Home » Viren, Trojaner & Malware Forum » Virus 2008 pro mit VIRUS ALERT neben Uhrzeit » Themenansicht

Virus 2008 pro mit VIRUS ALERT neben Uhrzeit
#0
25.07.2008, 15:09
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#31 kochi71

Avenger
http://virus-protect.org/artikel/tools/avenger.html

kopiere in das weisse Feld:

Zitat

Files to delete:
C:\oyf7l9.exe
C:\WINDOWS\system32\blphca65j0ec9v.scr
C:\WINDOWS\system32\lphca65j0ec9v.exe
C:\WINDOWS\system32\phca65j0ec9v.bmp
schliesse alle offenen Programme (denn nach Anwendung des Avengers wird der Rechner neustarten)
Klicke: Execute
bestätige, dass der Rechner neu gestartet wird - klicke "yes"

««
dann scanne noch mal mit malwarebytes im abgesicherten modus.
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
27.07.2008, 00:20
wosein
Member

Beiträge: 11
#32 Hallo liebe fleissigen Helfer,

Habe da mal endlich meine Aufgaben erledigen können.
anbei die logs


System Report
*************

Run on Sa 26.07.2008 at 23:23

Microsoft Windows XP [Version 5.1.2600]

Current user is an administrator

Running Processes:

\SystemRoot\System32\smss.exe [152]
\??\C:\WINDOWS\system32\csrss.exe [208]
\??\C:\WINDOWS\system32\winlogon.exe [232]
C:\WINDOWS\system32\services.exe [276]
C:\WINDOWS\system32\lsass.exe [288]
C:\WINDOWS\system32\svchost.exe [440]
C:\WINDOWS\system32\svchost.exe [500]
C:\WINDOWS\system32\svchost.exe [548]
C:\WINDOWS\Explorer.EXE [984]


Drivers - Running:

ACPI
ACPIEC
Afc
agp440
atapi
avgntdd
avgntmgr
Beep
Cdfs
Cdrom
Compbatt
dcpp2k
Disk
Fastfat
Fdc
FltMgr
Ftdisk
GEARAspiWDM
i8042prt
IntelIde
isapnp
Kbdclass
KSecDD
Mouclass
MountMgr
Msfs
mssmbios
Mup
NDIS
Npfs
Ntfs
Null
PartMgr
PCI
Pcmcia
PxHelp20
rdpdr
redbook
sr
swenum
TermDD
TwoTrack
Update
usbhub
USBSTOR
usbuhci
VgaSave
VolSnap


Drivers - Stopped:

Abiosdsk
abp480n5
ACGPRS
adpu160m
aec
AF15BDA
AFD
Aha154x
aic78u2
aic78xx
AliIde
amsint
asc
asc3350p
asc3550
Aspi32
AsyncMac
Atdisk
Atmarpc
audstub
cbidf2k
CCDECODE
cd20xrnt
Cdaudio
Changer
CmBatt
CmdIde
Cpqarray
cwcspud
cwcwdm
dac960nt
dmboot
dmio
dmload
DMusic
Dot4
Dot4Print
Dot4Scan
dpti2o
drmkaud
E100B
Fips
Flpydisk
gameenum
Gpc
HidUsb
hpn
hpt3xx
HPZid412
HPZipr12
HPZius12
HTTP
i2omgmt
i2omp
IBMPMDRV
Imapi
ini910u
Ip6Fw
IpFilterDriver
IpInIp
IpNat
IPSec
irda
IRENUM
kbdhid
kmixer
lbrtfdc
ltmodem5
MDC8021X
mf
mnmdd
Modem
mouhid
MPE
mraid35x
MRxDAV
MRxSmb
MSKSSRV
MSPCLOCK
MSPQM
MSTEE
NABTSFEC
NdisIP
NdisTapi
Ndisuio
NdisWan
NDProxy
NetBIOS
NetBT
NSCIRDA
NwlnkFlt
NwlnkFwd
P3
Parport
ParVdm
pccsmcfd
PCIDump
PCIIde
PDCOMP
PDFRAME
PDRELI
PDRFRAME
perc2
perc2hib
PptpMiniport
PSched
Ptilink
ql1080
Ql10wnt
ql12160
ql1240
ql1280
RasAcd
Rasirda
Rasl2tp
RasPppoe
Raspti
Rdbss
RDPCDD
RDPWD
ROOTMODEM
RT2500USB
S3SavageMX
Secdrv
Ser2pl
serenum
Serial
Sfloppy
Simbad
SLIP
Sparrow
splitter
Srv
streamip
swivsp
swmidi
SWUMX20
symc810
symc8xx
sym_hi
sym_u3
sysaudio
Tcpip
TDPIPE
TDTCP
TosIde
Udfs
ultra
usbccgp
USBCM
usbprint
usbscan
USBVSP
ViaIde
Wanarp
WDICA
wdmaud
WSTCODEC
ZDPNDIS5


Services - Running:

CryptSvc
DcomLaunch
Eventlog
helpsvc
PlugPlay
RpcSs
srservice
winmgmt


Services - Stopped:

Alerter
ALG
AntiVirScheduler
AntiVirService
AppMgmt
aspnet_state
AudioSrv
BITS
Browser
cisvc
ClipSrv
clr_optimization_v2.0.50727_32
COMSysApp
DCPP2Svc
Dhcp
dmadmin
dmserver
Dnscache
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
HTTPFilter
IBMPMSVC
IDriverT
ImapiService
iPodService
Irmon
lanmanserver
lanmanworkstation
LmHosts
McDetect.exe
McTskshd.exe
mcupdmgr.exe
Messenger
Microsoft
Microsoft
mnmsrvc
MSDTC
MSIServer
NetDDE
NetDDEdsdm
Netlogon
Netman
Nla
NtLmSsp
NtmsSvc
Pml
PolicyAgent
ProtectedStorage
RasAuto
RasMan
RDSessMgr
RemoteAccess
RemoteRegistry
RpcLocator
RSVP
SamSs
SCardDrv
SCardSvr
Schedule
seclogon
SENS
ServiceLayer
SharedAccess
ShellHWDetection
Spooler
SSDPSRV
stisvc
SwPrv
SysmonLog
TapiSrv
TermService
Themes
TlntSvr
TrkWks
upnphost
UPS
UxTuneUp
VSS
W32Time
WebClient
WmdmPmSN
Wmi
WmiApSrv
wscsvc
wuauserv
WZCSVC
xmlprov


Files Created/Modified - 60 Days:


C:\

17 Jul 2008 0:34:10 3.222 A.... "C:\avenger.txt"
6 Jul 2008 23:43:16 210 ..SH. "C:\boot.ini"
15 Jul 2008 7:00:22 14.147 A.... "C:\ComboFix.txt"
7 Jul 2008 21:48:20 6.832.128 A.... "C:\out archive 07-07-08.pst"
26 Jul 2008 23:17:54 503.316.480 A.SH. "C:\pagefile.sys"
22 Jul 2008 7:49:30 13.030 A.... "C:\PDOXUSRS.NET"


C:\WINDOWS\

24 Jul 2008 17:12:16 0 A.... "C:\WINDOWS\0.log"
26 Jul 2008 23:18:16 2.048 A.S.. "C:\WINDOWS\bootstat.dat"
17 Jul 2008 12:05:06 181 A.... "C:\WINDOWS\hpbafd.ini"
26 Jul 2008 23:18:24 442.162 A.... "C:\WINDOWS\ntbtlog.txt"
7 Jul 2008 0:00:10 4.161 A.... "C:\WINDOWS\ODBCINST.INI"
17 Jul 2008 23:10:30 1.409 A.... "C:\WINDOWS\QTFont.for"
17 Jul 2008 23:10:28 54.156 A..H. "C:\WINDOWS\QTFont.qfn"
26 Jul 2008 23:16:50 32.554 A.... "C:\WINDOWS\SchedLgU.Txt"
23 Jul 2008 17:06:50 168.429 A.... "C:\WINDOWS\setupapi.log"
5 Jul 2008 22:39:38 717.806 A.... "C:\WINDOWS\setupapi.old"
15 Jul 2008 6:47:20 227 A.... "C:\WINDOWS\system.ini"
13 Jun 2008 23:27:14 597 A.... "C:\WINDOWS\Ulead32.ini"
26 Jul 2008 23:16:34 216 A.... "C:\WINDOWS\wiadebug.log"
26 Jul 2008 23:16:34 50 A.... "C:\WINDOWS\wiaservc.log"
6 Jul 2008 23:51:14 682 A.... "C:\WINDOWS\win.ini"
24 Jul 2008 22:29:22 192 A.... "C:\WINDOWS\winamp.ini"
6 Jul 2008 23:52:30 749 A..HR "C:\WINDOWS\WindowsShell.Manifest"
26 Jul 2008 23:16:56 317.531 A.... "C:\WINDOWS\WindowsUpdate.log"
7 Jul 2008 0:01:46 316.640 A.... "C:\WINDOWS\WMSysPr9.prx"
6 Jul 2008 23:34:32 4.368 A.... "C:\WINDOWS\AVM_Driver\INFCACHE.1"
26 Jul 2008 23:18:16 0 A.... "C:\WINDOWS\Debug\PASSWD.LOG"
6 Jul 2008 23:53:14 65 ...H. "C:\WINDOWS\Downloaded Program Files\desktop.ini"
15 Jul 2008 6:40:16 110 A.... "C:\WINDOWS\erdnt\CFrecovery.bat"
6 Jul 2008 23:57:50 67 A.SH. "C:\WINDOWS\Fonts\desktop.ini"
16 Jul 2008 7:17:32 10.292 A.... "C:\WINDOWS\inf\acerscan.PNF"
16 Jul 2008 7:17:32 37.392 A.... "C:\WINDOWS\inf\brmfcwia.PNF"
16 Jul 2008 7:17:26 17.268 A.... "C:\WINDOWS\inf\camvid20.PNF"
16 Jul 2008 7:17:26 16.020 A.... "C:\WINDOWS\inf\camvid30.PNF"
23 Jul 2008 17:06:00 7.800 A.... "C:\WINDOWS\inf\certclas.PNF"
5 Jul 2008 20:14:54 4.008 A.... "C:\WINDOWS\inf\COMA7.PNF"
5 Jul 2008 19:27:20 1.078 A.... "C:\WINDOWS\inf\COMA7.tmp"
5 Jul 2008 17:33:48 1.078 A.... "C:\WINDOWS\inf\COMB6.tmp"
7 Jul 2008 0:18:14 4.008 A.... "C:\WINDOWS\inf\COMBC.PNF"
6 Jul 2008 23:47:04 1.078 A.... "C:\WINDOWS\inf\COMBC.tmp"
18 Jul 2008 23:05:18 222.180 A.... "C:\WINDOWS\inf\drvindex.PNF"
15 Jun 2008 15:04:30 38.568 A.... "C:\WINDOWS\inf\ENEV20.PNF"
16 Jul 2008 7:17:30 11.408 A.... "C:\WINDOWS\inf\epsnmfp.PNF"
16 Jul 2008 7:17:34 45.624 A.... "C:\WINDOWS\inf\epsnscan.PNF"
16 Jul 2008 7:17:28 23.948 A.... "C:\WINDOWS\inf\fjtscan.PNF"
16 Jul 2008 7:17:34 7.016 A.... "C:\WINDOWS\inf\hpdigwia.PNF"
16 Jul 2008 7:17:34 23.076 A.... "C:\WINDOWS\inf\hpojscan.PNF"
16 Jul 2008 7:17:42 41.148 A.... "C:\WINDOWS\inf\hpscan.PNF"
16 Jul 2008 7:17:38 13.212 A.... "C:\WINDOWS\inf\icam3.PNF"
16 Jul 2008 7:17:30 17.876 A.... "C:\WINDOWS\inf\icam4usb.PNF"
16 Jul 2008 7:17:32 13.708 A.... "C:\WINDOWS\inf\icam5usb.PNF"
16 Jul 2008 7:17:40 22.820 A.... "C:\WINDOWS\inf\image.PNF"
6 Jul 2008 23:34:32 1.705.064 A.... "C:\WINDOWS\inf\INFCACHE.1"
16 Jul 2008 7:17:40 22.128 A.... "C:\WINDOWS\inf\kdk2x0.PNF"
16 Jul 2008 7:17:26 10.792 A.... "C:\WINDOWS\inf\kdkscan.PNF"
16 Jul 2008 7:17:40 10.204 A.... "C:\WINDOWS\inf\kodak.PNF"
6 Jul 2008 22:50:44 1.040.800 A.... "C:\WINDOWS\inf\LAYOUT.PNF"
5 Jul 2008 17:01:02 36.404 A.... "C:\WINDOWS\inf\mdmlucnt.PNF"
16 Jul 2008 7:17:36 39.044 A.... "C:\WINDOWS\inf\msdv.PNF"
16 Jul 2008 7:17:30 29.172 A.... "C:\WINDOWS\inf\msmscsi.PNF"
16 Jul 2008 7:17:24 15.364 A.... "C:\WINDOWS\inf\msmusb.PNF"
6 Jul 2008 22:59:14 15.200 A.... "C:\WINDOWS\inf\net3c985.PNF"
6 Jul 2008 22:59:14 85.096 A.... "C:\WINDOWS\inf\net557.PNF"
6 Jul 2008 22:59:12 8.044 A.... "C:\WINDOWS\inf\net650d.PNF"
6 Jul 2008 22:59:12 8.660 A.... "C:\WINDOWS\inf\net713.PNF"
6 Jul 2008 22:59:12 9.820 A.... "C:\WINDOWS\inf\netamd.PNF"
6 Jul 2008 22:59:12 18.048 A.... "C:\WINDOWS\inf\netamd2.PNF"
6 Jul 2008 22:59:08 8.576 A.... "C:\WINDOWS\inf\netdf650.PNF"
6 Jul 2008 22:59:08 30.388 A.... "C:\WINDOWS\inf\nete1000.PNF"
6 Jul 2008 22:59:08 8.404 A.... "C:\WINDOWS\inf\netejxmp.PNF"
6 Jul 2008 22:59:08 12.120 A.... "C:\WINDOWS\inf\netel90a.PNF"
6 Jul 2008 22:59:06 19.584 A.... "C:\WINDOWS\inf\netel90b.PNF"
6 Jul 2008 22:59:06 17.516 A.... "C:\WINDOWS\inf\netel99x.PNF"
6 Jul 2008 22:59:06 8.004 A.... "C:\WINDOWS\inf\netfa410.PNF"
6 Jul 2008 22:59:04 9.668 A.... "C:\WINDOWS\inf\netirda.PNF"
6 Jul 2008 22:50:46 24.528 A.... "C:\WINDOWS\inf\netirsir.PNF"
6 Jul 2008 22:59:04 10.956 A.... "C:\WINDOWS\inf\netngr.PNF"
6 Jul 2008 22:59:02 10.276 A.... "C:\WINDOWS\inf\netpnic.PNF"
6 Jul 2008 22:59:00 9.996 A.... "C:\WINDOWS\inf\netw840.PNF"
6 Jul 2008 22:58:58 19.560 A.... "C:\WINDOWS\inf\netx500.PNF"
3 Jul 2008 6:52:20 78.340 A.... "C:\WINDOWS\inf\nokirmdm.PNF"
16 Jul 2008 10:24:52 14.036 A.... "C:\WINDOWS\inf\oem0.PNF"
1 Jul 2008 17:33:36 51.678 A.... "C:\WINDOWS\inf\oem21.PNF"
1 Jul 2008 17:33:38 232.400 A.... "C:\WINDOWS\inf\oem22.PNF"
1 Jul 2008 17:33:40 127.712 A.... "C:\WINDOWS\inf\oem23.PNF"
1 Jul 2008 17:33:42 50.410 A.... "C:\WINDOWS\inf\oem24.PNF"
1 Jul 2008 17:38:36 7.844 A.... "C:\WINDOWS\inf\oem25.PNF"
1 Jul 2008 17:38:36 37.830 A.... "C:\WINDOWS\inf\oem26.PNF"
16 Jul 2008 7:26:02 86.138 A.... "C:\WINDOWS\inf\oem29.PNF"
16 Jul 2008 7:25:54 71.050 A.... "C:\WINDOWS\inf\oem32.PNF"
16 Jul 2008 7:25:54 97.290 A.... "C:\WINDOWS\inf\oem33.PNF"
16 Jul 2008 7:26:02 50.936 A.... "C:\WINDOWS\inf\oem34.PNF"
16 Jul 2008 7:25:56 23.442 A.... "C:\WINDOWS\inf\oem35.PNF"
16 Jul 2008 7:25:58 42.330 A.... "C:\WINDOWS\inf\oem36.PNF"
1 Jul 2008 17:38:38 5.682 A.... "C:\WINDOWS\inf\oem39.PNF"
15 Jun 2008 15:05:44 13.472 A.... "C:\WINDOWS\inf\oem43.PNF"
1 Jul 2008 17:49:52 80.930 A.... "C:\WINDOWS\inf\oem44.PNF"
1 Jul 2008 17:49:54 100.672 A.... "C:\WINDOWS\inf\oem45.PNF"
16 Jul 2008 7:17:42 24.908 A.... "C:\WINDOWS\inf\ovcam.PNF"
16 Jul 2008 7:17:32 10.484 A.... "C:\WINDOWS\inf\phil1vid.PNF"
16 Jul 2008 7:17:32 13.860 A.... "C:\WINDOWS\inf\phil2vid.PNF"
16 Jul 2008 7:14:04 44.964 A.... "C:\WINDOWS\inf\printupg.PNF"
16 Jul 2008 7:17:26 10.668 A.... "C:\WINDOWS\inf\ptpusb.PNF"
16 Jul 2008 7:17:40 18.476 A.... "C:\WINDOWS\inf\ricoh.PNF"
16 Jul 2008 7:17:34 86.912 A.... "C:\WINDOWS\inf\stillcam.PNF"
5 Jul 2008 17:00:24 5.724 A.... "C:\WINDOWS\inf\swflash.PNF"
6 Jul 2008 22:58:48 101.476 A.... "C:\WINDOWS\inf\syssetup.PNF"
16 Jul 2008 7:17:28 9.908 A.... "C:\WINDOWS\inf\tsbvcap.PNF"
16 Jul 2008 7:17:38 68.372 A.... "C:\WINDOWS\inf\umax.PNF"
16 Jul 2008 7:17:26 11.008 A.... "C:\WINDOWS\inf\umaxpp.PNF"
16 Jul 2008 7:17:36 24.992 A.... "C:\WINDOWS\inf\usbvideo.PNF"
1 Jul 2008 16:02:58 2.465 A.... "C:\WINDOWS\inf\usbvsp.inf"
1 Jul 2008 16:04:34 7.216 A.... "C:\WINDOWS\inf\usbvsp.PNF"
3 Jul 2008 6:52:28 7.820 A.... "C:\WINDOWS\inf\vspport.PNF"
16 Jul 2008 7:17:36 9.952 A.... "C:\WINDOWS\inf\xscan_xp.PNF"
6 Jul 2008 23:53:16 65 ...H. "C:\WINDOWS\Offline Web Pages\desktop.ini"
7 Jul 2008 0:18:52 23.364 A.... "C:\WINDOWS\Registration\R000000000039.clb"
7 Jul 2008 0:18:54 23.364 A.... "C:\WINDOWS\Registration\R00000000003a.clb"
6 Jul 2008 23:59:00 22.940 A.... "C:\WINDOWS\Registration\R000000000035.clb"
7 Jul 2008 0:19:22 1.048.576 A.... "C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{C88D5242-8807-4B7B-A6BE-72B568657B56}.crmlog"
7 Jul 2008 0:09:02 286.720 A.... "C:\WINDOWS\repair\default"
7 Jul 2008 0:03:06 286.720 A..H. "C:\WINDOWS\repair\ntuser.dat"
7 Jul 2008 0:09:02 24.576 A.... "C:\WINDOWS\repair\sam"
7 Jul 2008 0:09:02 53.248 A.... "C:\WINDOWS\repair\security"
6 Jul 2008 23:50:30 188.093 A.... "C:\WINDOWS\repair\setup.log"
7 Jul 2008 0:09:02 24.727.552 A.... "C:\WINDOWS\repair\software"
7 Jul 2008 0:07:38 2.727.936 A.... "C:\WINDOWS\repair\system"
7 Jul 2008 0:10:36 50.647 A.... "C:\WINDOWS\system32\$winnt$.inf"
7 Jul 2008 0:01:36 16.832 A.... "C:\WINDOWS\system32\amcompat.tlb"
6 Jul 2008 23:52:30 749 A..HR "C:\WINDOWS\system32\cdplayer.exe.manifest"
29 Jun 2008 18:08:22 664 A.... "C:\WINDOWS\system32\d3d9caps.dat"
3 Jul 2008 0:53:52 0 A.... "C:\WINDOWS\system32\db5e2800-.txt"
6 Jul 2008 23:47:36 22.940 A.... "C:\WINDOWS\system32\emptyregdb.dat"
9 Jun 2008 9:27:56 56 A..H. "C:\WINDOWS\system32\ezsidmv.dat"
7 Jul 2008 0:12:02 347.400 A.... "C:\WINDOWS\system32\FNTCACHE.DAT"
6 Jul 2008 23:53:14 488 A..HR "C:\WINDOWS\system32\logonui.exe.manifest"
6 Jul 2008 23:52:30 749 A..HR "C:\WINDOWS\system32\ncpa.cpl.manifest"
7 Jul 2008 0:01:36 23.392 A.... "C:\WINDOWS\system32\nscompat.tlb"
6 Jul 2008 23:52:30 749 A..HR "C:\WINDOWS\system32\nwc.cpl.manifest"
17 Jul 2008 0:42:02 81.554 A.... "C:\WINDOWS\system32\perfc007.dat"
17 Jul 2008 0:42:02 68.090 A.... "C:\WINDOWS\system32\perfc009.dat"
17 Jul 2008 0:42:02 437.286 A.... "C:\WINDOWS\system32\perfh007.dat"
17 Jul 2008 0:42:02 420.312 A.... "C:\WINDOWS\system32\perfh009.dat"
17 Jul 2008 0:41:54 1.018.606 A.... "C:\WINDOWS\system32\PerfStringBackup.INI"
6 Jul 2008 23:52:30 749 A..HR "C:\WINDOWS\system32\sapi.cpl.manifest"
6 Jul 2008 23:53:14 488 A..HR "C:\WINDOWS\system32\WindowsLogon.manifest"
26 Jul 2008 23:18:24 2.206 A.... "C:\WINDOWS\system32\wpa.dbl"
6 Jul 2008 23:52:30 749 A..HR "C:\WINDOWS\system32\wuaucpl.cpl.manifest"
26 Jul 2008 23:06:02 416 A.... "C:\WINDOWS\Tasks\1-Klick-Wartung.job"
26 Jul 2008 23:16:50 6 A..H. "C:\WINDOWS\Tasks\SA.DAT"
23 Jul 2008 23:35:24 0 A.... "C:\WINDOWS\TEMP\etilqs_JO4k1Xa7EK51uDz-journal"
23 Jul 2008 23:35:24 53.248 A.... "C:\WINDOWS\TEMP\etilqs_7TliboLUgtYnTUn"
23 Jul 2008 23:35:24 0 A.... "C:\WINDOWS\TEMP\etilqs_1UXst3RfP7dQCT7"
16 Jul 2008 18:00:42 0 A.... "C:\WINDOWS\TEMP\etilqs_Smm7RntLvHWFfJI"
16 Jul 2008 18:00:42 0 A.... "C:\WINDOWS\TEMP\etilqs_nsnZPhyIGXpU53m-journal"
16 Jul 2008 18:00:42 0 A.... "C:\WINDOWS\TEMP\etilqs_MdflYueIhaBVSc0"
17 Jul 2008 0:32:26 0 A.... "C:\WINDOWS\TEMP\etilqs_T6FMbG01pqNb6Ed"
16 Jul 2008 7:14:26 1.304 A.... "C:\WINDOWS\TEMP\HPZIDS.log"
26 Jul 2008 23:21:46 21.580 A.... "C:\WINDOWS\TEMP\scs3.tmp"
16 Jul 2008 7:13:26 2.288 A.... "C:\WINDOWS\TEMP\servic000.log"
26 Jul 2008 23:18:12 60.542 A.... "C:\WINDOWS\Debug\UserMode\userenv.log"
15 Jul 2008 6:32:50 290.816 A.... "C:\WINDOWS\erdnt\Hiv-backup\default"
15 Jul 2008 6:32:54 673 A.... "C:\WINDOWS\erdnt\Hiv-backup\ERDNT.CON"
15 Jul 2008 6:32:54 1.243 A.... "C:\WINDOWS\erdnt\Hiv-backup\ERDNT.INF"
15 Jul 2008 6:32:52 24.576 A.... "C:\WINDOWS\erdnt\Hiv-backup\sam"
15 Jul 2008 6:32:34 53.248 A.... "C:\WINDOWS\erdnt\Hiv-backup\security"
15 Jul 2008 6:32:48 25.006.080 A.... "C:\WINDOWS\erdnt\Hiv-backup\software"
15 Jul 2008 6:59:42 5.767.168 A.... "C:\WINDOWS\erdnt\Hiv-backup\system"
15 Jul 2008 6:40:22 290.816 A.... "C:\WINDOWS\erdnt\subs\default"
15 Jul 2008 6:40:22 673 A.... "C:\WINDOWS\erdnt\subs\ERDNT.CON"
15 Jul 2008 6:40:22 460 A.... "C:\WINDOWS\erdnt\subs\ERDNT.INF"
15 Jul 2008 6:40:22 24.576 A.... "C:\WINDOWS\erdnt\subs\sam"
15 Jul 2008 6:40:18 53.248 A.... "C:\WINDOWS\erdnt\subs\security"
15 Jul 2008 6:40:20 25.100.288 A.... "C:\WINDOWS\erdnt\subs\software"
15 Jul 2008 6:40:42 1.024 A..H. "C:\WINDOWS\erdnt\subs\software.LOG"
15 Jul 2008 6:40:22 5.562.368 A.... "C:\WINDOWS\erdnt\subs\system"
15 Jul 2008 6:40:42 1.024 A..H. "C:\WINDOWS\erdnt\subs\system.LOG"
7 Jul 2008 0:03:30 3.153.920 A.... "C:\WINDOWS\security\Database\secedit.sdb"
6 Jul 2008 23:33:32 788.252 A.... "C:\WINDOWS\security\templates\setup security.inf"
24 Jul 2008 17:26:14 45.376 A.... "C:\WINDOWS\system32\drivers\avgntdd.sys"
24 Jul 2008 17:26:12 75.072 A.... "C:\WINDOWS\system32\drivers\avipbb.sys"
7 Jul 2008 16:35:30 17.144 A.... "C:\WINDOWS\system32\drivers\mbam.sys"
7 Jul 2008 16:35:36 34.296 A.... "C:\WINDOWS\system32\drivers\mbamcatchme.sys"
7 Jul 2008 0:15:36 78 A.... "C:\WINDOWS\system32\Restore\MachineGuid.txt"
6 Jul 2008 23:53:34 1.440.054 A.... "C:\WINDOWS\Web\Wallpaper\Grne Idylle.bmp"
6 Jul 2008 23:22:22 397 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82.Manifest"
6 Jul 2008 23:22:30 1.862 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9.Manifest"
6 Jul 2008 23:22:28 460 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_de_78e7f208.Manifest"
6 Jul 2008 23:22:34 500 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9.Manifest"
6 Jul 2008 23:22:20 1.237 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.2600.2000_x-ww_bcc9a281.Manifest"
6 Jul 2008 23:22:34 494 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a.Manifest"
6 Jul 2008 23:22:24 391 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13.Manifest"
6 Jul 2008 23:22:26 640 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.0.0_x-ww_fc342b0b.Manifest"
6 Jul 2008 23:22:32 1.819 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7.Manifest"
6 Jul 2008 23:22:32 443 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries.Resources_6595b64144ccf1df_6.0.0.0_de-DE_b5f95279.Manifest"
6 Jul 2008 23:22:34 1.784 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a.Manifest"
6 Jul 2008 23:22:26 1.877 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7.Manifest"
6 Jul 2008 23:22:26 1.177 A.... "C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95.Manifest"
9 Jul 2008 2:25:22 439.470 A.... "C:\WINDOWS\PCHEALTH\HELPCTR\Logs\hcupdate.log"
6 Jul 2008 22:49:42 8 A.... "C:\WINDOWS\system32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\TimeStamp"
16 Jul 2008 7:28:40 8 A.... "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TimeStamp"
15 Jul 2008 6:45:38 27 A.... "C:\WINDOWS\system32\drivers\etc\hosts"
16 Jul 2008 12:44:00 17.732 A.... "C:\WINDOWS\system32\Macromed\Flash\install.log"
16 Jul 2008 12:44:00 74.649 A.... "C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe"
7 Jul 2008 0:23:06 24.576 A.... "C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log"
6 Jul 2008 23:49:02 35.578 A.... "C:\WINDOWS\system32\wbem\AutoRecover\02E78424AB18BDBFA706C08B7D7B9F1D.mof"
6 Jul 2008 23:49:08 23.798 A.... "C:\WINDOWS\system32\wbem\AutoRecover\092389D621F5A8834203DAAC74CCA279.mof"
6 Jul 2008 23:49:00 130.456 A.... "C:\WINDOWS\system32\wbem\AutoRecover\0A9DBC92D554324656F61F9862679F27.mof"
6 Jul 2008 23:49:12 7.694 A.... "C:\WINDOWS\system32\wbem\AutoRecover\1E97A05DE566CF6EEAE29D0634E27392.mof"
6 Jul 2008 23:49:16 68.372 A.... "C:\WINDOWS\system32\wbem\AutoRecover\1EBE968EB7AF815A32641E6185350A9E.mof"
6 Jul 2008 23:49:06 3.554 A.... "C:\WINDOWS\system32\wbem\AutoRecover\20D2C3B8CE10B96CE6B8A3C241EF4416.mof"
6 Jul 2008 23:48:54 2.774.334 A.... "C:\WINDOWS\system32\wbem\AutoRecover\26C097A9392F8C541AD42E89B7909073.mof"
6 Jul 2008 23:49:10 11.222 A.... "C:\WINDOWS\system32\wbem\AutoRecover\26D6C4EB696DD0C83F5D5BF2235000A7.mof"
6 Jul 2008 23:49:08 18.418 A.... "C:\WINDOWS\system32\wbem\AutoRecover\2A61A823DC2C1C838EE71C4351BED0B4.mof"
6 Jul 2008 23:49:00 41.508 A.... "C:\WINDOWS\system32\wbem\AutoRecover\2AA23BB86A5EBD8BC2D820944E55B233.mof"
6 Jul 2008 23:49:06 13.448 A.... "C:\WINDOWS\system32\wbem\AutoRecover\2C142C4C15E3B8D139B98154CD083071.mof"
6 Jul 2008 23:49:08 49.106 A.... "C:\WINDOWS\system32\wbem\AutoRecover\2CE64FBD51953C097BB5470043A6DAF9.mof"
6 Jul 2008 23:49:04 12.256 A.... "C:\WINDOWS\system32\wbem\AutoRecover\2CFB5B149FA396D1AEA5F89B1C5A8D81.mof"
6 Jul 2008 23:49:12 3.182 A.... "C:\WINDOWS\system32\wbem\AutoRecover\2DA80135BA8EC175C9B1C1598F659434.mof"
6 Jul 2008 23:49:02 29.862 A.... "C:\WINDOWS\system32\wbem\AutoRecover\37134956F76D3C30C9BE0C12571CAF43.mof"
6 Jul 2008 23:49:00 2.093.998 A.... "C:\WINDOWS\system32\wbem\AutoRecover\3EC317800FF508210BB945C81C0EACE7.mof"
6 Jul 2008 23:49:08 13.986 A.... "C:\WINDOWS\system32\wbem\AutoRecover\42355E8E232EF8CADD187D531DEC55DD.mof"
6 Jul 2008 23:49:12 16.914 A.... "C:\WINDOWS\system32\wbem\AutoRecover\42C894EEACAD83A4E41154685841B3E1.mof"
6 Jul 2008 23:49:12 19.372 A.... "C:\WINDOWS\system32\wbem\AutoRecover\608B41C6A2CD9460C2263E6CD80C335A.mof"
6 Jul 2008 23:49:04 5.458 A.... "C:\WINDOWS\system32\wbem\AutoRecover\60A06765DDFE47EF7240BD9C1EB29EFE.mof"
6 Jul 2008 23:49:04 111.144 A.... "C:\WINDOWS\system32\wbem\AutoRecover\6B38F33147D0369D5038BBB61C7A31C8.mof"
6 Jul 2008 23:58:16 8.820 A.... "C:\WINDOWS\system32\wbem\AutoRecover\6FFF7467A5B40765D5740A413CA8BB8A.mof"
6 Jul 2008 23:49:10 62.708 A.... "C:\WINDOWS\system32\wbem\AutoRecover\701B705ED7DF100F88D5BC4A595E938D.mof"
6 Jul 2008 23:49:06 134.072 A.... "C:\WINDOWS\system32\wbem\AutoRecover\72F867EF62976CE9F70993FF3E68A4EB.mof"
6 Jul 2008 23:49:12 43.182 A.... "C:\WINDOWS\system32\wbem\AutoRecover\731AE1FC8C795979F40FAD645FFBAEB1.mof"
6 Jul 2008 23:49:16 147.550 A.... "C:\WINDOWS\system32\wbem\AutoRecover\79D4AC5000BACE89A8677FB672A14F9E.mof"
6 Jul 2008 23:49:10 15.688 A.... "C:\WINDOWS\system32\wbem\AutoRecover\79E817BC978E2D450EB9E3794DFDA6CF.mof"
6 Jul 2008 23:49:06 4.872 A.... "C:\WINDOWS\system32\wbem\AutoRecover\7A62FA52E22CE751514BC93BE067BC80.mof"
6 Jul 2008 23:49:06 4.496 A.... "C:\WINDOWS\system32\wbem\AutoRecover\852ECCDBABE77624586E4417FE66F857.mof"
6 Jul 2008 23:49:08 12.818 A.... "C:\WINDOWS\system32\wbem\AutoRecover\8636DC7F9479DACE6778109CB4FB4B01.mof"
6 Jul 2008 23:49:08 29.386 A.... "C:\WINDOWS\system32\wbem\AutoRecover\88744D2A29102FC88ECF505DD2E984FC.mof"
6 Jul 2008 23:49:02 12.634 A.... "C:\WINDOWS\system32\wbem\AutoRecover\958A50DFF8A9DF5FAEA042AC9F60815F.mof"
6 Jul 2008 23:59:58 2.566 A.... "C:\WINDOWS\system32\wbem\AutoRecover\9AD3182A2F39A3E091E15109132EC6CC.mof"
6 Jul 2008 23:49:02 46.478 A.... "C:\WINDOWS\system32\wbem\AutoRecover\A7575F8DE31A912FFE91A7A41B1E382A.mof"
6 Jul 2008 23:49:06 15.462 A.... "C:\WINDOWS\system32\wbem\AutoRecover\A99860BB696AE92ED001E48B014365CE.mof"
6 Jul 2008 23:49:06 9.748 A.... "C:\WINDOWS\system32\wbem\AutoRecover\ABB70D53B97FC8002205F77E02C97304.mof"
6 Jul 2008 23:49:06 19.462 A.... "C:\WINDOWS\system32\wbem\AutoRecover\AE7023598F41510BF261111652046301.mof"
6 Jul 2008 23:49:08 10.508 A.... "C:\WINDOWS\system32\wbem\AutoRecover\AEA50E449C23761CA4D9B7F9ED0D9C89.mof"
6 Jul 2008 23:49:06 32.772 A.... "C:\WINDOWS\system32\wbem\AutoRecover\BE81B2C0741907C1FC1C42B6223E59AD.mof"
6 Jul 2008 23:58:12 88.742 A.... "C:\WINDOWS\system32\wbem\AutoRecover\C3A0BE17B37ACE48BE78B31580231AE9.mof"
6 Jul 2008 23:49:10 99.856 A.... "C:\WINDOWS\system32\wbem\AutoRecover\C6300BFE37ADE6B52EC023F66124985F.mof"
6 Jul 2008 23:49:02 18.500 A.... "C:\WINDOWS\system32\wbem\AutoRecover\C81ACF420917AA0F87487BC4D958BEB4.mof"
6 Jul 2008 23:49:00 31.050 A.... "C:\WINDOWS\system32\wbem\AutoRecover\C92641594A6F2DA8A55FE4738AFDA539.mof"
6 Jul 2008 23:49:02 42.918 A.... "C:\WINDOWS\system32\wbem\AutoRecover\CA0106054EB09C302ED3E0669F99D021.mof"
6 Jul 2008 23:49:06 4.496 A.... "C:\WINDOWS\system32\wbem\AutoRecover\CFC35B349D24A8495FD2CEAB15C32D88.mof"
6 Jul 2008 23:58:16 308.642 A.... "C:\WINDOWS\system32\wbem\AutoRecover\D724DF13E0B0DF051EB5D403DD8EF2FC.mof"
6 Jul 2008 23:49:12 4.092 A.... "C:\WINDOWS\system32\wbem\AutoRecover\D92470B796B6B18F9EE52301857F0567.mof"
6 Jul 2008 23:49:08 9.290 A.... "C:\WINDOWS\system32\wbem\AutoRecover\DBD781C2C031C708BCB490F228E7BEF9.mof"
6 Jul 2008 23:49:04 165.526 A.... "C:\WINDOWS\system32\wbem\AutoRecover\DC999686F8B85B326CEDFA199DD07F72.mof"
6 Jul 2008 23:49:02 22.680 A.... "C:\WINDOWS\system32\wbem\AutoRecover\DFD614E4D613EF4506AC8F525F5F514B.mof"
6 Jul 2008 23:49:06 10.784 A.... "C:\WINDOWS\system32\wbem\AutoRecover\E04DE4CDFEC284A342159BB920976701.mof"
6 Jul 2008 23:49:10 10.848 A.... "C:\WINDOWS\system32\wbem\AutoRecover\E441354B9FE5F63362A481C9B9195A73.mof"
6 Jul 2008 23:49:02 58.852 A.... "C:\WINDOWS\system32\wbem\AutoRecover\E737DE61441445E1FDFCA45EF5E7D987.mof"
6 Jul 2008 23:49:06 6.600 A.... "C:\WINDOWS\system32\wbem\AutoRecover\EDBF963FB003D0670AA9C2219BD091FB.mof"
6 Jul 2008 23:49:08 61.314 A.... "C:\WINDOWS\system32\wbem\AutoRecover\FAAD7D567E76CAB10704AFD7C0488F23.mof"
6 Jul 2008 23:49:16 147.508 A.... "C:\WINDOWS\system32\wbem\AutoRecover\FF07AB34F5BE762768A8C26385B07B04.mof"
6 Jul 2008 23:22:30 621 A.... "C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.2180.Policy"
6 Jul 2008 23:22:34 623 A.... "C:\WINDOWS\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3\7.0.2600.2180.Policy"
6 Jul 2008 23:22:28 641 A.... "C:\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_x-ww_362e60dd\5.2.2.3.Policy"
6 Jul 2008 23:22:22 605 A.... "C:\WINDOWS\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac\1.0.2600.2180.Policy"
6 Jul 2008 23:22:28 641 A.... "C:\WINDOWS\WinSxS\Policies\x86_policy.5.2.Microsoft.Windows.Networking.Rtcdll_6595b64144ccf1df_x-ww_c7b7206f\5.2.2.3.Policy"
6 Jul 2008 23:22:24 623 A.... "C:\WINDOWS\WinSxS\Policies\x86_policy.5.1.Microsoft.Windows.SystemCompatible_6595b64144ccf1df_x-ww_a0111510\5.1.2600.2000.Policy"
15 Jul 2008 6:32:52 245.760 A.... "C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT"
15 Jul 2008 6:32:52 8.192 A.... "C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat"
15 Jul 2008 6:32:52 241.664 A.... "C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT"
15 Jul 2008 6:32:52 8.192 A.... "C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat"
15 Jul 2008 6:32:52 6.553.600 A.... "C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat"
15 Jul 2008 6:32:54 151.552 A.... "C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat"
15 Jul 2008 8:21:04 14.036 A.... "C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\rt2500usb.PNF"
15 Jul 2008 10:02:06 14.036 A.... "C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\rt2500usb.PNF"


C:\Programme\

24 Jul 2008 17:26:06 1.069 A.... "C:\Programme\AntiVir PersonalEdition Classic\about.htm"
24 Jul 2008 17:26:10 53.617 A.... "C:\Programme\AntiVir PersonalEdition Classic\aebb.dll"
24 Jul 2008 17:26:10 172.406 A.... "C:\Programme\AntiVir PersonalEdition Classic\aecore.dll"
24 Jul 2008 17:26:12 311.669 A.... "C:\Programme\AntiVir PersonalEdition Classic\aegen.dll"
30 May 2008 13:50:12 115.063 A.... "C:\Programme\AntiVir PersonalEdition Classic\aehelp.dll"
24 Jul 2008 17:26:12 1.343.863 A.... "C:\Programme\AntiVir PersonalEdition Classic\aeheur.dll"
24 Jul 2008 17:26:12 192.891 A.... "C:\Programme\AntiVir PersonalEdition Classic\aeoffice.dll"
17 Jul 2008 8:16:10 364.917 A.... "C:\Programme\AntiVir PersonalEdition Classic\aepack.dll"
17 Jul 2008 8:16:12 119.156 A.... "C:\Programme\AntiVir PersonalEdition Classic\aescn.dll"
24 Jul 2008 17:26:12 307.579 A.... "C:\Programme\AntiVir PersonalEdition Classic\aescript.dll"
24 Jul 2008 17:26:12 2.159 A.... "C:\Programme\AntiVir PersonalEdition Classic\aeset.dat"
24 Jul 2008 17:26:00 356.609 A.... "C:\Programme\AntiVir PersonalEdition Classic\avcenter.exe"
24 Jul 2008 17:26:00 9.985 A.... "C:\Programme\AntiVir PersonalEdition Classic\avconfig.dll"
24 Jul 2008 17:26:00 241.921 A.... "C:\Programme\AntiVir PersonalEdition Classic\avconfig.exe"
24 Jul 2008 17:26:00 119.041 A.... "C:\Programme\AntiVir PersonalEdition Classic\avevtlog.dll"
31 May 2008 19:02:30 124.161 A.... "C:\Programme\AntiVir PersonalEdition Classic\avgio.dll"
24 Jul 2008 17:26:00 266.497 A.... "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe"
24 Jul 2008 17:26:02 149.761 A.... "C:\Programme\AntiVir PersonalEdition Classic\avguard.exe"
24 Jul 2008 17:26:02 38.657 A.... "C:\Programme\AntiVir PersonalEdition Classic\avpref.dll"
24 Jul 2008 17:26:02 33.537 A.... "C:\Programme\AntiVir PersonalEdition Classic\avreg.dll"
24 Jul 2008 17:26:10 98.561 A.... "C:\Programme\AntiVir PersonalEdition Classic\avrep.dll"
24 Jul 2008 17:26:02 48.897 A.... "C:\Programme\AntiVir PersonalEdition Classic\avscan.dll"
24 Jul 2008 17:26:02 315.649 A.... "C:\Programme\AntiVir PersonalEdition Classic\avscan.exe"
24 Jul 2008 17:26:02 15.105 A.... "C:\Programme\AntiVir PersonalEdition Classic\avwinll.dll"
24 Jul 2008 17:26:02 208.592 A.... "C:\Programme\AntiVir PersonalEdition Classic\avwsc.exe"
24 Jul 2008 17:26:06 16.933 A.... "C:\Programme\AntiVir PersonalEdition Classic\build.dat"
24 Jul 2008 17:26:02 147.713 A.... "C:\Programme\AntiVir PersonalEdition Classic\ccev.dll"
24 Jul 2008 17:26:02 13.569 A.... "C:\Programme\AntiVir PersonalEdition Classic\ccevrc.dll"
24 Jul 2008 17:26:02 270.593 A.... "C:\Programme\AntiVir PersonalEdition Classic\ccgen.dll"
24 Jul 2008 17:26:02 18.689 A.... "C:\Programme\AntiVir PersonalEdition Classic\ccgenrc.dll"
24 Jul 2008 17:26:02 21.761 A.... "C:\Programme\AntiVir PersonalEdition Classic\ccgrdrc.dll"
24 Jul 2008 17:26:02 213.249 A.... "C:\Programme\AntiVir PersonalEdition Classic\ccguard.dll"
24 Jul 2008 17:26:02 160.001 A.... "C:\Programme\AntiVir PersonalEdition Classic\cclib.dll"
24 Jul 2008 17:26:02 53.505 A.... "C:\Programme\AntiVir PersonalEdition Classic\cclic.dll"
24 Jul 2008 17:26:02 5.889 A.... "C:\Programme\AntiVir PersonalEdition Classic\cclicrc.dll"
24 Jul 2008 17:26:04 22.273 A.... "C:\Programme\AntiVir PersonalEdition Classic\ccmainrc.dll"
24 Jul 2008 17:26:04 155.905 A.... "C:\Programme\AntiVir PersonalEdition Classic\ccmsg.dll"
24 Jul 2008 17:26:04 258.305 A.... "C:\Programme\AntiVir PersonalEdition Classic\ccprofil.dll"
24 Jul 2008 17:26:04 217.345 A.... "C:\Programme\AntiVir PersonalEdition Classic\ccquamgr.dll"
24 Jul 2008 17:26:04 16.641 A.... "C:\Programme\AntiVir PersonalEdition Classic\ccquarc.dll"
24 Jul 2008 17:26:04 12.545 A.... "C:\Programme\AntiVir PersonalEdition Classic\ccreporc.dll"
24 Jul 2008 17:26:04 131.329 A.... "C:\Programme\AntiVir PersonalEdition Classic\ccreport.dll"
24 Jul 2008 17:26:04 24.833 A.... "C:\Programme\AntiVir PersonalEdition Classic\ccscanrc.dll"
24 Jul 2008 17:26:04 151.809 A.... "C:\Programme\AntiVir PersonalEdition Classic\ccsched.dll"
24 Jul 2008 17:26:04 20.225 A.... "C:\Programme\AntiVir PersonalEdition Classic\ccscherc.dll"
24 Jul 2008 17:26:04 246.017 A.... "C:\Programme\AntiVir PersonalEdition Classic\cctpc.dll"
24 Jul 2008 17:26:04 110.849 A.... "C:\Programme\AntiVir PersonalEdition Classic\ccupdate.dll"
24 Jul 2008 17:26:04 13.057 A.... "C:\Programme\AntiVir PersonalEdition Classic\ccupdrc.dll"
24 Jul 2008 17:26:04 229.633 A.... "C:\Programme\AntiVir PersonalEdition Classic\fact.exe"
24 Jul 2008 17:26:04 24.833 A.... "C:\Programme\AntiVir PersonalEdition Classic\factrc.dll"
24 Jul 2008 17:26:06 11.009 A.... "C:\Programme\AntiVir PersonalEdition Classic\guardevt.dll"
24 Jul 2008 17:26:04 53.505 A.... "C:\Programme\AntiVir PersonalEdition Classic\guardgui.exe"
24 Jul 2008 17:26:06 53.505 A.... "C:\Programme\AntiVir PersonalEdition Classic\guardmsg.dll"
24 Jul 2008 17:26:06 164.097 A.... "C:\Programme\AntiVir PersonalEdition Classic\luke.dll"
24 Jul 2008 17:26:06 12.545 A.... "C:\Programme\AntiVir PersonalEdition Classic\lukeres.dll"
24 Jul 2008 17:26:06 258.305 A.... "C:\Programme\AntiVir PersonalEdition Classic\mgrs.dll"
24 Jul 2008 17:26:06 98.561 A.... "C:\Programme\AntiVir PersonalEdition Classic\preupd.exe"
24 Jul 2008 17:26:08 61.697 A.... "C:\Programme\AntiVir PersonalEdition Classic\rchelp.dll"
24 Jul 2008 17:25:44 2.371.841 A.... "C:\Programme\AntiVir PersonalEdition Classic\rcimage.dll"
24 Jul 2008 17:25:48 86.273 A.... "C:\Programme\AntiVir PersonalEdition Classic\rctext.dll"
24 Jul 2008 17:25:40 102.657 A.... "C:\Programme\AntiVir PersonalEdition Classic\scewxml.dll"
24 Jul 2008 17:26:06 68.865 A.... "C:\Programme\AntiVir PersonalEdition Classic\sched.exe"
24 Jul 2008 17:26:06 78.081 A.... "C:\Programme\AntiVir PersonalEdition Classic\setup.dll"
24 Jul 2008 17:26:06 635.137 A.... "C:\Programme\AntiVir PersonalEdition Classic\setup.exe"
24 Jul 2008 17:26:06 65.793 A.... "C:\Programme\AntiVir PersonalEdition Classic\shlext.dll"
24 Jul 2008 17:26:06 28.929 A.... "C:\Programme\AntiVir PersonalEdition Classic\smtplib.dll"
24 Jul 2008 17:25:42 446.721 A.... "C:\Programme\AntiVir PersonalEdition Classic\update.exe"
24 Jul 2008 17:25:42 147.713 A.... "C:\Programme\AntiVir PersonalEdition Classic\updgui.dll"
24 Jul 2008 17:25:42 11.009 A.... "C:\Programme\AntiVir PersonalEdition Classic\updguirc.dll"
24 Jul 2008 17:25:42 467.201 A.... "C:\Programme\AntiVir PersonalEdition Classic\updlib.dll"
24 Jul 2008 17:25:42 26.881 A.... "C:\Programme\AntiVir PersonalEdition Classic\updlibrc.dll"
31 May 2008 19:02:40 57.601 A.... "C:\Programme\AntiVir PersonalEdition Classic\wksstats.dll"
25 Jun 2008 15:58:36 1.209.584 A.... "C:\Programme\CCleaner\CCleaner.exe"
26 Jun 2008 3:27:36 21.504 A.... "C:\Programme\CCleaner\lang-1031.dll"
7 Jul 2008 23:08:16 114.509 A.... "C:\Programme\CCleaner\uninst.exe"
1 Jul 2008 23:17:40 1.239.986 A.... "C:\Programme\DriveCrypt Plus Pack\dcpp.exe"
10 Jun 2008 19:26:28 222.456 A.... "C:\Programme\ICQ6Toolbar\ICQ Service.exe"
12 Jun 2008 16:46:16 958.712 A.... "C:\Programme\ICQ6Toolbar\ICQToolBar.dll"
12 Jun 2008 10:58:10 122.104 A.... "C:\Programme\ICQ6Toolbar\ICQUnToolbar.exe"
10 Jun 2008 19:26:26 142.584 A.... "C:\Programme\ICQ6Toolbar\ServiceStarter.exe"
7 Jul 2008 16:35:30 77.432 A.... "C:\Programme\Malwarebytes' Anti-Malware\mbam.dll"
7 Jul 2008 16:35:30 1.175.160 A.... "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe"
7 Jul 2008 16:35:32 36.472 A.... "C:\Programme\Malwarebytes' Anti-Malware\mbamext.dll"
7 Jul 2008 16:35:32 122.488 A.... "C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe"
7 Jul 2008 16:35:32 380.536 A.... "C:\Programme\Malwarebytes' Anti-Malware\mbamtrayctrl.exe"
7 Jul 2008 16:35:34 44.664 A.... "C:\Programme\Malwarebytes' Anti-Malware\ssubtmr6.dll"
14 Jul 2008 23:03:32 7.505 A.... "C:\Programme\Malwarebytes' Anti-Malware\unins000.dat"
14 Jul 2008 23:02:40 688.760 A.... "C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
7 Jul 2008 16:35:34 57.464 A.... "C:\Programme\Malwarebytes' Anti-Malware\zlib.dll"
11 Jun 2008 21:22:46 4.025 A.... "C:\Programme\SparVoip\unins000.dat"
11 Jun 2008 21:22:18 713.148 A.... "C:\Programme\SparVoip\unins000.exe"
3 Jun 2008 16:15:24 151.552 A.... "C:\Programme\Zattoo\expat.dll"
3 Jun 2008 16:23:34 204.800 A.... "C:\Programme\Zattoo\faad.dll"
3 Jun 2008 16:15:24 1.188.375 A.... "C:\Programme\Zattoo\libeay32.dll"
3 Jun 2008 16:23:26 409.600 A.... "C:\Programme\Zattoo\libepg.dll"
3 Jun 2008 16:23:40 143.360 A.... "C:\Programme\Zattoo\libepgmanaged.dll"
3 Jun 2008 16:15:24 151.552 A.... "C:\Programme\Zattoo\libexpat.dll"
3 Jun 2008 16:23:36 655.360 A.... "C:\Programme\Zattoo\libzattood.dll"
3 Jun 2008 16:15:24 145.920 A.... "C:\Programme\Zattoo\Microsoft.DirectX.DirectDraw.dll"
3 Jun 2008 16:15:24 178.176 A.... "C:\Programme\Zattoo\Microsoft.DirectX.DirectSound.dll"
3 Jun 2008 16:15:24 223.232 A.... "C:\Programme\Zattoo\Microsoft.DirectX.dll"
3 Jun 2008 16:15:24 479.232 A.... "C:\Programme\Zattoo\msvcm80.dll"
3 Jun 2008 16:15:24 548.864 A.... "C:\Programme\Zattoo\msvcp80.dll"
3 Jun 2008 16:15:24 348.160 A.... "C:\Programme\Zattoo\msvcr71.dll"
3 Jun 2008 16:15:24 626.688 A.... "C:\Programme\Zattoo\msvcr80.dll"
3 Jun 2008 16:23:50 946.176 A.... "C:\Programme\Zattoo\player.dll"
7 Jun 2008 17:08:52 49.340 A.... "C:\Programme\Zattoo\uninst.exe"
3 Jun 2008 16:24:26 53.248 A.... "C:\Programme\Zattoo\Zattoo.exe"
3 Jun 2008 16:22:58 13.873.152 A.... "C:\Programme\Zattoo\Zattoo1.exe"
3 Jun 2008 16:24:24 5.095.424 A.... "C:\Programme\Zattoo\Zattoo2.exe"
3 Jun 2008 16:24:18 933.888 A.... "C:\Programme\Zattoo\zattood.exe"
24 Jul 2008 17:21:48 53.617 A.... "C:\Programme\AntiVir PersonalEdition Classic\FAILSAFE\aebb.dll"
24 Jul 2008 17:21:48 172.406 A.... "C:\Programme\AntiVir PersonalEdition Classic\FAILSAFE\aecore.dll"
24 Jul 2008 17:21:50 311.669 A.... "C:\Programme\AntiVir PersonalEdition Classic\FAILSAFE\aegen.dll"
30 May 2008 13:50:12 115.063 A.... "C:\Programme\AntiVir PersonalEdition Classic\FAILSAFE\aehelp.dll"
24 Jul 2008 17:21:54 1.343.863 A.... "C:\Programme\AntiVir PersonalEdition Classic\FAILSAFE\aeheur.dll"
24 Jul 2008 17:21:56 192.891 A.... "C:\Programme\AntiVir PersonalEdition Classic\FAILSAFE\aeoffice.dll"
17 Jul 2008 8:16:10 364.917 A.... "C:\Programme\AntiVir PersonalEdition Classic\FAILSAFE\aepack.dll"
17 Jul 2008 8:16:12 119.156 A.... "C:\Programme\AntiVir PersonalEdition Classic\FAILSAFE\aescn.dll"
24 Jul 2008 17:21:56 307.579 A.... "C:\Programme\AntiVir PersonalEdition Classic\FAILSAFE\aescript.dll"
24 Jul 2008 17:21:58 2.159 A.... "C:\Programme\AntiVir PersonalEdition Classic\FAILSAFE\aeset.dat"
24 Jul 2008 17:21:46 98.561 A.... "C:\Programme\AntiVir PersonalEdition Classic\FAILSAFE\avrep.dll"
28 Jun 2008 23:23:38 2 A.... "C:\Programme\eMule.de\config\AC_BootstrapIPs.dat"
28 Jun 2008 23:23:38 940 A.... "C:\Programme\eMule.de\config\AC_SearchStrings.dat"
28 Jun 2008 23:23:38 2 A.... "C:\Programme\eMule.de\config\AC_ServerMetURLs.dat"
28 Jun 2008 23:23:38 28 A.... "C:\Programme\eMule.de\config\key_index.dat"
28 Jun 2008 23:23:38 72 A.... "C:\Programme\eMule.de\config\load_index.dat"
28 Jun 2008 23:23:38 2.337 A.... "C:\Programme\eMule.de\config\nodes.dat"
28 Jun 2008 23:23:38 61 A.... "C:\Programme\eMule.de\config\preferences.dat"
28 Jun 2008 23:23:38 23 A.... "C:\Programme\eMule.de\config\preferencesKad.dat"
28 Jun 2008 23:23:44 2 A.... "C:\Programme\eMule.de\config\shareddir.dat"
28 Jun 2008 23:23:38 12 A.... "C:\Programme\eMule.de\config\src_index.dat"
30 May 2008 15:54:14 1.942.864 A...R "C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll"
1 Jul 2008 22:25:26 535.552 A.... "C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\ISSetup.dll"
1 Jul 2008 22:25:26 372.736 A.... "C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe"
1 Jul 2008 22:25:26 156.616 A.... "C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\_Setup.dll"
30 May 2008 15:54:14 21.718.312 A...R "C:\Programme\Skype\Phone\Skype.exe"
30 May 2008 15:54:16 3.279.816 A...R "C:\Programme\Skype\Plugin Manager\ezPMUtils.dll"
30 May 2008 15:54:16 76.744 A...R "C:\Programme\Skype\Plugin Manager\skypePM.exe"
30 May 2008 15:54:16 17.864 A...R "C:\Programme\Skype\Plugin Manager\spmServices.dll"
3 Jun 2008 16:24:20 15.872 A.... "C:\Programme\Zattoo\de-DE\Zattoo.resources.dll"
3 Jun 2008 16:24:20 16.896 A.... "C:\Programme\Zattoo\es-ES\Zattoo.resources.dll"
3 Jun 2008 16:24:20 28.672 A.... "C:\Programme\Zattoo\fr-FR\Zattoo.resources.dll"
23 Jul 2008 0:30:54 51 A.... "C:\Programme\ALCATech\BPM-Studio Profi\Data\notify.dat"
13 Jun 2008 23:25:20 10.828 A.... "C:\Programme\Ulead Systems\Ulead Photo Explorer 6.0\ULEAD.DAT\VIOFMT.DAT"
24 Jul 2008 22:29:40 1.270 A.... "C:\Programme\Winamp\Plugins\ml\main.dat"
21 Jul 2008 17:36:02 9.585 A.... "C:\Programme\Winamp\Plugins\ml\radio.dat"
24 Jul 2008 22:29:38 78.754 A.... "C:\Programme\Winamp\Plugins\ml\recent.dat"
1 Jul 2008 23:06:52 4.600 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\content\game_center\index2.html"
1 Jul 2008 23:06:52 619 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\content\game_center\lobby_banner.html"
1 Jul 2008 23:07:00 36.883 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\content\zlango\content.zip"
1 Jul 2008 23:06:52 4.611 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\avatar\avatar.zip"
1 Jul 2008 23:06:52 4.137 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\babylon_feed\flower.zip"
1 Jul 2008 23:06:52 5.704 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\backgammon\backgammon.zip"
1 Jul 2008 23:06:52 16.115 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\bob\bob.zip"
1 Jul 2008 23:06:54 5.865 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\checkers\checkers.zip"
1 Jul 2008 23:06:52 5.170 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\comming_up\comming_up.zip"
1 Jul 2008 23:06:54 4.137 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\coreg\flower.zip"
1 Jul 2008 23:06:52 4.162 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\darts\darts.zip"
1 Jul 2008 23:06:52 17.545 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\email_nudnik\email_nudnik.zip"
1 Jul 2008 23:06:54 14.036 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\funky_neighbours\funky_neighbours.zip"
1 Jul 2008 23:06:52 15.722 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\game_center\games_center.zip"
1 Jul 2008 23:07:32 576.181 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\game_center\xtratranspdlg2.zip"
1 Jul 2008 23:06:54 4.137 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\icq5_notification\flower.zip"
1 Jul 2008 23:06:52 3.219 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\icq_dialer\icq_dialer.zip"
1 Jul 2008 23:06:54 3.152 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\icq_sounds\sounds.zip"
1 Jul 2008 23:06:54 8.374 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\icq_welcome\welcome.zip"
1 Jul 2008 23:06:54 15.722 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\mini_game_center\games_center.zip"
1 Jul 2008 23:06:58 53.189 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\mini_game_center\images.zip"
1 Jul 2008 23:06:54 4.539 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\odd_cast_vhost\oddcast.zip"
1 Jul 2008 23:06:54 2.364 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\p7_billing\p7_billing.zip"
1 Jul 2008 23:06:54 4.830 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\pccw_billing\pccw_billing.zip"
1 Jul 2008 23:06:54 5.647 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\pccw_pay_gmib\pccw_pay_gmib.zip"
1 Jul 2008 23:06:54 5.145 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\photo_cropper\photo.zip"
1 Jul 2008 23:06:54 5.194 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\poker\poker.zip"
1 Jul 2008 23:06:56 6.187 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\pool\pool.zip"
1 Jul 2008 23:06:58 5.389 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\rps\rps.zip"
1 Jul 2008 23:06:58 4.984 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\slide-a-lama\slide-a-lama.zip"
1 Jul 2008 23:06:58 5.357 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\sms_activation\sms_activation.zip"
1 Jul 2008 23:06:58 16.352 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\teddy\teddy.zip"
1 Jul 2008 23:06:58 17.935 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\teddy2\teddy2.zip"
1 Jul 2008 23:06:58 4.706 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\warsheep\warsheep.zip"
1 Jul 2008 23:06:58 14.352 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\word_puzzle\word_puzzle.zip"
1 Jul 2008 23:06:58 9.696 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\xicq_admirer_matchx\admirer.zip"
1 Jul 2008 23:07:00 9.696 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\xicq_admirer_top5x\admirer.zip"
1 Jul 2008 23:07:00 9.696 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\xicq_admirerx\admirer.zip"
1 Jul 2008 23:07:02 27.586 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\zlango\images.zip"
1 Jul 2008 23:07:00 6.123 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\zlango\zlango1.zip"
1 Jul 2008 23:07:02 4.922 A.... "C:\Programme\ICQ6\services\icqXtraz\ver1\theme\zoopaloola\zoopaloola.zip"


Files with hidden attributes:

Wed 5 May 1999 96,370 ..SH. --- "C:\COMMAND.COM"
Thu 5 Jun 2008 88,576 ...H. --- "C:\08-15 Sicherheitsspeicher\~WRL3438.tmp"
Tue 18 Jul 2006 4,348 A.SH. --- "C:\Dokumente und Einstellungen\All Users\DRM\DRMv1.bak"
Fri 7 Dec 2007 401 A.SH. --- "C:\Dokumente und Einstellungen\All Users\DRM\DRMv12.bak"
Wed 5 May 1999 40,960 A..H. --- "C:\Programme\Zubeh”r\HyperTerminal\hticons.dll"
Wed 5 May 1999 495,616 A..H. --- "C:\Programme\Zubeh”r\HyperTerminal\hypertrm.dll"
Sat 13 Nov 2004 37,376 A..H. --- "C:\Programme\Gemeinsame Dateien\Adobe\ESD\DLMCleanup.exe"


Program Folders:

C:\Programme\

802.11 Wireless LAN
ABBYY FineReader 6.0
Adobe
Adultpdf
Agent
aladin
ALCATech
ALDI Foto Service Nord
ALDI Online Druck Service (Nord)
AntiVir PersonalEdition Classic
Astro Gemini Software
AuctionWatch
Azureus
Buero
Buhl
cablecom
Cablecom Assistant
C-CHANNEL
CCleaner
Common Files
ComPlus Applications
CyberLink
DataDesign
DIFX
DirectX
DivX
DriveCrypt Plus Pack
dvdisaster-0.63
eBay
eMule.de
EnEV-Rechner
Euroglot
FlashGet
FreeRIP3
Freezers-Liveticker
Gemeinsame Dateien
Google
GPS Information
HP
ICQ6
ICQ6(2)
ICQ6Toolbar
ICQLite
InstallShield Installation Information
Internet Explorer
iPod
iTunes
Java
Lenovo
Letstrade
Malwarebytes' Anti-Malware
Messenger
Micrografx
Microsoft ActiveSync
microsoft frontpage
Microsoft Silverlight
Microsoft Visual Studio
mobile PhoneTools
Movie Maker
MSN Gaming Zone
MSXML 4.0
Navigator7
NetMeeting
Nokia
Online-Dienste
Outlook Express
PC Connectivity Solution
PC_Navigator6
PLUS!
PM
QuickTime
Raab
RegCleaner
rewi Bausoftware
Routenplaner 2003 professional
Shriyantra
Sierra Wireless Inc
Skype
SparVoip
sunrise
SURECOM
TeamViewer3
ThinkPad
TuneUp Utilities 2006
Ulead Systems
Uninstall Information
uTorrent
VideoLAN
WEB.DE
Winamp
Windows Media Player
Windows NT
WindowsUpdate
WinRAR
WinZip
xerox
Yahoo!
Zattoo
Zubeh”r

C:\Programme\Gemeinsame Dateien\

Adobe
Ahead
AVSMedia
BDElster
Buhl Data Service
CMEII
Designer
Dienste
element5 Shared
GIS
InstallShield
Java
L&H
MAGIX Shared
Mapserv
Microsoft Shared
MSSoap
Nokia
NSV
ODBC
PCSuite
SERVICES
Skype
SpeechEngines
SYSTEM
Wise Installation Wizard


Add/Remove Programs:

Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
3D Matrix Bildschirmschoner 1.1
Adobe Flash Player ActiveX
Adobe Download Manager 2.0 (Nur entfernen)
Adult PDF Password Recovery v2.1.0
Alcatech BPM Studio Professional v4.9.1
ALDI Foto Manager Free Nord (D)
ALDI Foto Service Nord (D)
ALDI Online Druck Service (Nord)
Avira AntiVir Personal - Free Antivirus
Azureus
Windows-Treiberpaket - Nokia Modem (03/05/2008 3.7)
CCleaner (remove only)
DriveCrypt Plus Pack
dvdisaster-0.63
Windows-Treiberpaket - Nokia Modem (03/13/2008 6.86.0.1)
EnEV-Rechner
FlashGet(JetCar)
Forté Agent
WEB.DE FreePhone
Freezersticker 1.0.6.
HijackThis 2.0.2
iTunes
QuickTime
m2update
Malwarebytes' Anti-Malware
Micrografx Designer 7
Micrografx Graphics Suite 2 Enterprise
Micrografx Picture Publisher 7
Micrografx QuickVector
Micrografx Simply 3D 2
Microsoft .NET Framework 2.0
Nokia PC Suite
PC Navigator 6.4.21-1
IBM ThinkPad Power Management Driver
Raab 4705 Windows V-5.0x
Shriyantra
SparVoip
TeamViewer 3
Software Installer
µTorrent
VideoLAN VLC media player 0.8.6f
WEB.DE Club SmartFax
Scientific Atlanta WebSTAR 2000 series Cable Modem
Winamp (remove only)
Deutsche Sprachdatei für Winamp 5.02 v14
WinRAR Archivierer
WinZip
Yahoo! Toolbar mit Pop-Up-Blocker
Zattoo 3.2.0 Beta
Microsoft Office 2000 Premium
aladin
Google Earth
InstallRTC
MSVC80_x86
GPS Information
Update
rewi Handwerksbüro
J2SE Runtime Environment 5.0 Update 8
Sierra Wireless 3G Watcher
ESR E-List
Microsoft XML Parser und SDK
Adobe® Photoshop® Album Starter Edition 3.0
Nokia Connectivity Cable Driver
FreeRIP v3.04
iTunes
rewi Bauplaner
SURECOM 802.11 g USB Adapter
rewi LV 6.9.1
Skype™ 3.8
P.M. Intelligenz-Trainer
ICQ6
PowerDVD
'rewi Aufmaß & Abrechnung 4.1'
WISO Haushaltsbuch 2008
Microsoft .NET Framework 2.0
DivX Codec
TuneUp Utilities 2006
Microsoft Silverlight
DivX Player
Microsoft Publisher 2002
QuickTime
Nokia PC Suite
PC Connectivity Solution
Adobe Reader 7.0.8 - Deutsch
ABBYY FineReader 6.0 Professional Trial
DivX Converter
DivX Web Player
'rewi Forderungen & Außenstände 3.3'
USB Driver
Ulead Photo Explorer 6.0
m2update
Routenplaner 2003 professional
Letstrade
rewi Stundenverrechnungssatz 4.5.1
PL-2303 USB-to-Serial
mobile PhoneTools
Nokia Connectivity Adapter Cable DKU-5
sunrise Volumenzähler
EÜR & Kasse 2007


Run Values:

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"iTunesHelper"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"WatcherHelper"="\"C:\\Programme\\Sierra Wireless Inc\\3G Watcher\\WaHelper.exe\""
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"ALDI_NORD_FotoSuite_Download"="\"C:\\Programme\\ALDI Foto Service Nord\\ALDI_Foto_Service\\FotoSuite.exe\" /autorun"
"REWI Terminberwachung"="C:\\Programme\\rewi Bausoftware\\rewi-Zentrale\\rewi_termine.exe start"
"WatchDog"="C:\\Programme\\mobile PhoneTools\\WatchDog.exe"
"TrackPointSrv"="tp4mon.exe"
"TMController"="C:\\WINDOWS\\system32\\TMController.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\optionalcomponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\optionalcomponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\optionalcomponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\optionalcomponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"MSKAGENTEXE"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MskAgent.exe"
"PcSync"="C:\\Programme\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"


Bot Check:

SERVICE_NAME: wscsvc
DISPLAY_NAME : Sicherheitscenter
START_TYPE : 2 AUTO_START

SERVICE_NAME: sharedaccess
DISPLAY_NAME : Windows-Firewall/Gemeinsame Nutzung der Internetverbindung
START_TYPE : 2 AUTO_START

SERVICE_NAME: wuauserv
DISPLAY_NAME : Automatische Updates
START_TYPE : 2 AUTO_START

SERVICE_NAME: srservice
DISPLAY_NAME : Systemwiederherstellungsdienst
START_TYPE : 2 AUTO_START

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"EnableDCOM"="Y"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"restrictanonymous"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]
"AUOptions"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"WaitToKillServiceTimeout"="20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"SFCDisable"=dword:00000000
"Shell"="Explorer.exe"
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]
"TransportBindName"="\\Device\\"


ShellExecuteHooks:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""



Environment:


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\environment
ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe
Path REG_EXPAND_SZ %systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Programme\PC Connectivity Solution;C:\Programme\QuickTime\QTSystem;C:\Programme\Gemeinsame Dateien\GIS\Tools
windir REG_EXPAND_SZ %SystemRoot%
OS REG_SZ Windows_NT
PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
TEMP REG_EXPAND_SZ %SystemRoot%\TEMP
TMP REG_EXPAND_SZ %SystemRoot%\TEMP
CLASSPATH REG_EXPAND_SZ C:\Programme\Java\jre1.5.0_06\lib\ext\QTJava.zip
QTJAVA REG_EXPAND_SZ C:\Programme\Java\jre1.5.0_06\lib\ext\QTJava.zip
SAFEBOOT_OPTION REG_SZ MINIMAL

SecurityProviders:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
SecurityProviders REG_SZ msapsspc.dll, schannel.dll, msnsspc.dll, digest.dll


Authentication Packages:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0


Subsystem Startup:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"


Midi Drivers:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midi"="wdmaud.drv"


Non-Default IFEO Debugger:


Non-Default Installed Components:


Non-Default Safeboot Minimal:


File Associations:


[HKEY_CLASSES_ROOT\batfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\cmdfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\comfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\htafile\shell\open\command]
@="C:\\WINDOWS\\system32\\mshta.exe \"%1\" %*"

[HKEY_CLASSES_ROOT\http\shell\open\command]
@="\"C:\\Programme\\Internet Explorer\\IEXPLORE.EXE\" -nohome"

[HKEY_CLASSES_ROOT\htmlfile\shell\open\command]
@="\"C:\\Programme\\Internet Explorer\\IEXPLORE.EXE\" -nohome"

[HKEY_CLASSES_ROOT\regedit\shell\open\command]
@="regedit.exe %1"

[HKEY_CLASSES_ROOT\regfile\shell\open\command]
@="regedit.exe \"%1\""

[HKEY_CLASSES_ROOT\scrfile\shell\open\command]
@="\"%1\" /S"

[HKEY_CLASSES_ROOT\txtfile\shell\open\command]
@="%SystemRoot%\system32\NOTEPAD.EXE %1"


Finished!

und das mit dem combo:
ComboFix 08-07-26.1 - reichsbaudienst 2008-07-26 23:54:39.2 - NTFSx86
ausgeführt von:: E:\Software\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt

[color=red]Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !![/color]
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\AdCache

.
((((((((((((((((((((((( Dateien erstellt von 2008-06-26 bis 2008-07-26 ))))))))))))))))))))))))))))))
.

2008-07-17 23:10 . 2008-07-17 23:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-17 23:10 . 2008-07-17 23:10 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-17 11:00 . 2008-04-09 11:24 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Vorlagen
2008-07-17 11:00 . 2006-01-04 19:10 <DIR> dr------- C:\Dokumente und Einstellungen\Administrator\Startmenü
2008-07-17 11:00 . 2006-01-04 19:10 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Netzwerkumgebung
2008-07-17 11:00 . 2008-07-27 00:00 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen
2008-07-17 11:00 . 2006-01-04 19:10 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator\Favoriten
2008-07-17 11:00 . 2006-01-04 19:10 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Druckumgebung
2008-07-17 11:00 . 2006-01-04 19:10 <DIR> dr-h----- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten
2008-07-17 11:00 . 2008-07-17 11:00 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator
2008-07-14 23:03 . 2008-07-14 23:03 <DIR> d-------- C:\Programme\Malwarebytes' Anti-Malware
2008-07-14 23:03 . 2008-07-14 23:03 <DIR> d-------- C:\Dokumente und Einstellungen\reichsbaudienst\Anwendungsdaten\Malwarebytes
2008-07-14 23:03 . 2008-07-14 23:03 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-07-14 23:03 . 2008-07-07 16:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-14 23:03 . 2008-07-07 16:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-10 14:23 . 2008-07-14 21:24 <DIR> d-------- C:\fixwareout
2008-07-07 23:07 . 2008-07-07 23:07 <DIR> d-------- C:\Programme\Yahoo!
2008-07-07 23:06 . 2008-07-07 23:06 <DIR> d-------- C:\Programme\CCleaner
2008-07-07 21:46 . 2008-07-07 21:48 6,832,128 --a------ C:\out archive 07-07-08.pst
2008-07-07 00:01 . 2008-07-07 00:01 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-07-07 00:01 . 2008-07-07 00:01 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-07-06 23:53 . 2008-07-06 23:53 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-07-06 23:52 . 2008-07-06 23:52 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-07-06 23:52 . 2008-07-06 23:52 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-07-06 23:52 . 2008-07-06 23:52 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-07-06 23:52 . 2008-07-06 23:52 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-07-06 23:52 . 2008-07-06 23:52 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-07-06 23:44 . 2004-08-04 00:58 154,112 --a------ C:\WINDOWS\system32\irftp.exe
2008-07-06 23:44 . 2004-08-03 23:00 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys
2008-07-06 23:44 . 2004-08-04 00:57 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2008-07-06 23:44 . 2004-08-04 00:57 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2008-07-06 23:37 . 2001-08-17 12:19 111,872 --a------ C:\WINDOWS\system32\drivers\cwcspud.sys
2008-07-06 23:36 . 2001-08-17 13:51 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
2008-07-06 23:25 . 2002-12-31 14:00 14,043 -ra------ C:\WINDOWS\SET67.tmp
2008-07-06 23:24 . 2002-12-31 14:00 1,086,058 -ra------ C:\WINDOWS\SET58.tmp
2008-07-06 23:24 . 2002-12-31 14:00 1,014,663 -ra------ C:\WINDOWS\SET55.tmp
2008-07-06 22:50 . 2002-12-31 14:00 1,086,058 -ra------ C:\WINDOWS\SET54.tmp
2008-07-06 22:50 . 2002-12-31 14:00 1,014,663 -ra------ C:\WINDOWS\SET51.tmp
2008-07-06 22:50 . 2002-12-31 14:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-07-06 22:50 . 2002-12-31 14:00 14,043 -ra------ C:\WINDOWS\SET60.tmp
2008-07-06 22:50 . 2002-12-31 14:00 13,824 --a------ C:\WINDOWS\system32\irclass.dll
2008-07-05 19:05 . 2002-12-31 14:00 14,043 -ra------ C:\WINDOWS\SET5E.tmp
2008-07-05 19:04 . 2002-12-31 14:00 1,086,058 -ra------ C:\WINDOWS\SET52.tmp
2008-07-05 19:04 . 2002-12-31 14:00 1,014,663 -ra------ C:\WINDOWS\SET4F.tmp
2008-07-05 16:50 . 2002-12-31 14:00 1,014,663 -ra------ C:\WINDOWS\SET50.tmp
2008-07-03 06:52 . 2004-08-04 00:47 607,196 --a------ C:\WINDOWS\system32\drivers\ltmdmnt.sys
2008-07-01 23:17 . 2008-07-01 23:17 <DIR> d-------- C:\Programme\DriveCrypt Plus Pack
2008-07-01 23:17 . 2002-02-02 14:02 770,496 --a------ C:\WINDOWS\system32\drivers\dcpp2k.sys
2008-07-01 23:00 . 2008-07-01 23:00 <DIR> d-------- C:\Programme\ICQ6Toolbar
2008-07-01 23:00 . 2008-07-01 23:00 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
2008-07-01 22:48 . 2008-07-01 23:07 <DIR> d-------- C:\Programme\ICQ6
2008-07-01 17:47 . 2008-07-01 17:47 <DIR> d-------- C:\Programme\Gemeinsame Dateien\PCSuite
2008-07-01 17:38 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-07-01 17:37 . 2008-07-01 17:38 <DIR> d-------- C:\Programme\PC Connectivity Solution
2008-07-01 16:02 . 2003-09-08 14:43 89,728 --a------ C:\WINDOWS\system32\drivers\usbvsp.sys

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-26 21:02 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic
2008-07-25 09:57 --------- d-----w C:\Dokumente und Einstellungen\reichsbaudienst\Anwendungsdaten\uTorrent
2008-07-25 06:58 --------- d-----w C:\Programme\SparVoip
2008-07-21 00:58 --------- d-----w C:\Dokumente und Einstellungen\reichsbaudienst\Anwendungsdaten\dvdcss
2008-07-18 15:59 --------- d-----w C:\Dokumente und Einstellungen\reichsbaudienst\Anwendungsdaten\Skype
2008-07-18 14:04 --------- d-----w C:\Dokumente und Einstellungen\reichsbaudienst\Anwendungsdaten\skypePM
2008-07-02 23:11 --------- d-----w C:\Programme\FlashGet
2008-07-02 22:47 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-07-01 21:05 --------- d-----w C:\Programme\ICQLite
2008-07-01 16:07 --------- d-----w C:\Dokumente und Einstellungen\reichsbaudienst\Anwendungsdaten\Nokia
2008-07-01 15:46 --------- d-----w C:\Programme\Nokia
2008-07-01 15:45 --------- d-----w C:\Programme\Gemeinsame Dateien\Nokia
2008-07-01 15:00 --------- d-----w C:\Programme\cablecom
2008-07-01 14:59 --------- d-----w C:\Programme\Cablecom Assistant
2008-07-01 14:33 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
2008-06-28 20:45 --------- d-----w C:\Programme\eMule.de
2008-06-15 13:11 --------- d-----w C:\Dokumente und Einstellungen\reichsbaudienst\Anwendungsdaten\ArcSoft
2008-06-13 05:59 --------- d-----w C:\Programme\EnEV-Rechner
2008-06-11 19:49 --------- d-----w C:\Dokumente und Einstellungen\reichsbaudienst\Anwendungsdaten\SparVoip
2008-06-09 07:26 --------- d-----w C:\Programme\Skype
2008-06-09 07:26 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype
2008-06-09 07:25 --------- d-----w C:\Programme\Gemeinsame Dateien\Skype
2008-06-07 15:08 --------- d-----w C:\Programme\Zattoo
2008-06-02 21:43 --------- d-----w C:\Programme\Routenplaner 2003 professional
2005-08-22 16:11 266 --sh--w C:\Programme\desktop.ini
2005-08-22 16:11 11,253 ---ha-w C:\Programme\folder.htt
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2002-12-31 14:00 15360]
"MSMSGS"="C:\Programme\Messenger\msmsgs.exe" [2004-08-04 01:11 1667584]
"m2Update"="C:\Programme\sunrise\m2Update\m2Update.exe" [2005-08-02 16:17 4002816]
"updateMgr"="C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"Nokia.PCSync"="C:\Programme\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]
"PC Suite Tray"="C:\Programme\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53 1079808]
"ICQ"="C:\Programme\ICQ6\ICQ.exe" [2008-05-18 18:30 172280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [2005-12-20 21:54 278528]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2006-01-21 20:19 155648]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 03:03 49263]
"WatcherHelper"="C:\Programme\Sierra Wireless Inc\3G Watcher\WaHelper.exe" [2006-06-08 16:13 90112]
"avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-24 17:25 266497]
"ALDI_NORD_FotoSuite_Download"="C:\Programme\ALDI Foto Service Nord\ALDI_Foto_Service\FotoSuite.exe" [2006-06-09 10:56 417792]
"REWI Terminüberwachung"="C:\Programme\rewi Bausoftware\rewi-Zentrale\rewi_termine.exe" [2006-09-13 08:35 1548288]
"WatchDog"="C:\Programme\mobile PhoneTools\WatchDog.exe" [2004-08-14 04:42 36864]
"TMController"="C:\WINDOWS\system32\TMController.exe" [2006-08-24 12:42 184396]
"TrackPointSrv"="tp4mon.exe" [2004-08-04 00:58 82432 C:\WINDOWS\system32\tp4mon.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-12-31 14:00 15360]
"PcSync"="C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896]

C:\DOKUME~1\ALLUSE~1\STARTM~1\PROGRA~1\AUTOST~1\
Adobe Reader - Schnellstart.lnk - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
EP9001-g.lnk - C:\Programme\SURECOM\SURECOM 802.11g WLAN USB Adapter\Installer\WINXP\EP9001-g-3A.exe [2006-01-05 19:21:17 520192]
Microsoft Office.lnk - C:\Programme\Buero\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, msnsspc.dll, digest.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"<NO NAME>"=
"C:\\Programme\\Sierra Wireless Inc\\3G Watcher\\SwiApiMux.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\Messenger\\msmsgs.exe"=
"C:\\Programme\\eMule.de\\emule.exe"=
"C:\\Programme\\uTorrent\\utorrent.exe"=
"C:\\Programme\\Zattoo\\Zattoo2.exe"=
"C:\\Programme\\Zattoo\\zattood.exe"=
"C:\\Programme\\SparVoip\\SparVoip.exe"=
"C:\\Programme\\ICQ6\\ICQ.exe"=
"C:\\Programme\\Skype\\Phone\\Skype.exe"=

R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\drivers\avgntmgr.sys [2008-04-21 09:26]
R0 dcpp2k;dcpp2k;C:\WINDOWS\system32\drivers\dcpp2k.sys [2002-02-02 14:02]
R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2008-07-24 17:26]
R2 DCPP2Svc;SecurStar DCPP 3.81+ Service;C:\Programme\DriveCrypt Plus Pack\DCPP2Svc.exe [2002-02-02 14:02]
R3 swivsp;AC8xx Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\swivspnt.sys [2006-02-15 10:06]
S2 Microsoft Windows DNS Manager;Microsoft Windows DNS Manager;C:\WINDOWS\System32\dllcache\windmns.exe []
S2 Microsoft Windows TCP Ack Timing;Microsoft Windows TCP Ack Timing;C:\WINDOWS\System32\dllcache\wintcpack.exe []
S2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe [2002-12-31 14:00]
S3 ACGPRS;Sierra Wireless 3G Adapter;C:\WINDOWS\system32\DRIVERS\acgprs.sys [2006-07-12 16:59]
S3 AF15BDA;AF9015 BDA Filter;C:\WINDOWS\system32\Drivers\AF15BDA.sys [2006-09-28 05:47]
S3 USBVSP;USBVSP;C:\WINDOWS\system32\drivers\Usbvsp.sys [2003-09-08 14:43]

*Newly Created Service* - CATCHME
.
Inhalt des "geplante Tasks" Ordners
2008-07-26 C:\WINDOWS\Tasks\1-Klick-Wartung.job - s !37C:\Programme\TuneUp Utilities 2006\SystemOptimizer.exe/schedulestartreichsbaudienst3Startet die 1-Klick-Wartung zu festgelegten Zeiten0 []
.
.
------- Zusätzlicher Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R1 -: HKCU-Internet Settings,ProxyOverride = 127.0.0.1;eumex.ip
O8 -: Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 -: Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} - hxxps://stream.web.de/mail/activex/mail_upload_11213.cab
C:\WINDOWS\Downloaded Program Files\mail_upload.inf
C:\WINDOWS\System32\msvcrt.dll
C:\WINDOWS\System32\mfc42.dll
C:\WINDOWS\System32\olepro32.dll
C:\WINDOWS\System32\msvcp60.dll
C:\WINDOWS\Downloaded Program Files\mail_upload.ocx

O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.johannrain-softwareentwicklung.de/DE/scan8/oscan8.cab
C:\WINDOWS\Downloaded Program Files\oscan8.inf
C:\WINDOWS\bdoscandellang.ini
C:\WINDOWS\bdoscandel.exe
C:\WINDOWS\Downloaded Program Files\live.ini
C:\WINDOWS\Downloaded Program Files\scanoptions.tsi
C:\WINDOWS\Downloaded Program Files\lang.ini
C:\WINDOWS\Downloaded Program Files\ipsupd.dll
C:\WINDOWS\Downloaded Program Files\bdupd.dll
C:\WINDOWS\Downloaded Program Files\libfn.dll
C:\WINDOWS\Downloaded Program Files\bdcore.dll
C:\WINDOWS\Downloaded Program Files\oscan8.ocx

O16 -: {9522589E-57B9-46C5-9A77-1F1C1CCBE550} - file://D:\ols\connect\fscax.cab
C:\WINDOWS\Downloaded Program Files\fscax.dll

O16 -: {D2982A7F-489A-47F5-A319-FC1F14EBC245} - hxxp://www.nutzwerk.de/control/NutzNavi.cab
C:\WINDOWS\Downloaded Program Files\NutzNavi.dll

O16 -: {E4CF4E86-D0DC-4864-8F0E-4F6EA2526334} - hxxps://img.web.de/v/smartdrive/activex/v2/web_de_osupload_2002.cab
C:\WINDOWS\Downloaded Program Files\web_de_osupload.inf
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\olepro32.dll
C:\WINDOWS\system32\unicows.dll
C:\WINDOWS\Downloaded Program Files\osupload.ocx

O16 -: {E55FD215-A32E-43FE-A777-A7E8F165F551} - hxxp://www.flatcast.com/obj/NpFv415.dll
C:\WINDOWS\Downloaded Program Files\NpFv415.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-27 00:01:39
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-07-27 0:08:12
ComboFix-quarantined-files.txt 2008-07-26 22:08:01
ComboFix2.txt 2008-07-15 05:00:21

Pre-Run: 683,651,072 Bytes frei
Post-Run: 741,981,184 Bytes frei

213

Gute NAcht allen....
Seitenanfang Seitenende
27.07.2008, 12:42
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#33 Hallo wosein

1.
ComboFix entfernen
Start - Ausführen - Kopiere rein: Combofix /U
- klicke "OK"

2.
scanne mit dr.web im normalmodus, dann im abgesicherten modus + berichte, ob noch etwas gefunden wurde
http://virus-protect.org/cureit.html

3.
poste ein neues Log von HijacktHis
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 123