Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Virus 'HIDDENEXT/Crypted' und mehrere Trojaner

Virus 'HIDDENEXT/Crypted' und mehrere Trojaner


Plagegeister aller Art und deren Bekämpfung: Virus 'HIDDENEXT/Crypted' und mehrere Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 05.05.2010, 16:50   #1
Nasir2007
 
Virus 'HIDDENEXT/Crypted' und mehrere Trojaner - Standard

Virus 'HIDDENEXT/Crypted' und mehrere Trojaner


Hi Leute,

ich hab mir wohl vor ca 4 Tagen einen Trojaner eingefangen. Wie genau kann ich leider nicht sagen aber ich vermute durch eine PDF.

Zuvor: Ich habe Win 7 mit den neuesten Updates drauf.

Also zuerst hat Antivir

'TR/Small.cjd' [trojan] in
'C:\Users\***\AppData\Local\Windows Server\yesybr.dll' angezeigt.

Nächsten Tag:

'TR/Crypt.XPACK.Gen' [trojan] in
'C:\Windows\Temp\iecn.tmp\svchost.exe'

Tag drauf

'TR/Downloader.Gen' [trojan] in
'C:\Windows\Temp\coll.tmp\svchost.exe'

2 Tage später

'HIDDENEXT/Crypted' [heuristic] in
'C:\Windows\Temp\m.2D5FF.tmp.exe'


Also die Trojaner/Viren wurden immer nur einzeln angezeigt. Zudem hatte ich es selber versucht den Pc sauber zu bekommen. Einen Tag wurde auch nichts angezeigt. Antivir Komplettscan, Anti-Malware und HJT Autoanalyse haben auch nichts angezeigt. Daher dachte ich der Trojaner wär weg. Naja auf jeden Fall kamen am nächsten Tag nur noch mehr Warnungen und WIN 7 macht auf einen interaktiven Dienst aufmerksam der mir was sagen möchte. Lässt man das zu springt ein hellblaues Fenster auf und eine Adobe Warnung sagt: 3D-Treiber konnte nicht initialisiert werden oder sowas.

Zudem springen in meinem Opera irgendwelche Spam Tabs auf.

Das ist aber eigentlich alles... Soweit läuft das System normal.

Ich hab mir schon eine Menge Themen hier durchgelesen von daher habe ich Malware, HJT und OTL schon mal durchlaufen lassen.

Malware hat wieder eine ganze Menge angezeigt.... Auch in der Registry (zum ersten Mal). Alles natürlich gelöscht. Danach habe ich dann OTl und dann HJT laufen lassen.

Vielleicht kann mir ja einer weiterhelfen....
__________________
Alt 05.05.2010, 16:51   #2
Nasir2007
 
Virus 'HIDDENEXT/Crypted' und mehrere Trojaner - Standard

Virus 'HIDDENEXT/Crypted' und mehrere Trojaner


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4052

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

05.05.2010 13:16:21
mbam-log-2010-05-05 (13-16-21).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|)
Durchsuchte Objekte: 357941
Laufzeit: 1 Stunde(n), 0 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\Windows\System32\a7212b32.dll (Trojan.Vundo.H) -> No action taken.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{880ec60b-4a1e-4808-7281-c68f8a87bb53} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{880ec60b-4a1e-4808-7281-c68f8a87bb53} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{880ec60b-4a1e-4808-7281-c68f8a87bb53} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{021af74b-7695-394f-4dc8-7df378b9d89b} (Adware.AdRotator) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{021af74b-7695-394f-4dc8-7df378b9d89b} (Adware.AdRotator) -> No action taken.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lrhovxoyorbysqgsc (Trojan.Agent) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\System32\a7212b32.dll (Trojan.Vundo.H) -> No action taken.
C:\Windows\Temp\doip.tmp\svchost.exe (Adware.Agent) -> No action taken.
C:\Windows\System32\bjruhwkfqvketiam.dll (Trojan.Agent) -> No action taken.
__________________

__________________
Alt 05.05.2010, 16:51   #3
Nasir2007
 
Virus 'HIDDENEXT/Crypted' und mehrere Trojaner - Standard

Virus 'HIDDENEXT/Crypted' und mehrere Trojaner


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:17:57, on 05.05.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\regsvr32.exe
C:\Windows\Temp\tHeT.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncUICore.resources\de.lproj\SyncUICoreRessourceSyncUICoreLocalized.exe
C:\Program Files\Common Files\microsoft shared\ink\et-EE\SystemWindows.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncUICore.resources\ja.lproj\SyncUICoreLocalizedSyncUICore.exe
C:\Windows\Temp\xkNi.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncUICore.resources\de.lproj\SyncUICoreRessourceSyncUICoreLocalized.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Opera\opera.exe
C:\program files\avira\antivir desktop\avcenter.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Winamp\winamp.exe
C:\Users\Marv\Desktop\OTL.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Marv\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [nvStInstStereoscpic] C:\Windows\Temp\xkNi.exe
O4 - HKLM\..\Run: [SyncUICoreLocalizedSyncUICoreRessource] c:\program files\common files\apple\mobile device support\syncuicore.resources\de.lproj\syncuicoreressourcesyncuicorelocalized.exe
O4 - HKLM\..\Run: [WindowsMicrosoft] c:\program files\common files\microsoft shared\ink\et-ee\systemwindows.exe
O4 - HKLM\..\Run: [SyncUICoreLocalizedSyncUICore] c:\program files\common files\apple\mobile device support\syncuicore.resources\ja.lproj\syncuicorelocalizedsyncuicore.exe
O4 - HKLM\..\Run: [Stereoscpicdriver] c:\windows\temp\xkni.exe
O4 - HKLM\..\Run: [MobileMeSyncUICoreLocalized] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncUICore.resources\de.lproj\SyncUICoreRessourceSyncUICoreLocalized.exe
O4 - HKLM\..\Run: [tipresxOperating] C:\Program Files\Common Files\microsoft shared\ink\et-EE\SystemWindows.exe
O4 - HKLM\..\Run: [nvStInstdriver] c:\windows\temp\thet.exe
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunServices: [driverInstaller] C:\Windows\Temp\xkNi.exe
O4 - HKLM\..\RunServices: [RecursosQuickTimeQuickTime] c:\program files\quicktime\qtsystem\quicktimempeg.resources\pt.lproj\recursosquicktimerecursosquicktime.exe
O4 - HKLM\..\RunServices: [DynamicLibrary] c:\program files\ageia technologies\v2.5.1\physxcookinglink.exe
O4 - HKLM\..\RunServices: [SystemWindows] c:\program files\common files\apple\mobile device support\netdrivers\wdfcoinstalleroperating1.5.6000.0.exe
O4 - HKLM\..\RunServices: [nvStInstInstaller] c:\windows\temp\ywhg.exe
O4 - HKLM\..\RunServices: [MobileMeSyncUICoreRessource] C:\Program Files\Common Files\Apple\Mobile Device Support\SyncUICore.resources\de.lproj\SyncUICoreRessourceSyncUICoreLocalized.exe
O4 - HKLM\..\RunServices: [tipresxSystem] C:\Program Files\Common Files\microsoft shared\ink\et-EE\SystemWindows.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 7243 bytes
__________________
__________________
Alt 05.05.2010, 16:52   #4
Nasir2007
 
Virus 'HIDDENEXT/Crypted' und mehrere Trojaner - Standard

Virus 'HIDDENEXT/Crypted' und mehrere Trojaner


OTL logfile created on: 05.05.2010 13:18:47 - Run 2
OTL by OldTimer - Version 3.2.4.0 Folder = C:\Users\Marv\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 21,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 127,73 Gb Total Space | 100,89 Gb Free Space | 78,99% Space Free | Partition Type: NTFS
Drive D: | 19,53 Gb Total Space | 0,83 Gb Free Space | 4,23% Space Free | Partition Type: NTFS
Drive E: | 39,06 Gb Total Space | 24,33 Gb Free Space | 62,28% Space Free | Partition Type: NTFS
Drive F: | 239,49 Gb Total Space | 100,09 Gb Free Space | 41,79% Space Free | Partition Type: NTFS
Drive G: | 1269,53 Gb Total Space | 1038,34 Gb Free Space | 81,79% Space Free | Partition Type: NTFS
Drive H: | 1,93 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
I: Drive not present or media not loaded

Computer Name: EXECUTER
Current User Name: Marv
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Windows\Temp\xkNi.exe ()
PRC - C:\Windows\Temp\tHeT.exe ()
PRC - C:\Programme\Common Files\microsoft shared\ink\et-EE\SystemWindows.exe ()
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\SyncUICore.resources\de.lproj\SyncUICoreRessourceSyncUICoreLocalized.exe ()
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\SyncUICore.resources\ja.lproj\SyncUICoreLocalizedSyncUICore.exe ()
PRC - C:\Users\Marv\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Opera\opera.exe (Opera Software)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Winamp\winamp.exe (Nullsoft)
PRC - C:\Programme\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\regsvr32.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Marv\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Programme\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.)
MOD - C:\Programme\Logitech\SetPoint\GameHook.dll (Logitech, Inc.)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)


========== Driver Services (SafeList) ==========

DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC-Seriellschnittstellentreiber (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) Brother MFC-nur-Fax-Modem (USB) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) Brother MFC-WDM-Treiber (USB,seriell) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) Brother WDM-Treiber (seriell) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\Windows\System32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 88 27 5D 8C 31 E6 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MobileMeSyncUICoreLocalized] C:\Programme\Common Files\Apple\Mobile Device Support\SyncUICore.resources\de.lproj\SyncUICoreRessourceSyncUICoreLocalized.exe ()
O4 - HKLM..\Run: [nvStInstdriver] c:\Windows\Temp\tHeT.exe ()
O4 - HKLM..\Run: [nvStInstStereoscpic] C:\Windows\Temp\xkNi.exe ()
O4 - HKLM..\Run: [Stereoscpicdriver] c:\Windows\Temp\xkNi.exe ()
O4 - HKLM..\Run: [SyncUICoreLocalizedSyncUICore] c:\Programme\Common Files\Apple\Mobile Device Support\SyncUICore.resources\ja.lproj\SyncUICoreLocalizedSyncUICore.exe ()
O4 - HKLM..\Run: [SyncUICoreLocalizedSyncUICoreRessource] c:\Programme\Common Files\Apple\Mobile Device Support\SyncUICore.resources\de.lproj\SyncUICoreRessourceSyncUICoreLocalized.exe ()
O4 - HKLM..\Run: [tipresxOperating] C:\Programme\Common Files\microsoft shared\ink\et-EE\SystemWindows.exe ()
O4 - HKLM..\Run: [WindowsMicrosoft] c:\Programme\Common Files\microsoft shared\ink\et-EE\SystemWindows.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunServices: [driverInstaller] C:\Windows\Temp\xkNi.exe ()
O4 - HKLM..\RunServices: [DynamicLibrary] c:\Programme\AGEIA Technologies\v2.5.1\PhysXCookingLink.exe ()
O4 - HKLM..\RunServices: [MobileMeSyncUICoreRessource] C:\Programme\Common Files\Apple\Mobile Device Support\SyncUICore.resources\de.lproj\SyncUICoreRessourceSyncUICoreLocalized.exe ()
O4 - HKLM..\RunServices: [nvStInstInstaller] c:\Windows\Temp\YwhG.exe ()
O4 - HKLM..\RunServices: [RecursosQuickTimeQuickTime] c:\Programme\QuickTime\QTSystem\QuickTimeMPEG.Resources\pt.lproj\RecursosQuickTimeRecursosQuickTime.exe ()
O4 - HKLM..\RunServices: [SystemWindows] c:\Programme\Common Files\Apple\Mobile Device Support\NetDrivers\WdfCoInstallerOperating1.5.6000.0.exe ()
O4 - HKLM..\RunServices: [tipresxSystem] C:\Programme\Common Files\microsoft shared\ink\et-EE\SystemWindows.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.10.17 20:04:48 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005.11.01 12:54:36 | 000,000,000 | R--D | M] - H:\autorun -- [ UDF ]
O32 - AutoRun File - [2005.11.01 12:59:48 | 001,187,840 | R--- | M] () - H:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2005.11.01 12:59:47 | 000,000,043 | R--- | M] () - H:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{9179a560-005d-11df-a543-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9179a560-005d-11df-a543-806e6f6e6963}\Shell\AutoRun\command - "" = H:\Autorun.exe -- [2005.11.01 12:59:48 | 001,187,840 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.05.05 12:52:11 | 000,000,000 | ---D | C] -- C:\Users\Marv\Desktop\Jason_Derulo-Jason_Derulo-2010-H3X
[2010.05.04 18:43:06 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Local\Downloaded Installations
[2010.05.01 20:04:45 | 000,000,000 | ---D | C] -- C:\Users\Marv\Desktop\Torjanerboard
[2010.05.01 19:53:57 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Marv\Desktop\OTL.exe
[2010.05.01 19:20:48 | 000,000,000 | ---D | C] -- C:\Users\Marv\Desktop\backups
[2010.04.29 21:10:56 | 000,000,000 | ---D | C] -- C:\Users\Marv\Desktop\Talib Kweli - Eardrum NOCH LADEN
[2010.04.29 20:56:08 | 000,000,000 | ---D | C] -- C:\Users\Marv\Desktop\Dilated_People_-_2020
[2010.04.28 15:55:42 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010.04.28 15:55:42 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys
[2010.04.28 15:30:59 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Roaming\Malwarebytes
[2010.04.28 15:30:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.28 15:30:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.28 15:30:51 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.04.28 15:30:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.04.28 15:30:29 | 005,918,720 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Marv\Desktop\mbam-setup-1.45.exe
[2010.04.28 15:25:43 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Marv\Desktop\HiJackThis.exe
[2010.04.27 19:41:47 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2010.04.27 19:41:25 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Local\Windows Server
[2010.04.27 13:07:19 | 000,000,000 | ---D | C] -- C:\Users\Marv\Desktop\Drucken lassen
[2010.04.22 17:41:11 | 000,000,000 | ---D | C] -- C:\Programme\DAEMON Tools Lite
[2010.04.22 17:40:48 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Roaming\DAEMON Tools Lite
[2010.04.22 17:40:47 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010.04.20 23:31:56 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010.04.20 20:40:32 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Roaming\dvdcss
[2010.04.20 14:31:05 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Roaming\FileZilla
[2010.04.20 14:31:02 | 000,000,000 | ---D | C] -- C:\Programme\FileZilla FTP Client
[2010.04.15 12:37:37 | 000,000,000 | ---D | C] -- C:\Users\Marv\Desktop\UNI SS 2010
[2010.04.14 22:00:24 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.04.14 22:00:24 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.04.14 22:00:24 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.04.13 16:09:05 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Roaming\Apple Computer
[2010.04.13 16:09:05 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Local\Apple Computer
[2010.04.13 16:08:51 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2010.04.13 16:08:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010.04.13 16:08:35 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.04.13 16:08:34 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010.04.13 16:08:34 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.04.13 16:08:05 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010.04.13 16:08:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010.04.13 16:07:59 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update
[2010.04.13 16:07:59 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Local\Apple
[2010.04.13 16:07:45 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010.04.13 16:07:41 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Apple
[2010.04.13 16:07:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010.04.12 20:17:52 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.04.07 19:35:33 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Local\RSS Checker
[2010.04.07 19:24:47 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Local\Google Translator
[2010.04.07 17:29:00 | 000,032,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msonpmon.dll
[2010.04.07 17:28:19 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Works
[2010.04.07 17:27:56 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio
[2010.04.07 17:27:56 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DESIGNER
[2010.04.07 17:27:34 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010.04.07 17:27:34 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET
[2010.04.07 17:26:15 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio 8
[2010.04.07 17:25:46 | 000,000,000 | ---D | C] -- C:\Users\Marv\AppData\Local\Microsoft Help
[2010.04.07 17:25:44 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office
[2010.04.07 17:25:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010.04.07 17:22:51 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010.04.06 21:52:55 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.04.06 21:39:31 | 000,000,000 | ---D | C] -- C:\Users\Marv\Documents\BFBC2
[2010.04.06 19:54:34 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2010.04.06 19:54:34 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2010.04.06 19:54:34 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2010.04.06 19:54:34 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2010.04.06 19:54:34 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2010.04.06 19:54:34 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2010.04.06 19:54:33 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2010.04.06 19:54:33 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2010.04.06 19:54:33 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2010.04.06 19:54:33 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2010.04.06 19:54:33 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2010.04.06 19:54:33 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2010.04.06 19:54:33 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2010.04.06 19:54:33 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2010.04.06 19:54:33 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2010.04.06 19:54:33 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2010.04.06 19:54:33 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2010.04.06 19:54:33 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2010.04.06 19:54:33 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2010.04.06 19:54:33 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2010.04.06 19:54:32 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2010.04.06 19:54:32 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2010.04.06 19:54:32 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2010.04.06 19:54:32 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2010.04.06 19:54:32 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2010.04.06 19:54:32 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2010.04.06 19:54:32 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2010.04.06 19:54:32 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2010.04.06 19:54:32 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2010.04.06 19:54:32 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2010.04.06 19:54:32 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2010.04.06 19:54:32 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2010.04.06 19:54:32 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2010.04.06 19:54:32 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2010.04.06 19:54:32 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2010.04.06 19:54:32 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2010.04.06 19:54:32 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2010.04.06 19:54:32 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2010.04.06 19:54:31 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2010.04.06 19:54:31 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2010.04.06 19:54:31 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2010.04.06 19:54:31 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2010.04.06 19:54:31 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2010.04.06 19:54:31 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2010.04.06 19:54:31 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2010.04.06 19:54:31 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2010.04.06 19:54:31 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2010.04.06 19:54:31 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2010.04.06 19:54:31 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2010.04.06 19:54:31 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2010.04.06 19:54:31 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2010.04.06 19:54:30 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2010.04.06 19:54:30 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2010.04.06 19:54:30 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2010.04.06 19:54:30 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2010.04.06 19:54:30 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2010.04.06 19:54:30 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2010.04.06 19:54:30 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2010.04.06 19:54:30 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2010.04.06 19:54:30 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2010.04.06 19:54:30 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2010.04.06 19:54:30 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2010.04.06 19:54:29 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2010.04.06 19:54:29 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2010.04.06 19:54:29 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2010.04.06 19:54:29 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2010.04.06 19:54:29 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2010.04.06 19:54:27 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2010.04.06 19:54:27 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2010.04.06 19:54:27 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2010.04.06 19:54:27 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2010.04.06 19:54:26 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2010.04.06 19:54:26 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2010.04.06 19:54:26 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Marv\Desktop\*.tmp files -> C:\Users\Marv\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.05.05 13:20:10 | 002,359,296 | -HS- | M] () -- C:\Users\Marv\NTUSER.DAT
[2010.05.05 13:17:59 | 075,971,428 | ---- | M] () -- C:\Users\Marv\Desktop\sfgkfziulr.rar
[2010.05.05 13:00:19 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At14.job
[2010.05.05 12:06:36 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.05 12:06:36 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.05 12:06:04 | 001,480,602 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.05.05 12:06:04 | 000,647,138 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.05.05 12:06:04 | 000,609,896 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.05.05 12:06:04 | 000,127,198 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.05.05 12:06:04 | 000,104,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.05.05 12:01:28 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.05 12:01:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.05 12:01:06 | 2616,647,680 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.04 23:50:37 | 006,087,605 | -H-- | M] () -- C:\Users\Marv\AppData\Local\IconCache.db
[2010.05.04 23:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At24.job
[2010.05.04 19:03:54 | 000,387,584 | ---- | M] () -- C:\Users\Marv\Desktop\T2.doc
[2010.05.04 19:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At20.job
[2010.05.04 18:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At19.job
[2010.05.04 17:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At18.job
[2010.05.04 16:14:17 | 000,096,761 | ---- | M] () -- C:\Windows\System32\f4289f6.exe
[2010.05.04 16:14:10 | 000,050,994 | ---- | M] () -- C:\Windows\System32\kuyicjjkqx.exe
[2010.05.04 14:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At15.job
[2010.05.03 22:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At23.job
[2010.05.03 21:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At22.job
[2010.05.03 20:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At21.job
[2010.05.03 18:36:42 | 018,499,623 | ---- | M] () -- C:\Users\Marv\Desktop\vlc-1.0.5-win32.exe
[2010.05.03 16:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At17.job
[2010.05.03 15:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At16.job
[2010.05.03 12:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At13.job
[2010.05.03 11:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At12.job
[2010.05.02 13:20:12 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At6.job
[2010.05.02 13:20:12 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At5.job
[2010.05.02 08:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At9.job
[2010.05.02 07:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At8.job
[2010.05.02 06:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At7.job
[2010.05.02 03:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At4.job
[2010.05.02 02:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At3.job
[2010.05.02 01:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010.05.02 00:02:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010.05.01 23:50:55 | 000,138,384 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.05.01 23:49:58 | 000,215,128 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2010.05.01 21:26:54 | 263,302,987 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.05.01 20:00:22 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010.05.01 19:53:57 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Marv\Desktop\OTL.exe
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.29 10:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At11.job
[2010.04.28 15:51:01 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At10.job
[2010.04.28 15:30:55 | 000,000,988 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.28 15:30:30 | 005,918,720 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Marv\Desktop\mbam-setup-1.45.exe
[2010.04.28 15:25:43 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Marv\Desktop\HiJackThis.exe
[2010.04.27 13:52:54 | 000,385,024 | ---- | M] () -- C:\Windows\System32\bjruhwkfqvketiam.dll
[2010.04.23 17:57:38 | 001,453,568 | ---- | M] () -- C:\Windows\System32\a7212b32.dll
[2010.04.22 17:41:25 | 000,691,696 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys
[2010.04.22 17:34:17 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.04.13 16:24:40 | 000,139,432 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2010.04.09 09:57:19 | 000,000,162 | -H-- | M] () -- C:\Users\Marv\Desktop\~$T2.doc
[2010.04.08 10:34:20 | 018,499,623 | ---- | M] () -- C:\Users\Marv\Documents\vlc-1.0.5-win32.exe
[2010.04.07 17:34:34 | 000,108,824 | ---- | M] () -- C:\Users\Marv\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.04.07 17:33:31 | 000,412,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.04.07 17:26:00 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini
[2010.04.06 22:02:14 | 000,001,518 | ---- | M] () -- C:\Users\Marv\Desktop\BFBC2Game - Verknüpfung.lnk
[2010.04.06 21:33:18 | 000,138,056 | ---- | M] () -- C:\Users\Marv\AppData\Roaming\PnkBstrK.sys
[2010.04.06 21:33:00 | 002,434,856 | ---- | M] () -- C:\Windows\System32\pbsvc_bc2.exe
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Marv\Desktop\*.tmp files -> C:\Users\Marv\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.05.05 12:53:13 | 075,971,428 | ---- | C] () -- C:\Users\Marv\Desktop\sfgkfziulr.rar
[2010.05.04 16:14:17 | 000,096,761 | ---- | C] () -- C:\Windows\System32\f4289f6.exe
[2010.05.04 16:14:10 | 000,050,994 | ---- | C] () -- C:\Windows\System32\kuyicjjkqx.exe
[2010.05.03 18:36:18 | 018,499,623 | ---- | C] () -- C:\Users\Marv\Desktop\vlc-1.0.5-win32.exe
[2010.04.28 15:30:55 | 000,000,988 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.28 14:54:22 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At24.job
[2010.04.27 19:42:24 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At23.job
[2010.04.27 19:42:23 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At22.job
[2010.04.27 19:42:22 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At21.job
[2010.04.27 19:42:22 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At20.job
[2010.04.27 19:42:21 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At19.job
[2010.04.27 19:42:21 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At18.job
[2010.04.27 19:42:20 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At17.job
[2010.04.27 19:42:20 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At16.job
[2010.04.27 19:42:20 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At15.job
[2010.04.27 19:42:19 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At14.job
[2010.04.27 19:42:19 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At13.job
[2010.04.27 19:42:18 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At9.job
[2010.04.27 19:42:18 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At12.job
[2010.04.27 19:42:18 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At11.job
[2010.04.27 19:42:18 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At10.job
[2010.04.27 19:42:17 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At8.job
[2010.04.27 19:42:17 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At7.job
[2010.04.27 19:42:16 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At6.job
[2010.04.27 19:42:16 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At5.job
[2010.04.27 19:42:16 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At4.job
[2010.04.27 19:42:15 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At3.job
[2010.04.27 19:42:15 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At2.job
[2010.04.27 19:42:14 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At1.job
[2010.04.27 13:52:54 | 000,385,024 | ---- | C] () -- C:\Windows\System32\bjruhwkfqvketiam.dll
[2010.04.23 17:57:38 | 001,453,568 | ---- | C] () -- C:\Windows\System32\a7212b32.dll
[2010.04.22 17:41:25 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010.04.22 17:34:17 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.04.13 16:24:40 | 000,139,432 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010.04.09 09:57:19 | 000,000,162 | -H-- | C] () -- C:\Users\Marv\Desktop\~$T2.doc
[2010.04.08 10:34:07 | 018,499,623 | ---- | C] () -- C:\Users\Marv\Documents\vlc-1.0.5-win32.exe
[2010.04.07 17:32:13 | 000,387,584 | ---- | C] () -- C:\Users\Marv\Desktop\T2.doc
[2010.04.06 22:02:14 | 000,001,518 | ---- | C] () -- C:\Users\Marv\Desktop\BFBC2Game - Verknüpfung.lnk
[2010.04.06 21:52:46 | 263,302,987 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.04.06 21:33:18 | 000,138,056 | ---- | C] () -- C:\Users\Marv\AppData\Roaming\PnkBstrK.sys
[2010.04.06 21:33:00 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010.01.29 22:45:31 | 000,138,384 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.08.03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
< End of report >
__________________
Antwort

Themen zu Virus 'HIDDENEXT/Crypted' und mehrere Trojaner
'hiddenext/crypted' [heuristic], 'tr/downloader.gen' [trojan], adobe, anti-malware, antivir, appdata, c:\windows, dienst, leute, mehrere trojaner, neues, nichts, opera, registry, scan, server, spam, spam tabs, svchost.exe, system, temp, tr/crypt.xpack.ge, tr/crypt.xpack.gen, tr/crypt.xpack.gen', tr/crypt.xpack.gen' [trojan], tr/downloader.gen, trojane, trojaner, updates, virus, win, windows


« Trojaner Calfnu.sys taucht wieder auf | Virus:Trojan.Krap.C (Calcoute.dll) und Problem mit CCleaner »


Ähnliche Themen: Virus 'HIDDENEXT/Crypted' und mehrere Trojaner


  1. hiddenext/worm.gen - was tut das genau und bin ich es losgeworden?
    Plagegeister aller Art und deren Bekämpfung - 19.04.2014 (12)
  2. Outlook mit Hiddenext/worm.gen befallen
    Plagegeister aller Art und deren Bekämpfung - 28.03.2014 (7)
  3. hiddenext/worm.gen verschickt E-Mails
    Plagegeister aller Art und deren Bekämpfung - 14.03.2014 (5)
  4. Immer wieder Trojaner gefunden, u.a. hiddenext/crypted
    Plagegeister aller Art und deren Bekämpfung - 02.05.2011 (9)
  5. Imgnute0011.exe (hiddenext worm.gen)
    Plagegeister aller Art und deren Bekämpfung - 22.02.2011 (3)
  6. Avira Guard meldet HTML/Crypted.Gen' [virus]
    Plagegeister aller Art und deren Bekämpfung - 11.11.2010 (10)
  7. HTML/Crypted.Gen' [virus]
    Log-Analyse und Auswertung - 06.05.2010 (7)
  8. HIDDENTEXT/Crypted, hartnäckige Malware/ Trojaner
    Plagegeister aller Art und deren Bekämpfung - 04.05.2010 (10)
  9. 'HTML/Crypted.Gen' [virus] - Aktion Zugriff verweigert
    Plagegeister aller Art und deren Bekämpfung - 07.04.2010 (9)
  10. HTML/Crypted.Gen Trojaner
    Plagegeister aller Art und deren Bekämpfung - 11.08.2009 (1)
  11. Virus im Umlauf TR/Dropper.Gen + HIDDENEXT\Crypted
    Log-Analyse und Auswertung - 28.07.2009 (3)
  12. Bitte um Hilfe zur Auswertung Hijackauszug, Malewarebytes, Virus HTML/Crypted.Gen
    Log-Analyse und Auswertung - 25.06.2009 (0)
  13. TR/Crypt.XPACK.Gen und HIDDENEXT/Crypted
    Log-Analyse und Auswertung - 07.03.2009 (5)
  14. Hilfe! - TR dldr.Agent.agfw und Hiddenext/Crypted
    Plagegeister aller Art und deren Bekämpfung - 09.01.2009 (0)
  15. HEUR-DBLEXT/Crypted und HTML/Crypted.Gen
    Plagegeister aller Art und deren Bekämpfung - 27.09.2007 (5)
  16. HEUR/Crypted entdeckt Bug? Fehlermeldung?Virus Brauch dringend Hilfe!!!!
    Plagegeister aller Art und deren Bekämpfung - 28.03.2007 (9)
  17. HEUR-DBLEXT/Crypted...Virus? Brauche Hilfe
    Log-Analyse und Auswertung - 07.09.2006 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Virus 'HIDDENEXT/Crypted' und mehrere Trojaner - Hi Leute, ich hab mir wohl vor ca 4 Tagen einen Trojaner eingefangen. Wie genau kann ich leider nicht sagen aber ich vermute durch eine PDF. Zuvor: Ich habe Win - Virus 'HIDDENEXT/Crypted' und mehrere Trojaner...
Archiv
Du betrachtest: Virus 'HIDDENEXT/Crypted' und mehrere Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131