Topic Torch

player66 · 12.11.2013, 22:03

ESET hat schon was gefunden, wieder Yontoo...ist aber noch nciht fertig

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=261cafc20eb0114ca4d11b10ff42f3a4
# engine=15856
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-12 08:49:59
# local_time=2013-11-12 09:49:59 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1286 16777213 100 97 15928 39055721 0 0
# scanned=131799
# found=1
# cleaned=0
# scan_time=11532
sh=3AEF532A0211CE7869F0EB51E940D9E0C7CAE321 ft=1 fh=c7560653d3ee2314 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir"

Results of screen317's Security Check version 0.99.76
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Kaspersky Internet Security
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.75.0.1300
CCleaner
Java 7 Update 45
Adobe Flash Player 11.9.900.117
Mozilla Firefox 24.0 Firefox out of Date!
Mozilla Thunderbird (24.1.0)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes' Anti-Malware mbamscheduler.exe
Kaspersky Lab Kaspersky Internet Security 2013 avp.exe
Kaspersky Lab Kaspersky Internet Security 2013 klwtblfs.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C::
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-11-2013 01
Ran by Administrator (administrator) on BEASTS on 12-11-2013 22:02:23
Running from C:\Dokumente und Einstellungen\Administrator\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
() C:\Programme\devolo\dlan\devolonetsvc.exe
(Oracle Corporation) C:\Programme\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Programme\Windows Home Server\WHSConnector.exe
(Microsoft Corporation) C:\Programme\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Programme\Microsoft IntelliPoint\ipoint.exe
(Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Oracle Corporation) C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Programme\Microsoft IntelliType Pro\dpupdchk.exe
(Advanced Micro Devices Inc.) C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Programme\LG Soft India\forteManager\bin\Monitor.exe
(Dropbox, Inc.) C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\Dropbox.exe
(ATI Technologies Inc.) C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
(Mozilla Corporation) C:\Programme\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Programme\Windows Home Server\WHSTrayApp.exe
(Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe
() C:\Programme\DivX\DivX Update\DivXUpdate.exe
() C:\Dokumente und Einstellungen\Administrator\Desktop\SecurityCheck.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [itype] - C:\Programme\Microsoft IntelliType Pro\itype.exe [1505144 2009-11-05] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] - C:\Programme\Microsoft IntelliPoint\ipoint.exe [1468256 2009-11-05] (Microsoft Corporation)
HKLM\...\Run: [AVP] - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-19] (Kaspersky Lab ZAO)
HKLM\...\Run: [ISUSPM Startup] - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation)
HKLM\...\Run: [StartCCC] - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2010-02-10] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\klogon: C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
HKCU\...\Policies\Explorer: [NoRecentDocsMenu] 0x01000000
HKCU\...\Policies\Explorer: [NoRecentDocsHistory] 0x01000000
HKCU\...\Policies\Explorer: [NoRecentDocsNetHood] 0x01000000
HKCU\...\Policies\Explorer: [NoNetworkConnections] 0x01000000
HKCU\...\Policies\Explorer: [NoUserNameInStartMenu] 0x01000000
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMFirstStart.exe
Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\forteManager.lnk
ShortcutTarget: forteManager.lnk -> C:\Programme\LG Soft India\forteManager\bin\Monitor.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2EBED1C1D9DFCE01
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: BrowserHelper Class - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Programme\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Programme\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
Toolbar: HKCU - &Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - Home Server Banner - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Programme\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\SafeBrowser\S-1-5-21-1547161642-1935655697-682003330-500\FireFox
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @Citrix.com/npican - C:\Programme\Citrix\ICA Client\npicaN.dll No File
FF Plugin: @divx.com/DivX Content Upload Plugin,version=1.0.0 - C:\Programme\DivX\DivX Content Uploader\npUpload.dll No File
FF Plugin: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Programme\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2852 - C:\Programme\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nppl3260;version=6.0.12.46 - C:\Programme\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1662 - C:\Programme\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.46 - C:\Programme\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @sun.com/npsopluginmi;version=1.0 - D:\OpenOffice\OpenOffice.org 3\program No File
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @www.flatcast.com/FlatViewer 5.2 - C:\PROGRA~1\MOZILL~1\plugins\NpFv522.dll No File
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions:  - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5

========================== Services (Whitelisted) =================

S3 AcrSch2Svc; C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe [151552 2008-07-13] (Acronis)
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2010-02-10] ()
R2 AVP; C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-19] (Kaspersky Lab ZAO)
R2 DevoloNetworkService; C:\Programme\devolo\dlan\devolonetsvc.exe [2231616 2010-07-19] ()
S3 gusvc; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [136120 2011-05-09] (Google)
S3 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2005-02-24] (Macrovision Corporation)
R2 MBAMScheduler; C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [119408 2013-11-10] (Mozilla Foundation)
S3 NetSvc; c:\Programme\Intel\PROSetWired\NCS\Sync\NetSvc.exe [143360 2004-06-16] (Intel(R) Corporation)
S3 PsShutdownSvc; C:\Windows\System32\PSSDNSVC.EXE [61440 2004-10-11] ()
R2 WHSConnector; C:\Programme\Windows Home Server\WHSConnector.exe [376688 2011-01-10] (Microsoft Corporation)
R2 JavaQuickStarterService; "C:\Programme\Java\jre7\bin\jqs.exe" -service -config "C:\Programme\Java\jre7\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

R2 Aspi32; C:\Windows\System32\drivers\aspi32.sys [16512 2005-11-30] (Adaptec)
S1 ATITool; C:\Windows\System32\DRIVERS\ATITool.sys [24064 2005-09-26] ()
R1 atitray; C:\Programme\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [17952 2007-11-05] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [165376 2007-08-24] ()
S3 ctdvda2k; C:\Windows\System32\drivers\ctdvda2k.sys [332800 2003-10-14] (Creative Technology Ltd)
S3 ctljystk; C:\Windows\System32\DRIVERS\ctljystk.sys [3712 2001-08-17] (Creative Technology Ltd.)
R3 E1000; C:\Windows\System32\DRIVERS\e1000325.sys [169984 2004-06-22] (Intel Corporation)
S3 emu10k; C:\Windows\System32\drivers\emu10k1m.sys [283904 2001-08-17] (Creative Technology Ltd.)
S3 emu10k1; C:\Windows\System32\drivers\ctlfacem.sys [6912 2001-08-17] (Creative Technology Ltd.)
S3 EverestDriver; C:\Programme\EVEREST\kerneld.wnt [3584 2004-04-30] ()
R3 gameenum; C:\Windows\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
R3 ha10kx2k; C:\Windows\System32\drivers\ha10kx2k.sys [904784 2004-02-24] (Creative Technology Ltd)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [25280 2008-11-27] (LogMeIn, Inc.)
S3 hap16v2k; C:\Windows\System32\drivers\hap16v2k.sys [148432 2003-10-21] (Creative Technology Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-10-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [593504 2013-10-19] (Kaspersky Lab ZAO)
R3 klim5; C:\Windows\System32\DRIVERS\klim5.sys [35672 2012-06-27] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [24160 2013-10-19] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [24672 2013-10-19] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-06-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145040 2013-04-24] (Kaspersky Lab ZAO)
S3 LGDDCDevice; C:\Programme\LG Soft India\forteManager\bin\I2CDriver.sys [14336 2009-04-24] ()
S3 LGII2CDevice; C:\Programme\LG Soft India\forteManager\bin\PII2CDriver.sys [18432 2009-04-24] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [18048 2007-08-24] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R1 mbmiodrvr; C:\WINDOWS\System32\mbmiodrvr.sys [2944 2004-04-10] (cansoft@livewiredev.com)
S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [19456 2004-06-04] (Intel Corporation )
S3 nm; C:\Windows\System32\DRIVERS\NMnt.sys [40320 2008-04-13] (Microsoft Corporation)
R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2010-06-10] (CACE Technologies)
R2 PfModNT; C:\WINDOWS\System32\PfModNT.sys [10194 2002-06-14] (Creative Technology Ltd.)
S3 PLCND532; C:\Windows\System32\Drivers\PLCND532.sys [26656 2008-03-05] (Intellon, Inc.)
R1 prodrv06; C:\Windows\System32\drivers\prodrv06.sys [54368 2004-09-03] (Protection Technology)
R0 prohlp02; C:\Windows\System32\drivers\prohlp02.sys [115680 2004-09-03] (Protection Technology)
R0 prosync1; C:\Windows\System32\drivers\prosync1.sys [7040 2004-07-19] (Protection Technology)
R2 PWSYSDRV; C:\WINDOWS\System32\drivers\PWSYSDRV.sys [17072 1999-12-10] (Destiny Technology Corporation)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [89256 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation)
S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [86824 2008-10-21] (MCCI Corporation)
S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [15016 2008-10-21] (MCCI Corporation)
S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [114600 2008-10-21] (MCCI Corporation)
S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [108328 2008-10-21] (MCCI Corporation)
S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [26024 2008-10-21] (MCCI Corporation)
S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [104616 2008-10-21] (MCCI Corporation)
S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [109736 2008-10-21] (MCCI Corporation)
S3 SE27bus; C:\Windows\System32\DRIVERS\SE27bus.sys [61600 2006-09-18] (MCCI)
S3 SE27mdfl; C:\Windows\System32\DRIVERS\SE27mdfl.sys [9360 2006-09-18] (MCCI)
S3 SE27mdm; C:\Windows\System32\DRIVERS\SE27mdm.sys [97184 2006-09-18] (MCCI)
S3 SE27mgmt; C:\Windows\System32\DRIVERS\SE27mgmt.sys [88688 2006-09-18] (MCCI)
S3 se27nd5; C:\Windows\System32\DRIVERS\se27nd5.sys [18704 2006-09-18] (MCCI)
S3 SE27obex; C:\Windows\System32\DRIVERS\SE27obex.sys [86560 2006-09-18] (MCCI)
S3 se27unic; C:\Windows\System32\DRIVERS\se27unic.sys [90800 2006-09-18] (MCCI)
R0 sfhlp01; C:\Windows\System32\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology)
S3 sfman; C:\Windows\System32\drivers\sfmanm.sys [36480 2001-08-17] (Creative Technology Ltd.)
R3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [37920 2010-07-13] (RapidSolution Software AG)
S3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2011-12-16] (TeamViewer GmbH)
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [28768 2008-07-13] (Acronis)
S3 catchme; \??\C:\WINDOWS\TEMP\catchme.sys [x]
S3 dgderdrv; System32\drivers\dgderdrv.sys [x]
S3 dg_ssudbus; system32\DRIVERS\ssudbus.sys [x]
S3 FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS [x]
S4 InCDFs; system32\drivers\InCDFs.sys [x]
S1 InCDPass; system32\drivers\InCDPass.sys [x]
S1 InCDRm; system32\drivers\InCDRm.sys [x]
S4 IntelIde; No ImagePath
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74336 2013-04-24] (Kaspersky Lab ZAO)
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 ssudmdm; system32\DRIVERS\ssudmdm.sys [x]
S3 StarOpen; No ImagePath

==================== NetSvcs (Whitelisted) ===================

NETSVC: Ip6FwHlp -> No Registry Path.

==================== One Month Created Files and Folders ========

2013-11-12 21:53 - 2013-11-12 21:52 - 00891184 _____ C:\Dokumente und Einstellungen\Administrator\Desktop\SecurityCheck.exe
2013-11-12 18:35 - 2013-11-12 18:35 - 00000000 ____D C:\Programme\ESET
2013-11-10 21:36 - 2013-11-10 21:36 - 01090275 _____ (Farbar) C:\Dokumente und Einstellungen\Administrator\Desktop\FRST.exe
2013-11-10 21:33 - 2013-11-10 21:33 - 00000899 _____ C:\Dokumente und Einstellungen\Administrator\Desktop\JRT.txt
2013-11-10 21:25 - 2013-11-10 21:25 - 00000000 ____D C:\WINDOWS\ERUNT
2013-11-10 20:58 - 2013-11-10 21:18 - 00000000 ____D C:\AdwCleaner
2013-11-10 20:36 - 2013-11-10 20:36 - 01034531 _____ (Thisisu) C:\Dokumente und Einstellungen\Administrator\Desktop\JRT.exe
2013-11-10 20:35 - 2013-11-10 20:35 - 01073262 _____ C:\Dokumente und Einstellungen\Administrator\Desktop\adwcleaner.exe
2013-11-10 15:29 - 2013-11-10 15:31 - 00000000 ____D C:\Programme\Mozilla Thunderbird
2013-11-10 14:45 - 2013-11-10 14:45 - 00019763 _____ C:\ComboFix.txt
2013-11-10 14:29 - 2013-11-10 14:45 - 00000000 ____D C:\Qoobox
2013-11-10 14:29 - 2011-06-26 07:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-11-10 14:29 - 2010-11-07 18:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-11-10 14:29 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-11-10 14:29 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-11-10 14:29 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-11-10 14:29 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-11-10 14:29 - 2000-08-31 01:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-11-10 14:29 - 2000-08-31 01:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-11-10 14:29 - 2000-08-31 01:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-11-10 14:27 - 2013-11-10 14:27 - 05145633 ____R (Swearware) C:\Dokumente und Einstellungen\Administrator\Desktop\ComboFix.exe
2013-11-06 20:06 - 2013-11-06 20:07 - 00026761 _____ C:\Dokumente und Einstellungen\Administrator\Desktop\Addition.txt
2013-11-06 20:04 - 2013-11-06 20:04 - 00000000 ____D C:\FRST
2013-11-03 22:37 - 2013-11-06 22:23 - 00010047 _____ C:\WINDOWS\setupapi.log
2013-11-03 13:13 - 2013-11-03 13:48 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware (portable)
2013-11-03 13:12 - 2013-11-03 13:12 - 00047064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-11-03 13:10 - 2013-11-03 13:48 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Desktop\mbar
2013-10-24 22:30 - 2013-10-24 22:30 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\default
2013-10-24 18:39 - 2013-10-24 18:39 - 00001543 _____ C:\Dokumente und Einstellungen\All Users\Desktop\IrfanView Thumbnails.lnk
2013-10-24 18:39 - 2013-10-24 18:39 - 00000671 _____ C:\Dokumente und Einstellungen\All Users\Desktop\IrfanView.lnk
2013-10-24 18:39 - 2013-10-24 18:39 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\IrfanView
2013-10-19 14:38 - 2013-07-03 03:12 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2013-10-19 14:37 - 2013-08-29 01:56 - 00026240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbser.sys
2013-10-19 14:37 - 2013-07-17 01:58 - 00123008 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys
2013-10-19 14:37 - 2013-07-17 01:58 - 00060160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys
2013-10-19 14:37 - 2013-07-17 01:58 - 00046848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irbus.sys
2013-10-19 14:35 - 2013-08-09 01:55 - 00144128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbport.sys
2013-10-19 14:35 - 2013-08-09 01:55 - 00032384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbccgp.sys
2013-10-19 14:35 - 2009-03-18 12:02 - 00030336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys
2013-10-19 12:33 - 2013-10-19 12:33 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Java
2013-10-19 12:33 - 2013-10-19 12:33 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Java
2013-10-19 12:33 - 2013-10-19 12:32 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-10-19 12:33 - 2013-10-19 12:32 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-10-19 12:33 - 2013-10-19 12:32 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-10-19 12:33 - 2013-10-19 12:32 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2013-10-19 12:33 - 2013-10-19 12:32 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-10-19 12:32 - 2013-10-19 12:32 - 00000000 ____D C:\Programme\Java

==================== One Month Modified Files and Folders =======

2013-11-12 21:52 - 2013-11-12 21:53 - 00891184 _____ C:\Dokumente und Einstellungen\Administrator\Desktop\SecurityCheck.exe
2013-11-12 20:47 - 2012-12-27 18:29 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2013-11-12 20:19 - 2004-10-05 01:41 - 00000000 ___RD C:\Programme
2013-11-12 19:28 - 2006-08-01 15:54 - 00000188 _____ C:\WINDOWS\hpbafd.ini
2013-11-12 18:35 - 2013-11-12 18:35 - 00000000 ____D C:\Programme\ESET
2013-11-12 18:35 - 2013-10-04 15:12 - 00000000 ____D C:\Programme\Mozilla Firefox
2013-11-12 18:33 - 2011-01-10 21:41 - 00002305 _____ C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Windows Home Server-Konsole.lnk
2013-11-12 18:31 - 2013-02-27 18:51 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Dropbox
2013-11-12 18:26 - 2008-11-25 20:32 - 01610236 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-12 18:24 - 2010-05-17 18:48 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-11-12 18:24 - 2010-05-17 18:48 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-11-12 18:24 - 2001-08-18 12:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-11-10 22:30 - 2004-10-11 19:30 - 00001080 _____ C:\WINDOWS\system32\settingsbkup.sfm
2013-11-10 22:30 - 2004-10-11 19:30 - 00001080 _____ C:\WINDOWS\system32\settings.sfm
2013-11-10 22:30 - 2004-10-11 19:30 - 00000384 _____ C:\WINDOWS\system32\DVCStateBkp-{00000003-00000000-00000003-00001102-00000002-80271102}.dat
2013-11-10 22:30 - 2004-10-11 19:30 - 00000384 _____ C:\WINDOWS\system32\DVCState-{00000003-00000000-00000003-00001102-00000002-80271102}.dat
2013-11-10 22:29 - 2011-06-04 10:05 - 00524288 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2013-11-10 22:29 - 2004-10-05 15:49 - 00000190 ___SH C:\Dokumente und Einstellungen\Administrator\ntuser.ini
2013-11-10 21:36 - 2013-11-10 21:36 - 01090275 _____ (Farbar) C:\Dokumente und Einstellungen\Administrator\Desktop\FRST.exe
2013-11-10 21:33 - 2013-11-10 21:33 - 00000899 _____ C:\Dokumente und Einstellungen\Administrator\Desktop\JRT.txt
2013-11-10 21:25 - 2013-11-10 21:25 - 00000000 ____D C:\WINDOWS\ERUNT
2013-11-10 21:20 - 2004-10-05 00:54 - 00000000 ____D C:\WINDOWS\system32\Restore
2013-11-10 21:19 - 2012-04-29 12:09 - 00000000 ____D C:\Programme\Mozilla Maintenance Service
2013-11-10 21:18 - 2013-11-10 20:58 - 00000000 ____D C:\AdwCleaner
2013-11-10 21:18 - 2011-11-29 19:41 - 00006984 _____ C:\WINDOWS\Tasks\SCHEDLGU.TXT
2013-11-10 21:18 - 2004-10-05 00:56 - 00000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2013-11-10 21:14 - 2013-02-20 21:19 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-11-10 20:36 - 2013-11-10 20:36 - 01034531 _____ (Thisisu) C:\Dokumente und Einstellungen\Administrator\Desktop\JRT.exe
2013-11-10 20:35 - 2013-11-10 20:35 - 01073262 _____ C:\Dokumente und Einstellungen\Administrator\Desktop\adwcleaner.exe
2013-11-10 15:31 - 2013-11-10 15:29 - 00000000 ____D C:\Programme\Mozilla Thunderbird
2013-11-10 14:45 - 2013-11-10 14:45 - 00019763 _____ C:\ComboFix.txt
2013-11-10 14:45 - 2013-11-10 14:29 - 00000000 ____D C:\Qoobox
2013-11-10 14:45 - 2004-10-05 00:59 - 00000000 __SHD C:\Dokumente und Einstellungen\NetworkService
2013-11-10 14:45 - 2004-10-05 00:59 - 00000000 __SHD C:\Dokumente und Einstellungen\LocalService
2013-11-10 14:44 - 2004-10-05 01:41 - 00000000 ___RD C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
2013-11-10 14:43 - 2001-08-18 12:00 - 00000227 _____ C:\WINDOWS\system.ini
2013-11-10 14:28 - 2011-11-29 19:20 - 00000000 ____D C:\WINDOWS\ERDNT
2013-11-10 14:27 - 2013-11-10 14:27 - 05145633 ____R (Swearware) C:\Dokumente und Einstellungen\Administrator\Desktop\ComboFix.exe
2013-11-06 23:10 - 2011-01-08 10:41 - 00001732 ____H C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Default.rdp
2013-11-06 22:23 - 2013-11-03 22:37 - 00010047 _____ C:\WINDOWS\setupapi.log
2013-11-06 20:07 - 2013-11-06 20:06 - 00026761 _____ C:\Dokumente und Einstellungen\Administrator\Desktop\Addition.txt
2013-11-06 20:04 - 2013-11-06 20:04 - 00000000 ____D C:\FRST
2013-11-03 21:59 - 2012-04-01 16:04 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Winamp
2013-11-03 21:59 - 2004-10-05 15:49 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator
2013-11-03 20:24 - 2012-05-26 09:57 - 00002385 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Napster Rienf Repair.lnk
2013-11-03 13:48 - 2013-11-03 13:13 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware (portable)
2013-11-03 13:48 - 2013-11-03 13:10 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Desktop\mbar
2013-11-03 13:12 - 2013-11-03 13:12 - 00047064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-11-03 12:44 - 2013-05-09 11:27 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\vlc
2013-11-03 12:21 - 2013-02-20 18:08 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Adobe AIR
2013-11-03 12:03 - 2004-10-05 01:41 - 01224922 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-24 22:30 - 2013-10-24 22:30 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\default
2013-10-24 18:39 - 2013-10-24 18:39 - 00001543 _____ C:\Dokumente und Einstellungen\All Users\Desktop\IrfanView Thumbnails.lnk
2013-10-24 18:39 - 2013-10-24 18:39 - 00000671 _____ C:\Dokumente und Einstellungen\All Users\Desktop\IrfanView.lnk
2013-10-24 18:39 - 2013-10-24 18:39 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\IrfanView
2013-10-24 18:39 - 2006-02-06 13:34 - 00000000 ____D C:\Programme\IrfanView
2013-10-24 18:39 - 2004-10-05 01:41 - 00000000 ___RD C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2013-10-24 18:26 - 2013-07-03 19:12 - 00372736 _____ C:\Dokumente und Einstellungen\Administrator\Desktop\Teamroster.xls
2013-10-24 18:12 - 2012-03-31 09:52 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-10-24 18:12 - 2011-12-04 14:45 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-10-19 20:28 - 2004-10-05 01:41 - 00210488 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-19 20:11 - 2007-06-08 14:35 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-10-19 19:53 - 2013-08-03 12:25 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-10-19 19:46 - 2009-01-26 19:36 - 78106760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-10-19 19:43 - 2010-06-15 09:46 - 00000000 ____D C:\WINDOWS\ie8updates
2013-10-19 13:36 - 2013-02-22 19:24 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\BitTorrent
2013-10-19 12:46 - 2013-07-21 19:55 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DivX
2013-10-19 12:33 - 2013-10-19 12:33 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Java
2013-10-19 12:33 - 2013-10-19 12:33 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Java
2013-10-19 12:32 - 2013-10-19 12:33 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-10-19 12:32 - 2013-10-19 12:33 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-10-19 12:32 - 2013-10-19 12:33 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-10-19 12:32 - 2013-10-19 12:33 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2013-10-19 12:32 - 2013-10-19 12:33 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-10-19 12:32 - 2013-10-19 12:32 - 00000000 ____D C:\Programme\Java
2013-10-19 12:25 - 2012-12-27 18:29 - 00593504 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klif.sys
2013-10-19 12:25 - 2012-07-25 14:53 - 00024672 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klmouflt.sys
2013-10-19 12:25 - 2012-06-19 17:28 - 00135776 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\kl1.sys
2013-10-19 12:25 - 2012-05-25 19:38 - 00024160 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klkbdflt.sys

Files to move or delete:
====================
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\sversion.ini
C:\Dokumente und Einstellungen\beast\compreg.dat
C:\Dokumente und Einstellungen\beast\persdict.dat
C:\Dokumente und Einstellungen\beast\pluginreg.dat
C:\Dokumente und Einstellungen\beast\prefs.js
C:\Dokumente und Einstellungen\beast\xpti.dat


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2003-05-29 10:48] - [2008-04-14 06:52] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e 

C:\Windows\System32\winlogon.exe
[2002-08-29 02:43] - [2008-04-14 06:53] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a 

C:\Windows\System32\svchost.exe
[2001-08-18 12:00] - [2008-04-14 06:53] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366 

C:\Windows\System32\services.exe
[2008-11-14 17:55] - [2009-02-09 12:21] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc 

C:\Windows\System32\User32.dll
[2002-08-29 02:43] - [2008-04-14 06:52] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd 

C:\Windows\System32\userinit.exe
[2008-11-14 17:55] - [2008-04-14 06:53] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106 

C:\Windows\System32\Drivers\volsnap.sys
[2008-11-14 17:55] - [2008-04-14 06:22] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d 


==================== End Of Log ============================

--- --- ---

--- --- ---

Topic Torch

Plagegeister aller Art und deren Bekämpfung: Topic Torch

Topic Torch

Ähnliche Themen: Topic Torch