Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Alles In Ordnung? (https://www.trojaner-board.de/75617-alles-ordnung.html)

Moritz009 22.07.2009 14:12
Alles In Ordnung?
 
Hier mein Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:59:18, on 22.07.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\HomeCinema\PlayMovie\PMVService.exe
C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Steganos Safe OEM\SteganosHotKeyService.exe
C:\Windows\System32\wpcumi.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aldi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\HomeCinema\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [TVBroadcast] C:\Program Files\Sceneo\AbsolutTV\SERVICES\ODSBC\ODSBCApp.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SAFEOEM HotKeys] "C:\Program Files\Steganos Safe OEM\SteganosHotKeyService.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [Cm106Sound] RunDll32 cm106.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Uninstall_CToolbar] "C:\Windows\Temp\CTun.exe" "/remove"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WinUpd] C:\Users\Mau\AppData\Roaming\WindowsUpd.ese\WinUpd.exe

Swisstreasure 22.07.2009 17:41
Was willst Du uns mit
Zitat:
Alles In Ordnung?
fragen?

Bitte schildere Dein Problem und überlege Dir nächstmal etwas besseres als Titel.

>>
Lasse folgende Datei bei www.VIRUSTOTAL.com/de prüfen und poste das Ergebnis:

Code:
C:\Users\Mau\AppData\Roaming\WindowsUpd.ese\WinUpd.exe
Auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren mit Strg V) --> Klick auf die zu prüfende Datei und öffnen--> klick auf "Senden der Datei"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> hier kopieren

>>
Schliesse alle Fenster und starte Hijack This
Klicke: Do a Systemscan only
Setze ein Häckchen in das Kästchen vor den genannten Einträgen bei: (falls diese noch vorhanden sind)

Code:
O4 - HKCU\..\Run: [WinUpd] C:\Users\Mau\AppData\Roaming\WindowsUpd.ese\WinUpd .exe
und wähle fix checked.

Starte den Rechner neu.

>>
Nun arbeite den Punkt 2 ab aus dem Link in meiner Sigantur.

Gruss Swiss

Moritz009 22.07.2009 20:01
Entschuldigung für den schlechten Titel. Also VirusTotal hat etwas gefunden! Hier das Ergebnis:

Datei WinUpd.exe empfangen 2009.07.22 19:05:33 (UTC)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt
Ergebnis: 21/35 (60%)
Laden der Serverinformationen...
Ihre Datei wartet momentan auf Position: 2.
Geschätzte Startzeit ist zwischen 50 und 71 Sekunden.
Dieses Fenster bis zum Abschluss des Scans nicht schließen.
Der Scanner, welcher momentan Ihre Datei bearbeitet ist momentan gestoppt. Wir warten einige Sekunden um Ihr Ergebnis zu erstellen.
Falls Sie längern als fünf Minuten warten, versenden Sie bitte die Datei erneut.
Ihre Datei wird momentan von VirusTotal überprüft,
Ergebnisse werden sofort nach der Generierung angezeigt.
Filter Filter
Drucken der Ergebnisse Drucken der Ergebnisse
Datei existiert nicht oder dessen Lebensdauer wurde überschritten
Dienst momentan gestoppt. Ihre Datei befindet sich in der Warteschlange (position: ). Diese wird abgearbeitet, wenn der Dienst wieder startet.

SIe können auf einen automatischen reload der homepage warten, oder ihre email in das untere formular eintragen. Klicken Sie auf "Anfragen", damit das System sie benachrichtigt wenn die Überprüfung abgeschlossen ist.
Email:

Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 5.0.0.2 2009.07.22 Win-Trojan/Xema.variant
AntiVir 7.9.0.222 2009.07.22 TR/Agent.yvt
Antiy-AVL 2.0.3.7 2009.07.22 Backdoor/Win32.Bifrose.gen
Authentium 5.1.2.4 2009.07.22 W32/Backdoor2.ETSD
Avast 4.8.1335.0 2009.07.22 Win32:Trojan-gen {Other}
BitDefender 7.2 2009.07.22 Trojan.Generic.1768645
CAT-QuickHeal 10.00 2009.07.22 Backdoor.Bifrose.avtv
ClamAV 0.94.1 2009.07.22 -
Comodo 1734 2009.07.22 -
DrWeb 5.0.0.12182 2009.07.22 -
eTrust-Vet 31.6.6634 2009.07.22 -
F-Prot 4.4.4.56 2009.07.22 W32/Backdoor2.ETSD
Fortinet 3.120.0.0 2009.07.22 PossibleThreat
GData 19 2009.07.22 Trojan.Generic.1768645
Ikarus T3.1.1.64.0 2009.07.22 Backdoor.Win32.Bifrose
Jiangmin 11.0.800 2009.07.22 Backdoor/Bifrose.mim
K7AntiVirus 7.10.799 2009.07.22 Backdoor.Win32.Bifrose.avtv
Kaspersky 7.0.0.125 2009.07.22 Backdoor.Win32.Bifrose.avtv
McAfee 5684 2009.07.22 -
McAfee+Artemis 5684 2009.07.22 Artemis!C41EC941A402
McAfee-GW-Edition 6.8.5 2009.07.22 Trojan.Agent.yvt
Microsoft 1.4903 2009.07.22 Trojan:Win32/VB.RC
NOD32 4267 2009.07.22 -
Norman 6.01.09 2009.07.22 -
nProtect 2009.1.8.0 2009.07.22 Backdoor/W32.Bifrose.692224
PCTools 4.4.2.0 2009.07.22 -
Prevx 3.0 2009.07.22 Medium Risk Malware
Rising 21.39.24.00 2009.07.22 -
Sophos 4.43.0 2009.07.22 Mal/Generic-E
Sunbelt 3.2.1858.2 2009.07.22 -
Symantec 1.4.4.12 2009.07.22 Backdoor.Trojan
TheHacker 6.3.4.3.372 2009.07.21 -
TrendMicro 8.950.0.1094 2009.07.22 -
ViRobot 2009.7.22.1847 2009.07.22 -
VirusBuster 4.6.5.0 2009.07.22 -
weitere Informationen
File size: 692224 bytes
MD5...: c41ec941a402ee2b9bd4b7ffce7abc0b
SHA1..: 794b1bc5017b6bdfe055a291156c90899d700441
SHA256: 26c49795037385de425bb2dd910039594ddb58e3548b422a9ec57264c5df4f7a
ssdeep: 12288:/orsnGzGwE9Nq9JragAnuW9oECPG2IUBOXEK2mCBL:Qrsm9JrYirPGMO0H
mCB
PEiD..: -
TrID..: File type identification
Win32 Executable Microsoft Visual Basic 6 (90.9%)
Win32 Executable Generic (6.1%)
Generic Win/DOS Executable (1.4%)
DOS Executable Generic (1.4%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1960
timedatestamp.....: 0x49e4788c (Tue Apr 14 11:50:36 2009)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x10410 0x11000 5.76 d80473858849214896411b712ba1d8db
.data 0x12000 0xe98 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110
.rsrc 0x13000 0x1198 0x2000 2.80 25a6d08fa6a0338c2e968aee05a1acbc
.str 0x15000 0x94000 0x94000 5.56 51d2d33c9132c3fb193941f0da86a5ae

( 1 imports )
> MSVBVM60.DLL: __vbaVarTstGt, __vbaR8FixI4, __vbaNextEachAry, _CIcos, _adj_fptan, __vbaVarMove, __vbaVarVargNofree, __vbaFreeVar, __vbaAryMove, __vbaStrVarMove, __vbaLenBstr, __vbaEnd, __vbaFreeVarList, __vbaPut3, _adj_fdiv_m64, __vbaRaiseEvent, _adj_fprem1, -, __vbaRecAnsiToUni, __vbaStrCat, __vbaLsetFixstr, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryVar, -, __vbaAryDestruct, __vbaExitProc, -, __vbaVarForInit, -, __vbaObjSet, __vbaOnError, -, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaVarIndexLoad, __vbaStrFixstr, __vbaBoolVarNull, __vbaFpR8, _CIsin, __vbaErase, -, -, __vbaVarZero, __vbaChkstk, -, __vbaFileClose, EVENT_SINK_AddRef, __vbaGenerateBoundsError, -, __vbaGet3, __vbaStrCmp, __vbaPutOwner3, __vbaAryConstruct2, __vbaVarTstEq, __vbaI2I4, DllFunctionCall, __vbaLbound, __vbaRedimPreserve, _adj_fpatan, __vbaFixstrConstruct, __vbaRedim, __vbaRecUniToAnsi, EVENT_SINK_Release, __vbaUI1I2, -, _CIsqrt, EVENT_SINK_QueryInterface, __vbaStr2Vec, __vbaUI1I4, __vbaExceptHandler, -, -, __vbaStrToUnicode, _adj_fprem, _adj_fdivr_m64, -, -, __vbaFPException, __vbaInStrVar, -, __vbaGetOwner3, __vbaUbound, __vbaStrVarVal, __vbaVarCat, __vbaI2Var, -, -, _CIlog, __vbaErrorOverflow, __vbaFileOpen, -, -, __vbaNew2, __vbaVar2Vec, __vbaR8Str, __vbaInStr, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaVarNot, __vbaFreeStrList, -, __vbaDerefAry1, _adj_fdivr_m32, __vbaPowerR8, _adj_fdiv_r, -, -, -, -, __vbaVarTstNe, __vbaI4Var, __vbaVarCmpEq, __vbaForEachAry, __vbaAryLock, __vbaStrToAnsi, __vbaVarDup, __vbaFpI4, -, _CIatan, __vbaAryCopy, __vbaStrMove, __vbaStrVarCopy, __vbaR8IntI4, _allmul, _CItan, __vbaUI1Var, __vbaAryUnlock, __vbaVarForNext, _CIexp, __vbaI4ErrVar, __vbaFreeObj, __vbaFreeStr

( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=8DD0D7A3002E66DF90560A3A92FEAC00FAA75AA4' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=8DD0D7A3002E66DF90560A3A92FEAC00FAA75AA4</a>

Swisstreasure 22.07.2009 21:16
Tönt schonmal nich so gut. Nun noch den Rest abarbeiten bitte.

Gruss Swiss

Moritz009 23.07.2009 08:47
ok also ich wurde vor einiger zeit gehackt und wollte mal nachfragen, ob ich was auf meinem computer hab.

Moritz009 26.07.2009 13:37
ok... poste ich gleich

Moritz009 26.07.2009 13:41
also hier ist es von Malwarebytes:

Code:
Malwarebytes' Anti-Malware 1.36
Datenbank Version: 2171
Windows 6.0.6002 Service Pack 2

26.07.2009 13:08:15
mbam-log-2009-07-26 (13-08-15).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|F:\|G:\|H:\|)
Durchsuchte Objekte: 268601
Laufzeit: 25 minute(s), 39 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Moritz009 26.07.2009 13:49
und hier von RSIT:

Code:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Mau at 2009-07-26 14:43:38
Microsoft® Windows Vista™ Home Premium  Service Pack 2
System drive C: has 407 GB (89%) free of 456 GB
Total RAM: 3069 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:43:40, on 26.07.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\HomeCinema\PlayMovie\PMVService.exe
C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Steganos Safe OEM\SteganosHotKeyService.exe
C:\Windows\System32\wpcumi.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\TuneUp Utilities 2008\RegistryCleaner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Mau\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Mau.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aldi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\HomeCinema\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [TVBroadcast] C:\Program Files\Sceneo\AbsolutTV\SERVICES\ODSBC\ODSBCApp.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SAFEOEM HotKeys] "C:\Program Files\Steganos Safe OEM\SteganosHotKeyService.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [Cm106Sound] RunDll32 cm106.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-15/4 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-15/4 (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe
O23 - Service: GnabService - Empolis GmbH - c:\program files\common files\gnab\service\servicecontroller.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sceneo PVR Service (srvcPVR) - Buhl Data Service GmbH - C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 8417 bytes

======Scheduled tasks folder======

C:\Windows\tasks\1-Klick-Wartung.job
C:\Windows\tasks\User_Feed_Synchronization-{57B4222D-397F-4926-BB5C-DCF8DB30DE1E}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"BDRegion"=C:\Program Files\Cyberlink\Shared Files\brs.exe [2008-01-30 91432]
"PlayMovie"=C:\Program Files\HomeCinema\PlayMovie\PMVService.exe [2008-02-15 172032]
"TVBroadcast"=C:\Program Files\Sceneo\AbsolutTV\SERVICES\ODSBC\ODSBCApp.exe [2008-04-11 937984]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-03-26 5369856]
"Skytel"=C:\Windows\Skytel.exe [2007-11-20 1826816]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-04-03 13535776]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-04-03 92704]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"SAFEOEM HotKeys"=C:\Program Files\Steganos Safe OEM\SteganosHotKeyService.exe [2008-12-11 26112]
"WPCUMI"=C:\Windows\system32\WpcUmi.exe [2006-11-02 176128]
"Cm106Sound"=RunDll32 cm106.cpl,CMICtrlWnd []
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-02-23 220160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-10 1233920]
"HijackThis startup scan"=C:\Program Files\Trend Micro\HijackThis\HijackThis.exe [2009-05-19 396288]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-05-14 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b3fa402-149f-11de-a1c9-0015af72bcdf}]
shell\AutoRun\command - I:\Menu.exe


======List of files/folders created in the last 1 months======

2009-07-26 14:43:38 ----D---- C:\rsit
2009-07-26 14:27:16 ----A---- C:\Windows\ntbtlog.txt
2009-07-22 14:51:26 ----D---- C:\Windows\system32\eu-ES
2009-07-22 14:51:26 ----D---- C:\Windows\system32\ca-ES
2009-07-22 14:51:25 ----D---- C:\Windows\system32\vi-VN
2009-07-22 14:47:18 ----D---- C:\Windows\system32\SPReview
2009-07-22 14:38:55 ----A---- C:\Windows\system32\scavenge.dll
2009-07-22 14:38:42 ----A---- C:\Windows\system32\compcln.exe
2009-07-22 14:37:56 ----A---- C:\Windows\system32\secur32.dll
2009-07-22 14:37:56 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2009-07-22 14:37:56 ----A---- C:\Windows\system32\secproc_ssp.dll
2009-07-22 14:37:56 ----A---- C:\Windows\system32\secproc_isv.dll
2009-07-22 14:37:56 ----A---- C:\Windows\system32\secproc.dll
2009-07-22 14:37:56 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2009-07-22 14:37:56 ----A---- C:\Windows\system32\SearchFilterHost.exe
2009-07-22 14:37:55 ----A---- C:\Windows\system32\SearchIndexer.exe
2009-07-22 14:37:55 ----A---- C:\Windows\system32\sdohlp.dll
2009-07-22 14:37:55 ----A---- C:\Windows\system32\sdclt.exe
2009-07-22 14:37:55 ----A---- C:\Windows\system32\samlib.dll
2009-07-22 14:37:55 ----A---- C:\Windows\system32\rtutils.dll
2009-07-22 14:37:55 ----A---- C:\Windows\system32\rtffilt.dll
2009-07-22 14:37:55 ----A---- C:\Windows\system32\rsaenh.dll
2009-07-22 14:37:55 ----A---- C:\Windows\system32\rrinstaller.exe
2009-07-22 14:37:55 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2009-07-22 14:37:54 ----A---- C:\Windows\system32\rpcss.dll
2009-07-22 14:37:54 ----A---- C:\Windows\system32\rpchttp.dll
2009-07-22 14:37:54 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2009-07-22 14:37:54 ----A---- C:\Windows\system32\RMActivate_isv.exe
2009-07-22 14:37:54 ----A---- C:\Windows\system32\RMActivate.exe
2009-07-22 14:37:54 ----A---- C:\Windows\system32\riched20.dll
2009-07-22 14:37:53 ----A---- C:\Windows\system32\scrrun.dll
2009-07-22 14:37:53 ----A---- C:\Windows\system32\SCardSvr.dll
2009-07-22 14:37:53 ----A---- C:\Windows\system32\scansetting.dll
2009-07-22 14:37:53 ----A---- C:\Windows\system32\samsrv.dll
2009-07-22 14:37:51 ----A---- C:\Windows\system32\scrobj.dll
2009-07-22 14:37:51 ----A---- C:\Windows\system32\scksp.dll
2009-07-22 14:37:51 ----A---- C:\Windows\system32\schedsvc.dll
2009-07-22 14:37:51 ----A---- C:\Windows\system32\schannel.dll
2009-07-22 14:37:51 ----A---- C:\Windows\system32\scesrv.dll
2009-07-22 14:37:51 ----A---- C:\Windows\system32\scecli.dll
2009-07-22 14:37:50 ----A---- C:\Windows\system32\pdh.dll
2009-07-22 14:37:49 ----A---- C:\Windows\system32\PNPXAssoc.dll
2009-07-22 14:37:49 ----A---- C:\Windows\system32\PnPutil.exe
2009-07-22 14:37:49 ----A---- C:\Windows\system32\perfdisk.dll
2009-07-22 14:37:49 ----A---- C:\Windows\system32\PerfCenterCPL.dll
2009-07-22 14:37:49 ----A---- C:\Windows\system32\pcaui.dll
2009-07-22 14:37:49 ----A---- C:\Windows\system32\p2psvc.dll
2009-07-22 14:37:49 ----A---- C:\Windows\system32\P2PGraph.dll
2009-07-22 14:37:48 ----A---- C:\Windows\system32\powercpl.dll
2009-07-22 14:37:48 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-07-22 14:37:48 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-07-22 14:37:48 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-07-22 14:37:48 ----A---- C:\Windows\system32\PnPUnattend.exe
2009-07-22 14:37:48 ----A---- C:\Windows\system32\pnpui.dll
2009-07-22 14:37:48 ----A---- C:\Windows\system32\pnpsetup.dll
2009-07-22 14:37:48 ----A---- C:\Windows\system32\pnidui.dll
2009-07-22 14:37:48 ----A---- C:\Windows\system32\photowiz.dll
2009-07-22 14:37:47 ----A---- C:\Windows\system32\PkgMgr.exe
2009-07-22 14:37:47 ----A---- C:\Windows\system32\pidgenx.dll

Moritz009 26.07.2009 13:53
hier geht´s weiter:

Code:
2009-07-22 14:37:47 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-07-22 14:37:47 ----A---- C:\Windows\system32\ntdll.dll
2009-07-22 14:37:47 ----A---- C:\Windows\system32\nslookup.exe
2009-07-22 14:37:46 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-07-22 14:37:45 ----A---- C:\Windows\system32\oleaut32.dll
2009-07-22 14:37:45 ----A---- C:\Windows\system32\offfilt.dll
2009-07-22 14:37:45 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2009-07-22 14:37:45 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2009-07-22 14:37:45 ----A---- C:\Windows\system32\nlhtml.dll
2009-07-22 14:37:44 ----A---- C:\Windows\system32\osk.exe
2009-07-22 14:37:44 ----A---- C:\Windows\system32\oobefldr.dll
2009-07-22 14:37:44 ----A---- C:\Windows\system32\onex.dll
2009-07-22 14:37:44 ----A---- C:\Windows\system32\olepro32.dll
2009-07-22 14:37:44 ----A---- C:\Windows\system32\oleprn.dll
2009-07-22 14:37:44 ----A---- C:\Windows\system32\ole32.dll
2009-07-22 14:37:44 ----A---- C:\Windows\system32\odbccp32.dll
2009-07-22 14:37:44 ----A---- C:\Windows\system32\odbcconf.dll
2009-07-22 14:37:44 ----A---- C:\Windows\system32\odbc32.dll
2009-07-22 14:37:44 ----A---- C:\Windows\system32\ocsetup.exe
2009-07-22 14:37:43 ----A---- C:\Windows\system32\rasmontr.dll
2009-07-22 14:37:43 ----A---- C:\Windows\system32\rasmans.dll
2009-07-22 14:37:43 ----A---- C:\Windows\system32\rasgcw.dll
2009-07-22 14:37:43 ----A---- C:\Windows\system32\rasdlg.dll
2009-07-22 14:37:43 ----A---- C:\Windows\system32\rasdial.exe
2009-07-22 14:37:43 ----A---- C:\Windows\system32\rasdiag.dll
2009-07-22 14:37:43 ----A---- C:\Windows\system32\raschap.dll
2009-07-22 14:37:43 ----A---- C:\Windows\system32\rasapi32.dll
2009-07-22 14:37:43 ----A---- C:\Windows\system32\occache.dll
2009-07-22 14:37:43 ----A---- C:\Windows\system32\ntprint.dll
2009-07-22 14:37:43 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-07-22 14:37:43 ----A---- C:\Windows\system32\ntmarta.dll
2009-07-22 14:37:42 ----A---- C:\Windows\system32\rastls.dll
2009-07-22 14:37:42 ----A---- C:\Windows\system32\rastapi.dll
2009-07-22 14:37:42 ----A---- C:\Windows\system32\rasppp.dll
2009-07-22 14:37:42 ----A---- C:\Windows\system32\rasplap.dll
2009-07-22 14:37:42 ----A---- C:\Windows\system32\Query.dll
2009-07-22 14:37:42 ----A---- C:\Windows\system32\quartz.dll
2009-07-22 14:37:42 ----A---- C:\Windows\system32\qmgr.dll
2009-07-22 14:37:42 ----A---- C:\Windows\system32\qedit.dll
2009-07-22 14:37:41 ----A---- C:\Windows\system32\RelMon.dll
2009-07-22 14:37:41 ----A---- C:\Windows\system32\rekeywiz.exe
2009-07-22 14:37:41 ----A---- C:\Windows\system32\regsvc.dll
2009-07-22 14:37:41 ----A---- C:\Windows\system32\RacEngn.dll
2009-07-22 14:37:40 ----A---- C:\Windows\system32\reg.exe
2009-07-22 14:37:40 ----A---- C:\Windows\system32\rdpencom.dll
2009-07-22 14:37:39 ----A---- C:\Windows\system32\regapi.dll
2009-07-22 14:37:39 ----A---- C:\Windows\system32\rdpwsx.dll
2009-07-22 14:37:39 ----A---- C:\Windows\system32\prnntfy.dll
2009-07-22 14:37:39 ----A---- C:\Windows\system32\printui.dll
2009-07-22 14:37:39 ----A---- C:\Windows\system32\PresentationSettings.exe
2009-07-22 14:37:39 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-07-22 14:37:39 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-07-22 14:37:39 ----A---- C:\Windows\system32\PresentationHost.exe
2009-07-22 14:37:38 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-07-22 14:37:38 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-07-22 14:37:38 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-07-22 14:37:38 ----A---- C:\Windows\system32\powrprof.dll
2009-07-22 14:37:37 ----A---- C:\Windows\system32\qdvd.dll
2009-07-22 14:37:37 ----A---- C:\Windows\system32\QAGENTRT.DLL
2009-07-22 14:37:37 ----A---- C:\Windows\system32\puiapi.dll
2009-07-22 14:37:37 ----A---- C:\Windows\system32\propdefs.dll
2009-07-22 14:37:37 ----A---- C:\Windows\system32\profsvc.dll
2009-07-22 14:37:36 ----A---- C:\Windows\system32\psisdecd.dll
2009-07-22 14:37:36 ----A---- C:\Windows\system32\PSHED.DLL
2009-07-22 14:37:36 ----A---- C:\Windows\system32\propsys.dll
2009-07-22 14:37:34 ----A---- C:\Windows\system32\sendmail.dll
2009-07-22 14:37:33 ----A---- C:\Windows\system32\shlwapi.dll
2009-07-22 14:37:33 ----A---- C:\Windows\system32\shell32.dll
2009-07-22 14:37:33 ----A---- C:\Windows\system32\shdocvw.dll
2009-07-22 14:37:32 ----A---- C:\Windows\system32\setupapi.dll
2009-07-22 14:37:32 ----A---- C:\Windows\system32\sethc.exe
2009-07-22 14:37:32 ----A---- C:\Windows\system32\services.exe
2009-07-22 14:37:29 ----A---- C:\Windows\system32\eapphost.dll
2009-07-22 14:37:29 ----A---- C:\Windows\system32\eappgnui.dll
2009-07-22 14:37:28 ----A---- C:\Windows\system32\EhStorAPI.dll
2009-07-22 14:37:28 ----A---- C:\Windows\system32\eappcfg.dll
2009-07-22 14:37:28 ----A---- C:\Windows\system32\eapp3hst.dll
2009-07-22 14:37:28 ----A---- C:\Windows\system32\dxmasf.dll
2009-07-22 14:37:28 ----A---- C:\Windows\system32\dsprop.dll
2009-07-22 14:37:28 ----A---- C:\Windows\system32\dsound.dll
2009-07-22 14:37:27 ----A---- C:\Windows\system32\ExplorerFrame.dll
2009-07-22 14:37:27 ----A---- C:\Windows\system32\evr.dll
2009-07-22 14:37:27 ----A---- C:\Windows\system32\eudcedit.exe
2009-07-22 14:37:27 ----A---- C:\Windows\system32\esent.dll
2009-07-22 14:37:27 ----A---- C:\Windows\system32\dwm.exe
2009-07-22 14:37:27 ----A---- C:\Windows\explorer.exe
2009-07-22 14:37:26 ----A---- C:\Windows\system32\f3ahvoas.dll
2009-07-22 14:37:26 ----A---- C:\Windows\system32\extmgr.dll
2009-07-22 14:37:26 ----A---- C:\Windows\system32\es.dll
2009-07-22 14:37:26 ----A---- C:\Windows\system32\EncDec.dll
2009-07-22 14:37:26 ----A---- C:\Windows\system32\emdmgmt.dll
2009-07-22 14:37:26 ----A---- C:\Windows\system32\EhStorShell.dll
2009-07-22 14:37:26 ----A---- C:\Windows\system32\EhStorPwdMgr.dll
2009-07-22 14:37:26 ----A---- C:\Windows\system32\EhStorAuthn.dll
2009-07-22 14:37:25 ----A---- C:\Windows\system32\diskraid.exe
2009-07-22 14:37:25 ----A---- C:\Windows\system32\diskpart.exe
2009-07-22 14:37:25 ----A---- C:\Windows\system32\dimsroam.dll
2009-07-22 14:37:25 ----A---- C:\Windows\system32\diagperf.dll
2009-07-22 14:37:25 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2009-07-22 14:37:25 ----A---- C:\Windows\system32\dfsr.exe
2009-07-22 14:37:25 ----A---- C:\Windows\system32\dfshim.dll
2009-07-22 14:37:25 ----A---- C:\Windows\system32\devmgr.dll
2009-07-22 14:37:24 ----A---- C:\Windows\system32\drvstore.dll
2009-07-22 14:37:24 ----A---- C:\Windows\system32\drvinst.exe
2009-07-22 14:37:24 ----A---- C:\Windows\system32\drmmgrtn.dll
2009-07-22 14:37:24 ----A---- C:\Windows\system32\dpapimig.exe
2009-07-22 14:37:24 ----A---- C:\Windows\system32\dot3svc.dll
2009-07-22 14:37:24 ----A---- C:\Windows\system32\dot3msm.dll
2009-07-22 14:37:24 ----A---- C:\Windows\system32\dot3cfg.dll
2009-07-22 14:37:24 ----A---- C:\Windows\system32\dhcpcsvc.dll
2009-07-22 14:37:23 ----A---- C:\Windows\system32\hbaapi.dll
2009-07-22 14:37:23 ----A---- C:\Windows\system32\gpresult.exe
2009-07-22 14:37:23 ----A---- C:\Windows\system32\drmv2clt.dll
2009-07-22 14:37:23 ----A---- C:\Windows\system32\dnsrslvr.dll
2009-07-22 14:37:23 ----A---- C:\Windows\system32\dnsapi.dll
2009-07-22 14:37:23 ----A---- C:\Windows\system32\dmusic.dll
2009-07-22 14:37:23 ----A---- C:\Windows\system32\dmsynth.dll
2009-07-22 14:37:22 ----A---- C:\Windows\system32\iasnap.dll
2009-07-22 14:37:22 ----A---- C:\Windows\system32\IasMigReader.exe
2009-07-22 14:37:22 ----A---- C:\Windows\system32\iashlpr.dll
2009-07-22 14:37:22 ----A---- C:\Windows\system32\iasdatastore.dll
2009-07-22 14:37:22 ----A---- C:\Windows\system32\iasads.dll
2009-07-22 14:37:22 ----A---- C:\Windows\system32\iasacct.dll
2009-07-22 14:37:22 ----A---- C:\Windows\system32\gpupdate.exe
2009-07-22 14:37:22 ----A---- C:\Windows\system32\gpsvc.dll
2009-07-22 14:37:21 ----A---- C:\Windows\system32\IasMigPlugin.dll
2009-07-22 14:37:21 ----A---- C:\Windows\system32\hidserv.dll
2009-07-22 14:37:21 ----A---- C:\Windows\system32\hdwwiz.exe
2009-07-22 14:37:21 ----A---- C:\Windows\system32\fontext.dll
2009-07-22 14:37:21 ----A---- C:\Windows\system32\findstr.exe
2009-07-22 14:37:21 ----A---- C:\Windows\system32\fc.exe
2009-07-22 14:37:21 ----A---- C:\Windows\system32\Faultrep.dll
2009-07-22 14:37:20 ----A---- C:\Windows\system32\gpapi.dll
2009-07-22 14:37:20 ----A---- C:\Windows\system32\gdi32.dll
2009-07-22 14:37:20 ----A---- C:\Windows\system32\feclient.dll
2009-07-22 14:37:20 ----A---- C:\Windows\system32\fdWSD.dll
2009-07-22 14:37:20 ----A---- C:\Windows\system32\fdWCN.dll
2009-07-22 14:37:20 ----A---- C:\Windows\system32\fdSSDP.dll
2009-07-22 14:37:20 ----A---- C:\Windows\system32\fdProxy.dll
2009-07-22 14:37:20 ----A---- C:\Windows\system32\fdeploy.dll
2009-07-22 14:37:20 ----A---- C:\Windows\system32\fdBthProxy.dll
2009-07-22 14:37:20 ----A---- C:\Windows\system32\fdBth.dll
2009-07-22 14:37:19 ----A---- C:\Windows\system32\gpedit.dll
2009-07-22 14:37:19 ----A---- C:\Windows\system32\gameux.dll
2009-07-22 14:37:19 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2009-07-22 14:37:19 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2009-07-22 14:37:19 ----A---- C:\Windows\system32\fundisc.dll
2009-07-22 14:37:19 ----A---- C:\Windows\system32\FunctionDiscoveryFolder.dll
2009-07-22 14:37:19 ----A---- C:\Windows\system32\ftp.exe
2009-07-22 14:37:19 ----A---- C:\Windows\system32\audiosrv.dll
2009-07-22 14:37:18 ----A---- C:\Windows\system32\AuxiliaryDisplayServices.dll
2009-07-22 14:37:18 ----A---- C:\Windows\system32\AuxiliaryDisplayDriverLib.dll
2009-07-22 14:37:18 ----A---- C:\Windows\system32\AuxiliaryDisplayCpl.dll
2009-07-22 14:37:18 ----A---- C:\Windows\system32\autoplay.dll
2009-07-22 14:37:18 ----A---- C:\Windows\system32\autofmt.exe
2009-07-22 14:37:18 ----A---- C:\Windows\system32\autoconv.exe
2009-07-22 14:37:18 ----A---- C:\Windows\system32\autochk.exe
2009-07-22 14:37:18 ----A---- C:\Windows\system32\authz.dll
2009-07-22 14:37:18 ----A---- C:\Windows\system32\authui.dll
2009-07-22 14:37:18 ----A---- C:\Windows\system32\AudioSes.dll
2009-07-22 14:37:18 ----A---- C:\Windows\system32\audiodg.exe
2009-07-22 14:37:16 ----A---- C:\Windows\system32\brcpl.dll
2009-07-22 14:37:15 ----A---- C:\Windows\system32\bthci.dll
2009-07-22 14:37:15 ----A---- C:\Windows\system32\browseui.dll
2009-07-22 14:37:15 ----A---- C:\Windows\system32\basecsp.dll
2009-07-22 14:37:14 ----A---- C:\Windows\system32\blackbox.dll
2009-07-22 14:37:14 ----A---- C:\Windows\system32\bitsigd.dll
2009-07-22 14:37:14 ----A---- C:\Windows\system32\BFE.DLL
2009-07-22 14:37:14 ----A---- C:\Windows\system32\bcrypt.dll
2009-07-22 14:37:14 ----A---- C:\Windows\system32\azroles.dll
2009-07-22 14:37:14 ----A---- C:\Windows\system32\accessibilitycpl.dll
2009-07-22 14:37:13 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-07-22 14:37:13 ----A---- C:\Windows\system32\apphelp.dll
2009-07-22 14:37:13 ----A---- C:\Windows\system32\apds.dll
2009-07-22 14:37:13 ----A---- C:\Windows\system32\aaclient.dll
2009-07-22 14:37:12 ----A---- C:\Windows\system32\advapi32.dll
2009-07-22 14:37:12 ----A---- C:\Windows\system32\adtschema.dll
2009-07-22 14:37:12 ----A---- C:\Windows\system32\adsmsext.dll
2009-07-22 14:37:12 ----A---- C:\Windows\system32\adsldpc.dll
2009-07-22 14:37:11 ----A---- C:\Windows\system32\crypt32.dll
2009-07-22 14:37:11 ----A---- C:\Windows\system32\credui.dll
2009-07-22 14:37:11 ----A---- C:\Windows\system32\connect.dll
2009-07-22 14:37:11 ----A---- C:\Windows\system32\conime.exe
2009-07-22 14:37:11 ----A---- C:\Windows\system32\comuid.dll
2009-07-22 14:37:11 ----A---- C:\Windows\system32\comsvcs.dll
2009-07-22 14:37:10 ----A---- C:\Windows\system32\dbgeng.dll
2009-07-22 14:37:10 ----A---- C:\Windows\system32\davclnt.dll
2009-07-22 14:37:10 ----A---- C:\Windows\system32\comdlg32.dll
2009-07-22 14:37:10 ----A---- C:\Windows\system32\cmmon32.exe
2009-07-22 14:37:10 ----A---- C:\Windows\system32\cmdial32.dll
2009-07-22 14:37:09 ----A---- C:\Windows\system32\DevicePairingWizard.exe
2009-07-22 14:37:09 ----A---- C:\Windows\system32\DevicePairingProxy.dll
2009-07-22 14:37:09 ----A---- C:\Windows\system32\DevicePairing.dll
2009-07-22 14:37:09 ----A---- C:\Windows\system32\DeviceEject.exe
2009-07-22 14:37:09 ----A---- C:\Windows\system32\dataclen.dll
2009-07-22 14:37:09 ----A---- C:\Windows\system32\d3d9.dll
2009-07-22 14:37:09 ----A---- C:\Windows\system32\csrstub.exe
2009-07-22 14:37:09 ----A---- C:\Windows\system32\cscript.exe
2009-07-22 14:37:09 ----A---- C:\Windows\system32\cscdll.dll
2009-07-22 14:37:09 ----A---- C:\Windows\system32\cscapi.dll
2009-07-22 14:37:09 ----A---- C:\Windows\system32\cryptui.dll
2009-07-22 14:37:09 ----A---- C:\Windows\system32\cryptsvc.dll
2009-07-22 14:37:08 ----A---- C:\Windows\system32\certmgr.dll
2009-07-22 14:37:08 ----A---- C:\Windows\system32\CertEnrollUI.dll
2009-07-22 14:37:08 ----A---- C:\Windows\system32\CertEnroll.dll
2009-07-22 14:37:08 ----A---- C:\Windows\system32\certcli.dll
2009-07-22 14:37:08 ----A---- C:\Windows\system32\cdd.dll
2009-07-22 14:37:07 ----A---- C:\Windows\system32\ci.dll
2009-07-22 14:37:07 ----A---- C:\Windows\system32\cbsra.exe
2009-07-22 14:37:07 ----A---- C:\Windows\system32\bthudtask.exe
2009-07-22 14:37:07 ----A---- C:\Windows\system32\bthserv.dll
2009-07-22 14:37:06 ----A---- C:\Windows\system32\cipher.exe
2009-07-22 14:37:06 ----A---- C:\Windows\system32\CHxReadingStringIME.dll
2009-07-22 14:37:06 ----A---- C:\Windows\system32\chtbrkr.dll
2009-07-22 14:37:06 ----A---- C:\Windows\system32\chsbrkr.dll
2009-07-22 14:37:06 ----A---- C:\Windows\system32\certreq.exe
2009-07-22 14:37:05 ----A---- C:\Windows\system32\msftedit.dll
2009-07-22 14:37:05 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-07-22 14:37:05 ----A---- C:\Windows\system32\msfeeds.dll
2009-07-22 14:37:05 ----A---- C:\Windows\system32\msdtctm.dll
2009-07-22 14:37:05 ----A---- C:\Windows\system32\certutil.exe
2009-07-22 14:37:05 ----A---- C:\Windows\system32\certprop.dll
2009-07-22 14:37:04 ----A---- C:\Windows\system32\msihnd.dll
2009-07-22 14:37:04 ----A---- C:\Windows\system32\msiexec.exe
2009-07-22 14:37:04 ----A---- C:\Windows\system32\msi.dll
2009-07-22 14:37:04 ----A---- C:\Windows\system32\mshtmled.dll
2009-07-22 14:37:04 ----A---- C:\Windows\system32\msexcl40.dll
2009-07-22 14:37:04 ----A---- C:\Windows\system32\msexch40.dll
2009-07-22 14:37:02 ----A---- C:\Windows\system32\msimsg.dll
2009-07-22 14:37:02 ----A---- C:\Windows\system32\msdtcprx.dll
2009-07-22 14:37:02 ----A---- C:\Windows\system32\msdrm.dll
2009-07-22 14:37:02 ----A---- C:\Windows\system32\msctfui.dll
2009-07-22 14:37:02 ----A---- C:\Windows\system32\msctfp.dll
2009-07-22 14:37:02 ----A---- C:\Windows\system32\MsCtfMonitor.dll
2009-07-22 14:37:02 ----A---- C:\Windows\system32\msctf.dll
2009-07-22 14:37:01 ----A---- C:\Windows\system32\MPSSVC.dll
2009-07-22 14:37:01 ----A---- C:\Windows\system32\mprapi.dll
2009-07-22 14:37:01 ----A---- C:\Windows\system32\mpr.dll
2009-07-22 14:37:00 ----A---- C:\Windows\system32\mscms.dll
2009-07-22 14:37:00 ----A---- C:\Windows\system32\mscandui.dll
2009-07-22 14:37:00 ----A---- C:\Windows\system32\modemui.dll
2009-07-22 14:37:00 ----A---- C:\Windows\system32\MMDevAPI.dll
2009-07-22 14:36:59 ----A---- C:\Windows\system32\mscories.dll
2009-07-22 14:36:59 ----A---- C:\Windows\system32\mscorier.dll
2009-07-22 14:36:59 ----A---- C:\Windows\system32\mscoree.dll
2009-07-22 14:36:58 ----A---- C:\Windows\system32\NetProjW.dll
2009-07-22 14:36:58 ----A---- C:\Windows\system32\netplwiz.dll
2009-07-22 14:36:58 ----A---- C:\Windows\system32\netcenter.dll
2009-07-22 14:36:58 ----A---- C:\Windows\system32\netapi32.dll
2009-07-22 14:36:58 ----A---- C:\Windows\system32\ncryptui.dll
2009-07-22 14:36:58 ----A---- C:\Windows\system32\ncrypt.dll
2009-07-22 14:36:57 ----A---- C:\Windows\system32\netlogon.dll
2009-07-22 14:36:57 ----A---- C:\Windows\system32\netiohlp.dll
2009-07-22 14:36:57 ----A---- C:\Windows\system32\mtxclu.dll
2009-07-22 14:36:56 ----A---- C:\Windows\system32\msxml6.dll
2009-07-22 14:36:55 ----A---- C:\Windows\system32\newdev.exe
2009-07-22 14:36:55 ----A---- C:\Windows\system32\newdev.dll
2009-07-22 14:36:55 ----A---- C:\Windows\system32\netshell.dll
2009-07-22 14:36:55 ----A---- C:\Windows\system32\NcdProp.dll
2009-07-22 14:36:55 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-07-22 14:36:55 ----A---- C:\Windows\system32\msxml3.dll
2009-07-22 14:36:54 ----A---- C:\Windows\system32\networkmap.dll
2009-07-22 14:36:54 ----A---- C:\Windows\system32\networkitemfactory.dll
2009-07-22 14:36:54 ----A---- C:\Windows\system32\networkexplorer.dll
2009-07-22 14:36:54 ----A---- C:\Windows\system32\msscntrs.dll
2009-07-22 14:36:54 ----A---- C:\Windows\system32\msscb.dll
2009-07-22 14:36:54 ----A---- C:\Windows\system32\msrepl40.dll

Moritz009 26.07.2009 13:55
und der nächste Teil:

Code:

2009-07-22 14:36:54 ----A---- C:\Windows\system32\msrating.dll
2009-07-22 14:36:54 ----A---- C:\Windows\system32\mspbde40.dll
2009-07-22 14:36:54 ----A---- C:\Windows\system32\msnetobj.dll
2009-07-22 14:36:54 ----A---- C:\Windows\system32\MSMPEG2VDEC.DLL
2009-07-22 14:36:54 ----A---- C:\Windows\system32\msltus40.dll
2009-07-22 14:36:53 ----A---- C:\Windows\system32\msvcp60.dll
2009-07-22 14:36:53 ----A---- C:\Windows\system32\msv1_0.dll
2009-07-22 14:36:53 ----A---- C:\Windows\system32\msutb.dll
2009-07-22 14:36:53 ----A---- C:\Windows\system32\msrd3x40.dll
2009-07-22 14:36:53 ----A---- C:\Windows\system32\msrd2x40.dll
2009-07-22 14:36:53 ----A---- C:\Windows\system32\msjtes40.dll
2009-07-22 14:36:53 ----A---- C:\Windows\system32\msjter40.dll
2009-07-22 14:36:53 ----A---- C:\Windows\system32\msjint40.dll
2009-07-22 14:36:53 ----A---- C:\Windows\system32\msjetoledb40.dll
2009-07-22 14:36:53 ----A---- C:\Windows\system32\msjet40.dll
2009-07-22 14:36:53 ----A---- C:\Windows\system32\msisip.dll
2009-07-22 14:36:53 ----A---- C:\Windows\system32\msinfo32.exe
2009-07-22 14:36:53 ----A---- C:\Windows\system32\msimtf.dll
2009-07-22 14:36:52 ----A---- C:\Windows\system32\msxbde40.dll
2009-07-22 14:36:52 ----A---- C:\Windows\system32\mswstr10.dll
2009-07-22 14:36:52 ----A---- C:\Windows\system32\mswsock.dll
2009-07-22 14:36:52 ----A---- C:\Windows\system32\mswdat10.dll
2009-07-22 14:36:52 ----A---- C:\Windows\system32\MSVidCtl.dll
2009-07-22 14:36:52 ----A---- C:\Windows\system32\msvcrt.dll
2009-07-22 14:36:52 ----A---- C:\Windows\system32\mstscax.dll
2009-07-22 14:36:52 ----A---- C:\Windows\system32\mssrch.dll
2009-07-22 14:36:52 ----A---- C:\Windows\system32\mssprxy.dll
2009-07-22 14:36:52 ----A---- C:\Windows\system32\mssphtb.dll
2009-07-22 14:36:52 ----A---- C:\Windows\system32\mssph.dll
2009-07-22 14:36:52 ----A---- C:\Windows\system32\mssitlb.dll
2009-07-22 14:36:52 ----A---- C:\Windows\system32\msshsq.dll
2009-07-22 14:36:52 ----A---- C:\Windows\system32\msshooks.dll
2009-07-22 14:36:52 ----A---- C:\Windows\system32\msscp.dll
2009-07-22 14:36:51 ----A---- C:\Windows\system32\mstsc.exe
2009-07-22 14:36:51 ----A---- C:\Windows\system32\mstlsapi.dll
2009-07-22 14:36:51 ----A---- C:\Windows\system32\mstime.dll
2009-07-22 14:36:51 ----A---- C:\Windows\system32\mstext40.dll
2009-07-22 14:36:51 ----A---- C:\Windows\system32\mssvp.dll
2009-07-22 14:36:51 ----A---- C:\Windows\system32\msstrc.dll
2009-07-22 14:36:51 ----A---- C:\Windows\system32\InkEd.dll
2009-07-22 14:36:51 ----A---- C:\Windows\system32\inetcomm.dll
2009-07-22 14:36:50 ----A---- C:\Windows\system32\infocardapi.dll
2009-07-22 14:36:50 ----A---- C:\Windows\system32\inetppui.dll
2009-07-22 14:36:50 ----A---- C:\Windows\system32\inetpp.dll
2009-07-22 14:36:49 ----A---- C:\Windows\system32\jscript.dll
2009-07-22 14:36:49 ----A---- C:\Windows\system32\iscsilog.dll
2009-07-22 14:36:49 ----A---- C:\Windows\system32\ipsmsnap.dll
2009-07-22 14:36:49 ----A---- C:\Windows\system32\IPSECSVC.DLL
2009-07-22 14:36:49 ----A---- C:\Windows\system32\imm32.dll
2009-07-22 14:36:48 ----A---- C:\Windows\system32\ipsecsnp.dll
2009-07-22 14:36:48 ----A---- C:\Windows\system32\iphlpsvc.dll
2009-07-22 14:36:48 ----A---- C:\Windows\system32\IPHLPAPI.DLL
2009-07-22 14:36:48 ----A---- C:\Windows\system32\ipconfig.exe
2009-07-22 14:36:48 ----A---- C:\Windows\system32\input.dll
2009-07-22 14:36:48 ----A---- C:\Windows\system32\iertutil.dll
2009-07-22 14:36:48 ----A---- C:\Windows\system32\ieframe.dll
2009-07-22 14:36:47 ----A---- C:\Windows\system32\ifmon.dll
2009-07-22 14:36:47 ----A---- C:\Windows\system32\iepeers.dll
2009-07-22 14:36:47 ----A---- C:\Windows\system32\iedkcs32.dll
2009-07-22 14:36:47 ----A---- C:\Windows\system32\ieapfltr.dll
2009-07-22 14:36:47 ----A---- C:\Windows\system32\ieaksie.dll
2009-07-22 14:36:47 ----A---- C:\Windows\system32\icardres.dll
2009-07-22 14:36:47 ----A---- C:\Windows\system32\icardagt.exe
2009-07-22 14:36:47 ----A---- C:\Windows\system32\iassvcs.dll
2009-07-22 14:36:47 ----A---- C:\Windows\system32\iassdo.dll
2009-07-22 14:36:47 ----A---- C:\Windows\system32\iassam.dll
2009-07-22 14:36:47 ----A---- C:\Windows\system32\iasrecst.dll
2009-07-22 14:36:47 ----A---- C:\Windows\system32\iasrad.dll
2009-07-22 14:36:47 ----A---- C:\Windows\system32\iaspolcy.dll
2009-07-22 14:36:46 ----A---- C:\Windows\system32\IMJP10K.DLL
2009-07-22 14:36:46 ----A---- C:\Windows\system32\imapi2.dll
2009-07-22 14:36:46 ----A---- C:\Windows\system32\imapi.dll
2009-07-22 14:36:45 ----A---- C:\Windows\system32\imapi2fs.dll
2009-07-22 14:36:45 ----A---- C:\Windows\system32\IKEEXT.DLL
2009-07-22 14:36:44 ----A---- C:\Windows\system32\mfps.dll
2009-07-22 14:36:44 ----A---- C:\Windows\system32\mfpmp.exe
2009-07-22 14:36:44 ----A---- C:\Windows\system32\mfplat.dll
2009-07-22 14:36:44 ----A---- C:\Windows\system32\mferror.dll
2009-07-22 14:36:44 ----A---- C:\Windows\system32\mfc42u.dll
2009-07-22 14:36:44 ----A---- C:\Windows\system32\mfc42.dll
2009-07-22 14:36:44 ----A---- C:\Windows\system32\mf.dll
2009-07-22 14:36:42 ----A---- C:\Windows\system32\mimefilt.dll
2009-07-22 14:36:42 ----A---- C:\Windows\system32\milcore.dll
2009-07-22 14:36:41 ----A---- C:\Windows\system32\mmcndmgr.dll
2009-07-22 14:36:41 ----A---- C:\Windows\system32\mmcico.dll
2009-07-22 14:36:41 ----A---- C:\Windows\system32\mmci.dll
2009-07-22 14:36:41 ----A---- C:\Windows\system32\mmc.exe
2009-07-22 14:36:41 ----A---- C:\Windows\system32\midimap.dll
2009-07-22 14:36:40 ----A---- C:\Windows\system32\l2nacp.dll
2009-07-22 14:36:40 ----A---- C:\Windows\system32\korwbrkr.dll
2009-07-22 14:36:40 ----A---- C:\Windows\system32\kd1394.dll
2009-07-22 14:36:39 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2009-07-22 14:36:39 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2009-07-22 14:36:39 ----A---- C:\Windows\system32\mcmde.dll
2009-07-22 14:36:39 ----A---- C:\Windows\system32\mblctr.exe
2009-07-22 14:36:39 ----A---- C:\Windows\system32\kernel32.dll
2009-07-22 14:36:39 ----A---- C:\Windows\system32\kerberos.dll
2009-07-22 14:36:39 ----A---- C:\Windows\system32\kdusb.dll
2009-07-22 14:36:39 ----A---- C:\Windows\system32\kdcom.dll
2009-07-22 14:36:38 ----A---- C:\Windows\system32\Magnify.exe
2009-07-22 14:36:38 ----A---- C:\Windows\system32\logman.exe
2009-07-22 14:36:38 ----A---- C:\Windows\system32\logagent.exe
2009-07-22 14:36:37 ----A---- C:\Windows\system32\wercon.exe
2009-07-22 14:36:37 ----A---- C:\Windows\system32\wer.dll
2009-07-22 14:36:37 ----A---- C:\Windows\system32\WebClnt.dll
2009-07-22 14:36:37 ----A---- C:\Windows\system32\webcheck.dll
2009-07-22 14:36:37 ----A---- C:\Windows\system32\shsetup.dll
2009-07-22 14:36:37 ----A---- C:\Windows\system32\lsasrv.dll
2009-07-22 14:36:36 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-07-22 14:36:36 ----A---- C:\Windows\system32\wdscore.dll
2009-07-22 14:36:36 ----A---- C:\Windows\system32\wdc.dll
2009-07-22 14:36:35 ----A---- C:\Windows\system32\winhttp.dll
2009-07-22 14:36:35 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-07-22 14:36:35 ----A---- C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll
2009-07-22 14:36:35 ----A---- C:\Windows\system32\wevtutil.exe
2009-07-22 14:36:34 ----A---- C:\Windows\system32\win32spl.dll
2009-07-22 14:36:34 ----A---- C:\Windows\system32\wiaaut.dll
2009-07-22 14:36:34 ----A---- C:\Windows\system32\whealogr.dll
2009-07-22 14:36:34 ----A---- C:\Windows\system32\wevtsvc.dll
2009-07-22 14:36:34 ----A---- C:\Windows\system32\wevtapi.dll
2009-07-22 14:36:34 ----A---- C:\Windows\system32\wersvc.dll
2009-07-22 14:36:34 ----A---- C:\Windows\system32\WerFaultSecure.exe
2009-07-22 14:36:34 ----A---- C:\Windows\system32\WerFault.exe
2009-07-22 14:36:33 ----A---- C:\Windows\system32\wiaservc.dll
2009-07-22 14:36:33 ----A---- C:\Windows\system32\version.dll
2009-07-22 14:36:33 ----A---- C:\Windows\system32\vdsutil.dll
2009-07-22 14:36:33 ----A---- C:\Windows\system32\vdsdyn.dll
2009-07-22 14:36:33 ----A---- C:\Windows\system32\vds.exe
2009-07-22 14:36:33 ----A---- C:\Windows\system32\vdmdbg.dll
2009-07-22 14:36:33 ----A---- C:\Windows\system32\vbscript.dll
2009-07-22 14:36:33 ----A---- C:\Windows\system32\uxsms.dll
2009-07-22 14:36:33 ----A---- C:\Windows\system32\Utilman.exe
2009-07-22 14:36:33 ----A---- C:\Windows\system32\user32.dll
2009-07-22 14:36:32 ----A---- C:\Windows\system32\WcnNetsh.dll
2009-07-22 14:36:32 ----A---- C:\Windows\system32\wcncsvc.dll
2009-07-22 14:36:32 ----A---- C:\Windows\system32\usp10.dll
2009-07-22 14:36:32 ----A---- C:\Windows\system32\userenv.dll
2009-07-22 14:36:32 ----A---- C:\Windows\system32\usercpl.dll
2009-07-22 14:36:31 ----A---- C:\Windows\system32\wcnwiz2.dll
2009-07-22 14:36:31 ----A---- C:\Windows\system32\wcnwiz.dll
2009-07-22 14:36:31 ----A---- C:\Windows\system32\w32time.dll
2009-07-22 14:36:31 ----A---- C:\Windows\system32\VSSVC.exe
2009-07-22 14:36:30 ----A---- C:\Windows\system32\WSDMon.dll
2009-07-22 14:36:30 ----A---- C:\Windows\system32\wsdchngr.dll
2009-07-22 14:36:30 ----A---- C:\Windows\system32\WSDApi.dll
2009-07-22 14:36:30 ----A---- C:\Windows\system32\wscsvc.dll
2009-07-22 14:36:30 ----A---- C:\Windows\system32\wscript.exe
2009-07-22 14:36:30 ----A---- C:\Windows\system32\wscntfy.dll
2009-07-22 14:36:30 ----A---- C:\Windows\system32\wscisvif.dll
2009-07-22 14:36:30 ----A---- C:\Windows\system32\WscEapPr.dll
2009-07-22 14:36:30 ----A---- C:\Windows\system32\wscapi.dll
2009-07-22 14:36:30 ----A---- C:\Windows\system32\WMVSDECD.DLL
2009-07-22 14:36:30 ----A---- C:\Windows\system32\vssapi.dll
2009-07-22 14:36:29 ----A---- C:\Windows\system32\wusa.exe
2009-07-22 14:36:29 ----A---- C:\Windows\system32\wpcsvc.dll
2009-07-22 14:36:29 ----A---- C:\Windows\system32\wpccpl.dll
2009-07-22 14:36:29 ----A---- C:\Windows\system32\wpcao.dll
2009-07-22 14:36:29 ----A---- C:\Windows\system32\wow32.dll
2009-07-22 14:36:29 ----A---- C:\Windows\system32\WMVXENCD.DLL
2009-07-22 14:36:29 ----A---- C:\Windows\system32\WMVENCOD.DLL
2009-07-22 14:36:29 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-07-22 14:36:28 ----A---- C:\Windows\system32\xmlfilter.dll
2009-07-22 14:36:28 ----A---- C:\Windows\system32\wshext.dll
2009-07-22 14:36:28 ----A---- C:\Windows\system32\wshbth.dll
2009-07-22 14:36:28 ----A---- C:\Windows\system32\wsepno.dll
2009-07-22 14:36:27 ----A---- C:\Windows\system32\wsnmp32.dll
2009-07-22 14:36:27 ----A---- C:\Windows\system32\WsmSvc.dll
2009-07-22 14:36:27 ----A---- C:\Windows\system32\wlgpclnt.dll
2009-07-22 14:36:27 ----A---- C:\Windows\system32\Wldap32.dll
2009-07-22 14:36:27 ----A---- C:\Windows\system32\wlanui.dll
2009-07-22 14:36:27 ----A---- C:\Windows\system32\wlansvc.dll
2009-07-22 14:36:27 ----A---- C:\Windows\system32\wlanpref.dll
2009-07-22 14:36:27 ----A---- C:\Windows\system32\wlanmsm.dll
2009-07-22 14:36:27 ----A---- C:\Windows\system32\wlanhlp.dll
2009-07-22 14:36:27 ----A---- C:\Windows\system32\wlangpui.dll
2009-07-22 14:36:27 ----A---- C:\Windows\system32\wisptis.exe
2009-07-22 14:36:27 ----A---- C:\Windows\system32\winrnr.dll
2009-07-22 14:36:27 ----A---- C:\Windows\system32\winresume.exe
2009-07-22 14:36:26 ----A---- C:\Windows\system32\winsrv.dll
2009-07-22 14:36:26 ----A---- C:\Windows\system32\WinSCard.dll
2009-07-22 14:36:26 ----A---- C:\Windows\system32\WinSAT.exe
2009-07-22 14:36:26 ----A---- C:\Windows\system32\winmm.dll
2009-07-22 14:36:26 ----A---- C:\Windows\system32\winlogon.exe
2009-07-22 14:36:26 ----A---- C:\Windows\system32\winload.exe
2009-07-22 14:36:25 ----A---- C:\Windows\system32\wmpmde.dll
2009-07-22 14:36:25 ----A---- C:\Windows\system32\wmploc.DLL
2009-07-22 14:36:25 ----A---- C:\Windows\system32\WMPhoto.dll
2009-07-22 14:36:25 ----A---- C:\Windows\system32\wmpeffects.dll
2009-07-22 14:36:25 ----A---- C:\Windows\system32\wmp.dll
2009-07-22 14:36:25 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-07-22 14:36:24 ----A---- C:\Windows\system32\wmicmiplugin.dll
2009-07-22 14:36:24 ----A---- C:\Windows\system32\wmdrmsdk.dll
2009-07-22 14:36:24 ----A---- C:\Windows\system32\Storprop.dll
2009-07-22 14:36:24 ----A---- C:\Windows\system32\stobject.dll
2009-07-22 14:36:23 ----A---- C:\Windows\system32\sud.dll
2009-07-22 14:36:23 ----A---- C:\Windows\system32\srcore.dll
2009-07-22 14:36:22 ----A---- C:\Windows\system32\srvsvc.dll
2009-07-22 14:36:22 ----A---- C:\Windows\system32\srchadmin.dll
2009-07-22 14:36:21 ----A---- C:\Windows\system32\sysmain.dll
2009-07-22 14:36:21 ----A---- C:\Windows\system32\swprv.dll
2009-07-22 14:36:20 ----A---- C:\Windows\system32\sysclass.dll
2009-07-22 14:36:20 ----A---- C:\Windows\system32\SyncCenter.dll
2009-07-22 14:36:20 ----A---- C:\Windows\system32\SMBHelperClass.dll
2009-07-22 14:36:20 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2009-07-22 14:36:20 ----A---- C:\Windows\system32\slwmi.dll
2009-07-22 14:36:19 ----A---- C:\Windows\system32\smss.exe
2009-07-22 14:36:19 ----A---- C:\Windows\system32\SmiEngine.dll
2009-07-22 14:36:19 ----A---- C:\Windows\system32\SLUI.exe
2009-07-22 14:36:19 ----A---- C:\Windows\system32\SLsvc.exe
2009-07-22 14:36:19 ----A---- C:\Windows\system32\slcc.dll
2009-07-22 14:36:19 ----A---- C:\Windows\system32\SLC.dll
2009-07-22 14:36:19 ----A---- C:\Windows\system32\shwebsvc.dll
2009-07-22 14:36:19 ----A---- C:\Windows\system32\shsvcs.dll
2009-07-22 14:36:18 ----A---- C:\Windows\system32\spwmp.dll
2009-07-22 14:36:18 ----A---- C:\Windows\system32\spwizui.dll
2009-07-22 14:36:18 ----A---- C:\Windows\system32\spwinsat.dll
2009-07-22 14:36:18 ----A---- C:\Windows\system32\spp.dll
2009-07-22 14:36:18 ----A---- C:\Windows\system32\spoolsv.exe
2009-07-22 14:36:18 ----A---- C:\Windows\system32\spoolss.dll
2009-07-22 14:36:18 ----A---- C:\Windows\system32\spinstall.exe
2009-07-22 14:36:18 ----A---- C:\Windows\system32\sperror.dll
2009-07-22 14:36:18 ----A---- C:\Windows\system32\spcmsg.dll
2009-07-22 14:36:18 ----A---- C:\Windows\system32\slwga.dll
2009-07-22 14:36:18 ----A---- C:\Windows\system32\SLUINotify.dll
2009-07-22 14:36:18 ----A---- C:\Windows\system32\slmgr.vbs
2009-07-22 14:36:18 ----A---- C:\Windows\system32\SLLUA.exe
2009-07-22 14:36:18 ----A---- C:\Windows\system32\SLCommDlg.dll
2009-07-22 14:36:18 ----A---- C:\Windows\system32\slcinst.dll
2009-07-22 14:36:18 ----A---- C:\Windows\system32\SLCExt.dll
2009-07-22 14:36:17 ----A---- C:\Windows\system32\sqlsrv32.dll
2009-07-22 14:36:17 ----A---- C:\Windows\system32\spreview.exe
2009-07-22 14:36:17 ----A---- C:\Windows\system32\softkbd.dll
2009-07-22 14:36:17 ----A---- C:\Windows\system32\SnippingTool.exe
2009-07-22 14:36:17 ----A---- C:\Windows\system32\SndVol.exe
2009-07-22 14:36:16 ----A---- C:\Windows\system32\zipfldr.dll
2009-07-22 14:36:16 ----A---- C:\Windows\system32\untfs.dll
2009-07-22 14:36:16 ----A---- C:\Windows\system32\TsWpfWrp.exe
2009-07-22 14:36:16 ----A---- C:\Windows\system32\TSTheme.exe
2009-07-22 14:36:16 ----A---- C:\Windows\system32\tsgqec.dll
2009-07-22 14:36:16 ----A---- C:\Windows\system32\tscupgrd.exe
2009-07-22 14:36:15 ----A---- C:\Windows\system32\uDWM.dll
2009-07-22 14:36:14 ----A---- C:\Windows\system32\umpnpmgr.dll
2009-07-22 14:36:14 ----A---- C:\Windows\system32\ulib.dll
2009-07-22 14:36:14 ----A---- C:\Windows\system32\systemcpl.dll
2009-07-22 14:36:11 ----A---- C:\Windows\system32\tsbyuv.dll
2009-07-22 14:36:10 ----A---- C:\Windows\system32\tquery.dll
2009-07-22 14:36:10 ----A---- C:\Windows\system32\themeui.dll
2009-07-22 14:36:10 ----A---- C:\Windows\system32\thawbrkr.dll
2009-07-22 14:36:10 ----A---- C:\Windows\system32\termsrv.dll
2009-07-22 14:36:10 ----A---- C:\Windows\system32\tcpmon.dll
2009-07-22 14:36:10 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-07-22 14:36:10 ----A---- C:\Windows\system32\taskeng.exe
2009-07-22 14:36:10 ----A---- C:\Windows\system32\taskcomp.dll
2009-07-22 14:36:10 ----A---- C:\Windows\system32\tapisrv.dll
2009-07-22 14:36:09 ----A---- C:\Windows\system32\themecpl.dll
2009-07-22 14:34:04 ----D---- C:\Windows\system32\EventProviders
2009-07-21 17:47:41 ----A---- C:\Windows\system32\mshtml.dll
2009-07-21 17:47:38 ----A---- C:\Windows\system32\wininet.dll
2009-07-21 17:47:38 ----A---- C:\Windows\system32\urlmon.dll
2009-07-21 17:47:35 ----A---- C:\Windows\system32\jsproxy.dll
2009-07-21 17:47:34 ----A---- C:\Windows\system32\ieencode.dll
2009-07-20 15:45:11 ----SHD---- C:\Config.Msi
2009-07-20 13:25:09 ----A---- C:\Windows\system32\t2embed.dll
2009-07-20 13:25:09 ----A---- C:\Windows\system32\lpk.dll
2009-07-20 13:25:09 ----A---- C:\Windows\system32\fontsub.dll
2009-07-20 13:25:09 ----A---- C:\Windows\system32\dciman32.dll
2009-07-20 13:25:09 ----A---- C:\Windows\system32\atmlib.dll
2009-07-20 13:25:09 ----A---- C:\Windows\system32\atmfd.dll
2009-07-20 13:24:50 ----A---- C:\Windows\system32\localspl.dll
2009-07-20 13:24:46 ----A---- C:\Windows\system32\rpcrt4.dll
2009-07-20 13:22:25 ----A---- C:\Windows\system32\aswBoot.exe
2009-07-20 13:22:23 ----D---- C:\Program Files\Alwil Software

======List of files/folders modified in the last 1 months======

2009-07-26 14:43:40 ----D---- C:\Windows\Temp
2009-07-26 14:43:40 ----D---- C:\Windows\Prefetch
2009-07-26 14:31:55 ----D---- C:\Windows\System32
2009-07-26 14:31:55 ----D---- C:\Windows\inf
2009-07-26 14:31:55 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-07-26 14:31:33 ----D---- C:\Windows
2009-07-26 14:24:24 ----SHD---- C:\Boot
2009-07-26 14:24:06 ----D---- C:\Windows\system32\config
2009-07-26 13:36:56 ----D---- C:\Windows\system32\MAGIX
2009-07-26 13:32:22 ----D---- C:\Windows\system32\de-DE
2009-07-26 13:13:03 ----D---- C:\Program Files\Mozilla Firefox
2009-07-25 11:47:44 ----RD---- C:\Program Files
2009-07-25 11:17:18 ----SD---- C:\ProgramData\Microsoft
2009-07-25 11:08:00 ----A---- C:\Windows\disney.ini
2009-07-25 11:02:46 ----D---- C:\Users\Mau\AppData\Roaming\skypePM
2009-07-22 20:59:14 ----D---- C:\Users\Mau\AppData\Roaming\Skype
2009-07-22 17:00:17 ----HD---- C:\ProgramData
2009-07-22 15:53:41 ----D---- C:\Windows\Microsoft.NET
2009-07-22 15:53:34 ----RSD---- C:\Windows\assembly
2009-07-22 15:11:33 ----D---- C:\Windows\rescache
2009-07-22 14:57:03 ----D---- C:\Windows\system32\catroot
2009-07-22 14:51:39 ----D---- C:\Program Files\Windows Sidebar
2009-07-22 14:51:39 ----D---- C:\Program Files\Windows Photo Gallery
2009-07-22 14:51:39 ----D---- C:\Program Files\Windows Media Player
2009-07-22 14:51:39 ----D---- C:\Program Files\Windows Mail
2009-07-22 14:51:39 ----D---- C:\Program Files\Windows Journal
2009-07-22 14:51:39 ----D---- C:\Program Files\Windows Collaboration
2009-07-22 14:51:39 ----D---- C:\Program Files\Windows Calendar
2009-07-22 14:51:39 ----D---- C:\Program Files\Movie Maker
2009-07-22 14:51:39 ----D---- C:\Program Files\Internet Explorer
2009-07-22 14:51:39 ----D---- C:\Program Files\Common Files\System
2009-07-22 14:51:38 ----D---- C:\Windows\servicing
2009-07-22 14:51:38 ----D---- C:\Windows\ehome
2009-07-22 14:51:38 ----D---- C:\Program Files\Windows Defender
2009-07-22 14:51:36 ----D---- C:\Windows\system32\XPSViewer
2009-07-22 14:51:36 ----D---- C:\Windows\system32\sk-SK
2009-07-22 14:51:36 ----D---- C:\Windows\system32\lv-LV
2009-07-22 14:51:36 ----D---- C:\Windows\system32\ko-KR
2009-07-22 14:51:36 ----D---- C:\Windows\system32\hr-HR
2009-07-22 14:51:36 ----D---- C:\Windows\system32\et-EE
2009-07-22 14:51:36 ----D---- C:\Windows\system32\en-US
2009-07-22 14:51:36 ----D---- C:\Windows\system32\da-DK
2009-07-22 14:51:36 ----D---- C:\Windows\IME
2009-07-22 14:51:35 ----D---- C:\Windows\system32\sv-SE
2009-07-22 14:51:35 ----D---- C:\Windows\system32\SLUI
2009-07-22 14:51:35 ----D---- C:\Windows\system32\setup
2009-07-22 14:51:35 ----D---- C:\Windows\system32\ru-RU
2009-07-22 14:51:35 ----D---- C:\Windows\system32\pt-PT
2009-07-22 14:51:35 ----D---- C:\Windows\system32\oobe
2009-07-22 14:51:35 ----D---- C:\Windows\system32\migration
2009-07-22 14:51:35 ----D---- C:\Windows\system32\it-IT
2009-07-22 14:51:35 ----D---- C:\Windows\system32\hu-HU
2009-07-22 14:51:35 ----D---- C:\Windows\system32\he-IL
2009-07-22 14:51:35 ----D---- C:\Windows\system32\fr-FR
2009-07-22 14:51:35 ----D---- C:\Windows\system32\fi-FI
2009-07-22 14:51:35 ----D---- C:\Windows\system32\el-GR
2009-07-22 14:51:35 ----D---- C:\Windows\system32\cs-CZ
2009-07-22 14:51:35 ----D---- C:\Windows\system32\AdvancedInstallers
2009-07-22 14:51:34 ----D---- C:\Windows\system32\zh-TW
2009-07-22 14:51:34 ----D---- C:\Windows\system32\zh-CN
2009-07-22 14:51:34 ----D---- C:\Windows\system32\wbem
2009-07-22 14:51:34 ----D---- C:\Windows\system32\uk-UA
2009-07-22 14:51:34 ----D---- C:\Windows\system32\tr-TR
2009-07-22 14:51:34 ----D---- C:\Windows\system32\th-TH
2009-07-22 14:51:34 ----D---- C:\Windows\system32\sr-Latn-CS
2009-07-22 14:51:34 ----D---- C:\Windows\system32\sl-SI
2009-07-22 14:51:34 ----D---- C:\Windows\system32\ro-RO
2009-07-22 14:51:34 ----D---- C:\Windows\system32\pt-BR
2009-07-22 14:51:34 ----D---- C:\Windows\system32\pl-PL
2009-07-22 14:51:34 ----D---- C:\Windows\system32\nl-NL
2009-07-22 14:51:34 ----D---- C:\Windows\system32\nb-NO
2009-07-22 14:51:34 ----D---- C:\Windows\system32\migwiz
2009-07-22 14:51:34 ----D---- C:\Windows\system32\manifeststore
2009-07-22 14:51:34 ----D---- C:\Windows\system32\lt-LT
2009-07-22 14:51:34 ----D---- C:\Windows\system32\ja-JP
2009-07-22 14:51:34 ----D---- C:\Windows\system32\es-ES
2009-07-22 14:51:34 ----D---- C:\Windows\system32\drivers
2009-07-22 14:51:34 ----D---- C:\Windows\system32\bg-BG
2009-07-22 14:51:34 ----D---- C:\Windows\system32\ar-SA
2009-07-22 14:51:29 ----RSD---- C:\Windows\Fonts
2009-07-22 14:51:29 ----D---- C:\Windows\AppPatch
2009-07-22 14:51:25 ----D---- C:\Windows\system32\Boot
2009-07-22 14:50:13 ----D---- C:\Windows\system32\RTCOM
2009-07-22 14:46:46 ----D---- C:\Windows\winsxs
2009-07-22 14:43:45 ----D---- C:\Windows\system32\catroot2
2009-07-22 14:31:37 ----D---- C:\ProgramData\SecTaskMan
2009-07-21 17:30:31 ----D---- C:\Program Files\Crawler
2009-07-20 17:53:02 ----D---- C:\Windows\Debug
2009-07-20 17:45:27 ----SHD---- C:\System Volume Information
2009-07-20 17:45:27 ----D---- C:\Program Files\Common Files
2009-07-20 15:45:14 ----SHD---- C:\Windows\Installer
2009-07-20 13:29:19 ----D---- C:\ProgramData\Norton
2009-07-07 08:10:58 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-02-05 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2009-05-14 9968]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2009-05-14 72944]
R1 SLEE_16_DRIVER;Steganos Live Encryption Engine 16 [Driver]; \??\C:\Windows\system32\drivers\Sleen16.sys [2008-10-01 79104]
R1 SSHDRV86;SSHDRV86; \??\C:\Windows\system32\drivers\SSHDRV86.sys [2009-02-27 81408]
R1 vmm;Virtual Machine Monitor; \??\C:\Windows\system32\Drivers\vmm.sys [2007-02-18 232816]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files\HomeCinema\PlayMovie\000.fcl [2008-02-15 41456]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B}; \??\C:\Program Files\HomeCinema\PowerDVD\000.fcl [2008-01-17 41456]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792]
R2 enodpl;enodpl; C:\Windows\System32\drivers\enodpl.sys [2003-03-02 7552]
R2 tandpl;tandpl; C:\Windows\System32\drivers\tandpl.sys [2003-04-19 4736]

Moritz009 26.07.2009 13:56
und der letzte:

Code:

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-03-26 2103512]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista; C:\Windows\system32\DRIVERS\netr28u.sys [2007-11-21 569344]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-04-03 7444672]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-02-14 118784]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2009-05-14 7408]
R3 usbaudio;USB-Audiotreiber (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-10 73216]
R3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\Windows\system32\DRIVERS\VMNetSrv.sys [2007-01-29 59280]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 USBMULCD;USB Multi-Channel Audio Device Interface; C:\Windows\system32\drivers\CM106.sys [2007-07-20 1313792]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 GnabService;GnabService; c:\program files\common files\gnab\service\servicecontroller.exe [2007-04-13 36864]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-04-03 118784]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-03-24 66872]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
R2 srvcPVR;Sceneo PVR Service; C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe [2008-02-28 1801216]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
R3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2009-05-14 361728]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-29 31048]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 GoogleDesktopManager;GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe [2009-02-23 69120]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

Swisstreasure 26.07.2009 23:38
Wurde inzwischen gescannt oder gelöscht??

>>
Scanne mit Superantispyware und poste das Log.

>>
Lade Dir Registry Search by Bobbi Flekman

und doppelklicken, um zu starten.
in das Feld: "Enter search strings" (reinschreiben oder reinkopieren)

WinUpd

in edit und klicke "Ok".
Notepad wird sich öffnen -- kopiere den Text ab und poste ihn.

Gruss Swiss

Moritz009 27.07.2009 10:54
Er hat bei SuperantiSpyware keine log datei erstellt, aber er hat nichts gefunden.
Und bei dem andern ist das rausgekommen:
Code:
Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 27.07.2009 11:57:42 for strings:
;  'winupd
winupd
winupd'
; Strings excluded from search:
;  (None)
; Search in:
; Registry Keys  Registry Values  Registry Data 
; HKEY_LOCAL_MACHINE  HKEY_USERS 


; End Of The Log...

Moritz009 27.07.2009 11:06
hab das log von superantiSpyware gefunden:
Code:
SUPERAntiSpyware Scann-Protokoll
http://www.superantispyware.com

Generiert 07/27/2009 bei 11:46 AM

Version der Applikation : 4.26.1002

Version der Kern-Datenbank : 3905
Version der Spur-Datenbank : 1850

Scan Art      : kompletter Scann
Totale Scann-Zeit : 02:54:30

Gescannte Speicherelemente  : 288
Erfasste Speicher-Bedrohungen  : 0
Gescannte Register-Elemente  : 8814
Erfasste Register-Bedrohungen  : 0
Gescannte Datei-Elemente    : 168286
Erfasste Datei-Elemente  : 0

Moritz009 27.07.2009 12:40
ich habe die virusdatenbank von Superantispyware aktualisiert und erneut gescannt:
Code:
SUPERAntiSpyware Scann-Protokoll
http://www.superantispyware.com

Generiert 07/27/2009 bei 01:38 PM

Version der Applikation : 4.26.1006

Version der Kern-Datenbank : 4020
Version der Spur-Datenbank : 1960

Scan Art      : kompletter Scann
Totale Scann-Zeit : 01:16:06

Gescannte Speicherelemente  : 725
Erfasste Speicher-Bedrohungen  : 0
Gescannte Register-Elemente  : 8797
Erfasste Register-Bedrohungen  : 0
Gescannte Datei-Elemente    : 168599
Erfasste Datei-Elemente  : 0

Moritz009 27.07.2009 12:41
und? was sagen die experten?

Swisstreasure 27.07.2009 18:17
Schau, ob Du die datei:
Code:
C:\Users\Mau\AppData\Roaming\WindowsUpd.ese\WinUpd.exe
noch findest?

Mach einen Rootkitscan mit GMER und poste das Log.

Du kannst noch einen Onlinescan mit Bitdefender machen und schaun was der sagt.

Gruss Swiss

Moritz009 30.07.2009 11:11
Zitat:
Zitat von Swiss (Beitrag 451677)
Schau, ob Du die datei:
Code:
C:\Users\Mau\AppData\Roaming\WindowsUpd.ese\WinUpd.exe
noch findest?
Also die finde ich nicht mehr. Hier das Log von GMER:
Code:
GMER 1.0.15.15011 [dp7ddp68.exe] - http://www.gmer.net
Rootkit scan 2009-07-30 12:06:23
Windows 6.0.6002 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT            \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys                                                            ZwTerminateProcess [0x938B6DF0]

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!KeSetEvent + 621                                                                                  826BDD64 4 Bytes  [F0, 6D, 8B, 93]

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Windows\system32\services.exe[608] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW]  00130002
IAT            C:\Windows\system32\services.exe[608] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW]        00130000
IAT            C:\Windows\Explorer.EXE[3612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                          [74987817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                          [749DA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                      [7498BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                [7497F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                          [749875E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                        [7497E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]            [749B8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]              [7498DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                      [7497FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                        [7497FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                        [749771CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]                [74A0CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]                    [749AC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                      [7497D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                [74976853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                [7497687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[3612] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                  [74982AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                        aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                        aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                      fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@y!s!\24!r!s!`!\30!y!\24!\24!t!\30!c!y!s!d!  19583823

---- EOF - GMER 1.0.15 ----

Moritz009 30.07.2009 11:28
bei dem onlinescan kommt eine fehlermeldung! Er kann Virensignaturen nicht aktualisieren...

Angel21 01.08.2009 17:49
@Moritz009

Hallo,

ich würde um 100% sicher zu gehen, dass dein System sauber ist neuaufsetzen du hast/hattest Backdoor Bifrost.

Was ist ein Backdoor: Backdoor ? Wikipedia

Man weiß nie was derjenige der dir diesen auf Dein System haute bisher machen konnte und was er alles schon weiß.

Ändere alle kenn- und Passwörter nach dem neuaufsetzen deines Systems ab.

Moritz009 02.08.2009 18:18
ok gut! Neufsetzen wurde durchgeführt und die Passwörter änder ich jetzt. Vielen Dank für die kompetente Hilfe hier.

Angel21 02.08.2009 18:35
Bitteschön :)

Moritz009 03.08.2009 10:11
Aber eine Frage habe ich noch: Also bin ich denn jetzt so mit avast!4 home, Malwarebytes´Anti Malware, Windows Defender und der Windows Firewall gut geschützt?

Moritz009 07.08.2009 15:36
Sorry, aber ich fände es gut wenn mir jetzt jemand antworten würde.


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:00 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131