fehlermeldung eingeblendet... (war leider weg bevor ich notieren konnte) danach wurde folgende Log geöffnet:


Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Kann das alles sein? Compi wurde nocht neu gebootet.

Grüsse Chrisi

cosinus 10.03.2011 17:12
Probier den Fix bitte nochmal. Ich vermute du hast irgendwas falsch gemacht.

chrisi31 10.03.2011 17:31
Hallo Arne,

ich habs nochmals probiert, Resultat ist das Gleiche :heilig:

Hab dir Bilder angehängt, vielleicht kannst du ja erkennen was und ob ich etwas falsch mache??????????

:dankeschoen:

Gruss
Chrisi

chrisi31 10.03.2011 17:39
Liste der Anhänge anzeigen (Anzahl: 2)
Ups sorry, die Dateien habe ich nicht angehängt...

cosinus 10.03.2011 18:19
Hast du OTL per Rechtsklick als Administrator ausgeführt?

chrisi31 11.03.2011 07:59
Guten Morgen Arne

Ich habe gestern nochmals das OTL (Maus rechts/Administrator ausgeführt, wieder die Fehlermeldung und unten in der Stauszeile hat gestanden er arbeite gerade mit den HOSTS und ich solle den Vorgang nicht unterbrechen.... habe den Compi die ganze Nacht laufen lassen...... war heute morgen immer noch gleich...

Habe gesehen das mein Sohn noch den CCleaner installiert hat, gopf nun habe ich den Compi gesperrt bis alles wieder ok ist.

Was meinst du soll ich als nächsten Schritt tun?

Grüsse
Chrisi

cosinus 11.03.2011 09:44
Nimm mal den Text zum Fix mit OTL:

Zitat:
:OTL
[2011/02/19 17:28:25 | 000,000,926 | ---- | M] () -- C:\Windows\MOD01SET74DE0N0003.XML
O4 - HKLM..\Run: [] File not found
:Commands
[emptytemp]

chrisi31 11.03.2011 10:18
:party: super, nun hat sich etwas getan und der Compi hat auch einen Neustart gemacht.

Hier das LOG:

All processes killed
========== OTL ==========
File C:\Windows\MOD01SET74DE0N0003.XML not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: ***
->Temp folder emptied: 2249171 bytes
->Temporary Internet Files folder emptied: 18252240 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 317032 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50501 bytes
RecycleBin emptied: 17688661 bytes

Total Files Cleaned = 37.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 03112011_101206

Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus 11.03.2011 10:32
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

chrisi31 11.03.2011 11:26
Vielen Dank. Hier schon mal das LOG von combofix:
CCleaner folgt später.
Combofix Logfile:
Code:
ComboFix 11-03-10.02 - *** 11.03.2011  11:06:04.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.41.1031.18.3764.2560 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
AV: Kaspersky Internet Security *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
AV: Kaspersky Internet Security *Disabled/Updated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
FW: Kaspersky Internet Security *Disabled* {9626F52E-C560-D06F-0A42-2E08BA60B3D5}
SP: Kaspersky Internet Security *Disabled/Outdated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Kaspersky Internet Security *Disabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\***\AppData\Local\Temp\2C0F.tmp
c:\windows\SysWow64\muzapp.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-02-11 bis 2011-03-11  ))))))))))))))))))))))))))))))
.
.
2011-03-11 10:10 . 2011-03-11 10:10        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-03-10 12:46 . 2011-03-10 12:46        --------        d-----w-        C:\_OTL
2011-03-10 07:39 . 2011-03-10 07:39        --------        d-----w-        c:\program files\CCleaner
2011-03-10 06:13 . 2011-03-10 06:13        --------        d-----w-        c:\program files (x86)\X-NetStat Professional
2011-03-10 05:42 . 2011-03-10 16:55        --------        d-----w-        C:\Musik
2011-03-10 05:38 . 2011-03-10 05:38        --------        d-----w-        c:\program files\7-Zip
2011-03-09 05:48 . 2011-02-11 07:30        7947600        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{727F91A8-7BC4-4647-AEB6-F643B8F1EF35}\mpengine.dll
2011-03-09 05:47 . 2010-12-18 06:12        3138048        ----a-w-        c:\windows\system32\mstscax.dll
2011-03-09 05:47 . 2010-12-18 06:08        1097216        ----a-w-        c:\windows\system32\mstsc.exe
2011-03-09 05:47 . 2010-12-18 05:30        2690560        ----a-w-        c:\windows\SysWow64\mstscax.dll
2011-03-09 05:47 . 2010-12-18 05:26        1034240        ----a-w-        c:\windows\SysWow64\mstsc.exe
2011-03-09 05:47 . 2010-12-23 06:07        1118720        ----a-w-        c:\windows\system32\sbe.dll
2011-03-09 05:47 . 2010-12-23 06:07        961024        ----a-w-        c:\windows\system32\CPFilters.dll
2011-03-09 05:47 . 2010-12-23 06:07        723968        ----a-w-        c:\windows\system32\EncDec.dll
2011-03-09 05:47 . 2010-12-23 06:02        259072        ----a-w-        c:\windows\system32\mpg2splt.ax
2011-03-09 05:47 . 2010-12-23 05:28        642048        ----a-w-        c:\windows\SysWow64\CPFilters.dll
2011-03-09 05:47 . 2010-12-23 05:28        534528        ----a-w-        c:\windows\SysWow64\EncDec.dll
2011-03-09 05:47 . 2010-12-23 05:28        850432        ----a-w-        c:\windows\SysWow64\sbe.dll
2011-03-09 05:47 . 2010-12-23 05:24        199680        ----a-w-        c:\windows\SysWow64\mpg2splt.ax
2011-03-07 18:59 . 2011-03-07 18:59        --------        d-----w-        c:\programdata\Malwarebytes
2011-03-07 18:59 . 2010-12-20 17:09        38224        ----a-w-        c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-07 18:59 . 2011-03-07 18:59        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2011-03-07 18:59 . 2010-12-20 17:08        24152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-03-06 11:53 . 2011-03-06 12:37        --------        d-----w-        C:\unzipped
2011-03-04 20:53 . 2011-03-04 20:53        --------        d-----w-        c:\programdata\TomTom
2011-03-04 20:52 . 2011-03-04 20:52        --------        d-----w-        c:\program files (x86)\TomTom International B.V
2011-03-04 20:52 . 2011-03-04 20:52        --------        d-----w-        c:\program files (x86)\TomTom HOME 2
2011-03-04 11:57 . 2011-03-04 11:57        --------        d-----w-        C:\1x1_Trainer_Einzel
2011-03-04 11:57 . 2009-01-04 15:07        446464        ----a-w-        c:\windows\UniInstall34.exe
2011-03-03 12:11 . 2011-03-03 12:11        --------        d-----w-        c:\program files (x86)\Mathe1x1
2011-03-03 12:11 . 2003-02-26 22:26        42496        ----a-w-        c:\windows\SysWow64\FLXGDDE.DLL
2011-03-03 12:11 . 2000-05-22 00:00        244416        ----a-w-        c:\windows\SysWow64\MSFLXGRD.OCX
2011-03-03 12:11 . 1999-05-05 21:22        99866        ----a-w-        c:\windows\SysWow64\VB5DE.DLL
2011-03-03 12:11 . 1999-05-05 21:22        1355776        ----a-w-        c:\windows\SysWow64\MSVBVM50.DLL
2011-03-03 12:11 . 1998-06-17 23:00        89360        ----a-w-        c:\windows\SysWow64\VB5DB.DLL
2011-03-03 08:58 . 2011-03-03 08:58        674280        ----a-w-        c:\windows\system32\Weingarten das Meer 2010.scr
2011-03-03 08:58 . 2011-03-03 08:58        674280        ------w-        c:\windows\SysWow64\Weingarten das Meer 2010.scr
2011-03-03 08:58 . 2011-03-03 08:58        --------        d-----w-        c:\programdata\Screentime
2011-03-03 08:57 . 2011-03-03 08:57        --------        d-sh--w-        c:\windows\ftpcache
2011-03-02 17:20 . 2011-03-02 17:20        --------        d-----w-        c:\programdata\WEBREG
2011-03-02 17:14 . 2009-10-21 14:38        254464        ----a-w-        c:\windows\system32\Spool\prtprocs\x64\hpfpp101.dll
2011-03-02 17:02 . 2011-03-02 17:02        --------        d-----w-        c:\programdata\HP Product Assistant
2011-03-02 17:00 . 2011-03-02 17:00        --------        d-----w-        c:\program files (x86)\Common Files\HP
2011-03-02 16:59 . 2011-03-02 16:59        --------        d-----w-        c:\program files (x86)\Common Files\Hewlett-Packard
2011-03-02 16:58 . 2009-09-10 17:44        521216        ----a-w-        c:\windows\system32\hposc_p04a.dll
2011-03-02 16:58 . 2009-09-10 17:44        1408000        ----a-w-        c:\windows\system32\hpost_p04b.dll
2011-03-02 16:58 . 2009-09-10 17:44        1175552        ----a-w-        c:\windows\system32\hposwia_p04b.dll
2011-03-02 16:58 . 2009-10-22 00:55        643200        ----a-w-        c:\windows\system32\hpzids40.dll
2011-03-02 16:58 . 2009-10-21 14:39        138752        ----a-w-        c:\windows\system32\hpf3l101.dll
2011-03-02 16:57 . 2011-03-02 17:03        --------        d-----w-        c:\program files (x86)\HP
2011-03-02 16:55 . 2011-03-02 17:15        --------        d-----w-        c:\programdata\HP
2011-03-01 12:57 . 2011-03-01 14:12        --------        d-----w-        C:\AGROPLUS
2011-02-25 12:11 . 2009-07-14 01:41        101376        ----a-w-        c:\windows\system32\Spool\prtprocs\x64\HPZPPWN7.DLL
2011-02-25 08:56 . 2011-01-03 08:38        177128        ----a-w-        c:\windows\system32\drivers\ssadmdm.sys
2011-02-25 08:56 . 2011-01-03 08:38        16872        ----a-w-        c:\windows\system32\drivers\ssadmdfl.sys
2011-02-25 08:56 . 2011-01-03 08:38        157160        ----a-w-        c:\windows\system32\drivers\ssadbus.sys
2011-02-25 08:56 . 2011-01-03 08:38        13800        ----a-w-        c:\windows\system32\drivers\ssadwhnt.sys
2011-02-25 08:56 . 2011-01-03 08:38        13800        ----a-w-        c:\windows\system32\drivers\ssadwh.sys
2011-02-25 08:56 . 2011-01-03 08:38        13288        ----a-w-        c:\windows\system32\drivers\ssadcmnt.sys
2011-02-25 08:56 . 2011-01-03 08:38        13288        ----a-w-        c:\windows\system32\drivers\ssadcm.sys
2011-02-25 08:55 . 2011-01-29 16:00        4659712        ----a-w-        c:\windows\SysWow64\Redemption.dll
2011-02-25 08:55 . 2011-02-25 08:55        --------        d-----w-        c:\program files (x86)\MarkAny
2011-02-25 08:55 . 2011-01-29 16:00        821824        ----a-w-        c:\windows\SysWow64\dgderapi.dll
2011-02-25 08:54 . 2011-02-25 08:56        --------        d-----w-        c:\program files (x86)\Samsung
2011-02-25 08:54 . 2011-02-25 08:56        --------        d-----w-        c:\programdata\Samsung
2011-02-24 19:55 . 2010-09-14 06:45        367104        ----a-w-        c:\windows\system32\wcncsvc.dll
2011-02-24 19:55 . 2010-09-14 06:07        276992        ----a-w-        c:\windows\SysWow64\wcncsvc.dll
2011-02-24 19:54 . 2011-02-24 19:54        --------        d-----w-        c:\users\Default\AppData\Local\Microsoft Help
2011-02-24 07:26 . 2011-02-27 16:04        --------        d-----w-        c:\program files (x86)\Microsoft Works
2011-02-24 07:26 . 2011-03-05 21:12        --------        d-----w-        c:\program files (x86)\Microsoft.NET
2011-02-24 07:23 . 2011-02-28 19:52        --------        d-----w-        c:\programdata\Microsoft Help
2011-02-23 14:15 . 2011-02-23 14:15        --------        d-----w-        c:\programdata\VirtualizedApplications
2011-02-23 11:49 . 2011-02-23 11:49        --------        d-----r-        C:\MSOCache
2011-02-23 11:43 . 2011-02-24 19:54        --------        d-----w-        c:\program files (x86)\Microsoft Application Virtualization Client
2011-02-23 06:06 . 2011-01-07 08:07        662528        ----a-w-        c:\windows\system32\XpsPrint.dll
2011-02-23 06:06 . 2011-01-07 08:07        475648        ----a-w-        c:\windows\system32\XpsGdiConverter.dll
2011-02-23 06:06 . 2011-01-07 07:31        442880        ----a-w-        c:\windows\SysWow64\XpsPrint.dll
2011-02-23 06:06 . 2011-01-07 07:31        288256        ----a-w-        c:\windows\SysWow64\XpsGdiConverter.dll
2011-02-22 10:18 . 2011-02-24 12:29        --------        d-----w-        c:\programdata\FLEXnet
2011-02-22 08:06 . 2011-02-22 08:06        --------        d-----w-        c:\windows\SysWow64\Wat
2011-02-22 08:06 . 2011-02-22 08:06        --------        d-----w-        c:\windows\system32\Wat
2011-02-22 08:04 . 2011-02-22 08:04        --------        d-----w-        c:\program files (x86)\Google
2011-02-22 08:02 . 2011-02-22 08:02        --------        d-----w-        c:\program files (x86)\C-CHANNEL
2011-02-22 08:02 . 2011-02-22 08:02        --------        d-----w-        c:\program files (x86)\Common Files\C-CHANNEL
2011-02-22 08:02 . 2011-02-22 08:02        --------        d-----w-        c:\programdata\C-CHANNEL
2011-02-22 08:02 . 2001-09-05 12:18        77824        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-02-22 08:02 . 2001-09-05 12:18        225280        ------w-        c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-02-22 08:02 . 2001-09-05 12:14        176128        ------w-        c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-02-22 08:02 . 2001-09-05 12:13        32768        ------w-        c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-02-22 08:02 . 2002-07-25 14:07        614532        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2011-02-22 08:01 . 2011-02-22 08:02        --------        d-----w-        c:\program files (x86)\Microsoft WSE
2011-02-22 08:00 . 2011-02-22 08:00        --------        d-----w-        C:\installation
2011-02-22 05:50 . 2011-02-22 05:50        --------        d-----w-        c:\program files (x86)\MSXML 4.0
2011-02-22 05:48 . 2009-11-25 11:47        99176        ----a-w-        c:\windows\SysWow64\PresentationHostProxy.dll
2011-02-22 05:48 . 2009-11-25 11:47        49472        ----a-w-        c:\windows\SysWow64\netfxperf.dll
2011-02-22 05:48 . 2009-11-25 11:47        48960        ----a-w-        c:\windows\system32\netfxperf.dll
2011-02-22 05:48 . 2009-11-25 11:47        297808        ----a-w-        c:\windows\SysWow64\mscoree.dll
2011-02-22 05:48 . 2009-11-25 11:47        295264        ----a-w-        c:\windows\SysWow64\PresentationHost.exe
2011-02-22 05:48 . 2009-11-25 11:47        1130824        ----a-w-        c:\windows\SysWow64\dfshim.dll
2011-02-22 05:48 . 2009-11-25 11:47        109912        ----a-w-        c:\windows\system32\PresentationHostProxy.dll
2011-02-22 05:48 . 2009-11-25 11:47        444752        ----a-w-        c:\windows\system32\mscoree.dll
2011-02-22 05:48 . 2009-11-25 11:47        320352        ----a-w-        c:\windows\system32\PresentationHost.exe
2011-02-22 05:48 . 2009-11-25 11:47        1942856        ----a-w-        c:\windows\system32\dfshim.dll
2011-02-22 05:48 . 2010-02-23 08:16        294912        ----a-w-        c:\windows\system32\browserchoice.exe
2011-02-21 18:09 . 2011-02-21 18:09        --------        d-----w-        c:\windows\acerePowerTemp
2011-02-21 13:38 . 2011-02-21 13:38        --------        d-----w-        c:\program files (x86)\WMBackup
2011-02-21 06:20 . 2011-02-21 06:20        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-02-21 06:20 . 2011-02-21 06:20        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-02-21 06:20 . 2011-02-21 06:20        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-02-21 06:20 . 2011-02-21 06:20        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-02-21 06:20 . 2011-02-21 06:20        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-02-21 06:20 . 2011-02-21 06:20        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-02-21 06:20 . 2011-02-21 06:20        159744        ----a-w-        c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-02-21 06:20 . 2011-02-21 06:20        --------        d-----w-        c:\program files (x86)\QuickTime
2011-02-21 06:20 . 2011-02-21 06:20        --------        d-----w-        c:\programdata\Apple Computer
2011-02-21 06:19 . 2011-02-21 06:19        --------        d-----w-        c:\program files (x86)\Apple Software Update
2011-02-21 06:19 . 2011-02-21 06:19        --------        d-----w-        c:\program files\Common Files\Apple
2011-02-21 06:19 . 2011-02-21 06:19        --------        d-----w-        c:\program files\Bonjour
2011-02-21 06:19 . 2011-02-21 06:19        --------        d-----w-        c:\program files (x86)\Bonjour
2011-02-21 06:19 . 2011-02-21 06:19        --------        d-----w-        c:\program files (x86)\Common Files\Apple
2011-02-21 06:19 . 2011-02-21 06:19        --------        d-----w-        c:\programdata\Apple
2011-02-21 05:44 . 2010-12-18 06:11        714752        ----a-w-        c:\windows\system32\kerberos.dll
2011-02-21 05:42 . 2010-03-04 07:57        2080256        ----a-w-        c:\program files\Windows Mail\msoe.dll
2011-02-21 05:42 . 2010-03-04 07:57        976896        ----a-w-        c:\windows\system32\inetcomm.dll
2011-02-21 05:42 . 2010-03-04 07:33        1619968        ----a-w-        c:\program files (x86)\Windows Mail\msoe.dll
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-29 22:16 . 2011-01-29 22:16        30056        ----a-w-        c:\windows\SysWow64\MASetupCleaner.exe
2011-01-29 16:00 . 2011-01-29 16:00        90112        ----a-w-        c:\windows\MAMCityDownload.ocx
2011-01-29 16:00 . 2011-01-29 16:00        325552        ----a-w-        c:\windows\MASetupCaller.dll
2011-01-29 16:00 . 2011-01-29 16:00        30568        ----a-w-        c:\windows\MusiccityDownload.exe
2011-01-29 16:00 . 2011-01-29 16:00        974848        ----a-w-        c:\windows\SysWow64\cis-2.4.dll
2011-01-29 16:00 . 2011-01-29 16:00        81920        ----a-w-        c:\windows\SysWow64\issacapi_bs-2.3.dll
2011-01-29 16:00 . 2011-01-29 16:00        65536        ----a-w-        c:\windows\SysWow64\issacapi_pe-2.3.dll
2011-01-29 16:00 . 2011-01-29 16:00        57344        ----a-w-        c:\windows\SysWow64\MTXSYNCICON.dll
2011-01-29 16:00 . 2011-01-29 16:00        57344        ----a-w-        c:\windows\SysWow64\MK_Lyric.dll
2011-01-29 16:00 . 2011-01-29 16:00        57344        ----a-w-        c:\windows\SysWow64\issacapi_se-2.3.dll
2011-01-29 16:00 . 2011-01-29 16:00        569344        ----a-w-        c:\windows\SysWow64\muzdecode.ax
2011-01-29 16:00 . 2011-01-29 16:00        491520        ----a-w-        c:\windows\SysWow64\muzapp.dll
2011-01-29 16:00 . 2011-01-29 16:00        49152        ----a-w-        c:\windows\SysWow64\MaJGUILib.dll
2011-01-29 16:00 . 2011-01-29 16:00        45056        ----a-w-        c:\windows\SysWow64\MaXMLProto.dll
2011-01-29 16:00 . 2011-01-29 16:00        45056        ----a-w-        c:\windows\SysWow64\MACXMLProto.dll
2011-01-29 16:00 . 2011-01-29 16:00        40960        ----a-w-        c:\windows\SysWow64\MTTELECHIP.dll
2011-01-29 16:00 . 2011-01-29 16:00        40960        ----a-w-        c:\windows\SysWow64\MAMACExtract.dll
2011-01-29 16:00 . 2011-01-29 16:00        352256        ----a-w-        c:\windows\SysWow64\MSLUR71.dll
2011-01-29 16:00 . 2011-01-29 16:00        258048        ----a-w-        c:\windows\SysWow64\muzoggsp.ax
2011-01-29 16:00 . 2011-01-29 16:00        245760        ----a-w-        c:\windows\SysWow64\MSCLib.dll
2011-01-29 16:00 . 2011-01-29 16:00        200704        ----a-w-        c:\windows\SysWow64\muzwmts.dll
2011-01-29 16:00 . 2011-01-29 16:00        155648        ----a-w-        c:\windows\SysWow64\MSFLib.dll
2011-01-29 16:00 . 2011-01-29 16:00        143360        ----a-w-        c:\windows\SysWow64\3DAudio.ax
2011-01-29 16:00 . 2011-01-29 16:00        135168        ----a-w-        c:\windows\SysWow64\muzaf1.dll
2011-01-29 16:00 . 2011-01-29 16:00        131072        ----a-w-        c:\windows\SysWow64\muzmpgsp.ax
2011-01-29 16:00 . 2011-01-29 16:00        122880        ----a-w-        c:\windows\SysWow64\muzeffect.ax
2011-01-29 16:00 . 2011-01-29 16:00        118784        ----a-w-        c:\windows\SysWow64\MaDRM.dll
2011-01-29 16:00 . 2011-01-29 16:00        110592        ----a-w-        c:\windows\SysWow64\muzmp4sp.ax
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\program files (x86)\NetMeter\NetMeter.exe"="c:\program files (x86)\NetMeter\NetMeter.exe" [2009-08-09 293888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-11 975952]
"Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2010-07-16 600688]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2011-02-21 340520]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~2\KASPER~1\KASPER~1\sbhook.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 qcusbser;Garmin-Asus USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbser.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\DRIVERS\klbg.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-11 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-06-11 868896]
S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-06-28 255744]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-12-10 92008]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-06-10 324608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-07 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-07 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-07 413208]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-29 11101800]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-10 206208]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-06-11 861216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\x64\sbhook64.dll c:\progra~2\KASPER~1\KASPER~1\x64\kloehk.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://packardbell.msn.com
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://packardbell.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Hinzufügen zu Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\3y9s9qq4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bluewin.ch/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - user.js: general.useragent.extra.brc -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Launch Manager\LMworker.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-03-11  11:16:52 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-03-11 10:16
.
Vor Suchlauf: 15 Verzeichnis(se), 257'828'192'256 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 257'690'468'352 Bytes frei
.
- - End Of File - - 63CFFAE0845E025192F5559FBAD186C6
--- --- ---

cosinus 11.03.2011 11:34
Bitte nun Logs mit GMER und mbrcheck erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg

Anleitung zu mbrcheck:
Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

chrisi31 11.03.2011 19:10
Hallo Arne

CCleaner habe ich ausgeführt, hat einige Dateien entfernt.

GMER hat zwar gemotzt er finde Windows System 32 Datei nicht aber der Scan ist trotzdem durchgelaufen und es wurde angezeigt das er nichtsd gefunden hat.

Hier das LOG vom MBR:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Packard Bell
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Packard Bell
System Product Name: EasyNote LM86
Logical Drives Mask: 0x0001000c

Kernel Drivers (total 154):
0x02C4F000 \SystemRoot\system32\ntoskrnl.exe
0x02C06000 \SystemRoot\system32\hal.dll
0x00BC8000 \SystemRoot\system32\kdcom.dll
0x00CE0000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D24000 \SystemRoot\system32\PSHED.dll
0x00D38000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00EB9000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F5D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F6C000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FC3000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FCC000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00E00000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E33000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E40000 \SystemRoot\System32\drivers\partmgr.sys
0x00E55000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E5E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E6A000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D96000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E7F000 \SystemRoot\System32\drivers\mountmgr.sys
0x01050000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x0125A000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01263000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x0128D000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01298000 \SystemRoot\system32\drivers\fltmgr.sys
0x012E4000 \SystemRoot\system32\drivers\fileinfo.sys
0x012F8000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x0144D000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01304000 \SystemRoot\System32\Drivers\msrpc.sys
0x01400000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01362000 \SystemRoot\System32\Drivers\cng.sys
0x0141A000 \SystemRoot\System32\drivers\pcw.sys
0x0142B000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01623000 \SystemRoot\system32\drivers\ndis.sys
0x01715000 \SystemRoot\system32\drivers\NETIO.SYS
0x01775000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01800000 \SystemRoot\System32\drivers\tcpip.sys
0x017A0000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01000000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x017EA000 \SystemRoot\System32\Drivers\spldr.sys
0x01A2D000 \SystemRoot\System32\drivers\rdyboost.sys
0x01A67000 \SystemRoot\System32\Drivers\mup.sys
0x01A79000 \SystemRoot\system32\DRIVERS\klbg.sys
0x01A87000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01A90000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01ACA000 \SystemRoot\system32\DRIVERS\disk.sys
0x01AE0000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x04486000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x044B0000 \SystemRoot\system32\DRIVERS\klif.sys
0x0450D000 \SystemRoot\System32\Drivers\Null.SYS
0x04516000 \SystemRoot\System32\Drivers\Beep.SYS
0x0451D000 \SystemRoot\System32\drivers\vga.sys
0x0452B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x04550000 \SystemRoot\System32\drivers\watchdog.sys
0x04560000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x04569000 \SystemRoot\system32\drivers\rdpencdd.sys
0x04572000 \SystemRoot\system32\drivers\rdprefmp.sys
0x0457B000 \SystemRoot\System32\Drivers\Msfs.SYS
0x04586000 \SystemRoot\System32\Drivers\Npfs.SYS
0x04597000 \SystemRoot\system32\DRIVERS\tdx.sys
0x045B5000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x04A27000 \SystemRoot\system32\DRIVERS\kl1.sys
0x04F50000 \SystemRoot\system32\drivers\afd.sys
0x04200000 \SystemRoot\System32\DRIVERS\netbt.sys
0x04FDA000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x04A00000 \SystemRoot\system32\DRIVERS\pacer.sys
0x04FE3000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x04245000 \SystemRoot\system32\DRIVERS\klim6.sys
0x0424F000 \SystemRoot\system32\DRIVERS\netbios.sys
0x045C2000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x045DD000 \SystemRoot\system32\DRIVERS\termdd.sys
0x01B1E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x045F1000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0425E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x01B6F000 \SystemRoot\System32\drivers\discache.sys
0x01B7E000 \SystemRoot\System32\Drivers\dfsc.sys
0x01B9C000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x01BAD000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x05800000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x02E21000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x02F15000 \SystemRoot\System32\drivers\dxgmms1.sys
0x02F5B000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x02F6C000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02F7D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02FD3000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03C48000 \SystemRoot\system32\DRIVERS\k57nd60a.sys
0x0501E000 \SystemRoot\system32\DRIVERS\athrx.sys
0x05244000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x05251000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x05256000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x05274000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x05283000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x052D0000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x052D2000 \SystemRoot\system32\DRIVERS\klmouflt.sys
0x052DC000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x052EB000 \??\C:\Windows\system32\drivers\UBHelper.sys
0x052F3000 \??\C:\Windows\system32\drivers\NTIDrvr.sys
0x052FB000 \SystemRoot\system32\DRIVERS\Impcd.sys
0x05322000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x05338000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x05341000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x05359000 \SystemRoot\system32\drivers\ksthunk.sys
0x0535F000 \SystemRoot\system32\drivers\ks.sys
0x053A2000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x053B8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x053DC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03CAE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x05000000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03CDD000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03CFE000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0501B000 \SystemRoot\system32\DRIVERS\swenum.sys
0x053E8000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03D18000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x03D72000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x06629000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x0687D000 \SystemRoot\system32\drivers\portcls.sys
0x068BA000 \SystemRoot\system32\drivers\drmk.sys
0x068DC000 \SystemRoot\system32\DRIVERS\IntcDAud.sys
0x06923000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04269000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x06931000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x06944000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x00060000 \SystemRoot\System32\win32k.sys
0x06961000 \SystemRoot\System32\drivers\Dxapi.sys
0x0696D000 \SystemRoot\System32\Drivers\usbvideo.sys
0x0699B000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004B0000 \SystemRoot\System32\TSDDD.dll
0x00660000 \SystemRoot\System32\cdd.dll
0x069A9000 \SystemRoot\system32\drivers\luafv.sys
0x069CC000 \SystemRoot\system32\DRIVERS\Sftvollh.sys
0x069D7000 \SystemRoot\system32\drivers\WudfPf.sys
0x06600000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x03D87000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x06615000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x03DDA000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02A6F000 \SystemRoot\system32\drivers\HTTP.sys
0x02B37000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02B55000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02B6D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x02B9A000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x02A00000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x05441000 \SystemRoot\system32\drivers\peauth.sys
0x054E7000 \SystemRoot\System32\Drivers\secdrv.SYS
0x054F2000 \SystemRoot\system32\DRIVERS\Sftfslh.sys
0x055A9000 \SystemRoot\system32\DRIVERS\Sftplaylh.sys
0x05400000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0542D000 \SystemRoot\System32\drivers\tcpipreg.sys
0x078D1000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07938000 \SystemRoot\System32\DRIVERS\srv.sys
0x079CE000 \SystemRoot\system32\DRIVERS\Sftredirlh.sys
0x77990000 \Windows\System32\ntdll.dll
0x47C00000 \Windows\System32\smss.exe
0xFFCB0000 \Windows\System32\apisetschema.dll
0xFFDB0000 \Windows\System32\autochk.exe

Processes (total 74):
0 System Idle Process
4 System
368 C:\Windows\System32\smss.exe
512 csrss.exe
680 C:\Windows\System32\wininit.exe
704 csrss.exe
740 C:\Windows\System32\services.exe
768 C:\Windows\System32\lsass.exe
776 C:\Windows\System32\lsm.exe
868 C:\Windows\System32\winlogon.exe
932 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\svchost.exe
528 C:\Windows\System32\svchost.exe
572 C:\Windows\System32\svchost.exe
612 C:\Windows\System32\svchost.exe
896 C:\Windows\System32\svchost.exe
1068 C:\Windows\System32\svchost.exe
1304 C:\Windows\System32\spoolsv.exe
1356 C:\Windows\System32\svchost.exe
1404 C:\Windows\System32\dwm.exe
1448 C:\Windows\System32\taskhost.exe
1532 C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
1580 C:\Windows\explorer.exe
1760 C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
1780 C:\Windows\System32\igfxtray.exe
1788 C:\Windows\System32\hkcmd.exe
1820 C:\Windows\System32\igfxpers.exe
1912 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1980 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1464 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1640 C:\Program Files (x86)\Launch Manager\dsiwmis.exe
1716 C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
1244 C:\Windows\System32\svchost.exe
2064 C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
2100 C:\Windows\SysWOW64\svchost.exe
2124 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
2148 C:\Windows\System32\svchost.exe
2236 C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
2288 C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
2328 C:\Windows\System32\svchost.exe
2616 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
2644 C:\Windows\System32\svchost.exe
2708 C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
2752 C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
2848 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
2988 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3008 C:\Windows\PLFSetI.exe
3028 C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
3440 C:\Windows\System32\igfxext.exe
3468 C:\Windows\System32\igfxsrvc.exe
3504 C:\Windows\System32\wbem\unsecapp.exe
3556 WmiPrvSE.exe
3620 C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
3728 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
3760 C:\Program Files (x86)\Launch Manager\LManager.exe
3812 C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
3848 C:\Program Files (x86)\Launch Manager\LMworker.exe
4220 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
4360 C:\Windows\System32\svchost.exe
4400 C:\Windows\System32\SearchIndexer.exe
4556 C:\Windows\System32\svchost.exe
5016 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4288 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
2780 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
4136 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
4648 C:\Program Files\Windows Media Player\wmpnetwk.exe
3780 C:\Windows\System32\svchost.exe
3260 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
1892 C:\Windows\System32\svchost.exe
5188 C:\Windows\System32\audiodg.exe
4088 dllhost.exe
4484 dllhost.exe
5832 C:\Users\***\Desktop\MBRCheck.exe
1280 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`32d00000 (NTFS)
\\.\Q: --> error 5

PhysicalDrive0 Model Number: WDCWD3200BPVT-22ZEST0, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

Dank dir schon mal vielmals für deine tolle Unterstützung.

cosinus 11.03.2011 19:12
Bitte führe mal dieses Tool von Kaspersky aus => http://www.trojaner-board.de/82358-t...entfernen.html

chrisi31 11.03.2011 20:51
Habe den Scan laufen lassen, hat anscheinend nichts gefunden.

2011/03/11 20:47:11.0274 4196 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/11 20:47:11.0289 4196 ================================================================================
2011/03/11 20:47:11.0289 4196 SystemInfo:
2011/03/11 20:47:11.0289 4196
2011/03/11 20:47:11.0289 4196 OS Version: 6.1.7600 ServicePack: 0.0
2011/03/11 20:47:11.0289 4196 Product type: Workstation
2011/03/11 20:47:11.0289 4196 ComputerName: ***-PC
2011/03/11 20:47:11.0289 4196 UserName: ***
2011/03/11 20:47:11.0289 4196 Windows directory: C:\Windows
2011/03/11 20:47:11.0289 4196 System windows directory: C:\Windows
2011/03/11 20:47:11.0289 4196 Running under WOW64
2011/03/11 20:47:11.0289 4196 Processor architecture: Intel x64
2011/03/11 20:47:11.0289 4196 Number of processors: 4
2011/03/11 20:47:11.0289 4196 Page size: 0x1000
2011/03/11 20:47:11.0289 4196 Boot type: Normal boot
2011/03/11 20:47:11.0289 4196 ================================================================================
2011/03/11 20:47:11.0461 4196 Initialize success
2011/03/11 20:47:15.0252 6020 ================================================================================
2011/03/11 20:47:15.0252 6020 Scan started
2011/03/11 20:47:15.0252 6020 Mode: Manual;
2011/03/11 20:47:15.0252 6020 ================================================================================
2011/03/11 20:47:15.0766 6020 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/03/11 20:47:15.0829 6020 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/03/11 20:47:15.0876 6020 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/03/11 20:47:15.0954 6020 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/03/11 20:47:16.0016 6020 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/03/11 20:47:16.0063 6020 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/03/11 20:47:16.0172 6020 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/03/11 20:47:16.0203 6020 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/03/11 20:47:16.0266 6020 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/03/11 20:47:16.0281 6020 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/03/11 20:47:16.0359 6020 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/03/11 20:47:16.0390 6020 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/03/11 20:47:16.0437 6020 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/03/11 20:47:16.0484 6020 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/03/11 20:47:16.0515 6020 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/03/11 20:47:16.0609 6020 AmUStor (391887990cdaa83de5c56c3fde966da1) C:\Windows\system32\drivers\AmUStor.SYS
2011/03/11 20:47:16.0640 6020 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/03/11 20:47:16.0765 6020 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/03/11 20:47:16.0843 6020 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/03/11 20:47:16.0890 6020 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/11 20:47:16.0952 6020 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/03/11 20:47:17.0046 6020 athr (e642491f64e58cd5bc8fb8b347dcf65f) C:\Windows\system32\DRIVERS\athrx.sys
2011/03/11 20:47:17.0170 6020 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/03/11 20:47:17.0233 6020 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/03/11 20:47:17.0358 6020 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
2011/03/11 20:47:17.0467 6020 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/03/11 20:47:17.0560 6020 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/03/11 20:47:17.0607 6020 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/11 20:47:17.0638 6020 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/03/11 20:47:17.0654 6020 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/03/11 20:47:17.0685 6020 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/03/11 20:47:17.0716 6020 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/03/11 20:47:17.0748 6020 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/03/11 20:47:17.0763 6020 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/03/11 20:47:17.0779 6020 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/03/11 20:47:17.0904 6020 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/11 20:47:17.0935 6020 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/11 20:47:18.0028 6020 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/03/11 20:47:18.0075 6020 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/03/11 20:47:18.0138 6020 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/11 20:47:18.0169 6020 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/03/11 20:47:18.0184 6020 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/03/11 20:47:18.0231 6020 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/11 20:47:18.0262 6020 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/03/11 20:47:18.0278 6020 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/03/11 20:47:18.0340 6020 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/03/11 20:47:18.0387 6020 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/03/11 20:47:18.0434 6020 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/03/11 20:47:18.0481 6020 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/03/11 20:47:18.0543 6020 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/11 20:47:18.0652 6020 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/03/11 20:47:18.0824 6020 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/03/11 20:47:18.0871 6020 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/03/11 20:47:18.0918 6020 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/03/11 20:47:18.0964 6020 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/03/11 20:47:18.0996 6020 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/11 20:47:19.0027 6020 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/03/11 20:47:19.0058 6020 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/03/11 20:47:19.0074 6020 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/11 20:47:19.0105 6020 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/03/11 20:47:19.0152 6020 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/03/11 20:47:19.0167 6020 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/11 20:47:19.0214 6020 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/03/11 20:47:19.0245 6020 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/03/11 20:47:19.0292 6020 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/03/11 20:47:19.0339 6020 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/03/11 20:47:19.0370 6020 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/11 20:47:19.0432 6020 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
2011/03/11 20:47:19.0464 6020 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/03/11 20:47:19.0495 6020 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/03/11 20:47:19.0526 6020 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/03/11 20:47:19.0557 6020 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/03/11 20:47:19.0620 6020 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/03/11 20:47:19.0651 6020 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/03/11 20:47:19.0698 6020 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/03/11 20:47:19.0729 6020 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/11 20:47:19.0791 6020 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
2011/03/11 20:47:19.0822 6020 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/03/11 20:47:20.0088 6020 igfx (2a22ab054f4630d2ef4bab2853f6d5f6) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/03/11 20:47:20.0322 6020 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/03/11 20:47:20.0353 6020 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
2011/03/11 20:47:20.0446 6020 IntcAzAudAddService (e8017f1662d9142f45ceab694d013c00) C:\Windows\system32\drivers\RTKVHD64.sys
2011/03/11 20:47:20.0524 6020 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
2011/03/11 20:47:20.0556 6020 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/03/11 20:47:20.0587 6020 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/11 20:47:20.0602 6020 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/11 20:47:20.0649 6020 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/03/11 20:47:20.0680 6020 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/03/11 20:47:20.0727 6020 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/03/11 20:47:20.0758 6020 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/03/11 20:47:20.0836 6020 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/11 20:47:20.0883 6020 k57nd60a (12e27942dbb7c91880163634b0d8a776) C:\Windows\system32\DRIVERS\k57nd60a.sys
2011/03/11 20:47:20.0930 6020 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/11 20:47:20.0961 6020 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/03/11 20:47:21.0039 6020 kl1 (db449f50e5141458eb58e64ffac4863f) C:\Windows\system32\DRIVERS\kl1.sys
2011/03/11 20:47:21.0070 6020 KLBG (87200a8afe40532baa4d2b24a7ba0eea) C:\Windows\system32\DRIVERS\klbg.sys
2011/03/11 20:47:21.0148 6020 KLIF (09bad645d3843669c281431c7df2db2e) C:\Windows\system32\DRIVERS\klif.sys
2011/03/11 20:47:21.0180 6020 KLIM6 (630f22545379437737cf4172f09fe449) C:\Windows\system32\DRIVERS\klim6.sys
2011/03/11 20:47:21.0211 6020 klmouflt (786791291939abb11f6d0f040da23912) C:\Windows\system32\DRIVERS\klmouflt.sys
2011/03/11 20:47:21.0226 6020 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/11 20:47:21.0273 6020 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/03/11 20:47:21.0304 6020 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/03/11 20:47:21.0336 6020 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
2011/03/11 20:47:21.0398 6020 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/11 20:47:21.0507 6020 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/03/11 20:47:21.0538 6020 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/03/11 20:47:21.0570 6020 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/03/11 20:47:21.0601 6020 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/03/11 20:47:21.0616 6020 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/03/11 20:47:21.0663 6020 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/03/11 20:47:21.0694 6020 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/03/11 20:47:21.0726 6020 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/03/11 20:47:21.0772 6020 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/11 20:47:21.0788 6020 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/11 20:47:21.0866 6020 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/11 20:47:21.0882 6020 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/03/11 20:47:21.0960 6020 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/03/11 20:47:21.0991 6020 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/11 20:47:22.0022 6020 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/03/11 20:47:22.0069 6020 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/11 20:47:22.0100 6020 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/11 20:47:22.0131 6020 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/11 20:47:22.0178 6020 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/03/11 20:47:22.0209 6020 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/03/11 20:47:22.0256 6020 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/03/11 20:47:22.0287 6020 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/03/11 20:47:22.0318 6020 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/03/11 20:47:22.0365 6020 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/11 20:47:22.0396 6020 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/11 20:47:22.0412 6020 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/03/11 20:47:22.0443 6020 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/03/11 20:47:22.0474 6020 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/11 20:47:22.0490 6020 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/03/11 20:47:22.0521 6020 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/03/11 20:47:22.0552 6020 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/03/11 20:47:22.0646 6020 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/11 20:47:22.0708 6020 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/03/11 20:47:22.0755 6020 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/03/11 20:47:22.0786 6020 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/11 20:47:22.0818 6020 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/11 20:47:22.0833 6020 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/11 20:47:22.0864 6020 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/03/11 20:47:22.0942 6020 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/11 20:47:22.0958 6020 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/11 20:47:23.0036 6020 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/03/11 20:47:23.0098 6020 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/03/11 20:47:23.0130 6020 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/11 20:47:23.0192 6020 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/03/11 20:47:23.0286 6020 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
2011/03/11 20:47:23.0301 6020 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/03/11 20:47:23.0332 6020 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/03/11 20:47:23.0379 6020 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/03/11 20:47:23.0395 6020 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/03/11 20:47:23.0426 6020 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/03/11 20:47:23.0473 6020 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/03/11 20:47:23.0504 6020 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/03/11 20:47:23.0520 6020 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/03/11 20:47:23.0551 6020 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/03/11 20:47:23.0582 6020 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/03/11 20:47:23.0613 6020 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/03/11 20:47:23.0644 6020 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/03/11 20:47:23.0769 6020 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/11 20:47:23.0800 6020 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/03/11 20:47:23.0832 6020 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/11 20:47:23.0894 6020 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/03/11 20:47:23.0956 6020 qcusbser (93ac07b6de0fc71274d4c489be5ce2ba) C:\Windows\system32\DRIVERS\qcusbser.sys
2011/03/11 20:47:24.0003 6020 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/03/11 20:47:24.0066 6020 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/03/11 20:47:24.0112 6020 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/11 20:47:24.0128 6020 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/11 20:47:24.0175 6020 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/03/11 20:47:24.0206 6020 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/11 20:47:24.0237 6020 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/11 20:47:24.0268 6020 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/11 20:47:24.0284 6020 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/11 20:47:24.0315 6020 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/03/11 20:47:24.0346 6020 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/11 20:47:24.0362 6020 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/11 20:47:24.0393 6020 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/03/11 20:47:24.0424 6020 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/03/11 20:47:24.0456 6020 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
2011/03/11 20:47:24.0502 6020 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/11 20:47:24.0534 6020 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/03/11 20:47:24.0549 6020 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/03/11 20:47:24.0580 6020 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/03/11 20:47:24.0627 6020 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/03/11 20:47:24.0674 6020 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/03/11 20:47:24.0705 6020 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/03/11 20:47:24.0752 6020 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/03/11 20:47:24.0768 6020 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/03/11 20:47:24.0783 6020 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/03/11 20:47:24.0799 6020 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/03/11 20:47:24.0861 6020 Sftfs (72cd52403efc137290cb5a328510ebca) C:\Windows\system32\DRIVERS\Sftfslh.sys
2011/03/11 20:47:24.0939 6020 Sftplay (31a36ef71af36eabcc4b4f8ab8f76465) C:\Windows\system32\DRIVERS\Sftplaylh.sys
2011/03/11 20:47:24.0986 6020 Sftredir (2d969194fcc8eb41ed1d52863bfe7f52) C:\Windows\system32\DRIVERS\Sftredirlh.sys
2011/03/11 20:47:25.0002 6020 Sftvol (08b36d2f63af3ca2248458a4280c0c50) C:\Windows\system32\DRIVERS\Sftvollh.sys
2011/03/11 20:47:25.0064 6020 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/03/11 20:47:25.0095 6020 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/03/11 20:47:25.0111 6020 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/03/11 20:47:25.0158 6020 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/03/11 20:47:25.0236 6020 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2011/03/11 20:47:25.0298 6020 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/11 20:47:25.0360 6020 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/11 20:47:25.0407 6020 ssadbus (d52282225d5bd73a9cbf420699d1a0fe) C:\Windows\system32\DRIVERS\ssadbus.sys
2011/03/11 20:47:25.0454 6020 ssadmdfl (f7936ac6e8437e10e1ae488ce21f3086) C:\Windows\system32\DRIVERS\ssadmdfl.sys
2011/03/11 20:47:25.0485 6020 ssadmdm (1fe033372a58c67b3ecca903fc637b36) C:\Windows\system32\DRIVERS\ssadmdm.sys
2011/03/11 20:47:25.0532 6020 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/03/11 20:47:25.0594 6020 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
2011/03/11 20:47:25.0641 6020 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/11 20:47:25.0704 6020 SynTP (ed6d1424e5b0c21a57b28dd8508d6843) C:\Windows\system32\DRIVERS\SynTP.sys
2011/03/11 20:47:25.0828 6020 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/03/11 20:47:25.0922 6020 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/11 20:47:25.0969 6020 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/11 20:47:26.0000 6020 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/03/11 20:47:26.0031 6020 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/03/11 20:47:26.0062 6020 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/11 20:47:26.0078 6020 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/11 20:47:26.0140 6020 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/11 20:47:26.0172 6020 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/11 20:47:26.0203 6020 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/03/11 20:47:26.0250 6020 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
2011/03/11 20:47:26.0296 6020 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/11 20:47:26.0343 6020 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/03/11 20:47:26.0359 6020 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/11 20:47:26.0390 6020 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/03/11 20:47:26.0421 6020 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/11 20:47:26.0468 6020 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/03/11 20:47:26.0484 6020 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/11 20:47:26.0515 6020 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/11 20:47:26.0562 6020 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/03/11 20:47:26.0593 6020 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/03/11 20:47:26.0655 6020 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/03/11 20:47:26.0686 6020 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/11 20:47:26.0718 6020 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/11 20:47:26.0764 6020 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
2011/03/11 20:47:26.0827 6020 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/03/11 20:47:26.0858 6020 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/11 20:47:26.0874 6020 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/03/11 20:47:26.0905 6020 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/03/11 20:47:26.0936 6020 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/03/11 20:47:26.0967 6020 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/03/11 20:47:26.0998 6020 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/03/11 20:47:27.0030 6020 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/03/11 20:47:27.0092 6020 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/03/11 20:47:27.0123 6020 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/03/11 20:47:27.0154 6020 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/03/11 20:47:27.0201 6020 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/03/11 20:47:27.0217 6020 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/11 20:47:27.0232 6020 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/11 20:47:27.0295 6020 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/03/11 20:47:27.0326 6020 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/11 20:47:27.0388 6020 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/03/11 20:47:27.0420 6020 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/03/11 20:47:27.0513 6020 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/03/11 20:47:27.0544 6020 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/03/11 20:47:27.0591 6020 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/11 20:47:27.0638 6020 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/03/11 20:47:27.0669 6020 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/11 20:47:27.0747 6020 ================================================================================
2011/03/11 20:47:27.0747 6020 Scan finished
2011/03/11 20:47:27.0747 6020 ================================================================================

cosinus 12.03.2011 12:19
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

chrisi31 12.03.2011 14:29
Hallo Arne

SuperAntiSpyware scheint nun doch fündigt geworden zu sein.

LOG von AntiSpyware:
SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 03/12/2011 at 01:35 PM

Application Version : 4.49.1000

Core Rules Database Version : 6576
Trace Rules Database Version: 4395

Scan type : Complete Scan
Total Scan Time : 00:32:57

Memory items scanned : 668
Memory threats detected : 0
Registry items scanned : 13441
Registry threats detected : 0
File items scanned : 35350
File threats detected : 5

Adware.Tracking Cookie
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@de.sitestat[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@doubleclick[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@microsoftsto.112.2o7[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@atdmt[1].txt
C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\***@tradedoubler[2].txt

Malewarebytes:

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6033

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12.03.2011 14:22:57
mbam-log-2011-03-12 (14-22-57).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|)
Durchsuchte Objekte: 282933
Laufzeit: 21 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 13.03.2011 13:12
Sieht ok aus, da wurden nur Cookies gefunden.
Noch Probleme oder weitere Funde in der Zwischenzeit?

chrisi31 16.03.2011 07:00
Hoi Arne

Mein Compi läuft im Moment gut, auch keine Fenster mehr die sich öffnen. Der dauernden Datendownload hat auch abgenommen, wahrscheinlich liegt noch irgend eine Einstellung in Windows 7 vor die dauernd aufs Internet zugreifft, kenne mich leider mich Windows 7 noch nicht wirklich aus und versuche mich nun zu informieren.

Dir erst mal herzlichen Dank für deine Hilfe.

Wünsch dir einen schönen Tag.

Chrisi

cosinus 16.03.2011 10:30
Dann wären wir durch! :abklatsch:

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink:

Mozilla und andere Browser => http://filepony.de/?q=Flash+Player
Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:03 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130