Trojaner-Board
Seite 6 von 9 « Erste 45 6 78 Letzte »
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Google-Links führen zu Werbeseiten (https://www.trojaner-board.de/92830-google-links-fuehren-werbeseiten.html)

ABM12 02.12.2010 19:05
Ja, hat sich nichts verändert auch beim Router nicht.

Swisstreasure 04.12.2010 01:15
Also, wir kümmern uns ab jetzt nur um Dein System. Danach dann das andere.

Schritt 1

Bitte lasse die Dateien aus der Code-Box bei Virustotal überprüfen
Code:
c:\windows\system32\mspmsnsv.dll
c:\windows\system32\dllcache\mspmsnsv.dll
Also gehe wie hier beschrieben vor:
  • Öffne diese Webseite: virustotal
  • Klicke auf "Durchsuchen"
  • Suche die Datei auf deinem Rechner--> Doppelklick auf die zu prüfende Datei (oder kopiere den Inhalt ab aus der Codebox)
  • "Senden der Datei"
  • Warte, bis der Scandurchlauf aller Virenscanner beendet ist
  • Auf "Filter" klicken
  • dann auf "Ergebnisse"
  • das Ergebnis (wie Du es bekommst )
    komplett markieren und hier rein kopieren
Sollte die Datei als schädlich erkannt werden bitte noch nicht entfernen

Schritt 2

Mache einen erneuten Scan mit OTL.

Schritt 3

Downloade Dir bitte RKUnhookerLE
und speichere die Datei auf deinem Desktop.
  • Entpacke die .rar Datei auf deinem Desktop. ( Rechtsklick --> hier entpacken )
    Solltes du keine Zip Software auf deinem Rechner haben downloade dir bitte 7zip und installiere es.
  • Öffne den neuen Ordner und starte die RKU3.8.388.590.exe.
  • Wähle als Sprache English und installiere RKU im vorgegebenen Pfad.
  • Trenne Dich vom Internet ( Wlan nicht vergessen ), deaktiviere alle Hintergrundwächter. Besonders den deiner Anti Virensoftware.
  • Start --> Alle Programme und im Ordner Rootkit Unhooker LE die Datei RKU starten.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Klicke auf den Report Tab und danach auf Scan
  • Setze ein Häckchen bei
    • Drivers
    • Stealth Code
    • Files
    • Code Hooks
    Entferne alle anderen Hacken
  • Wenn Du gefragt wirst welcher Bereich gescannt werden soll, gehe sicher das deine Systemplatte ( meistens C: ) angehackt ist.
  • Klicke OK
  • Wenn der Scan beendet wurde
    File --> Save Report
    klicken.
  • Speichere die Datei als RKU.txt auf dem Desktop.
  • Klicke Close
Hinweis: Solltest Du folgende Warnung bekommen
Zitat:
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"
Klicke auf OK

ABM12 04.12.2010 14:35
File name: mspmsnsv.dll
Submission date: 2010-12-04 13:31:33 (UTC)
Current status: queued (#1) queued (#1) analysing finished


Result: 0/ 43 (0.0%)
VT Community

not reviewed
Safety score: -
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2010.12.05.00 2010.12.04 -
AntiVir 7.10.14.189 2010.12.03 -
Antiy-AVL 2.0.3.7 2010.12.04 -
Avast 4.8.1351.0 2010.12.04 -
Avast5 5.0.677.0 2010.12.04 -
AVG 9.0.0.851 2010.12.04 -
BitDefender 7.2 2010.12.04 -
CAT-QuickHeal 11.00 2010.12.04 -
ClamAV 0.96.4.0 2010.12.04 -
Command 5.2.11.5 2010.12.04 -
Comodo 6944 2010.12.04 -
DrWeb 5.0.2.03300 2010.12.04 -
Emsisoft 5.0.0.50 2010.12.04 -
eSafe 7.0.17.0 2010.12.02 -
eTrust-Vet 36.1.8017 2010.12.03 -
F-Prot 4.6.2.117 2010.12.03 -
F-Secure 9.0.16160.0 2010.12.04 -
Fortinet 4.2.254.0 2010.12.04 -
GData 21 2010.12.04 -
Ikarus T3.1.1.90.0 2010.12.04 -
Jiangmin 13.0.900 2010.12.04 -
K7AntiVirus 9.70.3146 2010.12.02 -
Kaspersky 7.0.0.125 2010.12.04 -
McAfee 5.400.0.1158 2010.12.04 -
McAfee-GW-Edition 2010.1C 2010.12.04 -
Microsoft 1.6402 2010.12.04 -
NOD32 5672 2010.12.03 -
Norman 6.06.10 2010.12.03 -
nProtect 2010-12-04.01 2010.12.04 -
Panda 10.0.2.7 2010.12.04 -
PCTools 7.0.3.5 2010.12.04 -
Prevx 3.0 2010.12.04 -
Rising 22.76.04.00 2010.12.04 -
Sophos 4.60.0 2010.12.04 -
SUPERAntiSpyware 4.40.0.1006 2010.12.04 -
Symantec 20101.2.0.161 2010.12.04 -
TheHacker 6.7.0.1.094 2010.12.01 -
TrendMicro 9.120.0.1004 2010.12.04 -
TrendMicro-HouseCall 9.120.0.1004 2010.12.04 -
VBA32 3.12.14.2 2010.12.03 -
VIPRE 7504 2010.12.04 -
ViRobot 2010.12.4.4185 2010.12.04 -
VirusBuster 13.6.73.0 2010.12.03 -
Additional informationShow all
MD5 : 5fdccc838cd95f61097d8a637f842aa8
SHA1 : e41dd703a496996bd4d84aeb9af8a82f1bab3255
SHA256: 9eb9e7befff061e1bababb13c6c9194e835e53f2d550f5c666f5a4b2fac2b6d5

ABM12 04.12.2010 14:42
Die zweite Datei existiert nicht (den Ordner "cllcache" gibt es nicht (auch nicht versteckt)).

Swisstreasure 04.12.2010 14:50
Zitat:
Zitat von ABM12 (Beitrag 595564)
Die zweite Datei existiert nicht (den Ordner "cllcache" gibt es nicht (auch nicht versteckt)).
Nicht cllcache sondern dllcache.

ABM12 04.12.2010 15:19
Ja, sorry habe mich vertippt. Den Ordner gibt es trotzdem nicht...

Soll ich trotzdem noch eine OTL-Scan machen?

Code:
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xBF0CA000 C:\WINDOWS\System32\ati3duag.dll 2666496 bytes (ATI Technologies Inc. , ati3duag.dll)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT-Kernel und -System)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Mehrbenutzer-Win32-Treiber)
0xA91A0000 C:\WINDOWS\system32\drivers\t3filt.sys 1806336 bytes (Creative, Creative WDM 3D Audio Driver)
0xB96EF000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 1585152 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xBF355000 C:\WINDOWS\System32\ativvaxx.dll 1134592 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xA937D000 C:\WINDOWS\system32\drivers\t3.sys 786432 bytes (Creative Technology Ltd., Creative High Definition Audio Driver)
0xB9E34000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA8321000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB954A000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA8454000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA5C1D000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 274432 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xA50FA000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBF055000 C:\WINDOWS\System32\ati2cqag.dll 258048 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xBF094000 C:\WINDOWS\System32\atikvmag.dll 221184 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xA597A000 C:\WINDOWS\system32\DRIVERS\ctoss2k.sys 204800 bytes (Creative Technology Ltd., Creative OS Services Driver (WDM))
0xB95A8000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F78000 ACPI.sys 192512 bytes (Microsoft Corporation, ACPI-Treiber für NT)
0xA59AC000 C:\WINDOWS\system32\drivers\ctusfsyn.sys 188416 bytes (Creative Technology Ltd., Creative SoundFont Synthesizer (32-bit))
0xA5E6C000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9E07000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA3FDD000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA83B9000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB96B3000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA842C000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xA5953000 C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys 159744 bytes (Creative Technology Ltd, SoundFont(R) Manager (WDM))
0xB9F22000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, E/A-Treiber für NT Datenträgerverwaltung)
0xA8406000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA9359000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB968F000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xA82FE000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 143360 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0xB966C000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA83E4000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9EEA000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F48000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT-Datenträgertreiber)
0xB9DED000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9F0A000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA82E6000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xB9EC1000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB95E9000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA5C75000 C:\WINDOWS\system32\drivers\PfModNT.sys 94208 bytes (Creative Technology Ltd., PCI/ISA Device Info. Service)
0xA6191000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
0xA5A28000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB9600000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Treiber für parallelen Anschluss)
0xB96DB000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA84AD000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xB9659000 C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 77824 bytes (Realtek Semiconductor Corporation                          , Realtek 10/100/1000 NDIS 5.1 Driver                        )
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9ED8000 sr.sys 73728 bytes (Microsoft Corporation, Dateisystemfilter-Treiber der Systemwiederherstellung)
0xB9F67000 pci.sys 69632 bytes (Microsoft Corporation, NT-Plug & Play PCI-Enumerator)
0xB95D8000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xBA2D8000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA318000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA128000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Treiber für serielle Geräte)
0xBA1F8000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA118000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook-Audiofiltertreiber)
0xA5CC4000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA208000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA0C8000 VolSnap.sys 57344 bytes (Microsoft Corporation, Volumeschattenkopie-Treiber)
0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA138000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042-Anschlusstreiber)
0xBA148000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA248000 C:\WINDOWS\system32\DRIVERS\IrBus.sys 49152 bytes (Microsoft Corporation, USB Consumer IR Driver for eHome)
0xBA168000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA238000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS-Verschlüsselungstreiber)
0xBA308000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA158000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA2F8000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 40960 bytes (Microsoft Corporation, Prozessorgerätetreiber)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP-ISA-Bustreiber)
0xBA1C8000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA188000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA258000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA178000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA218000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA3C8B000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xBA228000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA498000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA418000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA480000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA430000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 28672 bytes (Microsoft Corporation, Tastaturklassentreiber)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA420000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xBA428000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mausklassentreiber)
0xBA4A0000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xBA488000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA4B0000 C:\WINDOWS\system32\DRIVERS\hidir.sys 20480 bytes (Microsoft Corporation, Infrared Miniport Driver for Input Devices)
0xBA490000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA440000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA338000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xBA448000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xBA438000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA410000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xBA388000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xA5213000 C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16384 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xBA560000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID-Mausfiltertreiber)
0xB9DB9000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA617D000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA598000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB951D000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xBA564000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID-Mausfiltertreiber)
0xBA59C000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xBA540000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBFF50000 C:\WINDOWS\System32\TSDDD.dll 12288 bytes (Microsoft Corporation, Framebuffer Display Driver)
0xBA5E8000 C:\Programme\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xBA5E0000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA5FA000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xBA5DE000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA5E2000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA62A000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM-Paralleltreiber)
0xBA5E4000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5D2000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5DC000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA745000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA6D1000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA6FF000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Allgemeiner PCI IDE Bustreiber)
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
!-->[Hidden] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001002A.ci
!-->[Hidden] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001002A.dir
!-->[Hidden] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001002A.wid
!-->[Hidden] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001002A.wsb
!-->[Hidden] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0002.000
!-->[Hidden] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0002.001
!-->[Hidden] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiAD0002.002
!-->[Hidden] C:\Dokumente und Einstellungen\******\Lokale Einstellungen\Temporary Internet Files\Content.IE5\7R42N4A5\default;seg=AdvGL619;sz=300x250;ord=1291401504047;tile=3;um=9;us=11;eb_trk=158392;pr=22;xp=26;np=22;uz=34246;cg=49af2c1212c0a47a2f60aba0fff3de1c[1].htm1]
!-->[Hidden] C:\Qoobox\BackEnv\AppData.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Cache.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Cookies.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Desktop.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Favorites.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\History.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\LocalAppData.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\LocalSettings.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Music.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\NetHood.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Personal.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Pictures.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\PrintHood.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Profiles.Folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Programs.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Recent.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\SendTo.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\SetPath.bat
!-->[Hidden] C:\Qoobox\BackEnv\StartMenu.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\StartUp.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\SysPath.dat
!-->[Hidden] C:\Qoobox\BackEnv\Templates.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\VikPev00
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0002D524, Type: Inline - RelativeJump 0x80504524-->805044E6 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D57C, Type: Inline - RelativeJump 0x8050457C-->8050453E [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D608, Type: Inline - RelativeJump 0x80504608-->805045CA [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D668, Type: Inline - RelativeJump 0x80504668-->8050462A [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D680, Type: Inline - RelativeJump 0x80504680-->80504642 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D784, Type: Inline - RelativeJump 0x80504784-->80504746 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D7B2, Type: Inline - RelativeJump 0x805047B2-->80504772 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D85C, Type: Inline - RelativeJump 0x8050485C-->8050481E [ntkrnlpa.exe]
ntkrnlpa.exe+0x0006ECBE, Type: Inline - RelativeJump 0x80545CBE-->80545CC5 [ntkrnlpa.exe]
[160]searchindexer.exe-->kernel32.dll-->WriteFile, Type: Inline - RelativeJump 0x7C810E27-->00000000 [mssrch.dll]
[160]searchindexer.exe-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C810E2C [unknown_code_page]
[160]searchindexer.exe-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C810E2D [unknown_code_page]
[252]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [shimeng.dll]
[252]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [aclayers.dll]
[252]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [aclayers.dll]
[252]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [aclayers.dll]
[252]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [shimeng.dll]
[252]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [aclayers.dll]
[252]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [aclayers.dll]
[252]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [aclayers.dll]
[252]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040106C-->00000000 [shimeng.dll]
[252]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401098-->00000000 [aclayers.dll]
[252]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004010E8-->00000000 [aclayers.dll]
[252]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x004010C0-->00000000 [aclayers.dll]
[252]iexplore.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x719B1178-->00000000 [shimeng.dll]
[252]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x719B1184-->00000000 [aclayers.dll]
[252]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x719B11A0-->00000000 [aclayers.dll]
[252]iexplore.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [shimeng.dll]
[252]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [aclayers.dll]
[252]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [aclayers.dll]
[252]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [aclayers.dll]
[252]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [aclayers.dll]
[252]iexplore.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump 0x7E37B3C6-->00000000 [ieframe.dll]
[252]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x7E37D0A3-->00000000 [ieframe.dll]
[252]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E3A6D7D-->00000000 [ieframe.dll]
[252]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E382072-->00000000 [ieframe.dll]
[252]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E38B144-->00000000 [ieframe.dll]
[252]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E3747AB-->00000000 [ieframe.dll]
[252]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [shimeng.dll]
[252]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [aclayers.dll]
[252]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [aclayers.dll]
[252]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [aclayers.dll]
[252]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E3A085C-->00000000 [ieframe.dll]
[252]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E3A0838-->00000000 [ieframe.dll]
[252]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E38A082-->00000000 [ieframe.dll]
[252]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E3B64D5-->00000000 [ieframe.dll]
[252]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E37820F-->00000000 [ieframe.dll]
[252]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E37D5F3-->00000000 [ieframe.dll]
[252]iexplore.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x408B14B0-->00000000 [shimeng.dll]
[252]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x408B14B4-->00000000 [aclayers.dll]
[252]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x408B1450-->00000000 [aclayers.dll]
[252]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x408B1350-->00000000 [aclayers.dll]
[252]iexplore.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->00000000 [shimeng.dll]
[252]iexplore.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A110A8-->00000000 [aclayers.dll]
[2784]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [shimeng.dll]
[2784]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [aclayers.dll]
[2784]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [aclayers.dll]
[2784]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [aclayers.dll]
[2784]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [shimeng.dll]
[2784]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [aclayers.dll]
[2784]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [aclayers.dll]
[2784]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [aclayers.dll]
[2784]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040106C-->00000000 [shimeng.dll]
[2784]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401098-->00000000 [aclayers.dll]
[2784]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004010E8-->00000000 [aclayers.dll]
[2784]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x004010C0-->00000000 [aclayers.dll]
[2784]iexplore.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x719B1178-->00000000 [shimeng.dll]
[2784]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x719B1184-->00000000 [aclayers.dll]
[2784]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x719B11A0-->00000000 [aclayers.dll]
[2784]iexplore.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [shimeng.dll]
[2784]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [aclayers.dll]
[2784]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [aclayers.dll]
[2784]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [aclayers.dll]
[2784]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [aclayers.dll]
[2784]iexplore.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump 0x7E37B3C6-->00000000 [ieframe.dll]
[2784]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x7E37D0A3-->00000000 [ieframe.dll]
[2784]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E3A6D7D-->00000000 [ieframe.dll]
[2784]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E382072-->00000000 [ieframe.dll]
[2784]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E38B144-->00000000 [ieframe.dll]
[2784]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E3747AB-->00000000 [ieframe.dll]
[2784]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [shimeng.dll]
[2784]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [aclayers.dll]
[2784]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [aclayers.dll]
[2784]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [aclayers.dll]
[2784]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E3A085C-->00000000 [ieframe.dll]
[2784]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E3A0838-->00000000 [ieframe.dll]
[2784]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E38A082-->00000000 [ieframe.dll]
[2784]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E3B64D5-->00000000 [ieframe.dll]
[2784]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E37820F-->00000000 [ieframe.dll]
[2784]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E37D5F3-->00000000 [ieframe.dll]
[2784]iexplore.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x408B14B0-->00000000 [shimeng.dll]
[2784]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x408B14B4-->00000000 [aclayers.dll]
[2784]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x408B1450-->00000000 [aclayers.dll]
[2784]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x408B1350-->00000000 [aclayers.dll]
[2784]iexplore.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->00000000 [shimeng.dll]
[2784]iexplore.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A110A8-->00000000 [aclayers.dll]
[3228]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [shimeng.dll]
[3228]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [aclayers.dll]
[3228]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [aclayers.dll]
[3228]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [aclayers.dll]
[3228]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [shimeng.dll]
[3228]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [aclayers.dll]
[3228]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [aclayers.dll]
[3228]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [aclayers.dll]
[3228]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040106C-->00000000 [shimeng.dll]
[3228]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401098-->00000000 [aclayers.dll]
[3228]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004010E8-->00000000 [aclayers.dll]
[3228]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x004010C0-->00000000 [aclayers.dll]
[3228]iexplore.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x719B1178-->00000000 [shimeng.dll]
[3228]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x719B1184-->00000000 [aclayers.dll]
[3228]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x719B11A0-->00000000 [aclayers.dll]
[3228]iexplore.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [shimeng.dll]
[3228]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [aclayers.dll]
[3228]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [aclayers.dll]
[3228]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [aclayers.dll]
[3228]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [aclayers.dll]
[3228]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x7E37D0A3-->00000000 [ieframe.dll]
[3228]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E3A6D7D-->00000000 [ieframe.dll]
[3228]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E382072-->00000000 [ieframe.dll]
[3228]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E38B144-->00000000 [ieframe.dll]
[3228]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E3747AB-->00000000 [ieframe.dll]
[3228]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [shimeng.dll]
[3228]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [aclayers.dll]
[3228]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [aclayers.dll]
[3228]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [aclayers.dll]
[3228]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E3A085C-->00000000 [ieframe.dll]
[3228]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E3A0838-->00000000 [ieframe.dll]
[3228]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E38A082-->00000000 [ieframe.dll]
[3228]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E3B64D5-->00000000 [ieframe.dll]
[3228]iexplore.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x408B14B0-->00000000 [shimeng.dll]
[3228]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x408B14B4-->00000000 [aclayers.dll]
[3228]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x408B1450-->00000000 [aclayers.dll]
[3228]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x408B1350-->00000000 [aclayers.dll]
[3228]iexplore.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->00000000 [shimeng.dll]
[3228]iexplore.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A110A8-->00000000 [aclayers.dll]
[3288]OUTLOOK.EXE-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - RelativeJump 0x7C84495D-->00000000 [MSO.DLL]
[3392]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [shimeng.dll]
[3392]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->00000000 [aclayers.dll]
[3392]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->00000000 [aclayers.dll]
[3392]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->00000000 [aclayers.dll]
[3392]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [shimeng.dll]
[3392]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->00000000 [aclayers.dll]
[3392]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->00000000 [aclayers.dll]
[3392]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->00000000 [aclayers.dll]
[3392]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040106C-->00000000 [shimeng.dll]
[3392]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401098-->00000000 [aclayers.dll]
[3392]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004010E8-->00000000 [aclayers.dll]
[3392]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x004010C0-->00000000 [aclayers.dll]
[3392]iexplore.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x719B1178-->00000000 [shimeng.dll]
[3392]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x719B1184-->00000000 [aclayers.dll]
[3392]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x719B11A0-->00000000 [aclayers.dll]
[3392]iexplore.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [shimeng.dll]
[3392]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->00000000 [aclayers.dll]
[3392]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->00000000 [aclayers.dll]
[3392]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->00000000 [aclayers.dll]
[3392]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->00000000 [aclayers.dll]
[3392]iexplore.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump 0x7E37B3C6-->00000000 [ieframe.dll]
[3392]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x7E37D0A3-->00000000 [ieframe.dll]
[3392]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E3A6D7D-->00000000 [ieframe.dll]
[3392]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E382072-->00000000 [ieframe.dll]
[3392]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E38B144-->00000000 [ieframe.dll]
[3392]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E3747AB-->00000000 [ieframe.dll]
[3392]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [shimeng.dll]
[3392]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->00000000 [aclayers.dll]
[3392]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->00000000 [aclayers.dll]
[3392]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->00000000 [aclayers.dll]
[3392]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E3A085C-->00000000 [ieframe.dll]
[3392]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E3A0838-->00000000 [ieframe.dll]
[3392]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E38A082-->00000000 [ieframe.dll]
[3392]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E3B64D5-->00000000 [ieframe.dll]
[3392]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E37820F-->00000000 [ieframe.dll]
[3392]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E37D5F3-->00000000 [ieframe.dll]
[3392]iexplore.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x408B14B0-->00000000 [shimeng.dll]
[3392]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x408B14B4-->00000000 [aclayers.dll]
[3392]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x408B1450-->00000000 [aclayers.dll]
[3392]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x408B1350-->00000000 [aclayers.dll]
[3392]iexplore.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->00000000 [shimeng.dll]
[3392]iexplore.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A110A8-->00000000 [aclayers.dll]
[3908]WINWORD.EXE-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - RelativeJump 0x7C84495D-->00000000 [MSO.DLL]
[404]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [shimeng.dll]
[404]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [shimeng.dll]
[404]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[404]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [shimeng.dll]
[404]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [shimeng.dll]
[404]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x408B14B0-->00000000 [shimeng.dll]
[404]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->00000000 [shimeng.dll]
[612]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->00000000 [shimeng.dll]
[612]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->00000000 [shimeng.dll]
[612]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[612]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->00000000 [shimeng.dll]
[612]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [shimeng.dll]
[612]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x408B14B0-->00000000 [shimeng.dll]
[612]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->00000000 [shimeng.dll]

Swisstreasure 05.12.2010 02:34
Schritt 1

Bitte lasse die Dateien aus der Code-Box bei Virustotal überprüfen
Code:
C:\WINDOWS\system32\searchindexer.exe
C:\WINDOWS\system32\shell32.dll
C:\WINDOWS\system32\wininet.dll
C:\WINDOWS\system32\advapi32.dll
Also gehe wie hier beschrieben vor:
  • Öffne diese Webseite: virustotal
  • Klicke auf "Durchsuchen"
  • Suche die Datei auf deinem Rechner--> Doppelklick auf die zu prüfende Datei (oder kopiere den Inhalt ab aus der Codebox)
  • "Senden der Datei"
  • Warte, bis der Scandurchlauf aller Virenscanner beendet ist
  • Auf "Filter" klicken
  • dann auf "Ergebnisse"
  • das Ergebnis (wie Du es bekommst )
    komplett markieren und hier rein kopieren
Sollte die Datei als schädlich erkannt werden bitte noch nicht entfernen

Schritt 2

Den neuen OTL Scan hast Du noch vergessen :)

ABM12 05.12.2010 10:46
searchindexer.exe

Code:
File name: searchindexer.exe
Submission date: 2010-12-05 09:43:51 (UTC)
Current status: queued queued analysing finished


Result: 1/ 43 (2.3%)
 VT Community

goodware
 Safety score: 75.0% 
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2010.12.05.00 2010.12.04 -
AntiVir 7.10.14.189 2010.12.03 -
Antiy-AVL 2.0.3.7 2010.12.05 -
Avast 4.8.1351.0 2010.12.04 -
Avast5 5.0.677.0 2010.12.04 -
AVG 9.0.0.851 2010.12.04 -
BitDefender 7.2 2010.12.05 -
CAT-QuickHeal 11.00 2010.12.04 -
ClamAV 0.96.4.0 2010.12.05 -
Command 5.2.11.5 2010.12.04 -
Comodo 6952 2010.12.05 -
DrWeb 5.0.2.03300 2010.12.05 -
Emsisoft 5.0.0.50 2010.12.05 -
eSafe 7.0.17.0 2010.12.02 -
eTrust-Vet 36.1.8018 2010.12.05 -
F-Prot 4.6.2.117 2010.12.04 -
F-Secure 9.0.16160.0 2010.12.05 -
Fortinet 4.2.254.0 2010.12.04 -
GData 21 2010.12.05 -
Ikarus T3.1.1.90.0 2010.12.05 -
Jiangmin 13.0.900 2010.12.05 -
K7AntiVirus 9.70.3162 2010.12.04 -
Kaspersky 7.0.0.125 2010.12.05 -
McAfee 5.400.0.1158 2010.12.05 -
McAfee-GW-Edition 2010.1C 2010.12.05 Heuristic.LooksLike.Heuristic.BehavesLike.Win32.Downloader.I
Microsoft 1.6402 2010.12.05 -
NOD32 5674 2010.12.04 -
Norman 6.06.10 2010.12.04 -
nProtect 2010-12-05.01 2010.12.05 -
Panda 10.0.2.7 2010.12.05 -
PCTools 7.0.3.5 2010.12.05 -
Prevx 3.0 2010.12.05 -
Rising 22.76.05.00 2010.12.05 -
Sophos 4.60.0 2010.12.05 -
SUPERAntiSpyware 4.40.0.1006 2010.12.05 -
Symantec 20101.2.0.161 2010.12.05 -
TheHacker 6.7.0.1.094 2010.12.01 -
TrendMicro 9.120.0.1004 2010.12.05 -
TrendMicro-HouseCall 9.120.0.1004 2010.12.05 -
VBA32 3.12.14.2 2010.12.03 -
VIPRE 7516 2010.12.05 -
ViRobot 2010.12.4.4185 2010.12.04 -
VirusBuster 13.6.74.0 2010.12.04 -
Additional informationShow all 
MD5  : 7778bdfa3f6f6fba0e75b9594098f737
SHA1  : ed3a478772bddf65d413479f61812d981fefb655
SHA256: 50992333a9d31cf69c13573c24455422791199bd7c63c3fc7c3f0e4cc1bc6fa4

ABM12 05.12.2010 11:01
shell32.dll ergibt keinen Fund.

wininet.dll ergibt ebenfalls keinen Fund.

advapi32.dll auch ohne Fund.

Swisstreasure 05.12.2010 12:48
Noch Schritt 2

ABM12 05.12.2010 12:58
ja natürlich, stand ja mehrfach da :-P

OTL Logfile:
Code:
OTL logfile created on: 05.12.2010 12:53:09 - Run 3
OTL by OldTimer - Version 3.2.17.3    Folder = C:\Dokumente und Einstellungen\Admin\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 72,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232,88 Gb Total Space | 189,13 Gb Free Space | 81,22% Space Free | Partition Type: NTFS
 
Computer Name: KINDERZIMMER | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
PRC - C:\Programme\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe (Creative Technology Ltd)
PRC - C:\Programme\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Creative Audio Engine Licensing Service) -- C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Combo-Fix\catchme.sys File not found
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (t3) -- C:\WINDOWS\system32\drivers\t3.sys (Creative Technology Ltd.)
DRV - (CTUSFSYN) -- C:\WINDOWS\system32\drivers\ctusfsyn.sys (Creative Technology Ltd.)
DRV - (t3filt) -- C:\WINDOWS\system32\drivers\t3filt.sys (Creative)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\Pfmodnt.sys (Creative Technology Ltd.)
DRV - (IrBus) -- C:\WINDOWS\system32\drivers\irbus.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                          )
DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.net/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
O1 HOSTS File: ([2010.11.15 22:22:05 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICCC] C:\Programme\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Programme\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTAPR2] C:\Programme\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [SPIRun] C:\WINDOWS\System32\SPIRun.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.68.118 213.109.77.60
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.11.11 22:29:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.04 14:43:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Desktop\RkU3.8.388.590
[2010.12.04 14:43:01 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2010.12.01 22:33:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.12.01 22:33:15 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe
[2010.11.26 16:29:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010.11.25 22:00:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Online Solutions
[2010.11.25 21:59:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Desktop\Data
[2010.11.25 21:55:08 | 002,437,632 | ---- | C] (Codejock Software) -- C:\Dokumente und Einstellungen\Admin\Desktop\ToolkitPro1211vc80U.dll
[2010.11.25 21:55:08 | 001,392,640 | ---- | C] (Online Solutions) -- C:\Dokumente und Einstellungen\Admin\Desktop\osam_gui.dll
[2010.11.25 21:55:08 | 001,093,632 | ---- | C] (Online Solutions) -- C:\Dokumente und Einstellungen\Admin\Desktop\osam_srv.dll
[2010.11.25 21:55:08 | 000,372,736 | ---- | C] (Online Solutions) -- C:\Dokumente und Einstellungen\Admin\Desktop\osam.exe
[2010.11.25 21:54:47 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR
[2010.11.25 19:46:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\WinRAR
[2010.11.19 18:26:56 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.11.19 18:22:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Apple Computer
[2010.11.19 18:20:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.11.16 19:15:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Windows Search
[2010.11.16 17:52:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010.11.16 17:51:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun
[2010.11.16 17:51:57 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2010.11.16 17:51:32 | 000,000,000 | ---D | C] -- C:\Programme\Java
[2010.11.16 17:35:26 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.11.15 22:50:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Sun
[2010.11.15 22:26:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.11.15 22:07:36 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.11.15 21:52:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2010.11.15 21:52:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\setupupd
[2010.11.15 19:44:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.11.15 19:44:04 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.11.15 19:44:04 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.11.15 19:44:04 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.11.15 19:43:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.11.15 19:42:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.11.15 12:45:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Malwarebytes
[2010.11.15 12:45:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.11.15 12:20:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Adobe
[2010.11.14 20:48:00 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010.11.14 20:47:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Identities
[2010.11.14 20:47:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Windows Desktop Search
[2010.11.14 20:43:38 | 000,000,000 | ---D | C] -- C:\Programme\Windows Desktop Search
[2010.11.14 20:43:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010.11.14 13:26:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010.11.14 13:21:42 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Works
[2010.11.14 13:21:33 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio
[2010.11.14 13:21:33 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\DESIGNER
[2010.11.14 13:21:20 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET
[2010.11.14 13:19:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Microsoft Help
[2010.11.14 13:19:21 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office
[2010.11.14 13:19:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help
[2010.11.14 13:18:43 | 000,000,000 | R--D | C] -- C:\MSOCache
[2010.11.14 11:27:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010.11.14 11:14:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010.11.14 11:14:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de
[2010.11.14 11:14:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010.11.14 11:10:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010.11.14 11:06:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010.11.12 20:22:06 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Creative Labs Shared
[2010.11.12 19:22:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Apple Computer
[2010.11.12 19:17:45 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010.11.12 19:17:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.11.12 19:14:21 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010.11.12 19:14:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
[2010.11.12 19:13:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Apple
[2010.11.12 19:12:47 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update
[2010.11.12 19:12:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010.11.12 19:10:22 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010.11.12 19:09:38 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Apple
[2010.11.12 19:09:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple
[2010.11.12 19:02:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Apple Computer
[2010.11.12 18:36:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe
[2010.11.12 18:36:18 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Adobe
[2010.11.12 18:36:18 | 000,000,000 | ---D | C] -- C:\Programme\Adobe
[2010.11.12 18:28:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2010.11.12 18:27:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Adobe
[2010.11.12 18:25:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Creative
[2010.11.12 18:11:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010.11.12 18:08:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Creative
[2010.11.12 18:08:04 | 000,809,496 | ---- | C] (Creative Labs Inc.) -- C:\WINDOWS\OALInst.exe
[2010.11.12 18:08:02 | 001,803,136 | ---- | C] (Creative) -- C:\WINDOWS\System32\drivers\t3filt.sys
[2010.11.12 18:07:41 | 000,444,952 | ---- | C] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2010.11.12 18:06:07 | 000,000,000 | ---D | C] -- C:\Programme\Creative
[2010.11.12 17:59:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010.11.12 17:59:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Avira
[2010.11.12 17:55:32 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010.11.12 17:55:31 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010.11.12 17:55:31 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010.11.12 17:55:31 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010.11.12 17:55:31 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010.11.12 17:55:30 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2010.11.12 17:55:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2010.11.12 17:53:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia
[2010.11.12 17:53:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Adobe
[2010.11.12 17:19:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\ATI
[2010.11.12 17:19:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\ATI
[2010.11.12 17:18:17 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\ATI Technologies
[2010.11.12 17:15:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2010.11.12 17:00:40 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Admin\IECompatCache
[2010.11.12 16:59:51 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Admin\PrivacIE
[2010.11.12 16:59:30 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Admin\IETldCache
[2010.11.12 16:57:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010.11.12 16:57:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010.11.12 16:56:21 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010.11.12 16:56:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010.11.11 23:38:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2010.11.11 23:38:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010.11.11 23:34:44 | 000,000,000 | ---D | C] -- C:\Programme\ATI Technologies
[2010.11.11 23:34:41 | 000,000,000 | ---D | C] -- C:\Programme\ATI
[2010.11.11 23:34:07 | 000,000,000 | ---D | C] -- C:\ATI
[2010.11.11 23:04:07 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010.11.11 23:00:25 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2010.11.11 23:00:25 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2010.11.11 23:00:25 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2010.11.11 23:00:25 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2010.11.11 23:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2010.11.11 22:52:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010.11.11 22:52:13 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Admin\UserData
[2010.11.11 22:41:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\OPTIONS
[2010.11.11 22:38:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010.11.11 22:38:19 | 000,000,000 | -H-D | C] -- C:\Programme\InstallShield Installation Information
[2010.11.11 22:38:16 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\InstallShield
[2010.11.11 22:37:20 | 000,000,000 | ---D | C] -- C:\Programme\MSXML 4.0
[2010.11.11 22:37:03 | 000,000,000 | ---D | C] -- C:\TempEI4
[2010.11.11 22:36:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\ApplicationHistory
[2010.11.11 22:35:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Identities
[2010.11.11 22:35:42 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Eigene Musik
[2010.11.11 22:35:42 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien
[2010.11.11 22:35:42 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Eigene Bilder
[2010.11.11 22:35:40 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Microsoft
[2010.11.11 22:35:40 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Admin\SendTo
[2010.11.11 22:35:40 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Admin\Recent
[2010.11.11 22:35:40 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten
[2010.11.11 22:35:40 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Admin\Favoriten
[2010.11.11 22:35:40 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Admin\Cookies
[2010.11.11 22:35:40 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Admin\Netzwerkumgebung
[2010.11.11 22:35:40 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen
[2010.11.11 22:35:40 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Admin\Druckumgebung
[2010.11.11 22:35:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2010.11.11 22:35:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Desktop
[2010.11.11 22:35:39 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Admin\Startmenü
[2010.11.11 22:35:39 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Admin\Vorlagen
[2010.11.11 22:33:55 | 000,000,000 | -H-D | C] -- C:\Programme\Uninstall Information
[2010.11.11 22:32:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\TV-Aufzeichnungen
[2010.11.11 22:32:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010.11.11 22:32:45 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2010.11.11 22:32:44 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Microsoft
[2010.11.11 22:32:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2010.11.11 22:32:33 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Microsoft
[2010.11.11 22:32:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2010.11.11 22:31:04 | 000,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010.11.11 22:31:04 | 000,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010.11.11 22:29:52 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010.11.11 22:29:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010.11.11 22:29:26 | 000,000,000 | ---D | C] -- C:\Programme\xerox
[2010.11.11 22:29:26 | 000,000,000 | ---D | C] -- C:\Programme\microsoft frontpage
[2010.11.11 22:28:00 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\All Users\DRM
[2010.11.11 22:27:52 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2010.11.11 22:27:52 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2010.11.11 22:27:42 | 000,000,000 | -H-D | C] -- C:\Programme\WindowsUpdate
[2010.11.11 22:27:38 | 000,000,000 | ---D | C] -- C:\Programme\Online-Dienste
[2010.11.11 22:27:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2010.11.11 22:26:42 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Dienste
[2010.11.11 22:26:39 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2010.11.11 22:26:38 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\MSSoap
[2010.11.11 22:26:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2010.11.11 22:26:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2010.11.11 22:26:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2010.11.11 22:26:01 | 000,000,000 | ---D | C] -- C:\Programme\NetMeeting
[2010.11.11 22:25:57 | 000,000,000 | ---D | C] -- C:\Programme\Outlook Express
[2010.11.11 22:25:50 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\System
[2010.11.11 22:25:44 | 000,000,000 | ---D | C] -- C:\Programme\Internet Explorer
[2010.11.11 22:24:20 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Musik
[2010.11.11 22:23:43 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010.11.11 22:23:10 | 000,000,000 | ---D | C] -- C:\Programme\ComPlus Applications
[2010.11.11 22:23:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2010.11.11 22:22:57 | 000,000,000 | ---D | C] -- C:\Programme\Online Services
[2010.11.11 22:22:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010.11.11 22:22:32 | 000,000,000 | ---D | C] -- C:\Programme\Windows Media Player
[2010.11.11 22:22:03 | 000,000,000 | ---D | C] -- C:\Programme\Windows Plus
[2010.11.11 22:21:42 | 000,000,000 | ---D | C] -- C:\Programme\Movie Maker
[2010.11.11 22:20:20 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Bilder
[2010.11.11 22:19:18 | 000,000,000 | ---D | C] -- C:\Programme\Messenger
[2010.11.11 22:19:14 | 000,000,000 | ---D | C] -- C:\Programme\MSN Gaming Zone
[2010.11.11 22:18:31 | 000,000,000 | ---D | C] -- C:\Programme\MSN
[2010.11.11 22:18:29 | 000,000,000 | ---D | C] -- C:\Programme\Windows NT
[2010.11.11 22:18:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2010.11.11 22:18:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2010.11.11 22:18:08 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Videos
[2010.11.11 22:10:35 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2010.11.11 22:10:34 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\ODBC
[2010.11.11 22:10:30 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\SpeechEngines
[2010.11.11 22:10:29 | 000,000,000 | R--D | C] -- C:\Programme
[2010.11.11 22:10:29 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared
[2010.11.11 22:10:29 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien
[2010.11.11 22:10:04 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü
[2010.11.11 22:10:04 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente
[2010.11.11 22:10:04 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Vorlagen
[2010.11.11 22:10:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Favoriten
[2010.11.11 22:10:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Desktop
[2010.11.11 22:09:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010.11.11 22:09:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2010.11.11 22:09:46 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft
[2010.11.11 22:09:46 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten
[2010.11.11 22:09:14 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010.11.11 22:09:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.05 10:32:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.12.05 10:32:19 | 2145,964,032 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.04 14:43:34 | 000,629,057 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\RkU3.8.388.590.rar
[2010.12.04 14:42:53 | 001,110,476 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\7z920.exe
[2010.11.25 21:54:50 | 004,272,474 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\osam_autorun_manager_5_0_portable.rar
[2010.11.22 22:11:55 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010.11.22 21:55:36 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.11.22 16:40:54 | 000,089,088 | ---- | M] () -- C:\WINDOWS\System32\mbr.exe
[2010.11.19 18:28:22 | 000,001,522 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2010.11.19 18:24:25 | 000,000,584 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010.11.19 18:24:25 | 000,000,584 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010.11.16 20:44:03 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.11.15 22:22:05 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.11.15 22:07:41 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2010.11.15 22:01:54 | 000,000,325 | ---- | M] () -- C:\Boot.bak
[2010.11.15 14:05:46 | 000,147,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.11.15 12:19:44 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.11.15 12:16:43 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010.11.14 20:43:47 | 000,001,755 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Windows Search.lnk
[2010.11.14 20:43:44 | 000,419,630 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.11.14 20:43:44 | 000,074,522 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.11.14 16:10:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe
[2010.11.14 13:22:39 | 000,383,424 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.11.14 13:22:39 | 000,053,778 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.11.14 11:10:24 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2010.11.12 20:22:49 | 000,000,917 | RH-- | M] () -- C:\WINDOWS\ctfile.rfc
[2010.11.12 20:21:13 | 000,444,952 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2010.11.12 19:13:11 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.11.12 16:56:11 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2010.11.11 22:56:39 | 000,003,584 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.11 22:36:29 | 000,000,138 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010.11.11 22:32:36 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010.11.11 22:31:35 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010.11.11 22:29:09 | 000,002,951 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010.11.11 22:29:09 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010.11.11 22:29:09 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010.11.11 22:29:09 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010.11.11 22:29:09 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010.11.11 22:29:03 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010.11.11 22:29:03 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010.11.11 22:28:54 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010.11.11 22:23:18 | 000,021,740 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010.11.08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
 
========== Files Created - No Company Name ==========
 
[2010.12.04 14:43:19 | 000,629,057 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\RkU3.8.388.590.rar
[2010.12.04 14:42:12 | 001,110,476 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\7z920.exe
[2010.11.25 21:54:49 | 004,272,474 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\osam_autorun_manager_5_0_portable.rar
[2010.11.22 16:41:50 | 000,000,694 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\mbr.log
[2010.11.22 16:40:53 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\mbr.exe
[2010.11.19 18:28:22 | 000,001,522 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2010.11.16 20:44:03 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.11.15 21:53:18 | 000,000,325 | ---- | C] () -- C:\Boot.bak
[2010.11.15 21:53:15 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2010.11.15 19:44:04 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.11.15 19:44:04 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.11.15 19:44:04 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.11.15 19:44:04 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.11.15 19:44:04 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.11.14 20:43:47 | 000,001,755 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Windows Search.lnk
[2010.11.14 11:58:49 | 2145,964,032 | -HS- | C] () -- C:\hiberfil.sys
[2010.11.12 20:20:58 | 000,000,534 | ---- | C] () -- C:\WINDOWS\SB1042.reg
[2010.11.12 20:20:58 | 000,000,534 | ---- | C] () -- C:\WINDOWS\SB1040.reg
[2010.11.12 19:13:10 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.11.12 18:09:46 | 000,007,062 | ---- | C] () -- C:\WINDOWS\System32\audiopid.vxd
[2010.11.12 18:09:12 | 000,004,626 | ---- | C] () -- C:\WINDOWS\System32\AudioDrv.ini
[2010.11.12 18:09:01 | 000,000,584 | ---- | C] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010.11.12 18:09:01 | 000,000,584 | ---- | C] () -- C:\WINDOWS\System32\settings.sfm
[2010.11.12 18:08:59 | 000,033,080 | ---- | C] () -- C:\WINDOWS\System32\t3.ini
[2010.11.12 18:08:59 | 000,000,049 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2010.11.12 18:08:49 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\default4.sfm
[2010.11.12 18:08:04 | 000,008,535 | ---- | C] () -- C:\WINDOWS\sfsyn.ini
[2010.11.12 18:08:04 | 000,001,046 | ---- | C] () -- C:\WINDOWS\SB0820.reg
[2010.11.12 18:08:04 | 000,000,938 | ---- | C] () -- C:\WINDOWS\SB0710.reg
[2010.11.12 18:08:03 | 000,145,920 | ---- | C] () -- C:\WINDOWS\System32\OemSpi.dll
[2010.11.12 18:08:03 | 000,118,850 | ---- | C] () -- C:\WINDOWS\System32\CTPcie.dll
[2010.11.12 18:08:01 | 000,000,917 | RH-- | C] () -- C:\WINDOWS\ctfile.rfc
[2010.11.12 18:07:53 | 007,572,224 | ---- | C] () -- C:\WINDOWS\System32\CT8MGM.SF2
[2010.11.12 18:07:51 | 004,174,814 | ---- | C] () -- C:\WINDOWS\System32\ct4mgm.sf2
[2010.11.12 18:07:50 | 002,167,684 | ---- | C] () -- C:\WINDOWS\System32\CT2MGM.SF2
[2010.11.12 18:07:45 | 000,105,472 | ---- | C] () -- C:\WINDOWS\System32\APOMngr.dll
[2010.11.12 18:07:45 | 000,067,072 | ---- | C] () -- C:\WINDOWS\System32\CmdRtr.dll
[2010.11.12 18:04:23 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010.11.12 18:04:17 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010.11.12 18:03:56 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010.11.12 17:13:45 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010.11.12 17:13:36 | 000,006,005 | R--- | C] () -- C:\WINDOWS\System32\atifglpf.xml
[2010.11.12 17:13:35 | 000,121,995 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010.11.12 17:13:33 | 001,114,674 | R--- | C] () -- C:\WINDOWS\System32\drivers\ativcaxx.cpa
[2010.11.12 17:13:33 | 000,000,929 | R--- | C] () -- C:\WINDOWS\System32\drivers\ativcaxx.vp
[2010.11.12 17:13:32 | 000,058,560 | R--- | C] () -- C:\WINDOWS\System32\drivers\ativckxx.vp
[2010.11.12 17:13:32 | 000,027,504 | R--- | C] () -- C:\WINDOWS\System32\drivers\ativvpxx.vp
[2010.11.12 16:56:12 | 000,013,646 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2010.11.11 23:08:14 | 000,000,325 | RHS- | C] () -- C:\boot.ini
[2010.11.11 23:08:10 | 000,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2010.11.11 22:56:38 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.11 22:36:29 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010.11.11 22:32:36 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2010.11.11 22:31:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.11.11 22:30:58 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010.11.11 22:30:44 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010.11.11 22:30:35 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010.11.11 22:30:34 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010.11.11 22:30:32 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010.11.11 22:30:17 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010.11.11 22:30:09 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010.11.11 22:29:55 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010.11.11 22:29:09 | 000,002,951 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2010.11.11 22:29:09 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010.11.11 22:29:09 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010.11.11 22:29:09 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2010.11.11 22:29:09 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2010.11.11 22:29:03 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010.11.11 22:29:03 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010.11.11 22:29:02 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2010.11.11 22:27:28 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2010.11.11 22:26:53 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2010.11.11 22:26:53 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2010.11.11 22:26:45 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2010.11.11 22:23:18 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010.11.11 22:22:02 | 000,011,729 | ---- | C] () -- C:\WINDOWS\System32\mypixdx.chm
[2010.11.11 22:20:11 | 010,604,352 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ehcir.ird
[2010.11.11 22:19:00 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Präriewind.bmp
[2010.11.11 22:19:00 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe-Stuck.bmp
[2010.11.11 22:19:00 | 000,026,680 | ---- | C] () -- C:\WINDOWS\Fächer.bmp
[2010.11.11 22:19:00 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Granit.bmp
[2010.11.11 22:19:00 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2010.11.11 22:19:00 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Angler.bmp
[2010.11.11 22:19:00 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotek.bmp
[2010.11.11 22:18:59 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Seifenblase.bmp
[2010.11.11 22:18:59 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Kaffeetasse.bmp
[2010.11.11 22:18:59 | 000,016,730 | ---- | C] () -- C:\WINDOWS\Feder.bmp
[2010.11.11 22:18:59 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blaue Spitzen 16.bmp
[2010.11.11 22:18:56 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2010.11.11 22:18:56 | 000,001,237 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2010.11.11 22:18:55 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2010.11.11 22:18:49 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2010.11.11 22:10:37 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010.11.11 22:10:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.11.11 22:10:32 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2010.11.11 22:10:31 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2010.11.11 22:10:31 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2010.11.11 22:10:30 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2010.11.11 22:10:13 | 000,001,806 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010.11.11 22:10:04 | 000,077,881 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plus.cat
[2010.11.11 22:10:04 | 000,017,916 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sonic.cat
[2010.11.11 22:10:04 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010.11.11 22:10:03 | 000,817,199 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010.11.11 22:10:03 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010.11.11 22:10:03 | 000,106,147 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2010.11.11 22:10:03 | 000,041,270 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010.11.11 22:10:03 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010.11.11 22:10:03 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010.11.11 22:10:03 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2010.11.11 22:09:14 | 000,147,608 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.05.26 22:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008.05.26 22:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008.05.26 22:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
 
========== LOP Check ==========
 
[2010.11.25 22:03:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Online Solutions
[2010.11.14 20:47:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Windows Desktop Search
[2010.11.16 19:15:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Windows Search
[2010.11.12 19:20:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

Swisstreasure 05.12.2010 21:20
Update Malwarebytes und scanne erneut. Danach führe einmal die hier aufgeführten Punkte HostXpert und Eigenschaften von InternetProtokoll korrigieren durch.

ABM12 06.12.2010 13:14
Code:
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Datenbank Version: 5254

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

06.12.2010 13:13:08
mbam-log-2010-12-06 (13-13-08).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 140474
Laufzeit: 3 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Swisstreasure 07.12.2010 17:43
Schritt 1
  • Dowloade Dir bitte TDSS Killer.zip und speichere es am Desktop.
  • Extrahiere den Inhalt der Datei auf deinem Desktop.
    Gehe sicher das die TDSSKiller.exe am Desktop ist. Nicht in einem Ordner.
    • Schließe alle laufenden Programme.
    • Trenne dich von Internet.
    • Deaktiviere deine AntiViren Software.
  • Starte TDSSkiller.exe mit Doppelklick.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Drücke auf Start scan.
  • Sollte die Meldung "Hidden service detected" schreiben keinesfalls irgendetwas hinein..Drücke nur ENTER !!!
  • Wenn das Tool fertig ist, poppt ein Fenster mit den Funden auf.
    Dieses bitte einfach schließen.
  • Nun auf Report klicken.
  • Bitte poste mir den Inhalt hier in deinen Thread.
    (auch zu finden unter C:\TDSSKiller<time_date>.txt)

Schritt 2
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Lade ComboFix von einem der unten aufgeführten Links herunter. (WICHTIG: LADE ES NEU!)Du musst diese umbenennen, bevor Du es auf den Desktop speicherst. Speichere ComboFix auf deinen Desktop.**NB: Es ist wichtig, das ComboFix.exe auf dem Desktop gespeichert wird**

http://i266.photobucket.com/albums/i...ownload_FF.gif

http://i94.photobucket.com/albums/l8...x-Download.png
  • Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
  • Doppel-klicke auf ComboFix.exe und folge den Aufforderungen.
    • Wenn ComboFix fertig ist, wird es ein Log für dich erstellen.
    • Bitte poste mir den Inhalt von C:\ComboFix.txt hier in de Thread.

ABM12 07.12.2010 18:23
Code:
2010/12/07 18:20:26.0593        TDSS rootkit removing tool 2.4.10.1 Dec  2 2010 12:28:01
2010/12/07 18:20:26.0593        ================================================================================
2010/12/07 18:20:26.0593        SystemInfo:
2010/12/07 18:20:26.0593       
2010/12/07 18:20:26.0593        OS Version: 5.1.2600 ServicePack: 3.0
2010/12/07 18:20:26.0593        Product type: Workstation
2010/12/07 18:20:26.0593        ComputerName: KINDERZIMMER
2010/12/07 18:20:26.0593        UserName: Admin
2010/12/07 18:20:26.0593        Windows directory: C:\WINDOWS
2010/12/07 18:20:26.0593        System windows directory: C:\WINDOWS
2010/12/07 18:20:26.0593        Processor architecture: Intel x86
2010/12/07 18:20:26.0593        Number of processors: 2
2010/12/07 18:20:26.0593        Page size: 0x1000
2010/12/07 18:20:26.0593        Boot type: Normal boot
2010/12/07 18:20:26.0593        ================================================================================
2010/12/07 18:20:26.0796        Initialize success
2010/12/07 18:20:57.0187        ================================================================================
2010/12/07 18:20:57.0187        Scan started
2010/12/07 18:20:57.0187        Mode: Manual;
2010/12/07 18:20:57.0187        ================================================================================
2010/12/07 18:20:58.0531        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/07 18:20:58.0562        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/07 18:20:58.0625        aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/07 18:20:58.0671        AFD            (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/07 18:20:58.0906        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/07 18:20:58.0921        atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/07 18:20:59.0031        ati2mtag        (221f0a33229cce7bf2f7640d3bb8845d) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/12/07 18:20:59.0078        Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/07 18:20:59.0125        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/07 18:20:59.0203        avgio          (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
2010/12/07 18:20:59.0234        avgntflt        (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2010/12/07 18:20:59.0250        avipbb          (f8c56231ed5ecf7d1b46b0330880ccef) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2010/12/07 18:20:59.0312        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/07 18:20:59.0375        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/07 18:20:59.0437        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/07 18:20:59.0468        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/07 18:20:59.0500        Cdrom          (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/07 18:20:59.0625        ctsfm2k        (fcbb8ea6fe935d2c531d3a4dee9f985b) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
2010/12/07 18:20:59.0687        CTUSFSYN        (665f71dc4c78359390b7dc6ced092066) C:\WINDOWS\system32\drivers\ctusfsyn.sys
2010/12/07 18:20:59.0765        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/07 18:20:59.0828        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/07 18:20:59.0875        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/07 18:20:59.0906        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/07 18:20:59.0937        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/07 18:20:59.0984        drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/07 18:21:00.0046        Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/07 18:21:00.0093        Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/12/07 18:21:00.0109        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/07 18:21:00.0140        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/12/07 18:21:00.0156        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/07 18:21:00.0187        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/07 18:21:00.0234        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/07 18:21:00.0250        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/12/07 18:21:00.0312        Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/07 18:21:00.0328        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/12/07 18:21:00.0359        HidIr          (bb1a6fb7d35a91e599973fa74a619056) C:\WINDOWS\system32\DRIVERS\hidir.sys
2010/12/07 18:21:00.0437        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/07 18:21:00.0500        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/07 18:21:00.0531        Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/07 18:21:00.0593        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/07 18:21:00.0625        Ip6Fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/07 18:21:00.0671        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/07 18:21:00.0718        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/07 18:21:00.0765        IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/07 18:21:00.0781        IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/07 18:21:00.0812        IrBus          (b43b36b382aea10861f7c7a37f9d4ae2) C:\WINDOWS\system32\DRIVERS\IrBus.sys
2010/12/07 18:21:00.0859        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/07 18:21:00.0875        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/07 18:21:00.0906        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/07 18:21:00.0921        kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/07 18:21:00.0953        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/07 18:21:00.0984        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/07 18:21:01.0078        MHNDRV          (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2010/12/07 18:21:01.0093        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/07 18:21:01.0125        Modem          (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/07 18:21:01.0140        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/07 18:21:01.0203        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/07 18:21:01.0218        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/07 18:21:01.0265        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/07 18:21:01.0343        MRxSmb          (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/07 18:21:01.0375        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/07 18:21:01.0406        MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/07 18:21:01.0453        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/07 18:21:01.0468        MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/07 18:21:01.0500        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/07 18:21:01.0515        Mup            (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/07 18:21:01.0546        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/07 18:21:01.0578        NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/07 18:21:01.0609        Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/07 18:21:01.0625        NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/07 18:21:01.0640        NDProxy        (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/07 18:21:01.0687        NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/07 18:21:01.0734        NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/07 18:21:01.0796        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/07 18:21:01.0843        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/07 18:21:01.0875        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/07 18:21:01.0921        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/07 18:21:01.0937        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/07 18:21:01.0984        ossrv          (3649eefa90990249267dd6c7808cbc86) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
2010/12/07 18:21:02.0046        Parport        (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/07 18:21:02.0062        PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/07 18:21:02.0093        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/07 18:21:02.0109        PCI            (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/07 18:21:02.0156        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/07 18:21:02.0203        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/07 18:21:02.0359        PfModNT        (d9ed17ac15720096a9f92ff4ea587b09) C:\WINDOWS\system32\drivers\PfModNT.sys
2010/12/07 18:21:02.0406        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/07 18:21:02.0437        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/07 18:21:02.0453        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/07 18:21:02.0484        PxHelp20        (40f2031bd9148d3194353ea7dec97a07) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/12/07 18:21:02.0593        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/07 18:21:02.0625        Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/07 18:21:02.0656        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/07 18:21:02.0671        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/07 18:21:02.0703        Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/07 18:21:02.0734        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/07 18:21:02.0765        rdpdr          (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/07 18:21:02.0812        RDPWD          (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/07 18:21:02.0843        redbook        (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/07 18:21:02.0890        RTL8023xp      (760647db46457673f21b0c0b1ec78d02) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2010/12/07 18:21:02.0937        rtl8139        (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2010/12/07 18:21:02.0968        rtl8185        (1ec5340442a5b5f7065c563ac1d8c625) C:\WINDOWS\system32\DRIVERS\rtl8185.sys
2010/12/07 18:21:03.0015        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/07 18:21:03.0046        serenum        (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/07 18:21:03.0078        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/07 18:21:03.0109        Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/07 18:21:03.0171        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/07 18:21:03.0218        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/07 18:21:03.0281        Srv            (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/07 18:21:03.0328        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2010/12/07 18:21:03.0343        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/07 18:21:03.0390        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/07 18:21:03.0500        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/07 18:21:03.0578        t3              (3cc59343b63e210df8bc589442719c5e) C:\WINDOWS\system32\drivers\t3.sys
2010/12/07 18:21:03.0656        t3filt          (d0591e1226c3ca2c982060df5bde3200) C:\WINDOWS\system32\drivers\t3filt.sys
2010/12/07 18:21:03.0765        Tcpip          (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/07 18:21:03.0812        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/07 18:21:03.0843        TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/07 18:21:03.0890        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/07 18:21:03.0953        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/07 18:21:04.0031        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/07 18:21:04.0109        USBAAPL        (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/12/07 18:21:04.0140        usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/07 18:21:04.0171        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/07 18:21:04.0203        usbohci        (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/12/07 18:21:04.0234        usbscan        (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/07 18:21:04.0265        USBSTOR        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/07 18:21:04.0296        VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/07 18:21:04.0359        VolSnap        (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/07 18:21:04.0406        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/07 18:21:04.0468        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/07 18:21:04.0687        ================================================================================
2010/12/07 18:21:04.0687        Scan finished
2010/12/07 18:21:04.0687        ================================================================================


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:55 Uhr.
Seite 6 von 9 « Erste 45 6 78 Letzte »
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55