Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Ich bekomme immer wieder die gleichen Meldungen (https://www.trojaner-board.de/84994-bekomme-immer-gleichen-meldungen.html)

evma 16.04.2010 13:52
Ich bekomme immer wieder die gleichen Meldungen
 
Hallo,
ich bin durch google auf dieses Forum gestoßen. Seit gestern spinnt mein PC, mein Virenprogramm schlägt immer wieder Alarm. Immer wieder kommt die Meldung "....... versucht die systemkonfiguration zu ändern". Ich habe sofort alle Programme die ich in den letzten 10 Std installiert habe, deinstalliert und nen Viren Scan gemacht, habe die Trojaner erst in quarantäne gesteckt und dann gelöscht.Ich dachte das wars, aber leider....!
Habe hier dann die Programme CCleaner, RSIT und HijackThis ausgeführt, trotzdem gehen die Meldungen nicht weg!
Hier mein Hjackthis Logfile. ICh hoffe ihr könnt mir helfen.




Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 14:46:02, on 16.04.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\G Data\TotalCare\Firewall\GDFirewallTray.exe
C:\Program Files\G Data\TotalCare\AVKTray\AVKTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
D:\Samsung PC Studio\NPSAgent.exe
C:\Users\e*m*s*l*i*\AppData\Local\Temp\UbiRg.exe
D:\Hotspotshield\Hotspot Shield\bin\openvpntray.exe
D:\Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
D:\Thunderbird\thunderbird.exe
D:\Hijackthis\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://search.conduit.com?SearchSource=10&ctid=CT2475029
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h*+p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,c:\program files\g data\totalcare\avkkid\avkcks.exe,
O2 - BHO: G Data WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\TotalCare\Webfilter\AVKWebIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0744.0\msneshellx.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - D:\Hotspotshield\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\TotalCare\Webfilter\AVKWebIE.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0744.0\msneshellx.dll
O3 - Toolbar: MyAshampoo Toolbar - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\tbMyAs.dll
O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G Data\TotalCare\Firewall\GDFirewallTray.exe
O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files\G Data\TotalCare\AVKTray\AVKTray.exe
O4 - HKLM\..\Run: [BCSSync] "D:\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Adobe\Adobe Reader\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [eYvUrwsWmuzcTI] C:\Users\EVMASA~1\AppData\Local\Temp\UbiRg.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Virenprogramme 16.04.10\Malwarebytes Anti Maleware\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [AutoStartNPSAgent] D:\Samsung PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [pUgR33R] C:\Users\EVMASA~1\AppData\Local\Temp\UbiRg.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://D:\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Program Files\G Data\TotalCare\AVK\AVKService.exe
O23 - Service: G Data Dateisystem Wächter (AVKWCtl) - G Data Software AG - C:\Program Files\G Data\TotalCare\AVK\AVKWCtl.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: G Data Backup Service - G Data Software AG - C:\Program Files\G Data\TotalCare\AVKBackup\AVKBackupService.exe
O23 - Service: G Data Tuner Service - G Data Software AG - C:\Program Files\G Data\TotalCare\AVKTuner\AVKTunerService.exe
O23 - Service: G Data Personal Firewall (GDFwSvc) - G Data Software AG - C:\Program Files\G Data\TotalCare\Firewall\GDFwSvc.exe
O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - D:\Hotspotshield\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - D:\Hotspotshield\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - D:\Hotspotshield\Hotspot Shield\bin\hsswd.exe

--
End of file - 7198 bytes


Danke schon einmal!

cosinus 16.04.2010 14:18
Hallo und :hallo:

bitte nen Vollscan mit malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

evma 16.04.2010 16:21
Hallo,
das kam bei Mawarebytes raus!


Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3995

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

16.04.2010 17:18:05
mbam-log-2010-04-16 (17-18-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 164695
Laufzeit: 48 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\**********\AppData\Roaming\cglogs.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\**********\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\**********\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.

evma 16.04.2010 16:39
Und das kam bei OTL raus!



OTL logfile created on: 16.04.2010 17:24:21 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\evmasalgis\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,69 Gb Total Space | 79,71 Gb Free Space | 81,59% Space Free | Partition Type: NTFS
Drive D: | 80,31 Gb Total Space | 77,46 Gb Free Space | 96,45% Space Free | Partition Type: NTFS
Drive E: | 119,98 Gb Total Space | 111,54 Gb Free Space | 92,96% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: **********-PC
Current User Name: **********
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\**********\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\**********\AppData\Local\Temp\UbiRg.exe (xQxICU)
PRC - D:\Utorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - D:\Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - D:\Hotspotshield\Hotspot Shield\bin\openvpntray.exe ()
PRC - D:\Hotspotshield\Hotspot Shield\bin\openvpnas.exe ()
PRC - D:\Hotspotshield\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Programme\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG)
PRC - C:\Programme\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG)
PRC - C:\Programme\G Data\TotalCare\AVK\AVKWCtl.exe (G Data Software AG)
PRC - C:\Programme\G Data\TotalCare\Firewall\GDFwSvc.exe (G Data Software AG)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\G Data\TotalCare\Firewall\GDFirewallTray.exe (G DATA Software AG)
PRC - C:\Programme\G Data\TotalCare\AVKTray\AVKTray.exe (G Data Software AG)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\G Data\TotalCare\AVK\AVKService.exe (G Data Software AG)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\ev******is\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (HssTrayService) -- D:\Hotspotshield\Hotspot Shield\bin\HssTrayService.exe ()
SRV - (HotspotShieldService) -- D:\Hotspotshield\Hotspot Shield\bin\openvpnas.exe ()
SRV - (HssWd) -- D:\Hotspotshield\Hotspot Shield\bin\hsswd.exe ()
SRV - (AVKProxy) -- C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG)
SRV - (GDScan) -- C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG)
SRV - (AVKWCtl) -- C:\Programme\G Data\TotalCare\AVK\AVKWCtl.exe (G Data Software AG)
SRV - (GDFwSvc) -- C:\Programme\G Data\TotalCare\Firewall\GDFwSvc.exe (G Data Software AG)
SRV - (Microsoft SharePoint Workspace Audit Service) -- D:\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (G Data Backup Service) -- C:\Programme\G Data\TotalCare\AVKBackup\AVKBackupService.exe (G Data Software AG)
SRV - (osppsvc) -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (AVKService) -- C:\Programme\G Data\TotalCare\AVK\AVKService.exe (G Data Software AG)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (G Data Tuner Service) -- C:\Programme\G Data\TotalCare\AVKTuner\AVKTunerService.exe (G Data Software AG)


========== Driver Services (SafeList) ==========

DRV - (GRD) -- C:\Windows\System32\drivers\GRD.sys (G Data Software)
DRV - (gdwfpcd) -- C:\Windows\System32\drivers\gdwfpcd32.sys (G DATA Software AG)
DRV - (GDBehave) -- C:\Windows\system32\drivers\GDBehave.sys (G Data Software AG)
DRV - (GDMnIcpt) -- C:\Windows\System32\drivers\MiniIcpt.sys (G Data Software AG)
DRV - (GDPkIcpt) -- C:\Windows\System32\drivers\PktIcpt.sys (G DATA Software AG)
DRV - (HookCentre) -- C:\Windows\System32\drivers\HookCentre.sys (G Data Software AG)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\System32\drivers\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek Corporation )
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyAs.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2475029
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 13 28 16 8D 92 D9 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2475029&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:20.1.0.4
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.91
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: D:\Firefox\components [2010.04.11 18:37:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: D:\Firefox\plugins [2010.04.13 15:01:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: D:\Thunderbird\components [2010.04.11 18:38:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: D:\Thunderbird\plugins

[2010.04.11 18:38:17 | 000,000,000 | ---D | M] -- C:\Users\evmasalgis\AppData\Roaming\mozilla\Extensions
[2010.04.11 18:38:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ev*******is\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.04.16 00:54:33 | 000,000,000 | ---D | M] -- C:\Users\ev*******is\AppData\Roaming\mozilla\Firefox\Profiles\y3s8kvb3.default\extensions
[2010.04.16 00:54:28 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\ev*******is\AppData\Roaming\mozilla\Firefox\Profiles\y3s8kvb3.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010.04.14 16:50:18 | 000,000,000 | ---D | M] (MyAshampoo Toolbar) -- C:\Users\ev*******is\AppData\Roaming\mozilla\Firefox\Profiles\y3s8kvb3.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2010.04.16 00:54:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ev*******is\AppData\Roaming\mozilla\Firefox\Profiles\y3s8kvb3.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2010.01.20 12:19:10 | 000,000,923 | ---- | M] () -- C:\Users\ev*******is\AppData\Roaming\Mozilla\FireFox\Profiles\y3s8kvb3.default\searchplugins\conduit.xml

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\TotalCare\Webfilter\AVKWebIE.dll (G Data Software AG)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - D:\Hotspotshield\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\TotalCare\Webfilter\AVKWebIE.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Programme\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Adobe\Adobe Reader\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BCSSync] D:\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [eYvUrwsWmuzcTI] C:\Users\******~1\AppData\Local\Temp\UbiRg.exe (xQxICU)
O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Programme\G Data\TotalCare\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Programme\G Data\TotalCare\Firewall\GDFirewallTray.exe (G DATA Software AG)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] D:\Virenprogramme 16.04.10\Malwarebytes Anti Maleware\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKCU..\Run: [AutoStartNPSAgent] D:\Samsung PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [pUgR33R] C:\Users\******~1\AppData\Local\Temp\UbiRg.exe (xQxICU)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - D:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\program files\g data\totalcare\avkkid\avkcks.exe) - c:\Programme\G Data\TotalCare\AVKKid\AvkCKS.exe ()
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.04.16 13:36:42 | 000,000,000 | ---D | C] -- C:\Programme\trend micro
[2010.04.16 13:36:42 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.16 13:35:55 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Roaming\Malwarebytes
[2010.04.16 13:35:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.16 13:35:29 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.16 13:35:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.04.16 02:22:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft
[2010.04.16 01:27:54 | 000,000,000 | ---D | C] -- C:\Users\ev******is\Documents\CyberLink
[2010.04.16 01:27:52 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Roaming\CyberLink
[2010.04.16 01:21:09 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2010.04.16 01:20:46 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\CyberLink
[2010.04.16 01:19:54 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\ev******is\AppData\Roaming\pcouffin.sys
[2010.04.16 01:19:53 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Roaming\Vso
[2010.04.16 01:19:53 | 000,000,000 | ---D | C] -- C:\Users\ev******is\Documents\PcSetup
[2010.04.16 01:16:20 | 000,505,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp71.dll
[2010.04.16 01:16:20 | 000,029,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3a.dll
[2010.04.16 01:14:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2010.04.14 18:23:42 | 000,000,000 | ---D | C] -- C:\Programme\MSXML 4.0
[2010.04.14 17:19:11 | 000,029,992 | ---- | C] (G Data Software) -- C:\Windows\System32\drivers\GRD.sys
[2010.04.14 17:07:31 | 000,000,000 | ---D | C] -- C:\Hotspot Shield
[2010.04.14 16:58:52 | 000,000,000 | ---D | C] -- C:\Windows\JMCR_DIR
[2010.04.14 16:58:24 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\InstallShield
[2010.04.14 16:58:19 | 000,084,240 | ---- | C] (JMicron Technology Corp.) -- C:\Windows\System32\drivers\jmcr.sys
[2010.04.14 16:56:01 | 000,000,000 | ---D | C] -- C:\Programme\Conduit
[2010.04.14 16:50:19 | 000,000,000 | ---D | C] -- C:\Programme\MyAshampoo
[2010.04.14 16:42:36 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Roaming\Ashampoo
[2010.04.14 16:41:15 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Local\ashampoo
[2010.04.14 16:41:15 | 000,000,000 | ---D | C] -- C:\ProgramData\ashampoo
[2010.04.14 16:40:58 | 000,000,000 | ---D | C] -- C:\Programme\MSN
[2010.04.14 14:37:52 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.04.14 14:37:52 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.04.14 14:37:51 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.04.14 14:28:37 | 000,000,000 | ---D | C] -- C:\Users\ev******is\Documents\NPS
[2010.04.14 14:24:12 | 000,000,000 | ---D | C] -- C:\Users\ev******is\Documents\My Art
[2010.04.14 14:20:58 | 000,123,648 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bmdm.sys
[2010.04.14 14:20:58 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bwhnt.sys
[2010.04.14 14:20:58 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bwh.sys
[2010.04.14 14:20:57 | 000,098,432 | ---- | C] (MCCI) -- C:\Windows\System32\drivers\ss_bbus.sys
[2010.04.14 14:20:57 | 000,014,848 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bmdfl.sys
[2010.04.14 14:20:57 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bcmnt.sys
[2010.04.14 14:20:57 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bcm.sys
[2010.04.14 14:19:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2010.04.14 14:18:49 | 000,222,568 | ---- | C] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
[2010.04.14 14:18:29 | 000,000,000 | ---D | C] -- C:\Users\ev******is\Documents\My NPS Files
[2010.04.14 14:18:17 | 000,000,000 | ---D | C] -- C:\Users\ev******is\Documents\Samsung
[2010.04.14 14:18:02 | 000,000,000 | -H-D | C] -- C:\Programme\InstallShield Installation Information
[2010.04.14 14:16:59 | 000,000,000 | ---D | C] -- C:\Programme\MarkAny
[2010.04.13 22:06:27 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010.04.13 19:33:44 | 000,000,000 | ---D | C] -- C:\Users\ev******is\Documents\Outlook Files
[2010.04.13 19:26:28 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Roaming\Samsung
[2010.04.13 19:25:20 | 000,353,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr71.dll
[2010.04.13 19:21:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\Samsung_USB_Drivers
[2010.04.13 17:20:04 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Roaming\skypePM
[2010.04.13 17:18:58 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Roaming\Skype
[2010.04.13 17:17:30 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2010.04.13 17:17:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010.04.13 17:14:48 | 000,000,000 | ---D | C] -- C:\Users\ev******is\Documents\DVDVideoSoft
[2010.04.13 17:14:39 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft
[2010.04.13 17:14:27 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DVDVideoSoft
[2010.04.13 17:09:51 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Local\VDownloader
[2010.04.13 16:37:21 | 000,000,000 | ---D | C] -- C:\Users\ev******is\Tracing
[2010.04.13 16:35:45 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2010.04.13 16:34:55 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft
[2010.04.13 16:34:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010.04.13 16:34:35 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live SkyDrive
[2010.04.13 16:34:13 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live
[2010.04.13 16:24:48 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Windows Live
[2010.04.12 17:35:22 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Roaming\Macromedia
[2010.04.12 17:35:22 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Roaming\Adobe
[2010.04.12 17:35:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010.04.12 17:30:32 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe
[2010.04.12 17:27:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010.04.12 17:24:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010.04.12 17:19:37 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Local\Adobe
[2010.04.12 16:44:40 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Roaming\vlc
[2010.04.12 00:27:28 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Local\G DATA
[2010.04.12 00:26:02 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Local\Diagnostics
[2010.04.12 00:20:44 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010.04.12 00:05:13 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Synchronization Services
[2010.04.12 00:05:11 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DESIGNER
[2010.04.12 00:04:44 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010.04.12 00:04:44 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET
[2010.04.12 00:04:44 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Sync Framework
[2010.04.12 00:04:44 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft SQL Server Compact Edition
[2010.04.12 00:03:34 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio 8
[2010.04.12 00:02:37 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Analysis Services
[2010.04.12 00:01:55 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Local\Microsoft Help
[2010.04.12 00:01:53 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office
[2010.04.12 00:01:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010.04.11 23:56:56 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Roaming\WinRAR
[2010.04.11 21:09:38 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Local\PokerStars.NET
[2010.04.11 20:46:30 | 000,055,624 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys
[2010.04.11 20:46:11 | 000,047,560 | ---- | C] (G DATA Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys
[2010.04.11 20:46:04 | 000,035,272 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\HookCentre.sys
[2010.04.11 20:45:25 | 000,028,616 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys
[2010.04.11 20:45:21 | 000,040,904 | ---- | C] (G DATA Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys
[2010.04.11 20:44:56 | 000,000,000 | ---D | C] -- C:\Programme\G Data
[2010.04.11 20:44:56 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\G DATA
[2010.04.11 20:44:56 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA
[2010.04.11 20:42:25 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010.04.11 20:42:22 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Local\Downloaded Installations
[2010.04.11 19:26:24 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Roaming\uTorrent
[2010.04.11 18:56:10 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010.04.11 18:39:22 | 000,181,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.04.11 18:38:17 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Local\Thunderbird
[2010.04.11 18:38:16 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Roaming\Thunderbird
[2010.04.11 18:37:01 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Roaming\Mozilla
[2010.04.11 18:37:01 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Local\Mozilla
[2010.04.11 18:36:49 | 000,000,000 | R--D | C] -- C:\Users\ev******is\Desktop\Programme
[2010.04.11 18:35:44 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010.04.11 18:35:44 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010.04.11 18:35:44 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2010.04.11 18:35:44 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010.04.11 18:33:43 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.04.11 18:33:43 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.04.11 18:33:43 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.04.11 18:33:38 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010.04.11 18:32:25 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2010.04.11 18:32:25 | 000,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2010.04.11 18:32:25 | 000,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2010.04.11 18:32:24 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.04.11 18:31:12 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010.04.11 18:31:11 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.04.11 18:31:11 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.04.11 18:31:11 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.04.11 18:31:10 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010.04.11 18:31:10 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010.04.11 18:31:10 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010.04.11 18:29:55 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.04.11 18:29:54 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010.04.11 18:29:54 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010.04.11 18:29:54 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010.04.11 18:29:54 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010.04.11 18:29:54 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010.04.11 18:29:53 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010.04.11 18:29:53 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010.04.11 18:29:53 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010.04.11 18:11:32 | 000,000,000 | R--D | C] -- C:\Users\ev******is\Searches
[2010.04.11 18:11:23 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Roaming\Identities
[2010.04.11 18:11:21 | 000,000,000 | R--D | C] -- C:\Users\ev******is\Contacts
[2010.04.11 18:11:13 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Local\VirtualStore
[2010.04.11 18:11:06 | 000,000,000 | -HSD | C] -- C:\Users\ev******is\Vorlagen
[2010.04.11 18:11:06 | 000,000,000 | -HSD | C] -- C:\Users\ev******is\AppData\Local\Verlauf
[2010.04.11 18:11:06 | 000,000,000 | -HSD | C] -- C:\Users\ev******is\AppData\Local\Temporary Internet Files
[2010.04.11 18:11:06 | 000,000,000 | -HSD | C] -- C:\Users\ev******is\Startmenü
[2010.04.11 18:11:06 | 000,000,000 | -HSD | C] -- C:\Users\ev******is\SendTo
[2010.04.11 18:11:06 | 000,000,000 | -HSD | C] -- C:\Users\ev******is\Recent
[2010.04.11 18:11:06 | 000,000,000 | -HSD | C] -- C:\Users\ev******is\Netzwerkumgebung
[2010.04.11 18:11:06 | 000,000,000 | -HSD | C] -- C:\Users\ev******is\Lokale Einstellungen
[2010.04.11 18:11:06 | 000,000,000 | -HSD | C] -- C:\Users\ev******is\Documents\Eigene Videos
[2010.04.11 18:11:06 | 000,000,000 | -HSD | C] -- C:\Users\ev******is\Documents\Eigene Musik
[2010.04.11 18:11:06 | 000,000,000 | -HSD | C] -- C:\Users\ev******is\Eigene Dateien
[2010.04.11 18:11:06 | 000,000,000 | -HSD | C] -- C:\Users\ev******is\Documents\Eigene Bilder
[2010.04.11 18:11:06 | 000,000,000 | -HSD | C] -- C:\Users\ev******is\Druckumgebung
[2010.04.11 18:11:06 | 000,000,000 | -HSD | C] -- C:\Users\ev******is\Cookies
[2010.04.11 18:11:06 | 000,000,000 | -HSD | C] -- C:\Users\ev******is\AppData\Local\Anwendungsdaten
[2010.04.11 18:11:06 | 000,000,000 | -HSD | C] -- C:\Users\ev******is\Anwendungsdaten
[2010.04.11 18:11:05 | 000,000,000 | --SD | C] -- C:\Users\ev******is\AppData\Roaming\Microsoft
[2010.04.11 18:11:05 | 000,000,000 | R--D | C] -- C:\Users\ev******is\Videos
[2010.04.11 18:11:05 | 000,000,000 | R--D | C] -- C:\Users\ev******is\Saved Games
[2010.04.11 18:11:05 | 000,000,000 | R--D | C] -- C:\Users\ev******is\Pictures
[2010.04.11 18:11:05 | 000,000,000 | R--D | C] -- C:\Users\ev******is\Music
[2010.04.11 18:11:05 | 000,000,000 | R--D | C] -- C:\Users\ev******is\Links
[2010.04.11 18:11:05 | 000,000,000 | R--D | C] -- C:\Users\ev******is\Favorites
[2010.04.11 18:11:05 | 000,000,000 | R--D | C] -- C:\Users\ev******is\Downloads
[2010.04.11 18:11:05 | 000,000,000 | R--D | C] -- C:\Users\ev******is\Documents
[2010.04.11 18:11:05 | 000,000,000 | R--D | C] -- C:\Users\ev******is\Desktop
[2010.04.11 18:11:05 | 000,000,000 | -H-D | C] -- C:\Users\ev******is\AppData
[2010.04.11 18:11:05 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Local\Temp
[2010.04.11 18:11:05 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Local\Microsoft
[2010.04.11 18:11:05 | 000,000,000 | ---D | C] -- C:\Users\ev******is\AppData\Roaming\Media Center Programs
[2010.04.11 18:06:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2010.04.11 18:06:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2010.04.11 18:06:54 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010.04.11 18:06:54 | 000,000,000 | -HSD | C] -- C:\Programme
[2010.04.11 18:06:54 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien
[2010.04.11 18:06:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2010.04.11 18:06:54 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2010.04.11 18:06:54 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2010.04.11 18:06:54 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2010.04.11 18:06:54 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2010.04.11 18:06:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2010.04.11 18:06:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2010.04.11 17:59:55 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010.04.11 17:57:08 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010.04.11 17:56:49 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2010.04.16 17:30:05 | 001,310,720 | -HS- | M] () -- C:\Users\ev******is\NTUSER.DAT
[2010.04.16 17:22:38 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\wlvb.sys
[2010.04.16 17:22:31 | 000,001,013 | ---- | M] () -- C:\Users\ev******is\AppData\Roaming\cglogs.dat
[2010.04.16 14:20:24 | 001,479,830 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.04.16 14:20:24 | 000,646,770 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.04.16 14:20:24 | 000,610,094 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.04.16 14:20:24 | 000,127,238 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.04.16 14:20:24 | 000,104,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.04.16 14:18:12 | 000,020,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.04.16 14:18:12 | 000,020,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.04.16 14:13:07 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.04.16 14:13:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.04.16 14:12:58 | 2213,056,512 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.16 13:59:57 | 003,476,790 | -H-- | M] () -- C:\Users\ev******is\AppData\Local\IconCache.db
[2010.04.16 13:43:25 | 000,001,564 | ---- | M] () -- C:\Users\ev******is\Documents\cc_20100416_134321.reg
[2010.04.16 13:43:04 | 000,093,144 | ---- | M] () -- C:\Users\ev******is\Documents\cc_20100416_134250.reg
[2010.04.16 02:42:37 | 000,081,920 | ---- | M] () -- C:\Users\ev******is\AppData\Roaming\ezpinst.exe
[2010.04.16 02:42:37 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\ev******is\AppData\Roaming\pcouffin.sys
[2010.04.16 02:42:37 | 000,007,176 | ---- | M] () -- C:\Users\ev******is\AppData\Roaming\pcouffin.cat
[2010.04.16 02:42:37 | 000,001,144 | ---- | M] () -- C:\Users\ev******is\AppData\Roaming\pcouffin.inf
[2010.04.16 02:22:00 | 000,035,389 | ---- | M] () -- C:\Users\ev******is\AppData\Roaming\SQLite3.dll
[2010.04.16 02:06:45 | 000,029,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml3a.dll
[2010.04.16 02:06:44 | 000,505,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp71.dll
[2010.04.16 02:06:44 | 000,353,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr71.dll
[2010.04.16 01:20:36 | 000,000,014 | ---- | M] () -- C:\Windows\System32\systeminfo3.dll
[2010.04.14 17:19:11 | 000,029,992 | ---- | M] (G Data Software) -- C:\Windows\System32\drivers\GRD.sys
[2010.04.14 17:01:19 | 000,000,251 | ---- | M] () -- C:\Windows\xUninstall.bat
[2010.04.13 19:35:47 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010.04.13 19:26:05 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt
[2010.04.13 17:20:04 | 000,000,048 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010.04.13 16:24:09 | 000,108,824 | ---- | M] () -- C:\Users\ev******is\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.04.12 14:59:01 | 000,406,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.04.12 00:03:01 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini
[2010.04.11 21:14:30 | 000,040,904 | ---- | M] (G DATA Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys
[2010.04.11 21:14:22 | 000,028,616 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys
[2010.04.11 20:46:30 | 000,055,624 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys
[2010.04.11 20:46:11 | 000,047,560 | ---- | M] (G DATA Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys
[2010.04.11 20:46:04 | 000,035,272 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\HookCentre.sys
[2010.04.11 18:27:02 | 000,000,355 | ---- | M] () -- C:\Users\ev******is\Desktop\Computer - Verknüpfung.lnk
[2010.04.11 18:14:08 | 000,524,288 | -HS- | M] () -- C:\Users\ev******is\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010.04.11 18:14:08 | 000,524,288 | -HS- | M] () -- C:\Users\ev******is\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010.04.11 18:14:08 | 000,065,536 | -HS- | M] () -- C:\Users\ev******is\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010.04.11 18:14:02 | 000,000,003 | ---- | M] () -- C:\Windows\7Loader.TAG
[2010.04.11 18:11:06 | 000,000,020 | -HS- | M] () -- C:\Users\ev******is\ntuser.ini
[2010.04.11 18:00:45 | 000,057,050 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010.04.11 17:59:30 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2010.03.31 15:45:40 | 000,222,568 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
[2010.03.29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.03.29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.03.26 09:39:50 | 000,110,592 | ---- | M] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.03.26 09:39:50 | 000,036,640 | ---- | M] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.03.25 13:08:52 | 000,123,648 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bmdm.sys
[2010.03.25 13:08:52 | 000,098,432 | ---- | M] (MCCI) -- C:\Windows\System32\drivers\ss_bbus.sys
[2010.03.25 13:08:52 | 000,014,848 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bmdfl.sys
[2010.03.25 13:08:52 | 000,012,416 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bcmnt.sys
[2010.03.25 13:08:52 | 000,012,416 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bcm.sys
[2010.03.25 13:08:52 | 000,012,288 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bwhnt.sys
[2010.03.25 13:08:52 | 000,012,288 | ---- | M] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bwh.sys

========== Files Created - No Company Name ==========

[2010.04.16 17:22:38 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\wlvb.sys
[2010.04.16 17:18:49 | 000,001,013 | ---- | C] () -- C:\Users\ev******is\AppData\Roaming\cglogs.dat
[2010.04.16 13:43:23 | 000,001,564 | ---- | C] () -- C:\Users\ev******is\Documents\cc_20100416_134321.reg
[2010.04.16 13:42:55 | 000,093,144 | ---- | C] () -- C:\Users\ev******is\Documents\cc_20100416_134250.reg
[2010.04.16 02:22:00 | 000,035,389 | ---- | C] () -- C:\Users\ev******is\AppData\Roaming\SQLite3.dll
[2010.04.16 01:20:36 | 000,000,014 | ---- | C] () -- C:\Windows\System32\systeminfo3.dll
[2010.04.16 01:20:32 | 000,000,033 | ---- | C] () -- C:\Users\ev******is\AppData\Roaming\pcouffin.log
[2010.04.16 01:19:54 | 000,081,920 | ---- | C] () -- C:\Users\ev******is\AppData\Roaming\ezpinst.exe
[2010.04.16 01:19:54 | 000,007,176 | ---- | C] () -- C:\Users\ev******is\AppData\Roaming\pcouffin.cat
[2010.04.16 01:19:54 | 000,001,144 | ---- | C] () -- C:\Users\ev******is\AppData\Roaming\pcouffin.inf
[2010.04.14 16:59:09 | 000,000,251 | ---- | C] () -- C:\Windows\xUninstall.bat
[2010.04.14 16:58:53 | 000,015,086 | ---- | C] () -- C:\Windows\System32\jmcr_xd.ico
[2010.04.14 16:58:53 | 000,015,086 | ---- | C] () -- C:\Windows\System32\jmcr_ms.ico
[2010.04.14 16:58:53 | 000,015,086 | ---- | C] () -- C:\Windows\System32\jmcr_mmc.ico
[2010.04.14 14:18:49 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.04.14 14:18:49 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.04.13 19:35:47 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010.04.13 19:26:05 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010.04.13 19:21:05 | 000,000,766 | ---- | C] () -- C:\Windows\System32\Uninstall.ico
[2010.04.13 19:21:03 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010.04.13 17:20:04 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.04.11 18:27:02 | 000,000,355 | ---- | C] () -- C:\Users\ev******is\Desktop\Computer - Verknüpfung.lnk
[2010.04.11 18:14:02 | 000,000,003 | ---- | C] () -- C:\Windows\7Loader.TAG
[2010.04.11 18:11:06 | 000,524,288 | -HS- | C] () -- C:\Users\ev******is\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010.04.11 18:11:06 | 000,524,288 | -HS- | C] () -- C:\Users\ev******is\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010.04.11 18:11:06 | 000,262,144 | -HS- | C] () -- C:\Users\ev******is\ntuser.dat.LOG1
[2010.04.11 18:11:06 | 000,065,536 | -HS- | C] () -- C:\Users\ev******is\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010.04.11 18:11:06 | 000,000,020 | -HS- | C] () -- C:\Users\ev******is\ntuser.ini
[2010.04.11 18:11:06 | 000,000,000 | -HS- | C] () -- C:\Users\ev******is\ntuser.dat.LOG2
[2010.04.11 18:11:05 | 001,310,720 | -HS- | C] () -- C:\Users\ev******is\NTUSER.DAT
[2010.04.11 17:59:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.04.11 17:56:49 | 2213,056,512 | -HS- | C] () -- C:\hiberfil.sys
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:76B61AF7
< End of report >

cosinus 17.04.2010 19:30
Starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
Code:
:OTL
O4 - HKLM..\Run: [eYvUrwsWmuzcTI] C:\Usersevmasalgis\AppData\Local\Temp\UbiRg.exe (xQxICU)
O4 - HKCU..\Run: [pUgR33R] C:\Users\evmasalgis\AppData\Local\Temp\UbiRg.exe (xQxICU)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
[2010.04.16 17:22:38 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\wlvb.sys
[2010.04.16 17:22:31 | 000,001,013 | ---- | M] () -- C:\Users\evmasalgis\AppData\Roaming\cglogs.dat
[2010.04.16 02:42:37 | 000,081,920 | ---- | M] () -- C:\Users\evmasalgis\AppData\Roaming\ezpinst.exe
:Commands
[resethosts]
[emptytemp]
Klick dann auf den Button Run Fixes!
Das Logfilemüsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte.

evma 17.04.2010 23:54
Hallo,
ich möchte mich als erstes für die hilfe bedanken! Musste/ habe meine FP gelöscht, auf der die Malware war und das programm,vondem ich ausgehe das es die probleme verursacht hat! Musste das machen, da ich soweit ich den PC angemacht hatte, automatisch zum internet verbunden wurde! Sicher ist sicher! http://www.trojaner-board.de/images/smilies/smile.gif
Nochmals danke"!Jetzt weiß ich wo ich mich bei evtl Problemen melden kann!!!
Danke!!!!
Schönen Sonntag!
evma


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:55 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131