|
Log-Analyse und Auswertung: Ich bekomme immer wieder die gleichen MeldungenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
16.04.2010, 13:52 | #1 |
| Ich bekomme immer wieder die gleichen Meldungen Hallo, ich bin durch google auf dieses Forum gestoßen. Seit gestern spinnt mein PC, mein Virenprogramm schlägt immer wieder Alarm. Immer wieder kommt die Meldung "....... versucht die systemkonfiguration zu ändern". Ich habe sofort alle Programme die ich in den letzten 10 Std installiert habe, deinstalliert und nen Viren Scan gemacht, habe die Trojaner erst in quarantäne gesteckt und dann gelöscht.Ich dachte das wars, aber leider....! Habe hier dann die Programme CCleaner, RSIT und HijackThis ausgeführt, trotzdem gehen die Meldungen nicht weg! Hier mein Hjackthis Logfile. ICh hoffe ihr könnt mir helfen. Logfile of Trend Micro HijackThis v2.0.3 (BETA) Scan saved at 14:46:02, on 16.04.2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\G Data\TotalCare\Firewall\GDFirewallTray.exe C:\Program Files\G Data\TotalCare\AVKTray\AVKTray.exe C:\Program Files\Windows Sidebar\sidebar.exe D:\Samsung PC Studio\NPSAgent.exe C:\Users\e*m*s*l*i*\AppData\Local\Temp\UbiRg.exe D:\Hotspotshield\Hotspot Shield\bin\openvpntray.exe D:\Firefox\firefox.exe C:\Windows\system32\wuauclt.exe C:\Windows\explorer.exe D:\Thunderbird\thunderbird.exe D:\Hijackthis\TrendMicro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://search.conduit.com?SearchSource=10&ctid=CT2475029 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h*+p://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,c:\program files\g data\totalcare\avkkid\avkcks.exe, O2 - BHO: G Data WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\TotalCare\Webfilter\AVKWebIE.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0744.0\msneshellx.dll O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - D:\Hotspotshield\Hotspot Shield\hssie\HssIE.dll O3 - Toolbar: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\TotalCare\Webfilter\AVKWebIE.dll O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0744.0\msneshellx.dll O3 - Toolbar: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G Data\TotalCare\Firewall\GDFirewallTray.exe O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files\G Data\TotalCare\AVKTray\AVKTray.exe O4 - HKLM\..\Run: [BCSSync] "D:\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Adobe\Adobe Reader\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [eYvUrwsWmuzcTI] C:\Users\EVMASA~1\AppData\Local\Temp\UbiRg.exe O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "D:\Virenprogramme 16.04.10\Malwarebytes Anti Maleware\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [AutoStartNPSAgent] D:\Samsung PC Studio\NPSAgent.exe O4 - HKCU\..\Run: [pUgR33R] C:\Users\EVMASA~1\AppData\Local\Temp\UbiRg.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://D:\MICROS~1\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Program Files\G Data\TotalCare\AVK\AVKService.exe O23 - Service: G Data Dateisystem Wächter (AVKWCtl) - G Data Software AG - C:\Program Files\G Data\TotalCare\AVK\AVKWCtl.exe O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe O23 - Service: G Data Backup Service - G Data Software AG - C:\Program Files\G Data\TotalCare\AVKBackup\AVKBackupService.exe O23 - Service: G Data Tuner Service - G Data Software AG - C:\Program Files\G Data\TotalCare\AVKTuner\AVKTunerService.exe O23 - Service: G Data Personal Firewall (GDFwSvc) - G Data Software AG - C:\Program Files\G Data\TotalCare\Firewall\GDFwSvc.exe O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - D:\Hotspotshield\Hotspot Shield\bin\openvpnas.exe O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - D:\Hotspotshield\Hotspot Shield\bin\HssTrayService.EXE O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - D:\Hotspotshield\Hotspot Shield\bin\hsswd.exe -- End of file - 7198 bytes Danke schon einmal! |
16.04.2010, 14:18 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Ich bekomme immer wieder die gleichen Meldungen Hallo und
__________________bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
16.04.2010, 16:21 | #3 |
| Ich bekomme immer wieder die gleichen Meldungen Hallo,
__________________das kam bei Mawarebytes raus! Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Datenbank Version: 3995 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 16.04.2010 17:18:05 mbam-log-2010-04-16 (17-18-05).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Durchsuchte Objekte: 164695 Laufzeit: 48 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 3 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\**********\AppData\Roaming\cglogs.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\Users\**********\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully. C:\Users\**********\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully. |
16.04.2010, 16:39 | #4 |
| Ich bekomme immer wieder die gleichen Meldungen Und das kam bei OTL raus! OTL logfile created on: 16.04.2010 17:24:21 - Run 1 OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\evmasalgis\Downloads Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 75,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,69 Gb Total Space | 79,71 Gb Free Space | 81,59% Space Free | Partition Type: NTFS Drive D: | 80,31 Gb Total Space | 77,46 Gb Free Space | 96,45% Space Free | Partition Type: NTFS Drive E: | 119,98 Gb Total Space | 111,54 Gb Free Space | 92,96% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: **********-PC Current User Name: ********** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\**********\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\**********\AppData\Local\Temp\UbiRg.exe (xQxICU) PRC - D:\Utorrent\uTorrent.exe (BitTorrent, Inc.) PRC - D:\Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - D:\Hotspotshield\Hotspot Shield\bin\openvpntray.exe () PRC - D:\Hotspotshield\Hotspot Shield\bin\openvpnas.exe () PRC - D:\Hotspotshield\Hotspot Shield\bin\hsswd.exe () PRC - C:\Programme\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG) PRC - C:\Programme\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG) PRC - C:\Programme\G Data\TotalCare\AVK\AVKWCtl.exe (G Data Software AG) PRC - C:\Programme\G Data\TotalCare\Firewall\GDFwSvc.exe (G Data Software AG) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\G Data\TotalCare\Firewall\GDFirewallTray.exe (G DATA Software AG) PRC - C:\Programme\G Data\TotalCare\AVKTray\AVKTray.exe (G Data Software AG) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\G Data\TotalCare\AVK\AVKService.exe (G Data Software AG) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\ev******is\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (HssTrayService) -- D:\Hotspotshield\Hotspot Shield\bin\HssTrayService.exe () SRV - (HotspotShieldService) -- D:\Hotspotshield\Hotspot Shield\bin\openvpnas.exe () SRV - (HssWd) -- D:\Hotspotshield\Hotspot Shield\bin\hsswd.exe () SRV - (AVKProxy) -- C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG) SRV - (GDScan) -- C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG) SRV - (AVKWCtl) -- C:\Programme\G Data\TotalCare\AVK\AVKWCtl.exe (G Data Software AG) SRV - (GDFwSvc) -- C:\Programme\G Data\TotalCare\Firewall\GDFwSvc.exe (G Data Software AG) SRV - (Microsoft SharePoint Workspace Audit Service) -- D:\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (G Data Backup Service) -- C:\Programme\G Data\TotalCare\AVKBackup\AVKBackupService.exe (G Data Software AG) SRV - (osppsvc) -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (AVKService) -- C:\Programme\G Data\TotalCare\AVK\AVKService.exe (G Data Software AG) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (G Data Tuner Service) -- C:\Programme\G Data\TotalCare\AVKTuner\AVKTunerService.exe (G Data Software AG) ========== Driver Services (SafeList) ========== DRV - (GRD) -- C:\Windows\System32\drivers\GRD.sys (G Data Software) DRV - (gdwfpcd) -- C:\Windows\System32\drivers\gdwfpcd32.sys (G DATA Software AG) DRV - (GDBehave) -- C:\Windows\system32\drivers\GDBehave.sys (G Data Software AG) DRV - (GDMnIcpt) -- C:\Windows\System32\drivers\MiniIcpt.sys (G Data Software AG) DRV - (GDPkIcpt) -- C:\Windows\System32\drivers\PktIcpt.sys (G DATA Software AG) DRV - (HookCentre) -- C:\Windows\System32\drivers\HookCentre.sys (G Data Software AG) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation) DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI) DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation) DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\System32\drivers\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek Corporation ) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyAs.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2475029 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 13 28 16 8D 92 D9 CA 01 [binary data] IE - HKCU\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyAs.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2475029&SearchSource=13" FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:20.1.0.4 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:2.5.6.0 FF - prefs.js..extensions.enabledItems: {ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.91 FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: D:\Firefox\components [2010.04.11 18:37:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: D:\Firefox\plugins [2010.04.13 15:01:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: D:\Thunderbird\components [2010.04.11 18:38:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: D:\Thunderbird\plugins [2010.04.11 18:38:17 | 000,000,000 | ---D | M] -- C:\Users\evmasalgis\AppData\Roaming\mozilla\Extensions [2010.04.11 18:38:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ev*******is\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.04.16 00:54:33 | 000,000,000 | ---D | M] -- C:\Users\ev*******is\AppData\Roaming\mozilla\Firefox\Profiles\y3s8kvb3.default\extensions [2010.04.16 00:54:28 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\ev*******is\AppData\Roaming\mozilla\Firefox\Profiles\y3s8kvb3.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE} [2010.04.14 16:50:18 | 000,000,000 | ---D | M] (MyAshampoo Toolbar) -- C:\Users\ev*******is\AppData\Roaming\mozilla\Firefox\Profiles\y3s8kvb3.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} [2010.04.16 00:54:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ev*******is\AppData\Roaming\mozilla\Firefox\Profiles\y3s8kvb3.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf} [2010.01.20 12:19:10 | 000,000,923 | ---- | M] () -- C:\Users\ev*******is\AppData\Roaming\Mozilla\FireFox\Profiles\y3s8kvb3.default\searchplugins\conduit.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\TotalCare\Webfilter\AVKWebIE.dll (G Data Software AG) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyAs.dll (Conduit Ltd.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - D:\Hotspotshield\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.) O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\TotalCare\Webfilter\AVKWebIE.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Programme\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyAs.dll (Conduit Ltd.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Adobe\Adobe Reader\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [BCSSync] D:\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [eYvUrwsWmuzcTI] C:\Users\******~1\AppData\Local\Temp\UbiRg.exe (xQxICU) O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Programme\G Data\TotalCare\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Programme\G Data\TotalCare\Firewall\GDFirewallTray.exe (G DATA Software AG) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] D:\Virenprogramme 16.04.10\Malwarebytes Anti Maleware\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKCU..\Run: [AutoStartNPSAgent] D:\Samsung PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [pUgR33R] C:\Users\******~1\AppData\Local\Temp\UbiRg.exe (xQxICU) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - D:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (c:\program files\g data\totalcare\avkkid\avkcks.exe) - c:\Programme\G Data\TotalCare\AVKKid\AvkCKS.exe () O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.04.16 13:36:42 | 000,000,000 | ---D | C] -- C:\Programme\trend micro [2010.04.16 13:36:42 | 000,000,000 | ---D | C] -- C:\rsit [2010.04.16 13:35:55 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Roaming\Malwarebytes [2010.04.16 13:35:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.04.16 13:35:29 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.04.16 13:35:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.04.16 02:22:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft [2010.04.16 01:27:54 | 000,000,000 | ---D | C] -- C:\Users\ev******is\Documents\CyberLink [2010.04.16 01:27:52 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Roaming\CyberLink [2010.04.16 01:21:09 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink [2010.04.16 01:20:46 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\CyberLink [2010.04.16 01:19:54 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\ev******is\AppData\Roaming\pcouffin.sys [2010.04.16 01:19:53 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Roaming\Vso [2010.04.16 01:19:53 | 000,000,000 | ---D | C] -- C:\Users\ev******is\Documents\PcSetup [2010.04.16 01:16:20 | 000,505,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp71.dll [2010.04.16 01:16:20 | 000,029,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3a.dll [2010.04.16 01:14:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp [2010.04.14 18:23:42 | 000,000,000 | ---D | C] -- C:\Programme\MSXML 4.0 [2010.04.14 17:19:11 | 000,029,992 | ---- | C] (G Data Software) -- C:\Windows\System32\drivers\GRD.sys [2010.04.14 17:07:31 | 000,000,000 | ---D | C] -- C:\Hotspot Shield [2010.04.14 16:58:52 | 000,000,000 | ---D | C] -- C:\Windows\JMCR_DIR [2010.04.14 16:58:24 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\InstallShield [2010.04.14 16:58:19 | 000,084,240 | ---- | C] (JMicron Technology Corp.) -- C:\Windows\System32\drivers\jmcr.sys [2010.04.14 16:56:01 | 000,000,000 | ---D | C] -- C:\Programme\Conduit [2010.04.14 16:50:19 | 000,000,000 | ---D | C] -- C:\Programme\MyAshampoo [2010.04.14 16:42:36 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Roaming\Ashampoo [2010.04.14 16:41:15 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Local\ashampoo [2010.04.14 16:41:15 | 000,000,000 | ---D | C] -- C:\ProgramData\ashampoo [2010.04.14 16:40:58 | 000,000,000 | ---D | C] -- C:\Programme\MSN [2010.04.14 14:37:52 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.04.14 14:37:52 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.04.14 14:37:51 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2010.04.14 14:28:37 | 000,000,000 | ---D | C] -- C:\Users\ev******is\Documents\NPS [2010.04.14 14:24:12 | 000,000,000 | ---D | C] -- C:\Users\ev******is\Documents\My Art [2010.04.14 14:20:58 | 000,123,648 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bmdm.sys [2010.04.14 14:20:58 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bwhnt.sys [2010.04.14 14:20:58 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bwh.sys [2010.04.14 14:20:57 | 000,098,432 | ---- | C] (MCCI) -- C:\Windows\System32\drivers\ss_bbus.sys [2010.04.14 14:20:57 | 000,014,848 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bmdfl.sys [2010.04.14 14:20:57 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bcmnt.sys [2010.04.14 14:20:57 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bcm.sys [2010.04.14 14:19:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung [2010.04.14 14:18:49 | 000,222,568 | ---- | C] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe [2010.04.14 14:18:29 | 000,000,000 | ---D | C] -- C:\Users\ev******is\Documents\My NPS Files [2010.04.14 14:18:17 | 000,000,000 | ---D | C] -- C:\Users\ev******is\Documents\Samsung [2010.04.14 14:18:02 | 000,000,000 | -H-D | C] -- C:\Programme\InstallShield Installation Information [2010.04.14 14:16:59 | 000,000,000 | ---D | C] -- C:\Programme\MarkAny [2010.04.13 22:06:27 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe [2010.04.13 19:33:44 | 000,000,000 | ---D | C] -- C:\Users\ev******is\Documents\Outlook Files [2010.04.13 19:26:28 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Roaming\Samsung [2010.04.13 19:25:20 | 000,353,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr71.dll [2010.04.13 19:21:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\Samsung_USB_Drivers [2010.04.13 17:20:04 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Roaming\skypePM [2010.04.13 17:18:58 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Roaming\Skype [2010.04.13 17:17:30 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype [2010.04.13 17:17:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2010.04.13 17:14:48 | 000,000,000 | ---D | C] -- C:\Users\ev******is\Documents\DVDVideoSoft [2010.04.13 17:14:39 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft [2010.04.13 17:14:27 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DVDVideoSoft [2010.04.13 17:09:51 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Local\VDownloader [2010.04.13 16:37:21 | 000,000,000 | ---D | C] -- C:\Users\ev******is\Tracing [2010.04.13 16:35:45 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll [2010.04.13 16:34:55 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft [2010.04.13 16:34:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2010.04.13 16:34:35 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live SkyDrive [2010.04.13 16:34:13 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live [2010.04.13 16:24:48 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Windows Live [2010.04.12 17:35:22 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Roaming\Macromedia [2010.04.12 17:35:22 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Roaming\Adobe [2010.04.12 17:35:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed [2010.04.12 17:30:32 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe [2010.04.12 17:27:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt [2010.04.12 17:24:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2010.04.12 17:19:37 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Local\Adobe [2010.04.12 16:44:40 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Roaming\vlc [2010.04.12 00:27:28 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Local\G DATA [2010.04.12 00:26:02 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Local\Diagnostics [2010.04.12 00:20:44 | 000,000,000 | RH-D | C] -- C:\MSOCache [2010.04.12 00:05:13 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Synchronization Services [2010.04.12 00:05:11 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DESIGNER [2010.04.12 00:04:44 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2010.04.12 00:04:44 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET [2010.04.12 00:04:44 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Sync Framework [2010.04.12 00:04:44 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft SQL Server Compact Edition [2010.04.12 00:03:34 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio 8 [2010.04.12 00:02:37 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Analysis Services [2010.04.12 00:01:55 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Local\Microsoft Help [2010.04.12 00:01:53 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office [2010.04.12 00:01:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2010.04.11 23:56:56 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Roaming\WinRAR [2010.04.11 21:09:38 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Local\PokerStars.NET [2010.04.11 20:46:30 | 000,055,624 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys [2010.04.11 20:46:11 | 000,047,560 | ---- | C] (G DATA Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys [2010.04.11 20:46:04 | 000,035,272 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\HookCentre.sys [2010.04.11 20:45:25 | 000,028,616 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys [2010.04.11 20:45:21 | 000,040,904 | ---- | C] (G DATA Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys [2010.04.11 20:44:56 | 000,000,000 | ---D | C] -- C:\Programme\G Data [2010.04.11 20:44:56 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\G DATA [2010.04.11 20:44:56 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA [2010.04.11 20:42:25 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2010.04.11 20:42:22 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Local\Downloaded Installations [2010.04.11 19:26:24 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Roaming\uTorrent [2010.04.11 18:56:10 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2010.04.11 18:39:22 | 000,181,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010.04.11 18:38:17 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Local\Thunderbird [2010.04.11 18:38:16 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Roaming\Thunderbird [2010.04.11 18:37:01 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Roaming\Mozilla [2010.04.11 18:37:01 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Local\Mozilla [2010.04.11 18:36:49 | 000,000,000 | R--D | C] -- C:\Users\ev******is\Desktop\Programme [2010.04.11 18:35:44 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll [2010.04.11 18:35:44 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll [2010.04.11 18:35:44 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll [2010.04.11 18:35:44 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax [2010.04.11 18:33:43 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.04.11 18:33:43 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.04.11 18:33:43 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.04.11 18:33:38 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2010.04.11 18:32:25 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll [2010.04.11 18:32:25 | 000,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe [2010.04.11 18:32:25 | 000,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe [2010.04.11 18:32:24 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2010.04.11 18:31:12 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2010.04.11 18:31:11 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2010.04.11 18:31:11 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2010.04.11 18:31:11 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [2010.04.11 18:31:10 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2010.04.11 18:31:10 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll [2010.04.11 18:31:10 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll [2010.04.11 18:29:55 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.04.11 18:29:54 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll [2010.04.11 18:29:54 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll [2010.04.11 18:29:54 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe [2010.04.11 18:29:54 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe [2010.04.11 18:29:54 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll [2010.04.11 18:29:53 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe [2010.04.11 18:29:53 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe [2010.04.11 18:29:53 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll [2010.04.11 18:11:32 | 000,000,000 | R--D | C] -- C:\Users\ev******is\Searches [2010.04.11 18:11:23 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Roaming\Identities [2010.04.11 18:11:21 | 000,000,000 | R--D | C] -- C:\Users\ev******is\Contacts [2010.04.11 18:11:13 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Local\VirtualStore [2010.04.11 18:11:06 | 000,000,000 | -HSD | C] -- C:\Users\ev******is\Vorlagen [2010.04.11 18:11:06 | 000,000,000 | -HSD | C] -- C:\Users\ev******is\AppData\Local\Verlauf [2010.04.11 18:11:06 | 000,000,000 | -HSD | C] -- C:\Users\ev******is\AppData\Local\Temporary Internet Files [2010.04.11 18:11:06 | 000,000,000 | -HSD | C] -- C:\Users\ev******is\Startmenü [2010.04.11 18:11:06 | 000,000,000 | -HSD | C] -- C:\Users\ev******is\SendTo [2010.04.11 18:11:06 | 000,000,000 | -HSD | C] -- C:\Users\ev******is\Recent [2010.04.11 18:11:06 | 000,000,000 | -HSD | C] -- C:\Users\ev******is\Netzwerkumgebung [2010.04.11 18:11:06 | 000,000,000 | -HSD | C] -- C:\Users\ev******is\Lokale Einstellungen [2010.04.11 18:11:06 | 000,000,000 | -HSD | C] -- C:\Users\ev******is\Documents\Eigene Videos [2010.04.11 18:11:06 | 000,000,000 | -HSD | C] -- C:\Users\ev******is\Documents\Eigene Musik [2010.04.11 18:11:06 | 000,000,000 | -HSD | C] -- C:\Users\ev******is\Eigene Dateien [2010.04.11 18:11:06 | 000,000,000 | -HSD | C] -- C:\Users\ev******is\Documents\Eigene Bilder [2010.04.11 18:11:06 | 000,000,000 | -HSD | C] -- C:\Users\ev******is\Druckumgebung [2010.04.11 18:11:06 | 000,000,000 | -HSD | C] -- C:\Users\ev******is\Cookies [2010.04.11 18:11:06 | 000,000,000 | -HSD | C] -- C:\Users\ev******is\AppData\Local\Anwendungsdaten [2010.04.11 18:11:06 | 000,000,000 | -HSD | C] -- C:\Users\ev******is\Anwendungsdaten [2010.04.11 18:11:05 | 000,000,000 | --SD | C] -- C:\Users\ev******is\AppData\Roaming\Microsoft [2010.04.11 18:11:05 | 000,000,000 | R--D | C] -- C:\Users\ev******is\Videos [2010.04.11 18:11:05 | 000,000,000 | R--D | C] -- C:\Users\ev******is\Saved Games [2010.04.11 18:11:05 | 000,000,000 | R--D | C] -- C:\Users\ev******is\Pictures [2010.04.11 18:11:05 | 000,000,000 | R--D | C] -- C:\Users\ev******is\Music [2010.04.11 18:11:05 | 000,000,000 | R--D | C] -- C:\Users\ev******is\Links [2010.04.11 18:11:05 | 000,000,000 | R--D | C] -- C:\Users\ev******is\Favorites [2010.04.11 18:11:05 | 000,000,000 | R--D | C] -- C:\Users\ev******is\Downloads [2010.04.11 18:11:05 | 000,000,000 | R--D | C] -- C:\Users\ev******is\Documents [2010.04.11 18:11:05 | 000,000,000 | R--D | C] -- C:\Users\ev******is\Desktop [2010.04.11 18:11:05 | 000,000,000 | -H-D | C] -- C:\Users\ev******is\AppData [2010.04.11 18:11:05 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Local\Temp [2010.04.11 18:11:05 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Local\Microsoft [2010.04.11 18:11:05 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Roaming\Media Center Programs [2010.04.11 18:06:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2010.04.11 18:06:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2010.04.11 18:06:54 | 000,000,000 | -HSD | C] -- C:\Recovery [2010.04.11 18:06:54 | 000,000,000 | -HSD | C] -- C:\Programme [2010.04.11 18:06:54 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien [2010.04.11 18:06:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2010.04.11 18:06:54 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2010.04.11 18:06:54 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2010.04.11 18:06:54 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2010.04.11 18:06:54 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2010.04.11 18:06:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2010.04.11 18:06:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2010.04.11 17:59:55 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2010.04.11 17:57:08 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2010.04.11 17:56:49 | 000,000,000 | -HSD | C] -- C:\System Volume Information ========== Files - Modified Within 30 Days ========== [2010.04.16 17:30:05 | 001,310,720 | -HS- | M] () -- C:\Users\ev******is\NTUSER.DAT [2010.04.16 17:22:38 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\wlvb.sys [2010.04.16 17:22:31 | 000,001,013 | ---- | M] () -- C:\Users\ev******is\AppData\Roaming\cglogs.dat [2010.04.16 14:20:24 | 001,479,830 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.04.16 14:20:24 | 000,646,770 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.04.16 14:20:24 | 000,610,094 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.04.16 14:20:24 | 000,127,238 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.04.16 14:20:24 | 000,104,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.04.16 14:18:12 | 000,020,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.04.16 14:18:12 | 000,020,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.04.16 14:13:07 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.04.16 14:13:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.04.16 14:12:58 | 2213,056,512 | -HS- | M] () -- C:\hiberfil.sys [2010.04.16 13:59:57 | 003,476,790 | -H-- | M] () -- C:\Users\ev******is\AppData\Local\IconCache.db [2010.04.16 13:43:25 | 000,001,564 | ---- | M] () -- C:\Users\ev******is\Documents\cc_20100416_134321.reg [2010.04.16 13:43:04 | 000,093,144 | ---- | M] () -- C:\Users\ev******is\Documents\cc_20100416_134250.reg [2010.04.16 02:42:37 | 000,081,920 | ---- | M] () -- C:\Users\ev******is\AppData\Roaming\ezpinst.exe [2010.04.16 02:42:37 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\ev******is\AppData\Roaming\pcouffin.sys [2010.04.16 02:42:37 | 000,007,176 | ---- | M] () -- C:\Users\ev******is\AppData\Roaming\pcouffin.cat [2010.04.16 02:42:37 | 000,001,144 | ---- | M] () -- C:\Users\ev******is\AppData\Roaming\pcouffin.inf [2010.04.16 02:22:00 | 000,035,389 | ---- | M] () -- C:\Users\ev******is\AppData\Roaming\SQLite3.dll [2010.04.16 02:06:45 | 000,029,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml3a.dll [2010.04.16 02:06:44 | 000,505,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp71.dll [2010.04.16 02:06:44 | 000,353,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr71.dll [2010.04.16 01:20:36 | 000,000,014 | ---- | M] () -- C:\Windows\System32\systeminfo3.dll [2010.04.14 17:19:11 | 000,029,992 | ---- | M] (G Data Software) -- C:\Windows\System32\drivers\GRD.sys [2010.04.14 17:01:19 | 000,000,251 | ---- | M] () -- C:\Windows\xUninstall.bat [2010.04.13 19:35:47 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010.04.13 19:26:05 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt [2010.04.13 17:20:04 | 000,000,048 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat [2010.04.13 16:24:09 | 000,108,824 | ---- | M] () -- C:\Users\ev******is\AppData\Local\GDIPFONTCACHEV1.DAT [2010.04.12 14:59:01 | 000,406,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.04.12 00:03:01 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini [2010.04.11 21:14:30 | 000,040,904 | ---- | M] (G DATA Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys [2010.04.11 21:14:22 | 000,028,616 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys [2010.04.11 20:46:30 | 000,055,624 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys [2010.04.11 20:46:11 | 000,047,560 | ---- | M] (G DATA Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys [2010.04.11 20:46:04 | 000,035,272 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\HookCentre.sys [2010.04.11 18:27:02 | 000,000,355 | ---- | M] () -- C:\Users\ev******is\Desktop\Computer - Verknüpfung.lnk [2010.04.11 18:14:08 | 000,524,288 | -HS- | M] () -- C:\Users\ev******is\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2010.04.11 18:14:08 | 000,524,288 | -HS- | M] () -- C:\Users\ev******is\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2010.04.11 18:14:08 | 000,065,536 | -HS- | M] () -- C:\Users\ev******is\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2010.04.11 18:14:02 | 000,000,003 | ---- | M] () -- C:\Windows\7Loader.TAG [2010.04.11 18:11:06 | 000,000,020 | -HS- | M] () -- C:\Users\ev******is\ntuser.ini [2010.04.11 18:00:45 | 000,057,050 | ---- | M] () -- C:\Windows\System32\license.rtf [2010.04.11 17:59:30 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin [2010.03.31 15:45:40 | 000,222,568 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe [2010.03.29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.03.29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.03.26 09:39:50 | 000,110,592 | ---- | M] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.03.26 09:39:50 | 000,036,640 | ---- | M] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.03.25 13:08:52 | 000,123,648 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bmdm.sys [2010.03.25 13:08:52 | 000,098,432 | ---- | M] (MCCI) -- C:\Windows\System32\drivers\ss_bbus.sys [2010.03.25 13:08:52 | 000,014,848 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bmdfl.sys [2010.03.25 13:08:52 | 000,012,416 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bcmnt.sys [2010.03.25 13:08:52 | 000,012,416 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bcm.sys [2010.03.25 13:08:52 | 000,012,288 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bwhnt.sys [2010.03.25 13:08:52 | 000,012,288 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bwh.sys ========== Files Created - No Company Name ========== [2010.04.16 17:22:38 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\wlvb.sys [2010.04.16 17:18:49 | 000,001,013 | ---- | C] () -- C:\Users\ev******is\AppData\Roaming\cglogs.dat [2010.04.16 13:43:23 | 000,001,564 | ---- | C] () -- C:\Users\ev******is\Documents\cc_20100416_134321.reg [2010.04.16 13:42:55 | 000,093,144 | ---- | C] () -- C:\Users\ev******is\Documents\cc_20100416_134250.reg [2010.04.16 02:22:00 | 000,035,389 | ---- | C] () -- C:\Users\ev******is\AppData\Roaming\SQLite3.dll [2010.04.16 01:20:36 | 000,000,014 | ---- | C] () -- C:\Windows\System32\systeminfo3.dll [2010.04.16 01:20:32 | 000,000,033 | ---- | C] () -- C:\Users\ev******is\AppData\Roaming\pcouffin.log [2010.04.16 01:19:54 | 000,081,920 | ---- | C] () -- C:\Users\ev******is\AppData\Roaming\ezpinst.exe [2010.04.16 01:19:54 | 000,007,176 | ---- | C] () -- C:\Users\ev******is\AppData\Roaming\pcouffin.cat [2010.04.16 01:19:54 | 000,001,144 | ---- | C] () -- C:\Users\ev******is\AppData\Roaming\pcouffin.inf [2010.04.14 16:59:09 | 000,000,251 | ---- | C] () -- C:\Windows\xUninstall.bat [2010.04.14 16:58:53 | 000,015,086 | ---- | C] () -- C:\Windows\System32\jmcr_xd.ico [2010.04.14 16:58:53 | 000,015,086 | ---- | C] () -- C:\Windows\System32\jmcr_ms.ico [2010.04.14 16:58:53 | 000,015,086 | ---- | C] () -- C:\Windows\System32\jmcr_mmc.ico [2010.04.14 14:18:49 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.04.14 14:18:49 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.04.13 19:35:47 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010.04.13 19:26:05 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2010.04.13 19:21:05 | 000,000,766 | ---- | C] () -- C:\Windows\System32\Uninstall.ico [2010.04.13 19:21:03 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2010.04.13 17:20:04 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.04.11 18:27:02 | 000,000,355 | ---- | C] () -- C:\Users\ev******is\Desktop\Computer - Verknüpfung.lnk [2010.04.11 18:14:02 | 000,000,003 | ---- | C] () -- C:\Windows\7Loader.TAG [2010.04.11 18:11:06 | 000,524,288 | -HS- | C] () -- C:\Users\ev******is\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2010.04.11 18:11:06 | 000,524,288 | -HS- | C] () -- C:\Users\ev******is\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2010.04.11 18:11:06 | 000,262,144 | -HS- | C] () -- C:\Users\ev******is\ntuser.dat.LOG1 [2010.04.11 18:11:06 | 000,065,536 | -HS- | C] () -- C:\Users\ev******is\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2010.04.11 18:11:06 | 000,000,020 | -HS- | C] () -- C:\Users\ev******is\ntuser.ini [2010.04.11 18:11:06 | 000,000,000 | -HS- | C] () -- C:\Users\ev******is\ntuser.dat.LOG2 [2010.04.11 18:11:05 | 001,310,720 | -HS- | C] () -- C:\Users\ev******is\NTUSER.DAT [2010.04.11 17:59:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.04.11 17:56:49 | 2213,056,512 | -HS- | C] () -- C:\hiberfil.sys [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:76B61AF7 < End of report > Geändert von evma (16.04.2010 um 16:55 Uhr) |
17.04.2010, 19:30 | #5 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Ich bekomme immer wieder die gleichen Meldungen Starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL O4 - HKLM..\Run: [eYvUrwsWmuzcTI] C:\Usersevmasalgis\AppData\Local\Temp\UbiRg.exe (xQxICU) O4 - HKCU..\Run: [pUgR33R] C:\Users\evmasalgis\AppData\Local\Temp\UbiRg.exe (xQxICU) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. [2010.04.16 17:22:38 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\wlvb.sys [2010.04.16 17:22:31 | 000,001,013 | ---- | M] () -- C:\Users\evmasalgis\AppData\Roaming\cglogs.dat [2010.04.16 02:42:37 | 000,081,920 | ---- | M] () -- C:\Users\evmasalgis\AppData\Roaming\ezpinst.exe :Commands [resethosts] [emptytemp] Das Logfilemüsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte.
__________________ Logfiles bitte immer in CODE-Tags posten |
17.04.2010, 23:54 | #6 |
| Ich bekomme immer wieder die gleichen Meldungen Hallo, ich möchte mich als erstes für die hilfe bedanken! Musste/ habe meine FP gelöscht, auf der die Malware war und das programm,vondem ich ausgehe das es die probleme verursacht hat! Musste das machen, da ich soweit ich den PC angemacht hatte, automatisch zum internet verbunden wurde! Sicher ist sicher! http://www.trojaner-board.de/images/smilies/smile.gif Nochmals danke"!Jetzt weiß ich wo ich mich bei evtl Problemen melden kann!!! Danke!!!! Schönen Sonntag! evma |
Themen zu Ich bekomme immer wieder die gleichen Meldungen |
adobe, alle programme, anti maleware, antivirus, bho, browser, dateisystem, excel, explorer, firefox, firewall, g data, google, hijack, hijackthis, hotspot shield, internet, internet explorer, local\temp, maleware, malwarebytes, malwarebytes' anti-malware, microsoft, msn, programm, programme, proxy, scan, software, studio, temp, trojaner, windows, ändern |