Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
C:\Program Files\Windows Install\csrss.exe

C:\Program Files\Windows Install\csrss.exe


Log-Analyse und Auswertung: C:\Program Files\Windows Install\csrss.exe

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 17.03.2010, 09:10   #1
N-kay
 
C:\Program Files\Windows Install\csrss.exe - Standard

C:\Program Files\Windows Install\csrss.exe


Ich bin mir ziemlich sicher, dass ich infiziert bin.
Ich hab mich schon schlau gemacht und weiß, dass csrss.exe da garnicht hingehört -> Trojaner/Wurm/Virus etc.
Mein Problem ist aber, dass ich die .exe nicht Löschen kann. Der Ordner Windows Install wird bei mir schon garnicht angezeigt, obwohl "unsichtbare Ordner anzeigen" aktiviert ist. Wenn ich dann aber den Pfad selbst eingebe, komm ich in den Ordner. Der ist dann aber angeblich leer. Ikarus, mein Antiviren-Programm, erkennt in dem Ordner auch nichts.
Im HijackThis-Scan taucht die Datei auch 4x auf, aber ich bekomm die Einträge dort einfach nicht raus, sie sind jedes Mal wieder drin.
In der MSCondig im Tab Systemstart befindet sich 4x
"bFSRimogFUM" Hersteller "Windows NT" Befehl "C:\Program Files\Windows Install\csrss.exe", 2 davon lassen sich deaktivieren, die anderen beiden sind nach jedem Systemneustart erneut aktiviert.
Außerdem ist mir beim Systemstart aufgefallen, dass jedes Mal kurz ein Fenster erscheint. indem irgentwas mit Installiere steht und auch "C:\Program Files\Windows Install\csrss.exe".
Hier nun der Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:38:21, on 17.03.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\IKARUS\virus.utilities\bin\guardxkickoff.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ICQ7.0\ICQ.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Windows Security Updater] C:\Program Files\Windows Install\csrss.exe
O4 - HKLM\..\Run: [Ikarus-GuardX] C:\Program Files\IKARUS\virus.utilities\bin\guardxkickoff.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.0\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [MSI Service] C:\Program Files\Windows Install\csrss.exe
O4 - HKLM\..\Policies\Explorer\Run: [Windows Installer] C:\Program Files\Windows Install\csrss.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Installer] C:\Program Files\Windows Install\csrss.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxerdrv.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: GuardX - Ikarus Security Software GmbH - C:\Program Files\IKARUS\virus.utilities\bin\guardxservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

--
End of file - 5252 bytes

Alt 17.03.2010, 11:17   #2
Chris4You
 
C:\Program Files\Windows Install\csrss.exe - Standard

C:\Program Files\Windows Install\csrss.exe


Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:
  • Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:
Code:
ATTFilter
C:\Program Files\Windows Install\csrss.exe
  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
  • Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!
Anmerkung:In Deinem Fall einfach den kompletten Pfad in das Eingabefeld kopieren und hochladen lassen, nicht über den Dateidialog suchen lassen...

Also:
Anleitung Avenger (by swandog46)

1.) Lade dir das Tool Avenger und speichere es auf dem Desktop:



2.) Das Programm so einstellen wie es auf dem Bild zu sehen ist.

Kopiere nun folgenden Text in das weiße Feld:
(bei -> "input script here")

Code:
ATTFilter
Registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Windows Security Updater
 
Files to delete:
C:\Program Files\Windows Install\csrss.exe

Folders to delete:
C:\Program Files\Windows Install
3.) Schliesse nun alle Programme (vorher notfalls abspeichern!) und Browser-Fenster, nach dem Ausführen des Avengers wird das System neu gestartet.

4.) Um den Avenger zu starten klicke auf -> Execute
Dann bestätigen mit "Yes" das der Rechner neu startet!

5.) Nachdem das System neu gestartet ist, findest du hier einen Report vom Avenger -> C:\avenger.txt
Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board.

Hijackthis, fixen:
öffne das HijackThis -- Button "scan" -- vor den nachfolgenden Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten
Beim fixen müssen alle Programme geschlossen sein!
(Falls vorhanden, Teatimer von Spyboot wie folgt deaktivieren:
Modus-->Erweiterte Modus-->Ja-->Werkzeuge-->Resident-->dHäkchen entfernen aus der "Resident "TeaTimer" (Schutz aller Systemeinstellungen)->exit)

Code:
ATTFilter
O4 - HKCU\..\Run: [MSI Service] C:\Program Files\Windows Install\csrss.exe
O4 - HKLM\..\Policies\Explorer\Run: [Windows Installer] C:\Program Files\Windows Install\csrss.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Installer] C:\Program Files\Windows Install\csrss.exe
Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Fullscan und alles bereinigen lassen! Log posten.

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
* Doppelklick auf die OTL.exe
* Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
* Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
* Unter Extra Registry, wähle bitte Use SafeList
* Klicke nun auf Run Scan links oben
* Wenn der Scan beendet wurde werden 2 Logfiles erstellt
* Poste die Logfiles hier in den Thread.

Chris
__________________

__________________
Alt 17.03.2010, 12:51   #3
N-kay
 
C:\Program Files\Windows Install\csrss.exe - Standard

C:\Program Files\Windows Install\csrss.exe


Hier der Virustotal Bericht:
Datei csrss.exe empfangen 2010.03.17 10:54:19 (UTC)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt
Ergebnis: 9/42 (21.43%)
Laden der Serverinformationen...
Ihre Datei wartet momentan auf Position: ___.
Geschätzte Startzeit ist zwischen ___ und ___ .
Dieses Fenster bis zum Abschluss des Scans nicht schließen.
Der Scanner, welcher momentan Ihre Datei bearbeitet ist momentan gestoppt. Wir warten einige Sekunden um Ihr Ergebnis zu erstellen.
Falls Sie längern als fünf Minuten warten, versenden Sie bitte die Datei erneut.
Ihre Datei wird momentan von VirusTotal überprüft,
Ergebnisse werden sofort nach der Generierung angezeigt.
Filter Filter
Drucken der Ergebnisse Drucken der Ergebnisse
Datei existiert nicht oder dessen Lebensdauer wurde überschritten
Dienst momentan gestoppt. Ihre Datei befindet sich in der Warteschlange (position: ). Diese wird abgearbeitet, wenn der Dienst wieder startet.

SIe können auf einen automatischen reload der homepage warten, oder ihre email in das untere formular eintragen. Klicken Sie auf "Anfragen", damit das System sie benachrichtigt wenn die Überprüfung abgeschlossen ist.
Email:

Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.50 2010.03.17 -
AhnLab-V3 5.0.0.2 2010.03.16 -
AntiVir 8.2.1.180 2010.03.17 -
Antiy-AVL 2.0.3.7 2010.03.17 -
Authentium 5.2.0.5 2010.03.17 -
Avast 4.8.1351.0 2010.03.17 Win32:Malware-gen
Avast5 5.0.332.0 2010.03.17 Win32:Malware-gen
AVG 9.0.0.787 2010.03.17 Crypt.PYY
BitDefender 7.2 2010.03.17 -
CAT-QuickHeal 10.00 2010.03.17 -
ClamAV 0.96.0.0-git 2010.03.17 -
Comodo 4293 2010.03.17 UnclassifiedMalware
DrWeb 5.0.1.12222 2010.03.17 -
eSafe 7.0.17.0 2010.03.16 Win32.Injector.Azm
eTrust-Vet 35.2.7369 2010.03.17 -
F-Prot 4.5.1.85 2010.03.17 -
F-Secure 9.0.15370.0 2010.03.17 -
Fortinet 4.0.14.0 2010.03.15 -
GData 19 2010.03.17 Win32:Malware-gen
Ikarus T3.1.1.80.0 2010.03.17 -
Jiangmin 13.0.900 2010.03.17 -
K7AntiVirus 7.10.999 2010.03.16 -
Kaspersky 7.0.0.125 2010.03.17 -
McAfee 5922 2010.03.16 -
McAfee+Artemis 5922 2010.03.16 Artemis!6CAC0A75AE62
McAfee-GW-Edition 6.8.5 2010.03.17 -
Microsoft 1.5605 2010.03.17 -
NOD32 4951 2010.03.17 probably a variant of Win32/Injector.AZM
Norman 6.04.08 2010.03.16 -
nProtect 2009.1.8.0 2010.03.17 -
Panda 10.0.2.2 2010.03.17 -
PCTools 7.0.3.5 2010.03.17 -
Prevx 3.0 2010.03.17 -
Rising 22.39.02.04 2010.03.17 -
Sophos 4.51.0 2010.03.17 -
Sunbelt 5929 2010.03.17 -
Symantec 20091.2.0.41 2010.03.17 Suspicious.Insight
TheHacker 6.5.2.0.235 2010.03.17 -
TrendMicro 9.120.0.1004 2010.03.17 -
VBA32 3.12.12.2 2010.03.17 -
ViRobot 2010.3.17.2232 2010.03.17 -
VirusBuster 5.0.27.0 2010.03.16 -
weitere Informationen
File size: 372736 bytes
MD5...: 6cac0a75ae62227283ceeb727d59bb1b
SHA1..: 62ec74ae1ad6a30a55fd8e8fcc806cb1386cf041
SHA256: 676f0fcdff718008a59e36f8a2fc047e576f98bf673eefebc83068d036bc7fc5
ssdeep: 6144:Ttm0zJHzYUXGoIGrxGI0NaYkHk8ommFLXjY4zNS3gJ:xm+lz4GkI0Naa89m
JXc4ZS
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1128
timedatestamp.....: 0x4b940f31 (Sun Mar 07 20:40:17 2010)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x16010 0x17000 4.86 55c9cb29775261e49cd5f3cfd0fbb9eb
.data 0x18000 0x1560 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x1a000 0x42508 0x43000 7.96 95387fed2930a8174cda92755363edd4

( 1 imports )
> MSVBVM60.DLL: MethCallEngine, -, -, -, -, -, -, EVENT_SINK_AddRef, -, DllFunctionCall, -, EVENT_SINK_Release, EVENT_SINK_QueryInterface, __vbaExceptHandler, -, -, -, -, -, ProcCallEngine, -, -, -, -, -, -, -, -

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
sigcheck:
publisher....: Windows NT
copyright....: bFSRimogFUM
product......: bFSRimogFUM
description..: Security Patch
original name: 59368534963.EXE
internal name: 59368534963
file version.: 7.38.0025
comments.....: bFSRimogFUM
signers......: -
signing date.: -
verified.....: Unsigned
trid..: Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

Avenger Report:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\Program Files\Windows Install\csrss.exe" deleted successfully.
Folder "C:\Program Files\Windows Install" deleted successfully.
Registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Windows Security Updater" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


OTL.txt:
OTL logfile created on: 17.03.2010 12:19:20 - Run 1
OTL by OldTimer - Version 3.1.37.2 Folder = C:\Users\N-kay\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 55,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55,90 Gb Total Space | 1,40 Gb Free Space | 2,51% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 55,89 Gb Total Space | 7,10 Gb Free Space | 12,70% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 14,91 Gb Total Space | 5,53 Gb Free Space | 37,08% Space Free | Partition Type: FAT32

Computer Name: N-KAY-PC
Current User Name: N-kay
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\N-kay\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\IKARUS\virus.utilities\bin\guardxservice.exe (Ikarus Security Software GmbH)
PRC - C:\Programme\IKARUS\virus.utilities\bin\guardxkickoff.exe (Ikarus Security Software GmbH)
PRC - C:\Programme\TortoiseSVN\bin\TSVNCache.exe (http://tortoisesvn.net)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Mail\WinMail.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\N-kay\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (GuardX) -- C:\Program Files\IKARUS\virus.utilities\bin\guardxservice.exe (Ikarus Security Software GmbH)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (TeamViewer4) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$SQLEXPRESS) SQL Server-Agent (SQLEXPRESS) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (MSSQLServerADHelper100) -- C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (NTGUARD) -- C:\Programme\IKARUS\virus.utilities\bin\ntguard.sys (IKARUS Security Software GmbH)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (ovt519) -- C:\Windows\System32\drivers\ov519vid.sys (OmniVision Technologies, Inc.)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (VBoxUSBMon) -- C:\Windows\System32\drivers\VBoxUSBMon.sys (Sun Microsystems, Inc.)
DRV - (VBoxDrv) -- C:\Windows\System32\drivers\VBoxDrv.sys (Sun Microsystems, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation)
DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation)
DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation)
DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\System32\drivers\umpass.sys (Microsoft Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (RsFx0102) -- C:\Windows\System32\drivers\RsFx0102.sys (Microsoft Corporation)
DRV - (ManyCam) -- C:\Windows\System32\drivers\ManyCam.sys (ManyCam LLC.)
DRV - (Cam5603C) -- C:\Windows\System32\drivers\Bs350u2.sys (Bison Electronics. Inc. )
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 D7 14 B4 51 C5 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.0.8
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.6
FF - prefs.js..extensions.enabledItems: {582195F5-92E7-40a0-A127-DB71295901D7}:0.5.7.5
FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.60.0
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.9
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.qip.ru/search?from=FF&query="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.02.06 17:52:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.02.02 17:45:29 | 000,000,000 | ---D | M]

[2009.10.21 15:18:31 | 000,000,000 | ---D | M] -- C:\Users\N-kay\AppData\Roaming\mozilla\Extensions
[2010.01.01 14:24:22 | 000,000,000 | ---D | M] -- C:\Users\N-kay\AppData\Roaming\mozilla\Firefox\Profiles\8e0zezg2.default\extensions
[2009.10.21 15:18:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\N-kay\AppData\Roaming\mozilla\Firefox\Profiles\8e0zezg2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.10.21 16:16:11 | 000,000,000 | ---D | M] (Gmail Manager) -- C:\Users\N-kay\AppData\Roaming\mozilla\Firefox\Profiles\8e0zezg2.default\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
[2009.10.21 15:18:33 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\N-kay\AppData\Roaming\mozilla\Firefox\Profiles\8e0zezg2.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009.11.19 14:53:13 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\N-kay\AppData\Roaming\mozilla\Firefox\Profiles\8e0zezg2.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2009.10.21 15:18:33 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\N-kay\AppData\Roaming\mozilla\Firefox\Profiles\8e0zezg2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.10.21 15:18:34 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\N-kay\AppData\Roaming\mozilla\Firefox\Profiles\8e0zezg2.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009.12.23 13:28:19 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\N-kay\AppData\Roaming\mozilla\Firefox\Profiles\8e0zezg2.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2009.11.01 12:12:59 | 000,000,000 | ---D | M] -- C:\Users\N-kay\AppData\Roaming\mozilla\Firefox\Profiles\8e0zezg2.default\extensions\support@lastpass.com
[2010.03.16 20:36:55 | 000,000,000 | ---D | M] -- C:\Users\N-kay\AppData\Roaming\mozilla\Firefox\Profiles\rcv6z868.N-kay\extensions
[2009.11.24 21:04:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\N-kay\AppData\Roaming\mozilla\Firefox\Profiles\rcv6z868.N-kay\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.02.08 20:40:39 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\N-kay\AppData\Roaming\mozilla\Firefox\Profiles\rcv6z868.N-kay\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2009.12.06 20:47:37 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\N-kay\AppData\Roaming\mozilla\Firefox\Profiles\rcv6z868.N-kay\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009.12.10 17:25:44 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\N-kay\AppData\Roaming\mozilla\Firefox\Profiles\rcv6z868.N-kay\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.01.08 14:16:48 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\N-kay\AppData\Roaming\mozilla\Firefox\Profiles\rcv6z868.N-kay\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.01.30 23:09:24 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\N-kay\AppData\Roaming\mozilla\Firefox\Profiles\rcv6z868.N-kay\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.02.24 09:14:10 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\N-kay\AppData\Roaming\mozilla\Firefox\Profiles\rcv6z868.N-kay\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.02.25 18:41:52 | 000,000,000 | ---D | M] -- C:\Users\N-kay\AppData\Roaming\mozilla\Firefox\Profiles\rcv6z868.N-kay\extensions\illimitux@illimitux.net
[2010.03.05 13:37:37 | 000,000,000 | ---D | M] -- C:\Users\N-kay\AppData\Roaming\mozilla\Firefox\Profiles\rcv6z868.N-kay\extensions\moveplayer@movenetworks.com
[2010.02.24 09:14:05 | 000,000,000 | ---D | M] -- C:\Users\N-kay\AppData\Roaming\mozilla\Firefox\Profiles\rcv6z868.N-kay\extensions\support@lastpass.com
[2010.01.23 23:01:02 | 000,000,000 | ---D | M] -- C:\Users\N-kay\AppData\Roaming\mozilla\Firefox\Profiles\rcv6z868.N-kay\extensions\wildpocketsloader@simopsstudios.com
[2009.10.17 22:58:18 | 000,002,061 | ---- | M] () -- C:\Users\N-kay\AppData\Roaming\Mozilla\FireFox\Profiles\8e0zezg2.default\searchplugins\qipsearch.xml
[2009.12.23 13:28:15 | 000,003,915 | ---- | M] () -- C:\Users\N-kay\AppData\Roaming\Mozilla\FireFox\Profiles\8e0zezg2.default\searchplugins\sweetim.xml
[2010.03.16 20:36:55 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.01.16 02:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 02:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.16 02:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.16 02:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.16 02:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.02.06 15:39:41 | 000,001,000 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Ikarus-GuardX] C:\Programme\IKARUS\virus.utilities\bin\guardxkickoff.exe (Ikarus Security Software GmbH)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Programme\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.0\ICQ.exe (ICQ, Inc.)
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\PrxerNsp.dll (Initex Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\PrxerDrv.dll (Initex Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\PrxerDrv.dll (Initex Software)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\SETUP.EXE -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\SETUP.EXE -- File not found
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\SETUP.EXE -- File not found
O33 - MountPoints2\M\Shell - "" = AutoRun
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\SETUP.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.03.17 12:12:30 | 000,000,000 | ---D | C] -- C:\Users\N-kay\AppData\Roaming\Malwarebytes
[2010.03.17 12:12:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.03.17 12:12:24 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.03.17 12:12:24 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.03.17 12:12:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.03.17 12:06:29 | 000,000,000 | ---D | C] -- C:\Avenger
[2010.03.17 11:00:28 | 000,000,000 | ---D | C] -- C:\Users\N-kay\AppData\Roaming\Foxit Software
[2010.03.14 12:40:05 | 000,000,000 | ---D | C] -- C:\Users\N-kay\Desktop\Resource
[2010.03.11 20:28:55 | 000,270,384 | ---- | C] (Ikarus Security Software GmbH) -- C:\Windows\System32\ikmapi.dll
[2010.03.11 20:28:54 | 000,130,304 | ---- | C] (Ikarus Security Software GmbH) -- C:\Windows\System32\ikproc.dll
[2010.03.11 20:20:43 | 000,000,000 | ---D | C] -- C:\Programme\IKARUS
[2010.03.08 18:51:54 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010.03.08 16:12:10 | 000,000,000 | ---D | C] -- C:\Users\N-kay\AppData\Roaming\TortoiseSVN
[2010.03.08 16:09:20 | 000,000,000 | ---D | C] -- C:\Users\N-kay\AppData\Roaming\Subversion
[2010.03.08 15:42:52 | 000,000,000 | ---D | C] -- C:\Users\N-kay\AppData\Local\TSVNCache
[2010.03.08 15:39:47 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\TortoiseOverlays
[2010.03.08 15:39:46 | 000,000,000 | ---D | C] -- C:\Programme\TortoiseSVN
[2010.03.06 20:05:38 | 000,000,000 | ---D | C] -- C:\mief
[2010.03.06 18:17:17 | 000,000,000 | ---D | C] -- C:\Programme\ManyCam 2.4
[2010.03.06 18:17:17 | 000,000,000 | ---D | C] -- C:\Users\N-kay\AppData\Roaming\ManyCam
[2010.03.01 19:45:56 | 000,000,000 | ---D | C] -- C:\Users\N-kay\Desktop\Electro
[2010.02.28 10:57:49 | 000,000,000 | ---D | C] -- C:\Fraps
[2010.02.28 10:36:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\Jujusoft
[2010.02.28 10:36:38 | 000,000,000 | ---D | C] -- C:\Users\N-kay\AppData\Roaming\Jujusoft
[2010.02.28 10:36:37 | 000,000,000 | ---D | C] -- C:\Programme\Jujusoft
[2010.02.27 22:26:55 | 000,000,000 | ---D | C] -- C:\Programme\KGB Archiver
[2010.02.26 21:02:16 | 000,000,000 | ---D | C] -- C:\Users\N-kay\Documents\VirtualDJ
[2010.02.26 21:02:16 | 000,000,000 | ---D | C] -- C:\Programme\VirtualDJ
[2010.02.26 19:12:39 | 000,000,000 | ---D | C] -- C:\Programme\dumps
[2010.02.26 15:53:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010.02.25 17:44:55 | 000,000,000 | ---D | C] -- C:\Users\N-kay\AppData\Roaming\OpenOffice.org
[2010.02.25 17:35:15 | 000,000,000 | ---D | C] -- C:\Programme\OpenOffice.org 3
[2010.02.25 17:34:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.02.25 17:34:42 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2010.02.25 17:34:27 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.02.25 17:34:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.02.25 17:34:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.02.25 17:34:16 | 000,000,000 | ---D | C] -- C:\Programme\Java
[2010.02.24 16:01:22 | 000,490,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvuninst.exe
[2010.02.24 15:31:30 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010.02.24 15:31:28 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010.02.24 15:31:28 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010.02.24 15:31:27 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010.02.24 15:31:27 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2010.02.24 15:31:25 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.02.23 23:20:54 | 000,000,000 | ---D | C] -- C:\Users\N-kay\Desktop\Firefly
[2010.02.17 16:06:56 | 000,000,000 | ---D | C] -- C:\Users\N-kay\AppData\Local\Temporary Projects
[2010.02.17 15:56:48 | 000,000,000 | ---D | C] -- C:\test12

========== Files - Modified Within 30 Days ==========

[2010.03.17 12:24:18 | 004,194,304 | -HS- | M] () -- C:\Users\N-kay\NTUSER.DAT
[2010.03.17 12:12:28 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.03.17 12:11:51 | 000,032,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.03.17 12:11:51 | 000,032,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.03.17 12:06:47 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.03.17 12:06:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.03.17 12:06:32 | 1508,761,600 | -HS- | M] () -- C:\hiberfil.sys
[2010.03.17 12:05:29 | 001,196,151 | -H-- | M] () -- C:\Users\N-kay\AppData\Local\IconCache.db
[2010.03.17 12:05:20 | 000,019,286 | ---- | M] () -- C:\cleanup.exe
[2010.03.17 12:04:20 | 000,284,880 | -H-- | M] () -- C:\Users\N-kay\AppData\Roaming\logs.dat
[2010.03.16 21:49:11 | 001,656,786 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.03.16 21:49:11 | 000,711,276 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.03.16 21:49:11 | 000,673,304 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.03.16 21:49:11 | 000,151,396 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.03.16 21:49:11 | 000,128,482 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.03.15 20:27:51 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2010.03.15 16:41:43 | 000,008,704 | ---- | M] () -- C:\Users\N-kay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.15 16:29:48 | 000,583,969 | ---- | M] () -- C:\Users\N-kay\Desktop\erfwer.png
[2010.03.15 16:22:36 | 000,517,510 | ---- | M] () -- C:\Users\N-kay\Desktop\Unbenannt.png
[2010.03.14 14:19:36 | 000,001,016 | ---- | M] () -- C:\Users\N-kay\Desktop\Rappelz.lnk
[2010.03.11 20:20:44 | 000,001,287 | ---- | M] () -- C:\Users\Public\Desktop\virus.utilities.lnk
[2010.03.11 20:15:03 | 057,640,570 | ---- | M] () -- C:\Users\N-kay\Desktop\Hacken.7z
[2010.03.10 19:48:40 | 000,129,903 | ---- | M] () -- C:\Users\N-kay\Desktop\unglaublich.png
[2010.03.10 13:56:01 | 000,073,404 | ---- | M] () -- C:\Users\N-kay\Desktop\hier.png
[2010.03.09 21:17:33 | 002,958,068 | ---- | M] () -- C:\Users\N-kay\Desktop\Rockstroh _Licht_ - Offizielles Musikvideo (HD).mp3
[2010.03.09 20:30:02 | 000,175,104 | ---- | M] () -- C:\Users\N-kay\AppData\Roaming\SQLite3.dll
[2010.03.07 00:36:38 | 000,239,398 | ---- | M] () -- C:\Users\N-kay\Documents\asdasdasd.png
[2010.03.07 00:35:25 | 000,230,596 | ---- | M] () -- C:\Users\N-kay\Desktop\bauch.jpg
[2010.03.07 00:34:01 | 000,565,439 | ---- | M] () -- C:\Users\N-kay\Desktop\fappeeer.png
[2010.03.07 00:33:42 | 000,000,727 | ---- | M] () -- C:\Users\N-kay\Desktop\fapper.jpg
[2010.03.07 00:25:57 | 000,556,775 | ---- | M] () -- C:\Users\N-kay\Desktop\123.png
[2010.03.07 00:24:26 | 000,529,081 | ---- | M] () -- C:\Users\N-kay\Desktop\tot.png
[2010.03.07 00:23:05 | 000,235,257 | ---- | M] () -- C:\Users\N-kay\Desktop\chatroulette.jpg
[2010.03.06 23:54:37 | 000,023,301 | ---- | M] () -- C:\Users\N-kay\Documents\Neger-Nazi.jpg
[2010.03.06 23:50:09 | 000,029,046 | ---- | M] () -- C:\Users\N-kay\Documents\0,1020,429611,00.jpg
[2010.03.06 19:33:41 | 000,001,190 | ---- | M] () -- C:\Users\N-kay\Desktop\Counter-Strike Source.lnk
[2010.03.06 19:21:56 | 000,001,194 | ---- | M] () -- C:\Users\N-kay\Desktop\Source Dedicated Server.lnk
[2010.03.06 19:07:45 | 000,001,230 | ---- | M] () -- C:\Users\N-kay\Desktop\Garry's Mod.lnk
[2010.03.06 18:17:41 | 000,001,851 | ---- | M] () -- C:\Users\N-kay\Desktop\ManyCam 2.4.lnk
[2010.03.03 18:15:16 | 000,270,384 | ---- | M] (Ikarus Security Software GmbH) -- C:\Windows\System32\ikmapi.dll
[2010.03.03 18:15:14 | 000,130,304 | ---- | M] (Ikarus Security Software GmbH) -- C:\Windows\System32\ikproc.dll
[2010.03.02 16:04:28 | 000,436,936 | ---- | M] () -- C:\Users\N-kay\Documents\Unknow.jpg
[2010.03.02 16:00:48 | 000,299,100 | ---- | M] () -- C:\Users\N-kay\Documents\02032010201.jpg
[2010.02.28 10:57:49 | 000,000,562 | ---- | M] () -- C:\Users\N-kay\Desktop\Fraps.lnk
[2010.02.27 19:38:53 | 000,009,018 | ---- | M] () -- C:\Users\N-kay\Documents\cc_20100227_193850.reg
[2010.02.27 19:38:20 | 000,001,831 | ---- | M] () -- C:\Users\N-kay\Desktop\CCleaner.lnk
[2010.02.27 08:06:21 | 000,294,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.02.26 21:46:07 | 000,065,480 | ---- | M] () -- C:\Users\N-kay\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.02.26 18:02:29 | 000,005,406 | ---- | M] () -- C:\Users\N-kay\Desktop\index.php
[2010.02.25 17:34:18 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010.02.25 17:34:18 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.02.25 17:34:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.02.25 17:34:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.02.25 10:07:37 | 018,499,623 | ---- | M] () -- C:\Users\N-kay\Documents\vlc-1.0.5-win32.exe
[2010.02.24 09:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.02.18 21:40:30 | 000,001,647 | ---- | M] () -- C:\Users\N-kay\Documents\Bewerbung.rtf
[2010.02.18 17:22:09 | 000,000,026 | ---- | M] () -- C:\Users\N-kay\Desktop\test.bat
[2010.02.18 16:57:26 | 000,001,417 | ---- | M] () -- C:\Users\N-kay\Documents\Lebenslauf.rtf

========== Files Created - No Company Name ==========

[2010.03.17 12:12:28 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.03.17 12:05:20 | 000,019,286 | ---- | C] () -- C:\cleanup.exe
[2010.03.15 16:29:48 | 000,583,969 | ---- | C] () -- C:\Users\N-kay\Desktop\erfwer.png
[2010.03.15 16:22:36 | 000,517,510 | ---- | C] () -- C:\Users\N-kay\Desktop\Unbenannt.png
[2010.03.14 14:19:36 | 000,001,016 | ---- | C] () -- C:\Users\N-kay\Desktop\Rappelz.lnk
[2010.03.11 20:20:44 | 000,001,287 | ---- | C] () -- C:\Users\Public\Desktop\virus.utilities.lnk
[2010.03.11 20:14:20 | 057,640,570 | ---- | C] () -- C:\Users\N-kay\Desktop\Hacken.7z
[2010.03.10 19:48:40 | 000,129,903 | ---- | C] () -- C:\Users\N-kay\Desktop\unglaublich.png
[2010.03.10 13:56:00 | 000,073,404 | ---- | C] () -- C:\Users\N-kay\Desktop\hier.png
[2010.03.09 21:17:29 | 002,958,068 | ---- | C] () -- C:\Users\N-kay\Desktop\Rockstroh _Licht_ - Offizielles Musikvideo (HD).mp3
[2010.03.09 20:30:02 | 000,175,104 | ---- | C] () -- C:\Users\N-kay\AppData\Roaming\SQLite3.dll
[2010.03.07 00:35:24 | 000,230,596 | ---- | C] () -- C:\Users\N-kay\Desktop\bauch.jpg
[2010.03.07 00:34:35 | 000,239,398 | ---- | C] () -- C:\Users\N-kay\Documents\asdasdasd.png
[2010.03.07 00:34:00 | 000,565,439 | ---- | C] () -- C:\Users\N-kay\Desktop\fappeeer.png
[2010.03.07 00:33:41 | 000,000,727 | ---- | C] () -- C:\Users\N-kay\Desktop\fapper.jpg
[2010.03.07 00:25:57 | 000,556,775 | ---- | C] () -- C:\Users\N-kay\Desktop\123.png
[2010.03.07 00:24:25 | 000,529,081 | ---- | C] () -- C:\Users\N-kay\Desktop\tot.png
[2010.03.07 00:23:05 | 000,235,257 | ---- | C] () -- C:\Users\N-kay\Desktop\chatroulette.jpg
[2010.03.06 23:54:35 | 000,023,301 | ---- | C] () -- C:\Users\N-kay\Documents\Neger-Nazi.jpg
[2010.03.06 23:49:58 | 000,029,046 | ---- | C] () -- C:\Users\N-kay\Documents\0,1020,429611,00.jpg
[2010.03.06 19:33:41 | 000,001,190 | ---- | C] () -- C:\Users\N-kay\Desktop\Counter-Strike Source.lnk
[2010.03.06 19:21:56 | 000,001,194 | ---- | C] () -- C:\Users\N-kay\Desktop\Source Dedicated Server.lnk
[2010.03.06 19:07:45 | 000,001,230 | ---- | C] () -- C:\Users\N-kay\Desktop\Garry's Mod.lnk
[2010.03.06 18:17:41 | 000,001,851 | ---- | C] () -- C:\Users\N-kay\Desktop\ManyCam 2.4.lnk
[2010.03.02 16:04:00 | 000,436,936 | ---- | C] () -- C:\Users\N-kay\Documents\Unknow.jpg
[2010.03.02 16:00:07 | 000,299,100 | ---- | C] () -- C:\Users\N-kay\Documents\02032010201.jpg
[2010.02.28 10:57:49 | 000,000,562 | ---- | C] () -- C:\Users\N-kay\Desktop\Fraps.lnk
[2010.02.27 19:38:52 | 000,009,018 | ---- | C] () -- C:\Users\N-kay\Documents\cc_20100227_193850.reg
[2010.02.26 18:02:29 | 000,005,406 | ---- | C] () -- C:\Users\N-kay\Desktop\index.php
[2010.02.25 10:05:50 | 018,499,623 | ---- | C] () -- C:\Users\N-kay\Documents\vlc-1.0.5-win32.exe
[2010.02.18 21:40:30 | 000,001,647 | ---- | C] () -- C:\Users\N-kay\Documents\Bewerbung.rtf
[2010.02.18 16:57:25 | 000,001,417 | ---- | C] () -- C:\Users\N-kay\Documents\Lebenslauf.rtf
[2010.02.17 15:56:34 | 000,000,026 | ---- | C] () -- C:\Users\N-kay\Desktop\test.bat
[2010.01.04 14:58:53 | 001,367,040 | ---- | C] () -- C:\Windows\System32\VitaminCtrl.dll
[2010.01.03 19:11:00 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010.01.03 04:41:54 | 000,000,410 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.01.01 17:14:18 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2010.01.01 17:14:18 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2010.01.01 17:14:18 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009.11.14 01:45:16 | 000,221,184 | ---- | C] () -- C:\Windows\System32\COMSocketServer.dll
[2009.11.14 01:45:13 | 000,055,808 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2009.11.14 01:45:13 | 000,053,248 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2009.11.01 00:24:58 | 000,008,704 | ---- | C] () -- C:\Users\N-kay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.24 23:57:04 | 001,589,248 | ---- | C] () -- C:\Windows\System32\libmysql_d.dll
[2009.10.24 16:28:00 | 000,007,602 | ---- | C] () -- C:\Users\N-kay\AppData\Local\Resmon.ResmonCfg
[2009.10.24 10:03:04 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.10.22 21:28:13 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009.10.22 17:15:08 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.10.20 19:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009.10.19 14:49:41 | 000,000,021 | ---- | C] () -- C:\Windows\TemplateWizard.INI
[2009.10.17 23:43:04 | 000,000,220 | ---- | C] () -- C:\Windows\aimpr.ini
[2009.10.06 23:46:11 | 000,000,280 | ---- | C] () -- C:\Users\N-kay\AppData\Roaming\Current.prx
[2009.07.14 01:55:09 | 000,587,776 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2007.04.17 14:34:40 | 000,135,716 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2005.11.06 11:51:14 | 000,284,880 | -H-- | C] () -- C:\Users\N-kay\AppData\Roaming\logs.dat
[2003.09.22 11:49:36 | 000,015,190 | ---- | C] () -- C:\Windows\M1000Twn.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 48 bytes -> C:\Windows:68244E31DF4AD49F
< End of report >


Extras.txt:
OTL Extras logfile created on: 17.03.2010 12:19:20 - Run 1
OTL by OldTimer - Version 3.1.37.2 Folder = C:\Users\N-kay\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 55,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55,90 Gb Total Space | 1,40 Gb Free Space | 2,51% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 55,89 Gb Total Space | 7,10 Gb Free Space | 12,70% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 14,91 Gb Total Space | 5,53 Gb Free Space | 37,08% Space Free | Partition Type: FAT32

Computer Name: N-KAY-PC
Current User Name: N-kay
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [compress] -- C:\Program Files\KGB Archiver\kgb_arch_compress.exe "%1\"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.0 Build #1205 Banner Remover 0.7
"{0CA38F52-F0FA-4B9F-8A36-EC8A9609FBBC}" = Halo 2 for Windows Vista
"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{30355ED7-DE49-4C8D-BE23-2161D36E8A9A}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{31CF6C0E-51F0-41D2-B088-A6A143C4303C}" = SweetIM Toolbar for Internet Explorer 3.6
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008-Browser
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{5D4B3647-9842-4875-B081-EF8D98C02865}" = WMPKeys
"{5DC6B387-DCD5-4B66-B866-434020FF2ECC}" = TortoiseSVN 1.6.7.18415 (32 bit)
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FD88490-011C-4DF1-B886-F298D955171B}" = MySQL Connector Net 5.2.7
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{738B0934-6676-44F6-AB52-32F4E60DCA7F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{839916F4-D8B5-4407-BE6D-6D4EB9D96AF4}" = LIVE gaming on Windows Runtime Version 1.0.6027
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F714418-F3C3-3BF0-B548-E4BDA7AD41DE}" = Microsoft Visual Basic 2008 Express Edition with SP1 - DEU
"{90877318-0BD0-4BDE-BFC0-C4BB12DAC86A}_is1" = Rappelz
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{9EBDAF91-DADA-47CE-94F2-F5B004007934}" = System Requirements Lab
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB039765-AE63-4BBF-B2E1-7AA14FBE7C16}_is1" = Snej-Mod V6.0.05
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{C91C4EF4-63E1-41EE-AE6A-5152628FDC21}" = Microsoft SQL Server 2008 Native Client
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{C9E3ACAB-1A3B-4B67-A653-916F250ABAD4}" = BisonCam, USB2.0
"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D3507473-2CE3-4073-A6BA-A0846B5CC687}" = Namo WebEditor 8
"{DA703982C580418795BF4001AA9D7061}" = DivX Plus Media Foundation Components
"{DF6F459C-8B89-4F88-B63F-A2E136BB6B79}" = SweetIM for Messenger 2.8
"{E94806A6-3E29-40AE-A1A2-B4099D077C98}" = Sun VirtualBox
"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F8D315CF-615E-3AAC-ABF6-C0FA91EDDDBA}" = Microsoft Visual C# 2008 Express Edition with SP1 - DEU
"{FA440BE8-EC2F-4478-A01A-077DA0606501}" = Microsoft SQL Server Compact 3.5 SP1 (Deutsch)
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"aEton CommunicaEor" = aEton CommunicaEor
"Alt.Binz" = Alt.Binz 0.25.0
"AstrumNival Allods" = Allods Online 1.0.04.22
"AudioCon" = AudioCon
"Camtasia Studio 6.0.3" = Camtasia Studio 6.0.3
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"Diablo II" = Diablo II
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Dragonica" = Dragonica
"FileZilla Client" = FileZilla Client 3.3.1
"FirstloadIkarus" = Firstload Ikarus
"Fraps" = Fraps (remove only)
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.2
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Game Cam" = Game Cam 2.54.0.47
"HijackThis" = HijackThis 2.0.2
"HyperCam 2" = HyperCam 2
"Icy Tower v1.4_is1" = Icy Tower v1.4
"jujuedit" = JujuEdit 1.44
"KGB Archiver_is1" = KGB Archiver 1.2.1.24
"LemmingballZ_0" = LemmingballZ 3D 8460
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.4 (remove only)
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual Basic 2008 Express Edition with SP1 - DEU" = Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU
"Microsoft Visual C# 2008 Express Edition with SP1 - DEU" = Microsoft Visual C# 2008 Express Edition mit SP1 - DEU
"mIRC" = mIRC
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"NVIDIA Drivers" = NVIDIA Drivers
"ordrumbox_is1" = ordrumbox-0.8.05
"PowerISO" = PowerISO
"PremiumSoft Navicat Lite 8.2_is1" = PremiumSoft Navicat Lite 8.2
"Proxifier_is1" = Proxifier version 2.9
"QuickPar" = QuickPar 0.9
"ratDVD" = ratDVD 0.78.1444
"Realm Crafter Demo" = Realm Crafter Demo
"RealPlayer 12.0" = RealPlayer
"RouterControl" = RouterControl 2.0
"Sony Eyetoy Webcam" = Sony Eyetoy Webcam
"Steam App 205" = Source Dedicated Server
"Steam App 240" = Counter-Strike: Source
"Steam App 4000" = Garry's Mod
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 4" = TeamViewer 4
"The Mana World" = The Mana World 0.0.29
"Uninstall_is1" = Uninstall 1.0.0.1
"UseNeXT_is1" = UseNeXT
"Video to Flash Converter PRO_is1" = Video to Flash Converter PRO
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"virus utilities.2" = IKARUS virus.utilities 1.0.203
"VisionGS PE_is1" = VisionGS PE
"VLC media player" = VLC media player 1.0.2
"WBFS Manager 3.0" = WBFS Manager 3.0
"WebClicker" = HeadStrong WebClicker v2.56
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR
"Wireshark" = Wireshark 1.2.2
"Xilisoft 3GP Video Converter" = Xilisoft 3GP Video Converter

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Advanced IM Password Recovery" = Advanced IM Password Recovery
"QIP 2005" = QIP 2005 8095
"WinDirStat" = WinDirStat 1.1.2
"World of Warcraft Trial" = Probeversion von World of Warcraft

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


MAM läuft bestimmt noch 'ne weile(hat bisher 8 Sachen gefunden), aber hier habt ihr das erstmal.
__________________
Alt 17.03.2010, 16:23   #4
N-kay
 
C:\Program Files\Windows Install\csrss.exe - Standard

C:\Program Files\Windows Install\csrss.exe


Weil ich nicht editieren kann, hier nun endlich der


MAM-Log:
Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3875
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

17.03.2010 16:18:56
mbam-log-2010-03-17 (16-18-54).txt

Scan-Methode: Vollständiger Scan (C:\|F:\|)
Durchsuchte Objekte: 325889
Laufzeit: 3 hour(s), 31 minute(s), 6 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 14

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{eutdsh7k-2gv0-8fco-wx13-lbh0bhv5u1yl} (Generic.Bot.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Program Files\IKARUS\virus.utilities\quarantine\files\10.vir (Backdoor.Poison) -> No action taken.
C:\Program Files\IKARUS\virus.utilities\quarantine\files\11.vir (Backdoor.PoisonIvy) -> No action taken.
C:\Program Files\IKARUS\virus.utilities\quarantine\files\18.vir (Backdoor.Poison) -> No action taken.
C:\Program Files\IKARUS\virus.utilities\quarantine\files\31.vir (Trojan.Meredrop) -> No action taken.
C:\Program Files\IKARUS\virus.utilities\quarantine\files\5.vir (Worm.AutoRun) -> No action taken.
C:\Program Files\IKARUS\virus.utilities\quarantine\files\6.vir (Backdoor.Poison) -> No action taken.
C:\Program Files\IKARUS\virus.utilities\quarantine\files\7.vir (Backdoor.PoisonIvy) -> No action taken.
C:\Users\N-kay\AppData\Local\Temp\7zO1A48.tmp\PILib.dll (Backdoor.PoisonIvy) -> No action taken.
C:\Users\N-kay\AppData\Local\Temp\7zO74A8.tmp\PILib.dll (Backdoor.PoisonIvy) -> No action taken.
C:\Windows\run_setup.exe (Adware.Agent) -> No action taken.
C:\Users\N-kay\AppData\Roaming\logs.dat (Bifrose.Trace) -> No action taken.
C:\Users\N-kay\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> No action taken.
C:\Users\N-kay\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> No action taken.
C:\Users\N-kay\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> No action taken.

Ich kann aber nicht bereinigen lassen, nur kaufen, Log speichern oder beenden...

Alt 17.03.2010, 16:23   #5
Chris4You
 
C:\Program Files\Windows Install\csrss.exe - Standard

C:\Program Files\Windows Install\csrss.exe


Hi,

poste auf jeden Fall das MAM-Log...

Hast Du das hier mit Absicht drin:
Code:
ATTFilter
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
Ein ähnliches PlugIn hängt im FF rum...?

Wir müssen wegen ev. Rootkit noch mit CureIT prüfen:
(das kann sehr lange gehen...)

http://www.trojaner-board.de/59299-anleitung-drweb-cureit.html
Nach Beendigung des Scans findes Du das Log unter %USERPROFILE%\DoctorWeb\CureIt.log.
Bevor du irgendwelche Aktionen unternimmst, kopiere bitte den Inhalt des Logs und poste ihn.
Die Log Datei ist sehr groß, ca. über 5MB Text. Benutzt einfach die Suche nach "infiziert" und kopiert betreffende Teile heraus, bevor Du sie postet.

chris

__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Antwort

Themen zu C:\Program Files\Windows Install\csrss.exe
antiviren-programm, anzeige, bho, cdburnerxp, csrss.exe, explorer, firefox, hijack, icq, infiziert, internet, internet explorer, log, löschen, micro, microsoft, mozilla, nvidia, ordner, plug-in, poweriso, problem, security, software, sweetim, system32, toolbars, update, windows, windows installer, windows security, winsock


« World of Warcraft Trojaner | Ist mein System verseucht? »

Ähnliche Themen: C:\Program Files\Windows Install\csrss.exe


  1. RunDLL Problem beim Starten von C:\ Program Files (x86) \ Home Tab \ TBUpdater.dll Das angegebene Modul wurde nicht gefunden. (Windows 7)
    Log-Analyse und Auswertung - 30.01.2015 (7)
  2. Problem beim Starten von windows Vista C:\Program files (X86)\Hometab\TBUpdater.dll kommt nach hochfahren des PC
    Plagegeister aller Art und deren Bekämpfung - 03.06.2014 (10)
  3. Trojan.FakeAlert in C:\Program Files (x86)\OpenOffice 4 \program\calc.dll
    Plagegeister aller Art und deren Bekämpfung - 22.04.2014 (5)
  4. Windows 8: RunDLL - Problem beim Starten von C:\Program Files (86x)\Home Tab\TBUpdater.dll
    Log-Analyse und Auswertung - 27.10.2013 (5)
  5. c:\program files(x86)\hometab\tbupdater.dll
    Log-Analyse und Auswertung - 05.10.2013 (14)
  6. Windows 7 64bit - Win32.downloader.gen (C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll) durch Spybot gefunden
    Log-Analyse und Auswertung - 29.09.2013 (7)
  7. Windows 7 C:\Program Files(x86)\HomeTab\TBUpdater.dll bekomme ständig diese meldung.
    Log-Analyse und Auswertung - 20.09.2013 (20)
  8. Problem beim Windows 7 Start program files\hometab\TBUpdater.dll
    Plagegeister aller Art und deren Bekämpfung - 20.08.2013 (13)
  9. Windows 7: C:\Program files\Desktop\Google\...usw-> TR/Sirefef.A.37 und TR/ATRAPS.Gen2, Antivir kann Sie nicht in die Quarantäne verschieben
    Plagegeister aller Art und deren Bekämpfung - 12.08.2013 (13)
  10. Windows 8 x64 - "TR/ATRAPS.Gen2" in C:\Program Files (x86)\Google\Desktop\...\80000032.@ und ...\80000064.@ und ...{80000000.@
    Log-Analyse und Auswertung - 10.08.2013 (5)
  11. C:\Program Files(x86)\HomeTab\TBUpdater.dll
    Plagegeister aller Art und deren Bekämpfung - 22.06.2013 (7)
  12. O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSetting
    Mülltonne - 02.07.2012 (0)
  13. Unbekannter Trojaner in: C:\Program Files (x86)\Microsoft\csrss.exe
    Plagegeister aller Art und deren Bekämpfung - 16.12.2011 (41)
  14. FakeAlert!fakealert-REP in C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
    Plagegeister aller Art und deren Bekämpfung - 02.09.2011 (45)
  15. C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
    Log-Analyse und Auswertung - 31.05.2009 (1)
  16. Vista und Program Files...
    Alles rund um Windows - 16.08.2008 (2)
  17. ist es möglich über ein 2.install.windows die daten der 1. windows install.zu retten?
    Alles rund um Windows - 11.11.2007 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema C:\Program Files\Windows Install\csrss.exe - Ich bin mir ziemlich sicher, dass ich infiziert bin. Ich hab mich schon schlau gemacht und weiß, dass csrss.exe da garnicht hingehört -> Trojaner/Wurm/Virus etc. Mein Problem ist aber, dass - C:\Program Files\Windows Install\csrss.exe...
Archiv
Du betrachtest: C:\Program Files\Windows Install\csrss.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129