Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Allgemeine Fragen... (https://www.trojaner-board.de/97094-allgemeine-fragen.html)

gpa123 03.04.2011 16:40
Allgemeine Fragen...
 
Liste der Anhänge anzeigen (Anzahl: 1)
Hallo,

was das Thema PC angeht bin ich nicht so geschult und habe einige Fragen bezüglich mir unbekannten Sachen.

Da wäre z.B. 1. das beim Start meines Computers immer 2 Fenster auftauchen, Fehler und Windows-Sicherheit. (siehe Anhang)...wie bekomme ich das weg?

2. Bei verschiedenen Programmen ist es so, wenn ich sie minimiere, werden sie nicht wie normalerweise in der Taskleiste abgelegt sondern verschwinden regelrecht. Laufen aber trotzdem noch!...Warum passiert sowas?

3. Taskmanager --> Prozesse Kmymia.exe...was ist das?

cosinus 03.04.2011 17:32
Du hast wahrscheinlich "Gäste" im System. Auf dem Screenshot sieht man Malwarebytes, poste alle Logs davon, die im Reiter Logdateien sichtbar sind.

gpa123 03.04.2011 17:43
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6255

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

03.04.2011 16:58:40
mbam-log-2011-04-03 (16-58-40).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 163152
Laufzeit: 6 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runAPI45 (Backdoor.Agent) -> Value: runAPI45 -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Windows\System32\winrssrvh.dll (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\Users\Gpa\AppData\Roaming\data.dat (Stolen.Data) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

cosinus 03.04.2011 17:50
Zitat:
Art des Suchlaufs: Quick-Scan

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

gpa123 03.04.2011 19:21
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6256

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

03.04.2011 20:19:45
mbam-log-2011-04-03 (20-19-38).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 382966
Laufzeit: 1 Stunde(n), 23 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> No action taken.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> No action taken.
c:\Windows.old\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> No action taken.

cosinus 03.04.2011 19:40
Warum entfernst du die Funde nicht?

gpa123 03.04.2011 19:46
Ja hab ich, nur erst gerade eben ^_^

cosinus 03.04.2011 19:54
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

gpa123 03.04.2011 20:11
OTL Logfile:
Code:
OTL logfile created on: 4/3/2011 8:56:57 PM - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Gpa\Downloads
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.38 Gb Total Space | 21.99 Gb Free Space | 29.57% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 152.79 Gb Free Space | 65.61% Space Free | Partition Type: NTFS
 
Computer Name: HORST | User Name: Gpa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Gpa\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\Kmymia.exe ()
PRC - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Gpa\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (e1kexpress) Intel(R) -- C:\Windows\System32\drivers\e1k6032.sys (Intel Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
 
FF - user.js..browser.search.selectedEngine: "Google"
FF - user.js..browser.search.order.1: "Google"
FF - user.js..browser.search.defaultenginename: "Google"
FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/03/28 21:30:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/03/28 21:30:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/28 21:36:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/03 17:42:32 | 000,000,000 | ---D | M]
 
[2011/03/29 22:15:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gpa\AppData\Roaming\mozilla\Extensions
[2011/03/28 21:47:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011/03/28 21:43:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/03/28 21:40:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2011/03/28 21:47:35 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2011/03/28 21:43:31 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/03/28 21:40:50 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/03/28 21:47:36 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF
[2011/03/18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2011/01/25 11:55:14 | 000,644,096 | ---- | M] (Synatix GmbH) -- C:\Programme\Mozilla Firefox\Plugins\npmieze.dll
[2010/01/01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2010/01/01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011/04/03 17:42:32 | 000,000,140 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\Google.src
[2010/01/01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/01/01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/01/01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Gpa\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Gpa\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [IKXGVMFZHI]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube Download - C:\Users\Gpa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Gpa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - Unable to obtain root file information for disk E:\
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/04/03 17:51:04 | 000,000,000 | ---D | C] -- C:\Users\Gpa\AppData\Local\{295F13A8-D99B-480E-A9C5-C21F05C0784E}
[2011/04/03 17:46:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2011/04/03 17:42:26 | 000,000,000 | ---D | C] -- C:\Users\Gpa\AppData\Roaming\Gutscheinmieze
[2011/04/03 16:48:00 | 000,000,000 | ---D | C] -- C:\Users\Gpa\AppData\Roaming\Malwarebytes
[2011/04/03 16:47:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/04/03 16:47:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/03 16:47:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/03 16:47:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/04/03 16:47:49 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011/04/03 16:30:24 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2011/04/03 16:30:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2011/04/03 11:55:43 | 000,000,000 | ---D | C] -- C:\Users\Gpa\AppData\Roaming\Xfire
[2011/04/03 11:55:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xfire
[2011/04/03 11:55:40 | 000,000,000 | ---D | C] -- C:\Users\Gpa\Xfire
[2011/04/03 11:55:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Xfire
[2011/04/03 01:08:44 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/04/03 00:20:05 | 000,000,000 | ---D | C] -- C:\Users\Gpa\AppData\Roaming\Avira
[2011/04/03 00:05:23 | 000,000,000 | ---D | C] -- C:\Users\Gpa\AppData\Local\gctmp
[2011/04/03 00:05:22 | 000,000,000 | ---D | C] -- C:\Users\Gpa\AppData\Local\Xenocode
[2011/04/02 23:28:16 | 000,000,000 | ---D | C] -- C:\ProgramData\NFS Underground
[2011/04/02 22:30:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2011/04/02 11:36:38 | 000,000,000 | ---D | C] -- C:\Users\Gpa\Documents\ICQ
[2011/03/31 23:25:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2011/03/31 23:25:15 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Blizzard Entertainment
[2011/03/31 23:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2011/03/31 23:18:15 | 000,000,000 | ---D | C] -- C:\Users\Gpa\AppData\Roaming\WinRAR
[2011/03/31 23:17:49 | 000,000,000 | ---D | C] -- C:\plugins
[2011/03/31 20:18:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/03/31 18:25:03 | 000,000,000 | ---D | C] -- C:\Windows\de
[2011/03/31 18:16:16 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft SQL Server Compact Edition
[2011/03/31 18:15:10 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/03/31 18:14:07 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live
[2011/03/31 18:10:49 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2011/03/31 18:10:49 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2011/03/31 18:06:36 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Windows Live
[2011/03/30 15:52:32 | 000,000,000 | ---D | C] -- C:\Users\Gpa\AppData\Local\Adobe
[2011/03/29 22:15:16 | 000,000,000 | ---D | C] -- C:\Users\Gpa\AppData\Roaming\Mozilla
[2011/03/29 22:15:16 | 000,000,000 | ---D | C] -- C:\Users\Gpa\AppData\Local\Mozilla
[2011/03/29 19:05:42 | 000,000,000 | ---D | C] -- C:\Programme\Pidgin
[2011/03/29 16:40:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2011/03/29 16:39:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8
[2011/03/29 16:39:04 | 000,000,000 | ---D | C] -- C:\Programme\Google
[2011/03/29 14:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/03/29 14:03:53 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR
[2011/03/29 05:07:36 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011/03/29 04:50:11 | 000,000,000 | ---D | C] -- C:\Windows.old
[2011/03/29 04:12:30 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/03/29 04:10:04 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011/03/28 22:15:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
[2011/03/28 22:04:56 | 000,000,000 | ---D | C] -- C:\Users\Gpa\AppData\Roaming\.minecraft
[2011/03/28 21:53:45 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll
[2011/03/28 21:53:45 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll
[2011/03/28 21:53:45 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll
[2011/03/28 21:53:45 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll
[2011/03/28 21:53:45 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll
[2011/03/28 21:53:45 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll
[2011/03/28 21:53:45 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll
[2011/03/28 21:53:44 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
[2011/03/28 21:53:44 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2011/03/28 21:53:44 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2011/03/28 21:53:43 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2011/03/28 21:53:43 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2011/03/28 21:53:42 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2011/03/28 21:53:42 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2011/03/28 21:53:42 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2011/03/28 21:53:42 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2011/03/28 21:53:41 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2011/03/28 21:53:41 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2011/03/28 21:53:41 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2011/03/28 21:53:41 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2011/03/28 21:53:41 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2011/03/28 21:53:41 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2011/03/28 21:53:40 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2011/03/28 21:53:40 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2011/03/28 21:53:39 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2011/03/28 21:53:39 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2011/03/28 21:53:39 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2011/03/28 21:53:38 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2011/03/28 21:53:38 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2011/03/28 21:53:38 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2011/03/28 21:53:37 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2011/03/28 21:53:37 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2011/03/28 21:53:37 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2011/03/28 21:53:36 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2011/03/28 21:53:36 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2011/03/28 21:53:36 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2011/03/28 21:53:36 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2011/03/28 21:53:36 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2011/03/28 21:53:36 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2011/03/28 21:53:36 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2011/03/28 21:53:35 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2011/03/28 21:53:35 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2011/03/28 21:53:35 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2011/03/28 21:53:35 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2011/03/28 21:53:35 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2011/03/28 21:53:35 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2011/03/28 21:53:34 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2011/03/28 21:53:33 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2011/03/28 21:53:33 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2011/03/28 21:53:33 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2011/03/28 21:53:33 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2011/03/28 21:53:33 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2011/03/28 21:53:33 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2011/03/28 21:53:33 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2011/03/28 21:53:32 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2011/03/28 21:53:32 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2011/03/28 21:53:31 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2011/03/28 21:53:31 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2011/03/28 21:53:31 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2011/03/28 21:53:31 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2011/03/28 21:53:31 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2011/03/28 21:53:31 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2011/03/28 21:53:31 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2011/03/28 21:53:31 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2011/03/28 21:53:31 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2011/03/28 21:53:30 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2011/03/28 21:53:30 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2011/03/28 21:53:30 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2011/03/28 21:53:30 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2011/03/28 21:53:29 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2011/03/28 21:53:29 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2011/03/28 21:53:28 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2011/03/28 21:53:28 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2011/03/28 21:53:28 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2011/03/28 21:53:28 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2011/03/28 21:53:28 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2011/03/28 21:53:27 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2011/03/28 21:53:27 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2011/03/28 21:53:26 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2011/03/28 21:53:26 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2011/03/28 21:53:25 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2011/03/28 21:53:18 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2011/03/28 21:53:18 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2011/03/28 21:53:18 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2011/03/28 21:53:17 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2011/03/28 21:53:17 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2011/03/28 21:53:17 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2011/03/28 21:53:17 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2011/03/28 21:53:16 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2011/03/28 21:53:16 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2011/03/28 21:51:22 | 000,034,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lhacm.acm
[2011/03/28 21:51:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Teamspeak2 RC2
[2011/03/28 21:51:19 | 000,000,000 | ---D | C] -- C:\Programme\Teamspeak2_RC2
[2011/03/28 21:50:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2011/03/28 21:50:17 | 000,000,000 | ---D | C] -- C:\Programme\TeamSpeak 3 Client
[2011/03/28 21:49:17 | 000,231,248 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys
[2011/03/28 21:49:08 | 000,000,000 | ---D | C] -- C:\Programme\TrueCrypt
[2011/03/28 21:48:22 | 000,000,000 | ---D | C] -- C:\Programme\TeamViewer
[2011/03/28 21:47:35 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Spigot
[2011/03/28 21:47:35 | 000,000,000 | ---D | C] -- C:\Programme\pdfforge Toolbar
[2011/03/28 21:47:35 | 000,000,000 | ---D | C] -- C:\Programme\Application Updater
[2011/03/28 21:47:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2011/03/28 21:47:12 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX
[2011/03/28 21:47:10 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCDE.DLL
[2011/03/28 21:47:10 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6DE.DLL
[2011/03/28 21:47:10 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCC2DE.DLL
[2011/03/28 21:47:10 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL
[2011/03/28 21:47:10 | 000,000,000 | ---D | C] -- C:\Programme\PDFCreator
[2011/03/28 21:45:59 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2011/03/28 21:44:09 | 000,000,000 | ---D | C] -- C:\Programme\OpenOffice.org 3
[2011/03/28 21:43:31 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/03/28 21:43:31 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/03/28 21:43:31 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/03/28 21:41:37 | 000,000,000 | ---D | C] -- C:\Programme\Miranda IM
[2011/03/28 21:41:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/03/28 21:41:05 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2011/03/28 21:40:49 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/03/28 21:40:38 | 000,000,000 | ---D | C] -- C:\Programme\Java
[2011/03/28 21:38:29 | 000,000,000 | ---D | C] -- C:\Users\Gpa\AppData\Roaming\Apple Computer
[2011/03/28 21:38:29 | 000,000,000 | ---D | C] -- C:\Users\Gpa\AppData\Local\Apple Computer
[2011/03/28 21:38:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/03/28 21:38:05 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2011/03/28 21:38:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/03/28 21:37:36 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011/03/28 21:37:35 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2011/03/28 21:37:35 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/03/28 21:36:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/03/28 21:36:21 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2011/03/28 21:36:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/03/28 21:36:14 | 000,000,000 | ---D | C] -- C:\Users\Gpa\AppData\Local\Apple
[2011/03/28 21:36:13 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update
[2011/03/28 21:35:56 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2011/03/28 21:35:51 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Apple
[2011/03/28 21:35:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/03/28 21:34:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.4
[2011/03/28 21:34:42 | 000,000,000 | ---D | C] -- C:\Programme\ICQ6Toolbar
[2011/03/28 21:34:42 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ
[2011/03/28 21:34:41 | 000,000,000 | -H-D | C] -- C:\Programme\InstallShield Installation Information
[2011/03/28 21:34:31 | 000,000,000 | ---D | C] -- C:\Users\Gpa\AppData\Roaming\ICQ
[2011/03/28 21:34:27 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.4
[2011/03/28 21:33:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP
[2011/03/28 21:33:17 | 000,000,000 | ---D | C] -- C:\Programme\GIMP-2.0
[2011/03/28 21:32:17 | 000,000,000 | ---D | C] -- C:\Users\Gpa\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/03/28 21:32:17 | 000,000,000 | ---D | C] -- C:\Users\Gpa\Documents\DVDVideoSoft
[2011/03/28 21:32:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2011/03/28 21:32:11 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft
[2011/03/28 21:32:11 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DVDVideoSoft
[2011/03/28 21:31:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2011/03/28 21:31:05 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2011/03/28 21:31:01 | 000,000,000 | ---D | C] -- C:\Users\Gpa\AppData\Local\DDMSettings
[2011/03/28 21:29:47 | 000,000,000 | ---D | C] -- C:\Users\Gpa\AppData\Roaming\DivX
[2011/03/28 21:29:38 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PX Storage Engine
[2011/03/28 21:29:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2011/03/28 21:29:16 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DivX Shared
[2011/03/28 21:27:15 | 000,000,000 | ---D | C] -- C:\Programme\DivX
[2011/03/28 21:26:30 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011/03/28 21:26:05 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2011/03/28 21:23:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/03/28 21:23:08 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011/03/28 21:23:07 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/03/28 21:23:07 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/03/28 21:23:07 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2011/03/28 21:23:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/03/28 21:16:29 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe
[2011/03/28 21:16:29 | 000,000,000 | ---D | C] -- C:\Programme\Adobe
[2011/03/28 21:15:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011/03/28 21:07:30 | 000,000,000 | ---D | C] -- C:\Windows\de-DE
[2011/03/28 21:07:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\XPSViewer
[2011/03/28 21:07:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\de-DE
[2011/03/28 21:07:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\de
[2011/03/28 21:07:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\0407
[2011/03/28 21:02:19 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\volsnap.sys.mui
[2011/03/28 21:02:19 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\usbport.sys.mui
[2011/03/28 21:02:19 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\vhdmp.sys.mui
[2011/03/28 21:02:19 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\portcls.sys.mui
[2011/03/28 21:02:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\wd.sys.mui
[2011/03/28 21:02:18 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\usbhub.sys.mui
[2011/03/28 21:02:18 | 000,004,096 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\System32\drivers\de-DE\pscr.sys.mui
[2011/03/28 21:02:18 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\tpm.sys.mui
[2011/03/28 21:02:18 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\umbus.sys.mui
[2011/03/28 21:02:18 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\serscan.sys.mui
[2011/03/28 21:02:14 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\pcmcia.sys.mui
[2011/03/28 21:02:14 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\vwifibus.sys.mui
[2011/03/28 21:02:13 | 000,033,280 | ---- | C] (Marvell) -- C:\Windows\System32\drivers\de-DE\yk62x86.sys.mui
[2011/03/28 21:02:13 | 000,013,312 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\de-DE\k57nd60x.sys.mui
[2011/03/28 21:02:13 | 000,003,072 | ---- | C] (VIA Technologies, Inc.              ) -- C:\Windows\System32\drivers\de-DE\getn62.sys.mui
[2011/03/28 21:02:13 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\rndismpx.sys.mui
[2011/03/28 21:02:13 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\rndismp6.sys.mui
[2011/03/28 21:02:12 | 000,025,088 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\de-DE\e1y6032.sys.mui
[2011/03/28 21:02:12 | 000,025,088 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\de-DE\e1e6032.sys.mui
[2011/03/28 21:02:12 | 000,022,016 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\de-DE\E1G60I32.sys.mui
[2011/03/28 21:02:12 | 000,013,312 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\de-DE\e1q6032.sys.mui
[2011/03/28 21:02:12 | 000,013,312 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\de-DE\e1k6032.sys.mui
[2011/03/28 21:02:12 | 000,013,312 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\de-DE\b57nd60x.sys.mui
[2011/03/28 21:02:12 | 000,006,144 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\de-DE\bcm4sbxp.sys.mui
[2011/03/28 21:02:12 | 000,005,120 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\de-DE\e100b325.sys.mui
[2011/03/28 21:02:10 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\serial.sys.mui
[2011/03/28 21:02:10 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\sermouse.sys.mui
[2011/03/28 21:02:10 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\mouclass.sys.mui
[2011/03/28 21:02:10 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\parport.sys.mui
[2011/03/28 21:02:10 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\parvdm.sys.mui
[2011/03/28 21:02:10 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\mouhid.sys.mui
[2011/03/28 21:02:10 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\MTConfig.sys.mui
[2011/03/28 21:02:09 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\i8042prt.sys.mui
[2011/03/28 21:02:09 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\msdsm.sys.mui
[2011/03/28 21:02:09 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ataport.sys.mui
[2011/03/28 21:02:09 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\amdide.sys.mui
[2011/03/28 21:02:08 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\mpio.sys.mui
[2011/03/28 21:02:08 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\scsiport.sys.mui
[2011/03/28 21:02:06 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\afd.sys.mui
[2011/03/28 21:02:04 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\tcpip.sys.mui
[2011/03/28 21:02:04 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\bfe.dll.mui
[2011/03/28 21:02:04 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\tunnel.sys.mui
[2011/03/28 21:02:04 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\modem.sys.mui
[2011/03/28 21:02:04 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\wdf01000.sys.mui
[2011/03/28 21:02:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ws2ifsl.sys.mui
[2011/03/28 21:02:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\usbrpm.sys.mui
[2011/03/28 21:02:02 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\fvevol.sys.mui
[2011/03/28 21:02:02 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\srv.sys.mui
[2011/03/28 21:02:02 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\scfilter.sys.mui
[2011/03/28 21:01:59 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\pacer.sys.mui
[2011/03/28 21:01:59 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\rdbss.sys.mui
[2011/03/28 21:01:59 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\RNDISMP.sys.mui
[2011/03/28 21:01:59 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\qwavedrv.sys.mui
[2011/03/28 21:01:59 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\partmgr.sys.mui
[2011/03/28 21:01:55 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ntfs.sys.mui
[2011/03/28 21:01:55 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\nwifi.sys.mui
[2011/03/28 21:01:54 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ndis.sys.mui
[2011/03/28 21:01:54 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ndisuio.sys.mui
[2011/03/28 21:01:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ndiscap.sys.mui
[2011/03/28 21:01:49 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\mountmgr.sys.mui
[2011/03/28 21:01:48 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\luafv.sys.mui
[2011/03/28 21:01:48 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ipnat.sys.mui
[2011/03/28 21:01:47 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\http.sys.mui
[2011/03/28 21:01:44 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\fltmgr.sys.mui
[2011/03/28 21:01:42 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\volmgrx.sys.mui
[2011/03/28 21:01:36 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\de-DE\BrSerIb.sys.mui
[2011/03/28 21:01:36 | 000,010,752 | ---- | C] (Agere Systems) -- C:\Windows\System32\drivers\de-DE\ltmdmnt.sys.mui
[2011/03/28 21:01:36 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\pci.sys.mui
[2011/03/28 21:01:36 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\IPMIDrv.sys.mui
[2011/03/28 21:01:36 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\kbdclass.sys.mui
[2011/03/28 21:01:36 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\vdrvroot.sys.mui
[2011/03/28 21:01:36 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\isapnp.sys.mui
[2011/03/28 21:01:36 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\mssmbios.sys.mui
[2011/03/28 21:01:36 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\VIAAGP.SYS.mui
[2011/03/28 21:01:36 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ULIAGPKX.SYS.mui
[2011/03/28 21:01:36 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\SISAGP.SYS.mui
[2011/03/28 21:01:36 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\pnpmem.sys.mui
[2011/03/28 21:01:36 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\NV_AGP.SYS.mui
[2011/03/28 21:01:36 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\kbdhid.sys.mui
[2011/03/28 21:01:36 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\AMDAGP.SYS.mui
[2011/03/28 21:01:36 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\AGP440.sys.mui
[2011/03/28 21:01:35 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\viac7.sys.mui
[2011/03/28 21:01:35 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\processr.sys.mui
[2011/03/28 21:01:35 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\intelppm.sys.mui
[2011/03/28 21:01:35 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\amdppm.sys.mui
[2011/03/28 21:01:35 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\amdk8.sys.mui
[2011/03/28 21:01:35 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\de-DE\BrSerId.sys.mui
[2011/03/28 21:01:35 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\battc.sys.mui
[2011/03/28 21:01:35 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\bthport.sys.mui
[2011/03/28 21:01:35 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\bthpan.sys.mui
[2011/03/28 21:01:35 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\wacompen.sys.mui
[2011/03/28 21:01:35 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\hdaudbus.sys.mui
[2011/03/28 21:01:35 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\HdAudio.sys.mui
[2011/03/28 21:01:35 | 000,003,584 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\de-DE\atikmdag.sys.mui
[2011/03/28 21:01:35 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\hidbth.sys.mui
[2011/03/28 21:01:35 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\UAGP35.SYS.mui
[2011/03/28 21:01:35 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\GAGP30KX.SYS.mui
[2011/03/28 21:01:35 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\Dot4usb.sys.mui
[2011/03/28 21:01:35 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\BTHUSB.SYS.mui
[2011/03/28 21:01:35 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\de-DE\BrParwdm.sys.mui
[2011/03/28 21:01:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\disk.sys.mui
[2011/03/28 21:01:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\cdrom.sys.mui
[2011/03/28 21:01:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\bthenum.sys.mui
[2011/03/28 21:01:34 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ohci1394.sys.mui
[2011/03/28 21:01:34 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\1394ohci.sys.mui
[2011/03/28 21:01:34 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\acpi.sys.mui
[2011/03/28 20:50:49 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET
[2011/03/28 20:19:48 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011/03/28 20:19:48 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2011/03/28 20:19:48 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2011/03/28 20:13:07 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2011/03/28 20:11:55 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011/03/28 20:11:42 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2011/03/28 20:10:31 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/03/28 20:10:31 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/03/28 20:10:31 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/03/28 20:10:31 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/03/28 20:10:30 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/03/28 20:10:30 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/03/28 20:10:29 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/03/28 20:10:29 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/03/28 20:10:29 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/03/28 20:10:18 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2011/03/28 20:10:18 | 000,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2011/03/28 20:10:18 | 000,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2011/03/28 20:10:15 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011/03/28 20:10:06 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/03/28 20:10:06 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2011/03/28 20:10:06 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/03/28 20:10:02 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2011/03/28 20:10:02 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2011/03/28 20:09:58 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/03/28 20:09:58 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2011/03/28 20:09:58 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2011/03/28 20:09:45 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2011/03/28 20:09:42 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/03/28 20:09:41 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/03/28 20:09:39 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2011/03/28 20:09:38 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/03/28 20:09:38 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/03/28 20:09:38 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/03/28 20:09:29 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2011/03/28 20:09:29 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2011/03/28 20:09:29 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2011/03/28 20:09:29 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2011/03/28 20:09:25 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/03/28 20:09:25 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/03/28 20:09:22 | 002,329,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/03/28 20:09:17 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2011/03/28 20:09:16 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2011/03/28 20:09:16 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2011/03/28 20:09:16 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2011/03/28 20:09:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/03/28 20:09:03 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2011/03/28 20:09:00 | 000,197,632 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll
[2011/03/28 20:09:00 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2011/03/28 20:08:58 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2011/03/28 20:08:45 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/03/28 20:08:44 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/03/28 20:08:44 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2011/03/28 20:08:44 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/03/28 20:08:44 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/03/28 20:08:43 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011/03/28 20:08:43 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/03/28 20:08:43 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/03/28 20:08:43 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/03/28 20:08:43 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/03/28 20:08:38 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/03/28 20:08:37 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2011/03/28 20:08:36 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2011/03/28 20:08:34 | 000,026,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2011/03/28 20:08:20 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnp.dll
[2011/03/28 20:08:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/03/28 20:08:19 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2011/03/28 20:08:19 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2011/03/28 20:08:19 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/03/28 20:08:19 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2011/03/28 20:08:16 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/03/28 20:08:16 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/03/28 20:08:15 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2011/03/28 20:08:15 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2011/03/28 20:08:15 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2011/03/28 20:08:15 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2011/03/28 20:08:15 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2011/03/28 20:08:15 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2011/03/28 20:08:15 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2011/03/28 20:08:15 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2011/03/28 20:08:14 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2011/03/28 20:08:12 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2011/03/28 20:01:54 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011/03/28 20:01:54 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/03/28 19:51:23 | 000,000,000 | ---D | C] -- C:\Users\Gpa\AppData\Roaming\vlc
[2011/03/28 19:51:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/03/28 19:50:44 | 000,000,000 | ---D | C] -- C:\Programme\VideoLAN
[2011/03/28 19:45:55 | 000,000,000 | ---D | C] -- C:\Users\Gpa\AppData\Roaming\Macromedia
[2011/03/28 19:45:55 | 000,000,000 | ---D | C] -- C:\Users\Gpa\AppData\Roaming\Adobe
[2011/03/28 19:44:15 | 000,000,000 | ---D | C] -- C:\Users\Gpa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/03/28 19:42:38 | 000,000,000 | ---D | C] -- C:\Users\Gpa\AppData\Local\Google
[2011/03/28 19:42:12 | 000,000,000 | ---D | C] -- C:\Programme\Intel
[2011/03/28 19:37:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\vmm32
[2011/03/28 19:37:33 | 000,000,000 | ---D | C] -- C:\Programme\Dell
[2011/03/28 19:37:05 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011/03/28 19:34:16 | 000,000,000 | R--D | C] -- C:\Users\Gpa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/03/28 19:34:16 | 000,000,000 | R--D | C] -- C:\Users\Gpa\Searches
[2011/03/28 19:34:16 | 000,000,000 | R--D | C] -- C:\Users\Gpa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/03/28 19:34:16 | 000,000,000 | -H-D | C] -- C:\Users\Gpa\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/03/28 19:34:04 | 000,000,000 | ---D | C] -- C:\Users\Gpa\AppData\Roaming\Identities
[2011/03/28 19:33:59 | 000,000,000 | R--D | C] -- C:\Users\Gpa\Contacts
[2011/03/28 19:33:39 | 000,000,000 | ---D | C] -- C:\Users\Gpa\AppData\Local\VirtualStore
[2011/03/28 19:33:36 | 000,000,000 | -HSD | C] -- C:\Users\Gpa\AppData\Local\Temporary Internet Files
[2011/03/28 19:33:36 | 000,000,000 | -HSD | C] -- C:\Users\Gpa\Templates
[2011/03/28 19:33:36 | 000,000,000 | -HSD | C] -- C:\Users\Gpa\Start Menu
[2011/03/28 19:33:36 | 000,000,000 | -HSD | C] -- C:\Users\Gpa\SendTo
[2011/03/28 19:33:36 | 000,000,000 | -HSD | C] -- C:\Users\Gpa\Recent
[2011/03/28 19:33:36 | 000,000,000 | -HSD | C] -- C:\Users\Gpa\PrintHood
[2011/03/28 19:33:36 | 000,000,000 | -HSD | C] -- C:\Users\Gpa\NetHood
[2011/03/28 19:33:36 | 000,000,000 | -HSD | C] -- C:\Users\Gpa\Documents\My Videos
[2011/03/28 19:33:36 | 000,000,000 | -HSD | C] -- C:\Users\Gpa\Documents\My Pictures
[2011/03/28 19:33:36 | 000,000,000 | -HSD | C] -- C:\Users\Gpa\Documents\My Music
[2011/03/28 19:33:36 | 000,000,000 | -HSD | C] -- C:\Users\Gpa\My Documents
[2011/03/28 19:33:36 | 000,000,000 | -HSD | C] -- C:\Users\Gpa\Local Settings
[2011/03/28 19:33:36 | 000,000,000 | -HSD | C] -- C:\Users\Gpa\AppData\Local\History
[2011/03/28 19:33:36 | 000,000,000 | -HSD | C] -- C:\Users\Gpa\Cookies
[2011/03/28 19:33:36 | 000,000,000 | -HSD | C] -- C:\Users\Gpa\Application Data
[2011/03/28 19:33:36 | 000,000,000 | -HSD | C] -- C:\Users\Gpa\AppData\Local\Application Data
[2011/03/28 19:33:35 | 000,000,000 | --SD | C] -- C:\Users\Gpa\AppData\Roaming\Microsoft
[2011/03/28 19:33:35 | 000,000,000 | R--D | C] -- C:\Users\Gpa\Videos
[2011/03/28 19:33:35 | 000,000,000 | R--D | C] -- C:\Users\Gpa\Saved Games
[2011/03/28 19:33:35 | 000,000,000 | R--D | C] -- C:\Users\Gpa\Pictures
[2011/03/28 19:33:35 | 000,000,000 | R--D | C] -- C:\Users\Gpa\Music
[2011/03/28 19:33:35 | 000,000,000 | R--D | C] -- C:\Users\Gpa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/03/28 19:33:35 | 000,000,000 | R--D | C] -- C:\Users\Gpa\Links
[2011/03/28 19:33:35 | 000,000,000 | R--D | C] -- C:\Users\Gpa\Favorites
[2011/03/28 19:33:35 | 000,000,000 | R--D | C] -- C:\Users\Gpa\Downloads
[2011/03/28 19:33:35 | 000,000,000 | R--D | C] -- C:\Users\Gpa\Documents
[2011/03/28 19:33:35 | 000,000,000 | R--D | C] -- C:\Users\Gpa\Desktop
[2011/03/28 19:33:35 | 000,000,000 | R--D | C] -- C:\Users\Gpa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/03/28 19:33:35 | 000,000,000 | -H-D | C] -- C:\Users\Gpa\AppData
[2011/03/28 19:33:35 | 000,000,000 | ---D | C] -- C:\Users\Gpa\AppData\Local\Temp
[2011/03/28 19:33:35 | 000,000,000 | ---D | C] -- C:\Users\Gpa\AppData\Local\Microsoft
[2011/03/28 19:33:35 | 000,000,000 | ---D | C] -- C:\Users\Gpa\AppData\Roaming\Media Center Programs
[2011/03/28 19:32:14 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011/03/27 02:31:17 | 000,000,000 | -HSD | C] -- C:\Boot
[2011/03/26 19:55:05 | 000,000,000 | ---D | C] -- C:\Intel
[2011/03/26 18:57:59 | 000,000,000 | ---D | C] -- C:\dell
[2011/03/26 17:50:34 | 000,000,000 | -HSD | C] -- C:\Programme
[2011/03/26 17:50:34 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2011/03/26 17:32:18 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/08/25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011/04/03 20:47:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3113050104-23283863-569165781-1001UA.job
[2011/04/03 20:31:10 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/03 20:31:10 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/03 20:24:12 | 000,000,242 | -H-- | M] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/04/03 20:24:04 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/03 20:24:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3113050104-23283863-569165781-1003UA.job
[2011/04/03 20:23:52 | 000,000,306 | -HS- | M] () -- C:\Windows\tasks\SQBLFMXO.job
[2011/04/03 20:23:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/03 20:23:36 | 1556,828,160 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/03 20:22:01 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/03 19:47:01 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3113050104-23283863-569165781-1001Core.job
[2011/04/03 17:30:52 | 000,289,938 | ---- | M] () -- C:\Users\Gpa\Desktop\Unbenannt.jpg
[2011/04/03 16:47:54 | 000,001,063 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/03 16:30:24 | 000,002,035 | ---- | M] () -- C:\Users\Gpa\Desktop\HijackThis.lnk
[2011/04/03 11:55:41 | 000,000,781 | ---- | M] () -- C:\Users\Public\Desktop\Xfire.lnk
[2011/04/03 00:24:00 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3113050104-23283863-569165781-1003Core.job
[2011/04/03 00:17:04 | 000,163,328 | ---- | M] () -- C:\Windows\Kmymia.exe
[2011/04/02 22:30:25 | 000,000,757 | ---- | M] () -- C:\Users\Gpa\Desktop\GTA San Andreas.lnk
[2011/04/01 16:52:17 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/03/31 23:49:49 | 000,007,168 | ---- | M] () -- C:\Users\Gpa\AppData\Roaming\clean2.exe
[2011/03/31 23:27:41 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011/03/31 23:18:38 | 000,000,000 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\short.zip
[2011/03/31 23:18:37 | 000,000,000 | ---- | M] () -- C:\h.zip
[2011/03/30 15:55:35 | 000,348,685 | ---- | M] () -- C:\Users\Gpa\Desktop\Auftragsbestaetigung_186068.pdf
[2011/03/30 15:53:43 | 000,011,801 | ---- | M] () -- C:\Users\Gpa\Desktop\__www.handytick.de_konto_auftrag_pdf_186068_Auftragsbestaetigung_186068.pdf
[2011/03/29 12:10:01 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/03/29 12:10:01 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/29 12:10:01 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/03/29 12:10:01 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/29 12:05:31 | 000,292,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/03/29 05:07:31 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/03/29 04:13:57 | 000,042,045 | ---- | M] () -- C:\Windows\System32\license.rtf
[2011/03/28 22:15:03 | 000,000,991 | ---- | M] () -- C:\Users\Gpa\Desktop\Minecraft.lnk
[2011/03/28 21:54:47 | 000,000,509 | ---- | M] () -- C:\Users\Gpa\Desktop\Lokaler Datenträger (E).lnk
[2011/03/28 21:51:22 | 000,034,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lhacm.acm
[2011/03/28 21:49:17 | 000,231,248 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys
[2011/03/28 21:40:40 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/03/28 21:40:40 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/03/28 21:40:40 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/03/28 21:40:39 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/03/28 21:34:47 | 000,001,790 | ---- | M] () -- C:\Users\Gpa\Application Data\Microsoft\Internet Explorer\Quick Launch\ICQ7.4.lnk
[2011/03/28 21:07:11 | 000,295,922 | ---- | M] () -- C:\Windows\System32\perfi007.dat
[2011/03/28 21:07:11 | 000,038,104 | ---- | M] () -- C:\Windows\System32\perfd007.dat
[2011/03/28 19:46:00 | 000,407,526 | RHS- | M] () -- C:\LKWJR
[2011/03/28 19:46:00 | 000,000,020 | RHS- | M] () -- C:\win7.ld
[2011/03/28 19:38:38 | 000,001,403 | ---- | M] () -- C:\Users\Gpa\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/11 13:33:52 | 000,036,352 | ---- | M] () -- C:\Windows\System32\xfcodec.dll
 
========== Files Created - No Company Name ==========
 
[2011/04/03 17:30:51 | 000,289,938 | ---- | C] () -- C:\Users\Gpa\Desktop\Unbenannt.jpg
[2011/04/03 16:47:54 | 000,001,063 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/03 16:30:24 | 000,002,035 | ---- | C] () -- C:\Users\Gpa\Desktop\HijackThis.lnk
[2011/04/03 11:55:41 | 000,000,781 | ---- | C] () -- C:\Users\Public\Desktop\Xfire.lnk
[2011/04/03 00:17:09 | 000,163,328 | ---- | C] () -- C:\Windows\Kmymia.exe
[2011/04/03 00:17:06 | 000,000,242 | -H-- | C] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/04/03 00:17:03 | 000,000,306 | -HS- | C] () -- C:\Windows\tasks\SQBLFMXO.job
[2011/04/02 22:30:25 | 000,000,757 | ---- | C] () -- C:\Users\Gpa\Desktop\GTA San Andreas.lnk
[2011/04/01 16:52:17 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/03/31 23:49:49 | 000,007,168 | ---- | C] () -- C:\Users\Gpa\AppData\Roaming\clean2.exe
[2011/03/31 23:25:15 | 000,000,809 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011/03/31 23:18:38 | 000,000,000 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\short.zip
[2011/03/31 23:18:37 | 000,000,000 | ---- | C] () -- C:\h.zip
[2011/03/31 20:17:36 | 000,001,090 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/31 20:17:34 | 000,001,086 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/31 18:21:18 | 000,001,251 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/03/31 18:16:30 | 000,001,320 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/03/30 15:55:35 | 000,348,685 | ---- | C] () -- C:\Users\Gpa\Desktop\Auftragsbestaetigung_186068.pdf
[2011/03/30 15:53:43 | 000,011,801 | ---- | C] () -- C:\Users\Gpa\Desktop\__www.handytick.de_konto_auftrag_pdf_186068_Auftragsbestaetigung_186068.pdf
[2011/03/29 19:38:59 | 000,000,991 | ---- | C] () -- C:\Users\Gpa\Desktop\Minecraft.lnk
[2011/03/29 19:05:57 | 000,000,945 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pidgin.lnk
[2011/03/29 04:13:47 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/03/29 04:13:37 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/03/29 04:08:25 | 1556,828,160 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/29 00:19:53 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3113050104-23283863-569165781-1003UA.job
[2011/03/29 00:19:51 | 000,001,058 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3113050104-23283863-569165781-1003Core.job
[2011/03/28 21:54:47 | 000,000,509 | ---- | C] () -- C:\Users\Gpa\Desktop\Lokaler Datenträger (E).lnk
[2011/03/28 21:48:26 | 000,001,128 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2011/03/28 21:47:11 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011/03/28 21:36:14 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/03/28 21:34:47 | 000,001,790 | ---- | C] () -- C:\Users\Gpa\Application Data\Microsoft\Internet Explorer\Quick Launch\ICQ7.4.lnk
[2011/03/28 21:31:06 | 000,001,100 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/28 21:17:22 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/03/28 21:08:27 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011/03/28 21:08:27 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011/03/28 21:08:27 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011/03/28 21:08:27 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2011/03/28 19:46:00 | 000,000,020 | RHS- | C] () -- C:\win7.ld
[2011/03/28 19:45:59 | 000,407,526 | RHS- | C] () -- C:\LKWJR
[2011/03/28 19:42:41 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3113050104-23283863-569165781-1001UA.job
[2011/03/28 19:42:39 | 000,001,058 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3113050104-23283863-569165781-1001Core.job
[2011/03/28 19:38:37 | 000,001,403 | ---- | C] () -- C:\Users\Gpa\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/28 19:34:19 | 000,001,409 | ---- | C] () -- C:\Users\Gpa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/03/28 19:33:36 | 000,000,290 | ---- | C] () -- C:\Users\Gpa\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/03/28 19:33:36 | 000,000,272 | ---- | C] () -- C:\Users\Gpa\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/03/27 02:31:18 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2011/03/27 02:31:17 | 000,383,562 | RHS- | C] () -- C:\bootmgr
[2011/03/11 13:33:52 | 000,036,352 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2010/08/25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 06:33:53 | 000,292,696 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 000,615,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,106,190 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/14 00:09:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

< End of report >
--- --- ---

cosinus 04.04.2011 08:27
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
PRC - C:\Windows\Kmymia.exe ()
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Gpa\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Gpa\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKCU..\Run: [IKXGVMFZHI]  File not found
[2011/04/03 17:51:04 | 000,000,000 | ---D | C] -- C:\Users\Gpa\AppData\Local\{295F13A8-D99B-480E-A9C5-C21F05C0784E}
[2011/04/03 17:42:26 | 000,000,000 | ---D | C] -- C:\Users\Gpa\AppData\Roaming\Gutscheinmieze
[2011/04/03 00:05:23 | 000,000,000 | ---D | C] -- C:\Users\Gpa\AppData\Local\gctmp
[2011/03/28 21:37:35 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
:Files
C:\Windows\tasks\*.job
C:\Windows\Kmymia.exe
C:\Users\Gpa\AppData\Roaming\clean2.exe
C:\h.zip
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

gpa123 04.04.2011 12:57
Als ich den Fix ausgeführt habe wurden automatisch alle Programme geschlossen bzw. es war nur noch der Bildschirm zu sehen, keine Taskleiste etc. Ist/war das normal? Es hat sich kein Logfile geöffnet!

cosinus 04.04.2011 13:04
Ja das ist durchaus normal. Starte Windows neu und schau mal in den Ordner C:\_OTL - da sollte das Fixlog zu sehen sein.

gpa123 04.04.2011 13:11
All processes killed
========== OTL ==========
No active process named Kmymia.exe was found!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
C:\Programme\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ deleted successfully.
C:\Programme\ICQ6Toolbar\ICQToolBar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Programme\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ deleted successfully.
C:\Users\Gpa\AppData\Roaming\Gutscheinmieze\toolbar.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.
File C:\Users\Gpa\AppData\Roaming\Gutscheinmieze\toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
C:\Programme\Common Files\Spigot\Search Settings\SearchSettings.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\IKXGVMFZHI deleted successfully.
C:\Users\Gpa\AppData\Local\{295F13A8-D99B-480E-A9C5-C21F05C0784E} folder moved successfully.
C:\Users\Gpa\AppData\Roaming\Gutscheinmieze folder moved successfully.
C:\Users\Gpa\AppData\Local\gctmp folder moved successfully.
C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\x86 folder moved successfully.
C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86 folder moved successfully.
C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} folder moved successfully.
========== FILES ==========
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3113050104-23283863-569165781-1001Core.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3113050104-23283863-569165781-1001UA.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3113050104-23283863-569165781-1003Core.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3113050104-23283863-569165781-1003UA.job moved successfully.
C:\Windows\tasks\SQBLFMXO.job moved successfully.
C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job moved successfully.
C:\Windows\Kmymia.exe moved successfully.
C:\Users\Gpa\AppData\Roaming\clean2.exe moved successfully.
C:\h.zip moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Gpa
->Temp folder emptied: 2101308 bytes
->Temporary Internet Files folder emptied: 42235887 bytes
->Java cache emptied: 1864694 bytes
->FireFox cache emptied: 128835662 bytes
->Google Chrome cache emptied: 254435757 bytes
->Flash cache emptied: 4864 bytes

User: psx
->Temp folder emptied: 93720428 bytes
->Temporary Internet Files folder emptied: 52892773 bytes
->Java cache emptied: 604 bytes
->Google Chrome cache emptied: 320866170 bytes
->Flash cache emptied: 7124 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1425 bytes
RecycleBin emptied: 15611664 bytes

Total Files Cleaned = 870.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04042011_135002

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 04.04.2011 13:19
Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf da nicht rummurksen!
2.) Ordner C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

gpa123 04.04.2011 13:31
Das zippen funktioniert nicht. Mir wird der Zugriff verweigert.

cosinus 04.04.2011 13:53
Virenscanner ABSTELLEN, den Ordner _OTL auf den Desktop kopieren und dort zippen.

gpa123 04.04.2011 14:02
Vorgang erfolgreich abgeschlossen.

cosinus 04.04.2011 14:47
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

gpa123 04.04.2011 18:20
Liste der Anhänge anzeigen (Anzahl: 1)
Geht leider nicht >.< Das geöffnete Fenster lässt sich nur schließen indem man die confi.exe über Prozesse beendet. Ansonsten kommt es immer und immer wieder.

cosinus 04.04.2011 20:09
Rechtsklick -> als Admin ausführen!

gpa123 04.04.2011 20:27
Kommt leider dasselbe

cosinus 04.04.2011 20:33
Dann erstmal dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

gpa123 04.04.2011 20:52
2011/04/04 21:50:24.0855 1732 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/04 21:50:25.0229 1732 ================================================================================
2011/04/04 21:50:25.0229 1732 SystemInfo:
2011/04/04 21:50:25.0229 1732
2011/04/04 21:50:25.0229 1732 OS Version: 6.1.7600 ServicePack: 0.0
2011/04/04 21:50:25.0229 1732 Product type: Workstation
2011/04/04 21:50:25.0229 1732 ComputerName: HORST
2011/04/04 21:50:25.0229 1732 UserName: Gpa
2011/04/04 21:50:25.0229 1732 Windows directory: C:\Windows
2011/04/04 21:50:25.0229 1732 System windows directory: C:\Windows
2011/04/04 21:50:25.0229 1732 Processor architecture: Intel x86
2011/04/04 21:50:25.0229 1732 Number of processors: 2
2011/04/04 21:50:25.0229 1732 Page size: 0x1000
2011/04/04 21:50:25.0229 1732 Boot type: Normal boot
2011/04/04 21:50:25.0229 1732 ================================================================================
2011/04/04 21:50:26.0150 1732 Initialize success
2011/04/04 21:50:35.0400 3456 ================================================================================
2011/04/04 21:50:35.0400 3456 Scan started
2011/04/04 21:50:35.0400 3456 Mode: Manual;
2011/04/04 21:50:35.0400 3456 ================================================================================
2011/04/04 21:50:37.0304 3456 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/04/04 21:50:37.0350 3456 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/04/04 21:50:37.0366 3456 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/04/04 21:50:37.0413 3456 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/04/04 21:50:37.0444 3456 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/04/04 21:50:37.0475 3456 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/04/04 21:50:37.0522 3456 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/04/04 21:50:37.0553 3456 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/04/04 21:50:37.0600 3456 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/04/04 21:50:37.0662 3456 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/04/04 21:50:37.0678 3456 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/04/04 21:50:37.0709 3456 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/04/04 21:50:37.0725 3456 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/04 21:50:37.0740 3456 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/04/04 21:50:37.0756 3456 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/04/04 21:50:37.0787 3456 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/04/04 21:50:37.0881 3456 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/04/04 21:50:37.0912 3456 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/04/04 21:50:37.0959 3456 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/04/04 21:50:37.0974 3456 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/04/04 21:50:38.0006 3456 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/04 21:50:38.0021 3456 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/04/04 21:50:38.0084 3456 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/04 21:50:38.0099 3456 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/04 21:50:38.0130 3456 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/04/04 21:50:38.0208 3456 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/04/04 21:50:38.0255 3456 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/04/04 21:50:38.0286 3456 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/04/04 21:50:38.0302 3456 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/04 21:50:38.0333 3456 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/04/04 21:50:38.0333 3456 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/04/04 21:50:38.0364 3456 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/04/04 21:50:38.0458 3456 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/04/04 21:50:38.0474 3456 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/04/04 21:50:38.0489 3456 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/04/04 21:50:38.0489 3456 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/04 21:50:38.0520 3456 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/04 21:50:38.0536 3456 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/04 21:50:38.0567 3456 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/04/04 21:50:38.0614 3456 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/04/04 21:50:38.0645 3456 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/04 21:50:38.0676 3456 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/04/04 21:50:38.0708 3456 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/04/04 21:50:38.0723 3456 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/04 21:50:38.0754 3456 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/04/04 21:50:38.0770 3456 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/04/04 21:50:38.0848 3456 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/04/04 21:50:38.0879 3456 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/04/04 21:50:38.0895 3456 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/04/04 21:50:38.0926 3456 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/04/04 21:50:38.0988 3456 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/04/04 21:50:39.0113 3456 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/04 21:50:39.0191 3456 e1kexpress (3ea531906572ffd549b72a10f828e58c) C:\Windows\system32\DRIVERS\e1k6032.sys
2011/04/04 21:50:39.0316 3456 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/04/04 21:50:39.0441 3456 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/04/04 21:50:39.0488 3456 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/04/04 21:50:39.0519 3456 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/04/04 21:50:39.0550 3456 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/04/04 21:50:39.0581 3456 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/04 21:50:39.0597 3456 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/04/04 21:50:39.0612 3456 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/04/04 21:50:39.0612 3456 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/04 21:50:39.0644 3456 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/04/04 21:50:39.0659 3456 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/04/04 21:50:39.0675 3456 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/04 21:50:39.0722 3456 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/04 21:50:39.0737 3456 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/04/04 21:50:39.0800 3456 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/04 21:50:39.0878 3456 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/04/04 21:50:39.0940 3456 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/04/04 21:50:39.0956 3456 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/04 21:50:39.0971 3456 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/04/04 21:50:39.0987 3456 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/04/04 21:50:40.0018 3456 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/04/04 21:50:40.0080 3456 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/04 21:50:40.0112 3456 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/04/04 21:50:40.0158 3456 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/04/04 21:50:40.0190 3456 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/04/04 21:50:40.0236 3456 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/04 21:50:40.0252 3456 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/04/04 21:50:40.0502 3456 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/04/04 21:50:40.0720 3456 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/04/04 21:50:40.0736 3456 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/04/04 21:50:40.0767 3456 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/04 21:50:40.0782 3456 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/04 21:50:40.0798 3456 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/04/04 21:50:40.0814 3456 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/04/04 21:50:40.0907 3456 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/04/04 21:50:40.0923 3456 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/04/04 21:50:40.0954 3456 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/04 21:50:41.0001 3456 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/04 21:50:41.0048 3456 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/04 21:50:41.0079 3456 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/04 21:50:41.0110 3456 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/04/04 21:50:41.0172 3456 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/04 21:50:41.0204 3456 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/04/04 21:50:41.0219 3456 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/04/04 21:50:41.0250 3456 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/04/04 21:50:41.0266 3456 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/04/04 21:50:41.0282 3456 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/04/04 21:50:41.0297 3456 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/04/04 21:50:41.0313 3456 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/04/04 21:50:41.0328 3456 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/04/04 21:50:41.0344 3456 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/04 21:50:41.0391 3456 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/04 21:50:41.0406 3456 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/04 21:50:41.0422 3456 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/04/04 21:50:41.0438 3456 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/04/04 21:50:41.0453 3456 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/04 21:50:41.0531 3456 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/04/04 21:50:41.0594 3456 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/04 21:50:41.0625 3456 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/04 21:50:41.0656 3456 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/04 21:50:41.0687 3456 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/04/04 21:50:41.0703 3456 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/04/04 21:50:41.0734 3456 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/04/04 21:50:41.0765 3456 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/04/04 21:50:41.0796 3456 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/04/04 21:50:41.0859 3456 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/04 21:50:41.0859 3456 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/04 21:50:41.0874 3456 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/04/04 21:50:41.0890 3456 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/04/04 21:50:41.0921 3456 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/04 21:50:41.0921 3456 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/04/04 21:50:41.0937 3456 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/04/04 21:50:41.0952 3456 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/04/04 21:50:42.0015 3456 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/04 21:50:42.0062 3456 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/04/04 21:50:42.0077 3456 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/04/04 21:50:42.0108 3456 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/04 21:50:42.0202 3456 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/04 21:50:42.0218 3456 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/04 21:50:42.0249 3456 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/04/04 21:50:42.0264 3456 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/04 21:50:42.0280 3456 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/04 21:50:42.0311 3456 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/04/04 21:50:42.0342 3456 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/04/04 21:50:42.0358 3456 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/04 21:50:42.0405 3456 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/04/04 21:50:42.0483 3456 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/04/04 21:50:42.0514 3456 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/04/04 21:50:42.0545 3456 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/04/04 21:50:42.0576 3456 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/04/04 21:50:42.0592 3456 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/04 21:50:42.0639 3456 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/04/04 21:50:42.0670 3456 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/04/04 21:50:42.0686 3456 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/04/04 21:50:42.0701 3456 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/04/04 21:50:42.0732 3456 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/04/04 21:50:42.0748 3456 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/04 21:50:42.0779 3456 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/04/04 21:50:42.0857 3456 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/04/04 21:50:42.0951 3456 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/04 21:50:42.0966 3456 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/04/04 21:50:43.0029 3456 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/04 21:50:43.0076 3456 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/04/04 21:50:43.0122 3456 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/04/04 21:50:43.0154 3456 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/04 21:50:43.0185 3456 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/04 21:50:43.0247 3456 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/04/04 21:50:43.0263 3456 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/04 21:50:43.0310 3456 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/04 21:50:43.0356 3456 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/04 21:50:43.0372 3456 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/04 21:50:43.0403 3456 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/04/04 21:50:43.0419 3456 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/04 21:50:43.0481 3456 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/04/04 21:50:43.0559 3456 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/04 21:50:43.0575 3456 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/04/04 21:50:43.0590 3456 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/04/04 21:50:43.0606 3456 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/04/04 21:50:43.0653 3456 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/04 21:50:43.0684 3456 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/04/04 21:50:43.0715 3456 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/04/04 21:50:43.0731 3456 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/04/04 21:50:43.0762 3456 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/04 21:50:43.0778 3456 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/04 21:50:43.0793 3456 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/04/04 21:50:43.0809 3456 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/04/04 21:50:43.0824 3456 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/04/04 21:50:43.0840 3456 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/04/04 21:50:43.0856 3456 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/04/04 21:50:43.0871 3456 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/04 21:50:43.0887 3456 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/04/04 21:50:43.0918 3456 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/04/04 21:50:43.0934 3456 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/04/04 21:50:43.0996 3456 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/04/04 21:50:44.0043 3456 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/04/04 21:50:44.0090 3456 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2011/04/04 21:50:44.0136 3456 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/04 21:50:44.0183 3456 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/04 21:50:44.0246 3456 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/04/04 21:50:44.0292 3456 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/04/04 21:50:44.0370 3456 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/04/04 21:50:44.0402 3456 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/04/04 21:50:44.0433 3456 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/04 21:50:44.0511 3456 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/04/04 21:50:44.0636 3456 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/04 21:50:44.0667 3456 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/04 21:50:44.0698 3456 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/04/04 21:50:44.0698 3456 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/04/04 21:50:44.0729 3456 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/04 21:50:44.0776 3456 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/04 21:50:44.0838 3456 truecrypt (be45dad1c73a3216edc8c485916f6594) C:\Windows\system32\drivers\truecrypt.sys
2011/04/04 21:50:44.0870 3456 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/04 21:50:44.0901 3456 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/04 21:50:44.0916 3456 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/04/04 21:50:44.0932 3456 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/04 21:50:44.0979 3456 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/04/04 21:50:45.0010 3456 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/04 21:50:45.0088 3456 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/04/04 21:50:45.0166 3456 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/04/04 21:50:45.0182 3456 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/04 21:50:45.0213 3456 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/04/04 21:50:45.0228 3456 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/04 21:50:45.0260 3456 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/04 21:50:45.0275 3456 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/04 21:50:45.0291 3456 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/04 21:50:45.0306 3456 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/04 21:50:45.0322 3456 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/04 21:50:45.0353 3456 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/04/04 21:50:45.0369 3456 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/04 21:50:45.0384 3456 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/04/04 21:50:45.0400 3456 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/04/04 21:50:45.0416 3456 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/04/04 21:50:45.0431 3456 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/04/04 21:50:45.0462 3456 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/04/04 21:50:45.0494 3456 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/04/04 21:50:45.0509 3456 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/04/04 21:50:45.0540 3456 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/04/04 21:50:45.0572 3456 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/04/04 21:50:45.0587 3456 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/04/04 21:50:45.0634 3456 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/04/04 21:50:45.0650 3456 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/04/04 21:50:45.0681 3456 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/04/04 21:50:45.0696 3456 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/04 21:50:45.0712 3456 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/04 21:50:45.0743 3456 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/04/04 21:50:45.0837 3456 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/04 21:50:45.0899 3456 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/04/04 21:50:45.0915 3456 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/04/04 21:50:46.0008 3456 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/04/04 21:50:46.0055 3456 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/04 21:50:46.0086 3456 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/04 21:50:46.0133 3456 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/04/04 21:50:46.0149 3456 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/04 21:50:46.0617 3456 ================================================================================
2011/04/04 21:50:46.0617 3456 Scan finished
2011/04/04 21:50:46.0617 3456 ================================================================================

cosinus 04.04.2011 20:55
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

gpa123 04.04.2011 21:39
Liste der Anhänge anzeigen (Anzahl: 1)
GMER Logfile:
Code:
GMER 1.0.15.15570 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-04-04 22:25:31
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD800JD-75MSA3 rev.10.01E04
Running: qy9usbfk.exe; Driver: C:\Users\Gpa\AppData\Local\Temp\fxldipoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwSaveKeyEx + 13BD                                                                          82851589 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                  82876092 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Windows\system32\rundll32.exe[1488] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [75175E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\system32\rundll32.exe[1488] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]    [75175E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\system32\rundll32.exe[1488] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]  [75175E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\system32\rundll32.exe[1488] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [75175E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device          \Driver\ACPI_HAL \Device\00000043                                                                        halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                  rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                  rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                  fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                  rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
--- --- ---

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 22:35:11 on 04.04.2011

OS: Windows 7 Ultimate Edition (Build 7600), 32-bit
Default Browser: Google Inc. Google Chrome 0.0.0.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"fxldipoc" (fxldipoc) - ? - C:\Users\Gpa\AppData\Local\Temp\fxldipoc.sys  (Hidden registry entry, rootkit activity | File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"truecrypt" (truecrypt) - "TrueCrypt Foundation" - C:\Windows\System32\drivers\truecrypt.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? -  (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{855F3B16-6D32-4fe6-8A56-BBB695989046} "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? -  (File not found | COM-object registry key not found)
{B922D405-6D13-4A2B-AE89-08A030DA4402} "{B922D405-6D13-4A2B-AE89-08A030DA4402}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10o.ocx / hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{855F3B16-6D32-4FE6-8A56-BBB695989046} "{855F3B16-6D32-4FE6-8A56-BBB695989046}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ7.4" - "ICQ, LLC." - C:\Program Files\ICQ7.4\ICQ.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{593DDEC6-7468-4cdd-90E1-42DADAA222E9} "DivX HiQ" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Gpa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"OpenOffice.org 3.3.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"short.zip" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\short.zip
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Google Update" - "Google Inc." - "C:\Users\Gpa\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"ICQ" - "ICQ, LLC." - "C:\Program Files\ICQ7.4\ICQ.exe" silent loginmode=4
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Application Updater" (Application Updater) - "Spigot, Inc." - C:\Program Files\Application Updater\ApplicationUpdater.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"ICQ Service" (ICQ Service) - ? - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"TeamViewer 6" (TeamViewer6) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---
If You have questions or want to get some help, You can visit Online Solutions :: Index



MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: OptiPlex 760
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 188):
0x8280E000 \SystemRoot\system32\ntkrnlpa.exe
0x82C1E000 \SystemRoot\system32\halmacpi.dll
0x80BAA000 \SystemRoot\system32\kdcom.dll
0x82E35000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x82EAD000 \SystemRoot\system32\PSHED.dll
0x82EBE000 \SystemRoot\system32\BOOTVID.dll
0x82EC6000 \SystemRoot\system32\CLFS.SYS
0x82F08000 \SystemRoot\system32\CI.dll
0x88230000 \SystemRoot\system32\drivers\Wdf01000.sys
0x882A1000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x882AF000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x882F7000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x88300000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x88308000 \SystemRoot\system32\DRIVERS\pci.sys
0x88332000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8833D000 \SystemRoot\System32\drivers\partmgr.sys
0x8834E000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8835E000 \SystemRoot\System32\drivers\volmgrx.sys
0x883A9000 \SystemRoot\system32\DRIVERS\pciide.sys
0x883B0000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x883BE000 \SystemRoot\System32\drivers\mountmgr.sys
0x883D4000 \SystemRoot\system32\DRIVERS\atapi.sys
0x883DD000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x88200000 \SystemRoot\system32\DRIVERS\msahci.sys
0x8820A000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x82FB3000 \SystemRoot\system32\drivers\fltmgr.sys
0x88213000 \SystemRoot\system32\drivers\fileinfo.sys
0x88436000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88565000 \SystemRoot\System32\Drivers\msrpc.sys
0x88590000 \SystemRoot\System32\Drivers\ksecdd.sys
0x885A3000 \SystemRoot\System32\Drivers\cng.sys
0x88400000 \SystemRoot\System32\drivers\pcw.sys
0x8840E000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x88602000 \SystemRoot\system32\drivers\ndis.sys
0x886B9000 \SystemRoot\system32\drivers\NETIO.SYS
0x886F7000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8883E000 \SystemRoot\System32\drivers\tcpip.sys
0x88987000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x889B8000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x889C1000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x88800000 \SystemRoot\System32\Drivers\spldr.sys
0x88808000 \SystemRoot\System32\drivers\rdyboost.sys
0x8871C000 \SystemRoot\System32\Drivers\mup.sys
0x88835000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8872C000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8875E000 \SystemRoot\system32\DRIVERS\disk.sys
0x8876F000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x887C7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x887E6000 \SystemRoot\System32\Drivers\Null.SYS
0x887ED000 \SystemRoot\System32\Drivers\Beep.SYS
0x887F4000 \SystemRoot\System32\drivers\vga.sys
0x82E00000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x88417000 \SystemRoot\System32\drivers\watchdog.sys
0x88424000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8842C000 \SystemRoot\system32\drivers\rdpencdd.sys
0x88224000 \SystemRoot\system32\drivers\rdprefmp.sys
0x82E21000 \SystemRoot\System32\Drivers\Msfs.SYS
0x82FE7000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8C200000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8C217000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8C222000 \SystemRoot\system32\drivers\afd.sys
0x8C27C000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8C2AE000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8C2B5000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8C2D4000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8C2E2000 \SystemRoot\system32\DRIVERS\serial.sys
0x8C2FC000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8C30F000 \SystemRoot\System32\drivers\truecrypt.sys
0x8C346000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8C356000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8C35C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8C39D000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8C3A7000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8C3B1000 \SystemRoot\System32\drivers\discache.sys
0x8D609000 \SystemRoot\system32\drivers\csc.sys
0x8D66D000 \SystemRoot\System32\Drivers\dfsc.sys
0x8D685000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8D693000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8D6B9000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8D6DA000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8D6EC000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8E807000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8F124000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8D6F5000 \SystemRoot\System32\drivers\dxgmms1.sys
0x8D72E000 \SystemRoot\system32\DRIVERS\e1k6032.sys
0x8F1DB000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8D75A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8F1E6000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8D7A5000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8D7C4000 \SystemRoot\system32\DRIVERS\parport.sys
0x8F1F5000 \SystemRoot\system32\DRIVERS\serenum.sys
0x8E800000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8D7DC000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x8D7E9000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x8C3BD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8C3D5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8E434000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8E456000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8E46E000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8E485000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8E49C000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x8E4A6000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8E4B3000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8E4C0000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8E4C2000 \SystemRoot\system32\DRIVERS\ks.sys
0x8E4F6000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8E504000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8E548000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8E559000 \SystemRoot\system32\drivers\HdAudio.sys
0x8E5A9000 \SystemRoot\system32\drivers\portcls.sys
0x8E5D8000 \SystemRoot\system32\drivers\drmk.sys
0x94390000 \SystemRoot\System32\win32k.sys
0x8E5F1000 \SystemRoot\System32\drivers\Dxapi.sys
0x8E400000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8E40D000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8E418000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x8E422000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x8C3E0000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8C3EB000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8D600000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8E5FB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x88794000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8879F000 \SystemRoot\system32\DRIVERS\monitor.sys
0x945F0000 \SystemRoot\System32\TSDDD.dll
0x887AA000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8AE26000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8AE32000 \SystemRoot\system32\drivers\luafv.sys
0x8AE4D000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x8AE62000 \SystemRoot\system32\drivers\WudfPf.sys
0x8AE7C000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8AE8C000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8AEB6000 \SystemRoot\system32\drivers\HTTP.sys
0x8AF3B000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8AF54000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8AF66000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8AF89000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8AFC4000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x8AFDF000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x95A0A000 \SystemRoot\system32\drivers\peauth.sys
0x95AA1000 \SystemRoot\System32\Drivers\secdrv.SYS
0x95AAB000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x95ACC000 \SystemRoot\System32\drivers\tcpipreg.sys
0x95AD9000 \SystemRoot\System32\DRIVERS\srv2.sys
0x95B28000 \SystemRoot\System32\DRIVERS\srv.sys
0x95B79000 \SystemRoot\System32\Drivers\fastfat.SYS
0x86CA6000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x94360000 \SystemRoot\System32\cdd.dll
0x86D12000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x86D61000 \??\C:\Users\Gpa\AppData\Local\Temp\fxldipoc.sys
0x770D0000 \Windows\System32\ntdll.dll
0x47FB0000 \Windows\System32\smss.exe
0x77310000 \Windows\System32\apisetschema.dll
0x00480000 \Windows\System32\autochk.exe
0x77250000 \Windows\System32\rpcrt4.dll
0x77080000 \Windows\System32\gdi32.dll
0x77020000 \Windows\System32\difxapi.dll
0x76F90000 \Windows\System32\clbcatq.dll
0x77240000 \Windows\System32\psapi.dll
0x77230000 \Windows\System32\normaliz.dll
0x76E90000 \Windows\System32\wininet.dll
0x76DC0000 \Windows\System32\user32.dll
0x76C20000 \Windows\System32\setupapi.dll
0x76B80000 \Windows\System32\usp10.dll
0x77220000 \Windows\System32\lpk.dll
0x76AD0000 \Windows\System32\msvcrt.dll
0x76A70000 \Windows\System32\shlwapi.dll
0x77210000 \Windows\System32\nsi.dll
0x76910000 \Windows\System32\ole32.dll
0x75CC0000 \Windows\System32\shell32.dll
0x75BE0000 \Windows\System32\kernel32.dll
0x75B10000 \Windows\System32\msctf.dll
0x75AF0000 \Windows\System32\imm32.dll
0x759B0000 \Windows\System32\urlmon.dll
0x75920000 \Windows\System32\oleaut32.dll
0x75900000 \Windows\System32\sechost.dll
0x758B0000 \Windows\System32\Wldap32.dll
0x75810000 \Windows\System32\advapi32.dll
0x757E0000 \Windows\System32\imagehlp.dll
0x757A0000 \Windows\System32\ws2_32.dll
0x755A0000 \Windows\System32\iertutil.dll
0x75520000 \Windows\System32\comdlg32.dll
0x75500000 \Windows\System32\devobj.dll
0x75470000 \Windows\System32\comctl32.dll
0x75350000 \Windows\System32\crypt32.dll
0x75320000 \Windows\System32\wintrust.dll
0x752F0000 \Windows\System32\cfgmgr32.dll
0x752A0000 \Windows\System32\KernelBase.dll
0x75290000 \Windows\System32\msasn1.dll

Processes (total 65):
0 System Idle Process
4 System
244 C:\Windows\System32\smss.exe
328 csrss.exe
380 C:\Windows\System32\wininit.exe
392 csrss.exe
436 C:\Windows\System32\services.exe
468 C:\Windows\System32\winlogon.exe
480 C:\Windows\System32\lsass.exe
488 C:\Windows\System32\lsm.exe
620 C:\Windows\System32\svchost.exe
716 C:\Windows\System32\svchost.exe
800 C:\Windows\System32\svchost.exe
836 C:\Windows\System32\svchost.exe
884 C:\Windows\System32\svchost.exe
1016 C:\Windows\System32\svchost.exe
1164 C:\Windows\System32\svchost.exe
1356 C:\Windows\System32\spoolsv.exe
1372 C:\Windows\System32\taskeng.exe
1408 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1432 C:\Windows\System32\svchost.exe
1488 C:\Windows\System32\rundll32.exe
1580 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1612 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1636 C:\Program Files\Application Updater\ApplicationUpdater.exe
1664 C:\Program Files\Bonjour\mDNSResponder.exe
1700 C:\Windows\System32\svchost.exe
1860 C:\Windows\System32\taskhost.exe
1956 C:\Program Files\Google\Update\GoogleUpdate.exe
372 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
428 C:\Windows\System32\conhost.exe
636 C:\Program Files\ICQ6Toolbar\ICQ Service.exe
932 C:\Windows\System32\dwm.exe
1068 C:\Windows\explorer.exe
1796 C:\Windows\System32\svchost.exe
2024 C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
700 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
1764 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2356 C:\Windows\System32\svchost.exe
2864 C:\Windows\System32\igfxtray.exe
2876 C:\Windows\System32\hkcmd.exe
2888 C:\Windows\System32\igfxpers.exe
2992 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3004 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
3048 C:\Program Files\iTunes\iTunesHelper.exe
3068 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3096 C:\Users\Gpa\AppData\Local\Google\Update\GoogleUpdate.exe
3380 C:\Windows\System32\SearchIndexer.exe
3464 C:\Program Files\iPod\bin\iPodService.exe
3728 C:\Program Files\Windows Media Player\wmpnetwk.exe
3896 C:\Windows\System32\svchost.exe
2836 dllhost.exe
4396 C:\Users\Gpa\AppData\Local\Google\Chrome\Application\chrome.exe
4820 C:\Users\Gpa\AppData\Local\Google\Chrome\Application\chrome.exe
3348 C:\Users\Gpa\AppData\Local\Google\Chrome\Application\chrome.exe
4644 C:\Users\Gpa\AppData\Local\Google\Chrome\Application\chrome.exe
3736 C:\Users\Gpa\AppData\Local\Google\Chrome\Application\chrome.exe
4580 C:\Program Files\OpenOffice.org 3\program\soffice.exe
4172 C:\Program Files\OpenOffice.org 3\program\soffice.bin
5808 C:\Windows\System32\audiodg.exe
2496 C:\Windows\System32\SearchProtocolHost.exe
4280 C:\Windows\System32\SearchFilterHost.exe
5316 C:\Users\Gpa\Desktop\MBRCheck.exe
3564 C:\Windows\System32\conhost.exe
6116 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`075a9e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD800JD-75MSA3, Rev: 10.01E04
PhysicalDrive1 Model Number: SeagateBackup, Rev: 0130

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
232 GB \\.\PhysicalDrive1 RE: Unknown MBR code
SHA1: A16EF68870D2ED162DDA2E379D2960A80789C94E


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!





Edit: Hab den Computer eben neugestartet und es öffnet sich jetzt ein Ordner anstatt des Fehler Fensters.

cosinus 04.04.2011 21:45
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

gpa123 05.04.2011 12:37
SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 04/05/2011 at 12:29 PM

Application Version : 4.50.1002

Core Rules Database Version : 6753
Trace Rules Database Version: 4565

Scan type : Complete Scan
Total Scan Time : 12:06:54

Memory items scanned : 807
Memory threats detected : 0
Registry items scanned : 8500
Registry threats detected : 0
File items scanned : 221058
File threats detected : 5

Adware.Tracking Cookie
C:\Users\Gpa\AppData\Roaming\Microsoft\Windows\Cookies\gpa@doubleclick[2].txt
media.mtvnservices.com [ C:\Windows.old\Users\Andreas\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5SDNKY65 ]
secure-us.imrworldwide.com [ C:\Windows.old\Users\Andreas\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5SDNKY65 ]
oddcast.com [ C:\Windows.old\Users\Gpa\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N46KNF2S ]

Trojan.Agent/Gen-FakeSecurity
C:\USERS\GPA\DESKTOP\_OTL\MOVEDFILES\04042011_135002\C_WINDOWS\KMYMIA.EXE


Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6269

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

05.04.2011 00:06:49
mbam-log-2011-04-05 (00-06-49).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 374194
Laufzeit: 1 Stunde(n), 16 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\IKXGVMFZHI (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Q8PS7ZCLN6 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 05.04.2011 13:40
Nur isolierte Überreste und harmlose Cookies.
Noch Probleme?

gpa123 05.04.2011 13:43
Außer das sich beim starten ein Ordner ohne Inhalt öffnet nichts. Dankesehr!

cosinus 05.04.2011 14:37
Welcher Ordner ist das? Genauer Pfad? Sowas wie C:\Ziel\zum\Ordner??

gpa123 05.04.2011 21:40
Computer > Lokaler Datenträger (C:) > ProgramData > Microsoft > Windows > Startmenü > Programme > Startup > short.zip

cosinus 06.04.2011 08:51
Zitat:
Computer > Lokaler Datenträger > C > ProgramData > Microsoft > Windows > Startmenü > Programme > Startup > short.zip
Diese short.zip bitte bei uns hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

gpa123 06.04.2011 20:04
hochgeladen

cosinus 06.04.2011 22:31
Die Daei ist leer. Lösch sie einfach aus dem Ordner bei dir.

gpa123 07.04.2011 17:14
Okay, supii, öffnet sich nun nun nichts mehr. Nochmals herzlichen Dank!

cosinus 07.04.2011 19:13
Dann wären wir durch! :abklatsch:

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink:

Mozilla und andere Browser => http://filepony.de/?q=Flash+Player
Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:46 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131