Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Svchost.exe lässt sich nicht löschen (https://www.trojaner-board.de/88292-svchost-exe-laesst-loeschen.html)

Drey 17.07.2010 12:04
Svchost.exe lässt sich nicht löschen
 
Zu aller erst möchte ich sagen, dass ich in meiner Suche noch keine Lösung gefunden habe, und dardurch auf dieses Board gestossen bin.Ich hoffe ihr könnt mir helfen :).

Und zwar habe ich eine svchost.exe die von AVG nicht erkannt wird, aber auf jeden fall schädlich ist. Sie hat bereits Mozilla firefox und Internet Explorer attackiert, sodass merkwürdige kleine Programme namen firefox.exe 32 oder iexplorer.exe liefen mit ca.8000 kb .
Die Probleme habe ich aber durch abschalten des Internet Explorers und neuinstallation behoben.

Ich möchte auch noch sagen, dass ich das Problem seit einer Installation eines heruntergeladenes Spiels habe.

markusg 17.07.2010 12:44
download malwarebytes:
Malwarebytes
instalieren, öffnen, registerkarte aktualisierung, programm updaten.
schalte nun alles an laufenden programmen ab, auch dein antivirus programm, trenne auch die internetverbindung, in dem du das netzwerkabel ziehst, bzw wlan deaktivirst, starte nun einen komplett scan mit malwarebytes, funde am ende löschen, evtl. muss der pc neu gestartet werden, avira + internet ein,log posten.
ootl:
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
poste beide

Drey 18.07.2010 00:29
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4321

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

17.07.2010 19:11:46
mbam-log-2010-07-17 (19-11-46).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|)
Durchsuchte Objekte: 490499
Laufzeit: 1 Stunde(n), 52 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{e4v6hjw0-7300-jv52-28v2-5xow7r6os476} (Generic.Bot.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\JDK5SWFMZY (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\Zugo (Adware.Zugo) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hkcu (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hklm (Trojan.Agent) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\Win32Gl\svchost.exe (Generic.Bot.H) -> No action taken.
C:\Users\...\AppData\Roaming\cglogs.dat (Malware.Trace) -> No action taken.
C:\Users\...\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> No action taken.
C:\Users\...\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> No action taken.
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> No action taken.
...
Die OTL Datei ist mir abhanden gekommen, meine sie aber abgespeichert zu haben:twak:.
Kann dazu erstmal nix zu sagen, ich werde den scan aber gerne wiederholen, wenn erwünscht.

Drey 18.07.2010 10:39
Edit:Es scheint als hätte OLT alle Viren erkannt und beseitigt.

Danke für die Hilfe

markusg 18.07.2010 14:13
bitte poste das otl log. führe das programm also erneut aus. da wir nicht sicher sein können ob alles entfernt wurde, ist eine manuelle kontrolle nötig

Drey 18.07.2010 17:09
OTL Logfile:
Code:
OTL logfile created on: 7/18/2010 5:44:59 PM - Run 1
OTL by OldTimer - Version 3.2.9.1    Folder = C:\Users\Keno\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116.44 Gb Total Space | 50.10 Gb Free Space | 43.03% Space Free | Partition Type: NTFS
Drive D: | 334.67 Gb Total Space | 178.06 Gb Free Space | 53.21% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: KENO-PC
Current User Name: Keno
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010/07/18 12:14:55 | 000,218,808 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2010/07/18 06:45:23 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Keno\Desktop\OTL.exe
PRC - [2010/07/16 14:24:14 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/07/16 14:24:09 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/01 00:56:14 | 000,015,320 | ---- | M] (Mozilla Corporation) -- D:\Programme\plugin-container.exe
PRC - [2010/07/01 00:56:04 | 000,923,096 | ---- | M] (Mozilla Corporation) -- D:\Programme\firefox.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/08 13:39:01 | 000,133,368 | ---- | M] (ICQ, LLC.) -- C:\Program Files (x86)\ICQ7.0\ICQ.exe
PRC - [2010/02/11 12:17:07 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/01/25 15:59:10 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/09/24 23:50:02 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009/08/29 08:56:10 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/08/17 19:58:46 | 006,859,392 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009/07/24 20:32:50 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009/07/16 20:07:54 | 000,178,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2009/06/19 20:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 20:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/16 03:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
PRC - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/05/19 01:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009/04/20 21:09:30 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2008/12/23 03:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/08/14 07:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008/08/14 06:59:56 | 000,301,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
PRC - [2008/07/18 20:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2008/03/31 12:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010/07/18 06:45:23 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Keno\Desktop\OTL.exe
MOD - [2009/07/14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010/07/18 12:14:55 | 000,218,808 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2010/07/16 14:24:09 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/19 10:25:38 | 000,430,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/03/30 11:16:14 | 001,823,112 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Programme\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010/02/26 16:14:04 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/02/11 12:17:07 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/09/15 03:03:42 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/06/16 03:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/12/08 18:01:58 | 000,533,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2008/10/25 12:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/03/31 12:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
 
 
========== Driver Services (SafeList) ==========
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2757286898-206695463-168853225-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.qip.ru
IE - HKU\S-1-5-21-2757286898-206695463-168853225-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
IE - HKU\S-1-5-21-2757286898-206695463-168853225-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru
IE - HKU\S-1-5-21-2757286898-206695463-168853225-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/skins7/
IE - HKU\S-1-5-21-2757286898-206695463-168853225-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie
IE - HKU\S-1-5-21-2757286898-206695463-168853225-1000\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2757286898-206695463-168853225-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-2757286898-206695463-168853225-1000\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2757286898-206695463-168853225-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2757286898-206695463-168853225-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://google.de"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.4
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.22
FF - prefs.js..extensions.enabledItems: netvideohunter@netvideohunter.com:1.3
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: firefox-ext@youtubekeep.com:1.3
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3
FF - prefs.js..extensions.enabledItems: beamgeraet@web.de:4.11.0.8
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: info@youtube-mp3.org:1.0.1
FF - prefs.js..extensions.enabledItems: fastYoutubeDownloader@yevgenyandrov.net:1.2.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {6e764c17-863a-450f-bdd0-6772bd5aaa18}:1.0.3
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=skins7&tb_ver=2.0.0.2&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/12/26 15:29:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/03/04 18:20:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/06/03 16:54:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/05/29 13:15:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b1\extensions\\Components: D:\Programme\components [2010/07/14 17:56:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b1\extensions\\Plugins: D:\Programme\plugins [2010/07/14 14:37:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/03/04 18:20:15 | 000,000,000 | ---D | M]
 
[2009/12/24 02:29:21 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\mozilla\Extensions
[2010/07/14 17:45:11 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\mozilla\Firefox\Profiles\0ds3fu9d.default\extensions
[2010/07/09 01:01:12 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Keno\AppData\Roaming\mozilla\Firefox\Profiles\0ds3fu9d.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/05/10 17:25:46 | 000,000,000 | ---D | M] (Media Converter) -- C:\Users\Keno\AppData\Roaming\mozilla\Firefox\Profiles\0ds3fu9d.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
[2010/04/16 18:13:09 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\Keno\AppData\Roaming\mozilla\Firefox\Profiles\0ds3fu9d.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010/07/13 20:46:55 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Keno\AppData\Roaming\mozilla\Firefox\Profiles\0ds3fu9d.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/05/29 17:41:46 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Keno\AppData\Roaming\mozilla\Firefox\Profiles\0ds3fu9d.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/06/25 12:49:43 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Keno\AppData\Roaming\mozilla\Firefox\Profiles\0ds3fu9d.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010/06/13 11:05:03 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\mozilla\Firefox\Profiles\0ds3fu9d.default\extensions\beamgeraet@web.de
[2010/06/10 14:34:03 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\mozilla\Firefox\Profiles\0ds3fu9d.default\extensions\fastYoutubeDownloader@yevgenyandrov.net
[2010/04/07 22:25:11 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\mozilla\Firefox\Profiles\0ds3fu9d.default\extensions\firefox-ext@youtubekeep.com
[2010/05/29 17:41:47 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\mozilla\Firefox\Profiles\0ds3fu9d.default\extensions\info@youtube-mp3.org
[2010/07/13 20:46:58 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\mozilla\Firefox\Profiles\0ds3fu9d.default\extensions\netvideohunter@netvideohunter.com
[2010/04/27 18:31:58 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\mozilla\Firefox\Profiles\0ds3fu9d.default\extensions\youtube2mp3@mondayx.de
[2010/03/27 16:34:40 | 000,002,004 | ---- | M] () -- C:\Users\Keno\AppData\Roaming\Mozilla\FireFox\Profiles\0ds3fu9d.default\searchplugins\3dlam-suche.xml
[2009/12/24 04:27:05 | 000,002,254 | ---- | M] () -- C:\Users\Keno\AppData\Roaming\Mozilla\FireFox\Profiles\0ds3fu9d.default\searchplugins\askcom.xml
[2010/07/12 13:27:07 | 000,000,950 | ---- | M] () -- C:\Users\Keno\AppData\Roaming\Mozilla\FireFox\Profiles\0ds3fu9d.default\searchplugins\icqplugin-1.xml
[2010/04/22 13:33:22 | 000,000,945 | ---- | M] () -- C:\Users\Keno\AppData\Roaming\Mozilla\FireFox\Profiles\0ds3fu9d.default\searchplugins\icqplugin.xml
[2009/12/24 03:03:34 | 000,002,061 | ---- | M] () -- C:\Users\Keno\AppData\Roaming\Mozilla\FireFox\Profiles\0ds3fu9d.default\searchplugins\qipsearch.xml
[2010/07/14 18:52:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010/07/14 14:37:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/14 14:37:07 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/12/21 07:47:02 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2757286898-206695463-168853225-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2757286898-206695463-168853225-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2757286898-206695463-168853225-1000\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2757286898-206695463-168853225-1000..\Run: [SRS Premium Sound] C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe (SRS Labs, Inc.)
O4 - HKU\S-1-5-21-2757286898-206695463-168853225-1000..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2757286898-206695463-168853225-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: ADSMTray - hkey= - key= - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
MsConfig:64bit - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: P2Go_Menu - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - D:\Programme\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.dvacm - C:\PROGRA~2\COMMON~1\ULEADS~1\Vio\Dvacm.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mpegacm  - C:\PROGRA~2\COMMON~1\ULEADS~1\MPEG\mpegacm.acm (Ulead Systems, Inc.)
Drivers32: msacm.ulmp3acm - C:\PROGRA~2\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010/07/18 11:41:30 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Keno\Desktop\OTL.exe
[2010/07/17 17:15:37 | 000,000,000 | ---D | C] -- C:\Users\Keno\AppData\Roaming\Malwarebytes
[2010/07/17 17:15:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/07/17 17:15:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/17 13:23:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010/07/14 17:51:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2010/07/14 17:49:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2010/07/14 14:37:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/07/14 14:37:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/07/14 14:37:18 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/07/14 14:37:18 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/07/14 14:37:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/07/14 14:37:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/07/14 14:37:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010/07/12 23:54:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\thriXXX
[2010/07/12 23:54:37 | 000,000,000 | ---D | C] -- C:\Users\Keno\AppData\Roaming\thriXXX
[2010/07/06 18:47:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities
[2010/06/24 12:02:13 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010/06/24 12:02:13 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010/06/24 12:02:13 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010/06/24 12:02:13 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010/06/24 09:02:21 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010/06/24 09:02:20 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010/06/24 09:02:19 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/06/21 16:53:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip
[2010/06/21 15:11:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/06/21 14:53:08 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010/07/18 17:46:32 | 003,407,872 | -HS- | M] () -- C:\Users\Keno\NTUSER.DAT
[2010/07/18 17:02:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/18 12:14:55 | 000,218,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010/07/18 12:14:55 | 000,218,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/07/18 11:58:00 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2010/07/18 11:57:58 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/18 11:57:37 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/18 11:57:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/18 11:57:15 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/18 11:56:24 | 003,828,899 | -H-- | M] () -- C:\Users\Keno\AppData\Local\IconCache.db
[2010/07/18 06:45:23 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Keno\Desktop\OTL.exe
[2010/07/17 17:24:31 | 000,007,598 | ---- | M] () -- C:\Users\Keno\AppData\Local\Resmon.ResmonCfg
[2010/07/17 17:15:29 | 000,000,780 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/17 16:58:19 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/07/17 16:57:38 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/07/14 17:51:44 | 000,001,669 | ---- | M] () -- C:\Users\Keno\Desktop\DivX Movies.lnk
[2010/07/14 14:37:52 | 000,000,625 | ---- | M] () -- C:\Users\Public\Desktop\JDownloader.lnk
[2010/07/14 14:37:07 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/07/14 14:37:07 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/07/14 14:37:07 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/07/14 14:37:07 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/07/11 15:47:29 | 000,000,772 | ---- | M] () -- C:\Users\Keno\Desktop\DESKTOP.lnk
[2010/07/06 18:47:24 | 000,000,990 | ---- | M] () -- C:\Users\Keno\Desktop\Glary Utilities.lnk
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010/07/17 17:15:29 | 000,000,780 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/14 17:51:44 | 000,001,669 | ---- | C] () -- C:\Users\Keno\Desktop\DivX Movies.lnk
[2010/07/14 14:37:52 | 000,000,625 | ---- | C] () -- C:\Users\Public\Desktop\JDownloader.lnk
[2010/07/11 15:47:31 | 000,000,772 | ---- | C] () -- C:\Users\Keno\Desktop\DESKTOP.lnk
[2010/07/06 18:47:25 | 000,000,324 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
[2010/07/06 18:47:24 | 000,000,990 | ---- | C] () -- C:\Users\Keno\Desktop\Glary Utilities.lnk
[2010/06/25 17:53:33 | 000,055,808 | ---- | C] () -- D:\Documents\Lebenslaufneu12-6-10.doc
[2010/06/21 15:16:01 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/20 19:31:20 | 000,024,576 | -HS- | C] () -- C:\Users\Keno\Thumbs.db
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/03/01 20:56:43 | 000,691,592 | ---- | C] () -- C:\Windows\SysWow64\OGACheckControl.DLL
[2010/02/06 20:43:35 | 000,290,816 | ---- | C] () -- C:\Windows\SysWow64\decdll.dll
[2010/01/22 17:15:37 | 000,000,116 | ---- | C] () -- C:\Windows\SysWow64\applet.ini
[2009/12/28 23:16:29 | 001,524,494 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/12/24 11:33:49 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2009/08/19 10:33:09 | 000,000,035 | ---- | C] () -- C:\Windows\OOBEPlayer.ini
[2009/07/29 07:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/19 21:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2003/03/11 18:25:54 | 000,313,856 | ---- | C] () -- C:\Windows\SysWow64\ThriXXX000089.dll
[2003/03/11 12:56:52 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\ThriXXX010205PNG.dll
[2003/03/11 12:56:36 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\ThriXXX010104Z.dll
[2003/03/11 12:56:24 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\ThriXXX015003JP2.dll
[2003/01/29 11:10:06 | 000,046,592 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll
[2003/01/29 11:10:06 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll
 
========== LOP Check ==========
 
[2009/12/24 11:25:55 | 000,000,000 | -HSD | M] -- C:\Users\Keno\AppData\Roaming\.#
[2010/05/16 11:11:52 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Asus WebStorage
[2010/05/25 08:20:47 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\AVG9
[2010/05/18 19:11:12 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2010/02/11 07:30:40 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\DAEMON Tools Lite
[2009/12/29 00:01:33 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\DAEMON Tools Pro
[2010/02/05 20:15:15 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\EeeStorageUploader
[2010/02/06 20:44:06 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\FreeVideoConverter
[2009/12/24 11:25:35 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\GameConsole
[2009/12/24 11:03:11 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\GlarySoft
[2010/07/18 13:35:13 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\ICQ
[2010/03/01 21:06:12 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\My ClickOnce Applications
[2010/03/04 18:10:11 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Nokia
[2009/12/31 16:15:03 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Nokia Ovi Suite
[2010/02/10 20:20:50 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Participatory Culture Foundation
[2010/02/05 17:31:47 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\PC Suite
[2010/07/14 12:45:54 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\PCF-VLC
[2010/01/07 19:09:00 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\QIP
[2010/04/27 21:26:35 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\TeamViewer
[2009/12/26 21:26:27 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Teeworlds
[2010/05/16 11:11:31 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\temp
[2010/02/22 19:14:13 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Thinstall
[2010/07/12 23:54:37 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\thriXXX
[2010/04/05 19:49:14 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\TS3Client
[2009/12/29 16:47:37 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Ubisoft
[2010/01/25 19:48:10 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Ulead Systems
[2010/05/18 22:18:35 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Uniblue
[2010/05/18 22:35:08 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\widestream
[2010/07/18 11:58:00 | 000,000,324 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2010/07/11 13:56:20 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009/12/24 11:25:55 | 000,000,000 | -HSD | M] -- C:\Users\Keno\AppData\Roaming\.#
[2009/12/31 11:18:42 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Adobe
[2010/04/01 19:08:02 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Apple Computer
[2010/05/16 11:11:52 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Asus WebStorage
[2009/12/24 01:50:03 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\ATI
[2010/05/25 08:20:47 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\AVG9
[2010/05/18 19:11:12 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2010/02/06 20:59:32 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\CyberLink
[2010/02/11 07:30:40 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\DAEMON Tools Lite
[2009/12/29 00:01:33 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\DAEMON Tools Pro
[2010/05/30 21:24:42 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\DivX
[2010/06/22 20:55:31 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\dvdcss
[2010/02/05 20:15:15 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\EeeStorageUploader
[2010/02/06 20:44:06 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\FreeVideoConverter
[2009/12/24 11:25:35 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\GameConsole
[2009/12/24 11:03:11 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\GlarySoft
[2010/01/25 15:59:46 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Google
[2010/07/18 13:35:13 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\ICQ
[2009/12/24 01:49:28 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Identities
[2009/12/24 02:26:52 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Macromedia
[2010/07/17 17:15:37 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Malwarebytes
[2009/07/14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Media Center Programs
[2010/06/19 19:51:02 | 000,000,000 | --SD | M] -- C:\Users\Keno\AppData\Roaming\Microsoft
[2010/03/02 18:06:33 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Microsoft Corporation
[2009/12/24 02:29:21 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Mozilla
[2010/03/01 21:06:12 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\My ClickOnce Applications
[2010/03/04 18:10:11 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Nokia
[2009/12/31 16:15:03 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Nokia Ovi Suite
[2010/02/10 20:20:50 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Participatory Culture Foundation
[2010/02/05 17:31:47 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\PC Suite
[2010/07/14 12:45:54 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\PCF-VLC
[2010/01/07 19:09:00 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\QIP
[2010/03/06 20:15:45 | 000,000,000 | RH-D | M] -- C:\Users\Keno\AppData\Roaming\SecuROM
[2010/06/25 14:00:31 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Skype
[2010/06/25 13:49:36 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\skypePM
[2010/04/27 21:26:35 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\TeamViewer
[2009/12/26 21:26:27 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Teeworlds
[2010/05/16 11:11:31 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\temp
[2010/02/22 19:14:13 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Thinstall
[2010/07/12 23:54:37 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\thriXXX
[2010/04/05 19:49:14 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\TS3Client
[2009/12/29 16:47:37 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Ubisoft
[2010/01/25 19:48:10 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Ulead Systems
[2010/05/18 22:18:35 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Uniblue
[2010/07/13 01:00:11 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\vlc
[2010/05/18 22:35:08 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\widestream
[2010/03/02 18:14:01 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Winamp
[2009/12/26 22:21:39 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010/03/07 03:46:44 | 000,077,542 | R--- | M] () -- C:\Users\...\AppData\Roaming\Microsoft\Installer\{3FC6307A-0EDE-9922-5898-3512D1CA44EE}\ARPPRODUCTICON.exe
[2010/05/15 13:03:56 | 000,049,790 | ---- | M] (Nc9a4HSg7p5XJi1e0BTo3x2ZYm86Fkf7CQb92Pdq3M8KtDz15EsLj04AnRw6y1G6Wro8SJb5r9N7MgEm34AjTc02Fqs0G5Pei4W1ZdHn6x3L7RpKw89XkDz27BaQt45Yfy8C9WoJa01BkSf32Cby6P9QwKn1s7EFt0m3HXz2x6ZLj8r5Y4MgDd28Acq0R4GiNe6p5TRe3y1NPa79ZgHq86JtWf0m7A2FkGp1w5T4Csd3E9KiSc4n9BLo1r6MDx72Ybj8XQz5q3G0Lsb8W0Cig7Z5Szj2PMc46Kwt9R3EyJn1) -- C:\Users\Keno\AppData\Roaming\Microsoft\Windows\Templatesa4RCw32Tpf5M1Gim0F8AbQd67ZePk90JnNy9s7S6XtYc2z1W3KqLo41.exe
[2010/05/15 13:03:56 | 000,924,160 | ---- | M] (KbW) -- C:\Users\...\AppData\Roaming\Microsoft\Windows\Templatesa4RCw32Tpf5M1Gim0F8AbQd67ZePk90JnNy9s7S6XtYc2z1W3KqLo42.exe
[2010/05/15 13:03:56 | 000,000,000 | ---- | M] () -- C:\Users\...\AppData\Roaming\Microsoft\Windows\Templatesa4RCw32Tpf5M1Gim0F8AbQd67ZePk90JnNy9s7S6XtYc2z1W3KqLo43.exe
[2010/05/15 13:02:01 | 000,924,160 | ---- | M] (KbW) -- C:\Users\...\AppData\Roaming\Microsoft\Windows\TemplatesAt18Gcy9MKd4p7NJf65ErLk02Bno3WXm2q5P8DsQa16Sjw7TCb3i4YHx0e9R1.exe
[2010/05/15 13:02:01 | 000,073,716 | ---- | M] (Lo9k4K1Hya6C7Xmn5YAq8s3JPp0e2E0Zci1M2Gwz6Q3FrTd48Bjf7D9WgSt5b8R5NxZw7n3X6Gdj1M0Los9H2CgTa42RmDt1x6JQr3i8PNz7p0KFc95Efe4A7Wbq2S8BkYy31AqHy4x9SFs6i5M0GeDr10Ejn6T3JpBd79Cow5ZYk42Pfm8NXb3g6KQt5a2RWc4z8L9Lps7EGq01Wfk6T7Bma5XZg41Frb3D0MtAw28Cji9N1Qnc0JRy29KdHe4x3Y8PoSz56HgAa7f8D7CeJd1b9GWc6r5R3MtKz4o2BFs0) -- C:\Users\...\AppData\Roaming\Microsoft\Windows\TemplatesAt18Gcy9MKd4p7NJf65ErLk02Bno3WXm2q5P8DsQa16Sjw7TCb3i4YHx0e9R2.exe
[2010/05/15 13:02:01 | 000,000,000 | ---- | M] () -- C:\Users\...\AppData\Roaming\Microsoft\Windows\TemplatesAt18Gcy9MKd4p7NJf65ErLk02Bno3WXm2q5P8DsQa16Sjw7TCb3i4YHx0e9R3.exe
[2010/05/11 19:41:30 | 000,049,790 | ---- | M] (Nc9a4HSg7p5XJi1e0BTo3x2ZYm86Fkf7CQb92Pdq3M8KtDz15EsLj04AnRw6y1G6Wro8SJb5r9N7MgEm34AjTc02Fqs0G5Pei4W1ZdHn6x3L7RpKw89XkDz27BaQt45Yfy8C9WoJa01BkSf32Cby6P9QwKn1s7EFt0m3HXz2x6ZLj8r5Y4MgDd28Acq0R4GiNe6p5TRe3y1NPa79ZgHq86JtWf0m7A2FkGp1w5T4Csd3E9KiSc4n9BLo1r6MDx72Ybj8XQz5q3G0Lsb8W0Cig7Z5Szj2PMc46Kwt9R3EyJn1) -- C:\Users\...\AppData\Roaming\Microsoft\Windows\TemplatesCa12Gqj0F3EgWf9r7Y5Zok4NJc8e6DPp59Hxn4KMi0z7Q2Awb31.exe
[2010/05/11 19:41:30 | 000,924,160 | ---- | M] (KbW) -- C:\Users\...\AppData\Roaming\Microsoft\Windows\TemplatesCa12Gqj0F3EgWf9r7Y5Zok4NJc8e6DPp59Hxn4KMi0z7Q2Awb32.exe
[2010/05/11 19:41:31 | 000,000,000 | ---- | M] () -- C:\Users\..\AppData\Roaming\Microsoft\Windows\TemplatesCa12Gqj0F3EgWf9r7Y5Zok4NJc8e6DPp59Hxn4KMi0z7Q2Awb33.exe
[2010/05/12 15:10:58 | 000,924,160 | ---- | M] (KbW) -- C:\Users\...\AppData\Roaming\Microsoft\Windows\TemplatesCj17Nfi8KZt9m3YSp26TrAd04Wqg5XEa84Bxb2QRy9k7FHc30Gew6D5Mno1PJz2s4L6Hyt0N1.exe
[2010/05/12 15:10:58 | 000,073,716 | ---- | M] (Lo9k4K1Hya6C7Xmn5YAq8s3JPp0e2E0Zci1M2Gwz6Q3FrTd48Bjf7D9WgSt5b8R5NxZw7n3X6Gdj1M0Los9H2CgTa42RmDt1x6JQr3i8PNz7p0KFc95Efe4A7Wbq2S8BkYy31AqHy4x9SFs6i5M0GeDr10Ejn6T3JpBd79Cow5ZYk42Pfm8NXb3g6KQt5a2RWc4z8L9Lps7EGq01Wfk6T7Bma5XZg41Frb3D0MtAw28Cji9N1Qnc0JRy29KdHe4x3Y8PoSz56HgAa7f8D7CeJd1b9GWc6r5R3MtKz4o2BFs0) -- C:\Users\...\AppData\Roaming\Microsoft\Windows\TemplatesCj17Nfi8KZt9m3YSp26TrAd04Wqg5XEa84Bxb2QRy9k7FHc30Gew6D5Mno1PJz2s4L6Hyt0N2.exe
[2010/05/12 15:10:58 | 000,000,000 | ---- | M] () -- C:\Users\Keno\AppData\Roaming\Microsoft\Windows\TemplatesCj17Nfi8KZt9m3YSp26TrAd04Wqg5XEa84Bxb2QRy9k7FHc30Gew6D5Mno1PJz2s4L6Hyt0N3.exe
[2010/05/12 15:09:54 | 000,049,790 | ---- | M] (Nc9a4HSg7p5XJi1e0BTo3x2ZYm86Fkf7CQb92Pdq3M8KtDz15EsLj04AnRw6y1G6Wro8SJb5r9N7MgEm34AjTc02Fqs0G5Pei4W1ZdHn6x3L7RpKw89XkDz27BaQt45Yfy8C9WoJa01BkSf32Cby6P9QwKn1s7EFt0m3HXz2x6ZLj8r5Y4MgDd28Acq0R4GiNe6p5TRe3y1NPa79ZgHq86JtWf0m7A2FkGp1w5T4Csd3E9KiSc4n9BLo1r6MDx72Ybj8XQz5q3G0Lsb8W0Cig7Z5Szj2PMc46Kwt9R3EyJn1) -- C:\Users\...\AppData\Roaming\Microsoft\Windows\Templatesj8L6Kab3HBe5p4R2Drd1QZy97EoFi0n8Y1AqPf2z3MNs60Tkc5S7CgGw49XxWt42Jms3A81.exe
[2010/05/12 15:09:54 | 000,924,160 | ---- | M] (KbW) -- C:\Users\...\AppData\Roaming\Microsoft\Windows\Templatesj8L6Kab3HBe5p4R2Drd1QZy97EoFi0n8Y1AqPf2z3MNs60Tkc5S7CgGw49XxWt42Jms3A82.exe
[2010/05/12 15:09:54 | 000,000,000 | ---- | M] () -- C:\Users\Keno\AppData\Roaming\Microsoft\Windows\Templatesj8L6Kab3HBe5p4R2Drd1QZy97EoFi0n8Y1AqPf2z3MNs60Tkc5S7CgGw49XxWt42Jms3A83.exe
[2010/05/11 19:41:41 | 000,049,790 | ---- | M] (Nc9a4HSg7p5XJi1e0BTo3x2ZYm86Fkf7CQb92Pdq3M8KtDz15EsLj04AnRw6y1G6Wro8SJb5r9N7MgEm34AjTc02Fqs0G5Pei4W1ZdHn6x3L7RpKw89XkDz27BaQt45Yfy8C9WoJa01BkSf32Cby6P9QwKn1s7EFt0m3HXz2x6ZLj8r5Y4MgDd28Acq0R4GiNe6p5TRe3y1NPa79ZgHq86JtWf0m7A2FkGp1w5T4Csd3E9KiSc4n9BLo1r6MDx72Ybj8XQz5q3G0Lsb8W0Cig7Z5Szj2PMc46Kwt9R3EyJn1) -- C:\Users\...\AppData\Roaming\Microsoft\Windows\TemplatesKg52Goz3M0Ncf8J1FmDp7s9R6Brw4Q6SxXi3j2H4Aea0WYd91Pyn81.exe
[2010/05/11 19:41:41 | 000,924,160 | ---- | M] (KbW) -- C:\Users\Keno\AppData\Roaming\Microsoft\Windows\TemplatesKg52Goz3M0Ncf8J1FmDp7s9R6Brw4Q6SxXi3j2H4Aea0WYd91Pyn82.exe
[2010/05/11 19:41:41 | 000,000,000 | ---- | M] () -- C:\Users\...\AppData\Roaming\Microsoft\Windows\TemplatesKg52Goz3M0Ncf8J1FmDp7s9R6Brw4Q6SxXi3j2H4Aea0WYd91Pyn83.exe
[2010/05/12 16:25:35 | 000,924,160 | ---- | M] (KbW) -- C:\Users\...\AppData\Roaming\Microsoft\Windows\TemplatesKs2t3MLe68QbTy7a1BYg0x9A4Rfj5WFm1k6SJc90Gzi3PNd74CoZw82Dnq5X6Hrp11.exe
[2010/05/12 16:25:35 | 000,073,716 | ---- | M] (Lo9k4K1Hya6C7Xmn5YAq8s3JPp0e2E0Zci1M2Gwz6Q3FrTd48Bjf7D9WgSt5b8R5NxZw7n3X6Gdj1M0Los9H2CgTa42RmDt1x6JQr3i8PNz7p0KFc95Efe4A7Wbq2S8BkYy31AqHy4x9SFs6i5M0GeDr10Ejn6T3JpBd79Cow5ZYk42Pfm8NXb3g6KQt5a2RWc4z8L9Lps7EGq01Wfk6T7Bma5XZg41Frb3D0MtAw28Cji9N1Qnc0JRy29KdHe4x3Y8PoSz56HgAa7f8D7CeJd1b9GWc6r5R3MtKz4o2BFs0) -- C:\Users\...\AppData\Roaming\Microsoft\Windows\TemplatesKs2t3MLe68QbTy7a1BYg0x9A4Rfj5WFm1k6SJc90Gzi3PNd74CoZw82Dnq5X6Hrp12.exe
[2010/05/12 16:25:35 | 000,000,000 | ---- | M] () -- C:\Users\...\AppData\Roaming\Microsoft\Windows\TemplatesKs2t3MLe68QbTy7a1BYg0x9A4Rfj5WFm1k6SJc90Gzi3PNd74CoZw82Dnq5X6Hrp13.exe
[2010/05/11 19:41:36 | 000,924,160 | ---- | M] (KbW) -- C:\Users\Keno\AppData\Roaming\Microsoft\Windows\Templatesm2RGj1k3D8Zfs4A9Jra5CHd76Lio0E0Fxq1WMt5y9P2Qnz3S7TeBw4b8KNp6g7X2Yc1.exe
[2010/05/11 19:41:36 | 000,073,716 | ---- | M] (Lo9k4K1Hya6C7Xmn5YAq8s3JPp0e2E0Zci1M2Gwz6Q3FrTd48Bjf7D9WgSt5b8R5NxZw7n3X6Gdj1M0Los9H2CgTa42RmDt1x6JQr3i8PNz7p0KFc95Efe4A7Wbq2S8BkYy31AqHy4x9SFs6i5M0GeDr10Ejn6T3JpBd79Cow5ZYk42Pfm8NXb3g6KQt5a2RWc4z8L9Lps7EGq01Wfk6T7Bma5XZg41Frb3D0MtAw28Cji9N1Qnc0JRy29KdHe4x3Y8PoSz56HgAa7f8D7CeJd1b9GWc6r5R3MtKz4o2BFs0) -- C:\Users\...\AppData\Roaming\Microsoft\Windows\Templatesm2RGj1k3D8Zfs4A9Jra5CHd76Lio0E0Fxq1WMt5y9P2Qnz3S7TeBw4b8KNp6g7X2Yc2.exe
[2010/05/11 19:41:36 | 000,000,000 | ---- | M] () -- C:\Users\...\AppData\Roaming\Microsoft\Windows\Templatesm2RGj1k3D8Zfs4A9Jra5CHd76Lio0E0Fxq1WMt5y9P2Qnz3S7TeBw4b8KNp6g7X2Yc3.exe
[2010/05/15 13:01:51 | 000,049,790 | ---- | M] (Nc9a4HSg7p5XJi1e0BTo3x2ZYm86Fkf7CQb92Pdq3M8KtDz15EsLj04AnRw6y1G6Wro8SJb5r9N7MgEm34AjTc02Fqs0G5Pei4W1ZdHn6x3L7RpKw89XkDz27BaQt45Yfy8C9WoJa01BkSf32Cby6P9QwKn1s7EFt0m3HXz2x6ZLj8r5Y4MgDd28Acq0R4GiNe6p5TRe3y1NPa79ZgHq86JtWf0m7A2FkGp1w5T4Csd3E9KiSc4n9BLo1r6MDx72Ybj8XQz5q3G0Lsb8W0Cig7Z5Szj2PMc46Kwt9R3EyJn1) -- C:\Users\...\AppData\Roaming\Microsoft\Windows\Templateso7H9PsZm1q4RCc8f3S5DyYn6k2G0Aie3XWd8r1QFz27KaLw5g4B0Tjt9N1.exe
[2010/05/15 13:01:51 | 000,924,160 | ---- | M] (KbW) -- C:\Users\...\AppData\Roaming\Microsoft\Windows\Templateso7H9PsZm1q4RCc8f3S5DyYn6k2G0Aie3XWd8r1QFz27KaLw5g4B0Tjt9N2.exe
[2010/05/15 13:01:52 | 000,000,000 | ---- | M] () -- C:\Users\...\AppData\Roaming\Microsoft\Windows\Templateso7H9PsZm1q4RCc8f3S5DyYn6k2G0Aie3XWd8r1QFz27KaLw5g4B0Tjt9N3.exe
[2010/05/11 19:42:50 | 000,924,160 | ---- | M] (KbW) -- C:\Users\...\AppData\Roaming\Microsoft\Windows\Templatesy0ZTb4i8XFz3r7C9QaEx56Dwc1R2AfJp1q8KSe2g5PBd73Wnk4HLs6o9N0YtGm1.exe
[2010/05/11 19:42:50 | 000,073,716 | ---- | M] (Lo9k4K1Hya6C7Xmn5YAq8s3JPp0e2E0Zci1M2Gwz6Q3FrTd48Bjf7D9WgSt5b8R5NxZw7n3X6Gdj1M0Los9H2CgTa42RmDt1x6JQr3i8PNz7p0KFc95Efe4A7Wbq2S8BkYy31AqHy4x9SFs6i5M0GeDr10Ejn6T3JpBd79Cow5ZYk42Pfm8NXb3g6KQt5a2RWc4z8L9Lps7EGq01Wfk6T7Bma5XZg41Frb3D0MtAw28Cji9N1Qnc0JRy29KdHe4x3Y8PoSz56HgAa7f8D7CeJd1b9GWc6r5R3MtKz4o2BFs0) -- C:\Users\...\AppData\Roaming\Microsoft\Windows\Templatesy0ZTb4i8XFz3r7C9QaEx56Dwc1R2AfJp1q8KSe2g5PBd73Wnk4HLs6o9N0YtGm2.exe
[2010/05/11 19:42:50 | 000,000,000 | ---- | M] () -- C:\Users\...\AppData\Roaming\Microsoft\Windows\Templatesy0ZTb4i8XFz3r7C9QaEx56Dwc1R2AfJp1q8KSe2g5PBd73Wnk4HLs6o9N0YtGm3.exe
[2010/03/01 21:06:12 | 000,107,768 | ---- | M] (Add-in Express Ltd) -- C:\Users\...\AppData\Roaming\My ClickOnce Applications\products.exe
[2010/03/11 09:17:44 | 064,164,264 | ---- | M] () -- C:\Users\...\AppData\Roaming\Nokia\Ovi Suite\Software Updater\NokiaOviSuite2Installer.exe
[2010/05/17 19:27:50 | 000,611,840 | ---- | M] (LinGon/CES) -- C:\Users\...\AppData\Roaming\QIP\Profiles\....@qip.ru\RcvdFiles\...\...\Just Cause 2 + 30 Trainer CES-LinGon\Just Cause 2 + 30 Trainer CES-LinGoexen.
[2010/05/17 19:27:51 | 000,606,720 | ---- | M] (LinGon/CES) -- C:\Users\...AppData\Roaming\QIP\Profiles\keno1993@qip.ru\RcvdFiles\...\...\Just Cause 2 + 30 Trainer CES-LinGon\RT 2 version\Just Cause 2 - RT 2- Trainer CE-LinGon.exe
[2010/02/23 19:39:22 | 000,053,248 | ---- | M] () -- C:\Users\...\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\10000001400002h\msiexec.exe
[2010/02/22 19:18:29 | 000,053,248 | ---- | M] () -- C:\Users\...\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\1000000a00003h\imjppdmg.exe
[2010/02/22 19:14:31 | 000,053,248 | ---- | M] () -- C:\Users\...\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\11300002h\splwow64.exe
[2010/02/22 19:33:37 | 000,053,248 | ---- | M] () -- C:\Users\...\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\30000000111800002h\EXCEL.EXE
[2010/02/22 19:17:43 | 000,053,248 | ---- | M] () -- C:\Users\...\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\300000002500002h\MSTORE.EXE
[2010/02/22 19:19:00 | 000,053,248 | ---- | M] () -- C:\Users\...\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\300000002ca00002h\OFFDIAG.EXE
[2010/02/23 19:39:04 | 000,053,248 | ---- | M] () -- C:\Users\...\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\300000003f00002h\CLVIEW.EXE
[2010/02/22 19:24:38 | 000,053,248 | ---- | M] () -- C:\Users\...\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\300000005700002h\WINWORD.EXE
[2010/02/22 19:14:33 | 000,053,248 | ---- | M] () -- C:\Users\...\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\300000007100002h\SETUP.EXE
[2010/02/22 19:14:22 | 000,053,248 | ---- | M] () -- C:\Users\...\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\300000007300002h\POWERPNT.EXE
[2010/02/22 19:18:27 | 000,053,248 | ---- | M] () -- C:\Users\...\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\30000000a0300002h\MSACCESS.EXE
[2010/02/22 19:17:44 | 000,053,248 | ---- | M] () -- C:\Users\...\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\30000000cf00002h\MSTORDB.EXE
[2010/02/22 19:19:12 | 000,053,248 | ---- | M] () -- C:\Users\...\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\30000000d900002h\DW20.EXE
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtmsft.dll
[2009.07.14 03:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtrans.dll
[2010.03.08 23:33:56 | 000,427,520 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\vbscript.dll
[2009.08.29 08:59:32 | 011,406,336 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\wmp.dll
[4 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:D282699C
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:15024E60
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:734E442A
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:B88E99C8
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:A724744F
< End of report >
--- --- ---

markusg 18.07.2010 17:37
besuche:
VirusTotal - Free Online Virus and Malware Scan

prüfe dort:
C:\Users\Keno\AppData\Roaming\Microsoft\Windows\Templatesa4RCw32Tpf5M1Gim0F8AbQd67ZePk90JnNy9s7S6XtYc2z1W3KqLo41.exe
falls dateie bereits analysiert, klicke erneut prüfen, poste das ergebniss

Drey 18.07.2010 17:45
Antivirus Version Last Update Result
a-squared 5.0.0.31 2010.07.18 -
AhnLab-V3 2010.07.18.00 2010.07.18 -
AntiVir 8.2.4.12 2010.07.16 TR/Dropper.Gen
Antiy-AVL 2.0.3.7 2010.07.15 -
Authentium 5.2.0.5 2010.07.17 -
Avast 4.8.1351.0 2010.07.18 -
Avast5 5.0.332.0 2010.07.18 -
AVG 9.0.0.836 2010.07.18 -
BitDefender 7.2 2010.07.18 -
CAT-QuickHeal 11.00 2010.07.16 -
ClamAV 0.96.0.3-git 2010.07.18 -
Comodo 5467 2010.07.18 -
DrWeb 5.0.2.03300 2010.07.18 -
eSafe 7.0.17.0 2010.07.18 -
eTrust-Vet 36.1.7715 2010.07.16 -
F-Prot 4.6.1.107 2010.07.17 -
F-Secure 9.0.15370.0 2010.07.18 -
Fortinet 4.1.143.0 2010.07.18 -
GData 21 2010.07.18 -
Ikarus T3.1.1.84.0 2010.07.18 -
Jiangmin 13.0.900 2010.07.18 -
Kaspersky 7.0.0.125 2010.07.18 -
McAfee 5.400.0.1158 2010.07.18 -
McAfee-GW-Edition 2010.1 2010.07.16 -
Microsoft 1.6004 2010.07.18 -
NOD32 5288 2010.07.18 -
Norman 6.05.11 2010.07.18 -
nProtect 2010-07-18.02 2010.07.18 -
Panda 10.0.2.7 2010.07.18 Suspicious file
PCTools 7.0.3.5 2010.07.18 -
Prevx 3.0 2010.07.18 -
Rising 22.56.04.04 2010.07.16 -
Sophos 4.55.0 2010.07.18 -
Sunbelt 6600 2010.07.18 -
Symantec 20101.1.1.7 2010.07.18 -
TheHacker 6.5.2.1.318 2010.07.16 -
TrendMicro 9.120.0.1004 2010.07.18 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.18 -
VBA32 3.12.12.6 2010.07.16 -
ViRobot 2010.7.12.3932 2010.07.18 -
VirusBuster 5.0.27.0 2010.07.18 -
Additional information
File size: 49790 bytes
MD5...: 7941c31d937e2ec156b79173430f855d
SHA1..: 5936043b1e23e0ab5263905b4f7ace1bf1cdeb29
SHA256: bbbf14ee52201c6a0e8dbc9e157246e3a416d4676e1ae3e7c2e356e98a38e32c
ssdeep: 1536:9dPF52s1/OHy5c/qEl12BTiEXDYC5rtBH8ZKBz6Zu:Xys1DNDYC5hBH8ZKB
z6k
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x8824
timedatestamp.....: 0x4be35d2f (Fri May 07 00:22:07 2010)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.rsrc 0x2000 0x18b8 0x1a00 4.09 1ff0c9200f038426a4ee99c0e9f94611
.text 0x4000 0xa0b4 0xa200 6.60 34635ba5af716ed5b5ad3ffbfa118742
.reloc 0x10000 0xc 0x200 0.10 8790415dc1eaa3017bfdb23456f4ceec

( 1 imports )
> mscoree.dll: _CorExeMain

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Windows Screen Saver (47.2%)
Win32 Executable Generic (30.7%)
Win16/32 Executable Delphi generic (7.4%)
Generic Win/DOS Executable (7.2%)
DOS Executable Generic (7.2%)
Symantec Reputation Network: Suspicious.Insight hxxp://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
sigcheck:
publisher....: Nc9a4HSg7p5XJi1e0BTo3x2ZYm86Fkf7CQb92Pdq3M8KtDz15EsLj04AnRw6y1G6Wro8SJb5r9N7MgEm34AjTc02Fqs0G5Pei4W1ZdHn6x3L7RpKw89XkDz27BaQt45Yfy8C9WoJa01BkSf32Cby6P 9QwKn1s7EFt0m3HXz2x6ZLj8r5Y4MgDd28Acq0R4GiNe6p5TRe3y1NPa79ZgHq86JtWf0m7A2FkGp1w5T4Csd3E9KiSc4n9BLo1r6MDx72Ybj8XQz5q3G0Lsb8W0Cig7Z5Szj2PMc46Kwt9R3EyJn1
copyright....: Lm48Bid1YCr03DgHw65Rft7Z9MpNj2e8JAx92Saz7K6Wbq5XQs3n1PFo4y0E7GcTk3w5QEx12WsDe84Xqy6C0Fkb9T9Lni0P2Bad6GAz7m3R8KjMf5t1Z4NpJg2r8H4Yco3S0Lzt9HCg16Dpw5Z7Yy Ji71NcPd09Kqm6STb5k4F3AfXx28QnGe4o5R8Ejr1W9MaBs70Acr3R2Ppz6WZe13Htd2Q5Dng0F9Mbk4G6Kqs7JEx8o5N1SfYa4y0L3Cmj9XBi76TwRj82LyNr3e4B7EiFp9d2C1Pxf0ZAq65WcYo8
product......: Dz8b5NZp1i6APn79RtLs42Fkd3T0GxHj75Xro2KEc38CmYq40Qyw9B1Sgf6M0Wae2J9Hgd7D6Kji3B1QtTb5r8R4Gwn3ZFk94YmSq05Exz1PJf67MsAc8o2LNp8a6X2CyWe05CsZm4p1L9GfMq73Dd k5B7Kje1P6Jbn3F4Tza2HWg08Qwx9X9Scy6RNi4r1AEo8t5Y0FpEb7k2S3HfWg7m4QKt92Dja6CPi05GwMs81Acx3N3ZyXd6e4BYr8n5T9LqJz2o0RTk71Qpo2RXb63Wyi4CJd87EeHm05ZqBt91Ln
description..: i7LPe25MoYj4g3NJs6t8HFf1d9D0CmBr6b3AKx8z1Z5WnRw9k2X0Eaq4S7GcTp74Qys6G3Nmo2MEk58Djy9AKt01Faz8Q0Yge6CHb25Pcr7X4Swx1JZq93WnRi12LdBf5p9T3Gsk6T4Jod7RWg0x8N Kq13Pia8F9ZfEz42Ytp7MDj56BrCe0y1HSb8m9A0QwLn6c7XLq52KnHr4e3FCw70BdZt19Xck4R5Ajo3SYa6x8PEf2i6D8MsTm9b0GQz57JyWg1p3N2MeDz47Jys1G6Cqd9E2Nxo0PXp35KcQb4w8B
original name: DownloadStub.exe
internal name: DownloadStub.exe
file version.: 682.9562.45.296
comments.....: Rg8d1X2Dsx0WSo46CbQq57JjZt39Ppr9Y0MzHy86Kwe1LNc7m5ABi23EkGn4a0TFf6r2ACe39Xjs5G4DiMw17Spt8W3RbPg0a6ZNf84Yxz2FEo9q5KTn71JyQk4d6HBc85Lme2C1Lip9Z7Sfb0FPk3 r1TDa7t5J3Rwg9W6MjAn02YzKy8o4QHd1c0E6Gqx8BXs29NmMp5y7J3HeZg45Stz6C0Ffa8D3Tso9BYi21Rcd4N7Pjm2G0LbQw34Akq5W7Ern1XKx8f9TYp60Czb8QDy3m7J9Msw6E4Xdr5H1RkFg2
signers......: -
signing date.: -
verified.....: Unsigned

markusg 18.07.2010 17:51
bitte lad die datei mal hier zu uns hoch.
http://www.trojaner-board.de/54791-a...ner-board.html
gib bescheid, wenn das erledigt ist.

Drey 18.07.2010 18:01
Die Datei ist hochgeladen.

markusg 18.07.2010 22:58
ich meld mich morgen. weis noch net obs schädlich ist

markusg 20.07.2010 15:07
datei scheint io, sind noch probleme aufgetreten?

Drey 24.07.2010 14:14
Nein. ich habe auch nochmal antiVir drauf gespielt und rüber laufen lassen, er hat 15 infizierte Dateien entfernt, seitdem habe ich keine Probleme mehr damit.

Danke für die Hilfe.

Lg

markusg 24.07.2010 14:30
was hat avira gefunden, kannst du mal das log zu finden unter bereichte, posten?

Drey 24.07.2010 15:45
Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Montag, 19. Juli 2010 19:28

Es wird nach 2365352 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - FREE Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 x64
Windowsversion : (plain) [6.1.7600]
Boot Modus : Normal gebootet
Benutzername : ...
Computername : ...-PC

Versionsinformationen:
BUILD.DAT : 10.0.0.567 32097 Bytes 19.04.2010 15:50:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 01.04.2010 11:37:35
AVSCAN.DLL : 10.0.3.0 56168 Bytes 30.03.2010 10:42:16
LUKE.DLL : 10.0.2.3 104296 Bytes 07.03.2010 17:32:59
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.2009 18:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20.01.2010 16:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 26.01.2010 15:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05.03.2010 10:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15.04.2010 17:14:59
VBASE006.VDF : 7.10.7.218 2294784 Bytes 02.06.2010 17:15:09
VBASE007.VDF : 7.10.7.219 2048 Bytes 02.06.2010 17:15:09
VBASE008.VDF : 7.10.7.220 2048 Bytes 02.06.2010 17:15:09
VBASE009.VDF : 7.10.7.221 2048 Bytes 02.06.2010 17:15:09
VBASE010.VDF : 7.10.7.222 2048 Bytes 02.06.2010 17:15:09
VBASE011.VDF : 7.10.7.223 2048 Bytes 02.06.2010 17:15:09
VBASE012.VDF : 7.10.7.224 2048 Bytes 02.06.2010 17:15:09
VBASE013.VDF : 7.10.8.37 270336 Bytes 10.06.2010 17:15:11
VBASE014.VDF : 7.10.8.69 138752 Bytes 14.06.2010 17:15:11
VBASE015.VDF : 7.10.8.102 130560 Bytes 16.06.2010 17:15:12
VBASE016.VDF : 7.10.8.135 152064 Bytes 21.06.2010 17:15:12
VBASE017.VDF : 7.10.8.163 432128 Bytes 23.06.2010 17:15:14
VBASE018.VDF : 7.10.8.194 133632 Bytes 27.06.2010 17:15:15
VBASE019.VDF : 7.10.8.220 134656 Bytes 29.06.2010 17:15:16
VBASE020.VDF : 7.10.8.252 171520 Bytes 04.07.2010 17:15:16
VBASE021.VDF : 7.10.9.19 131072 Bytes 06.07.2010 17:15:17
VBASE022.VDF : 7.10.9.36 297472 Bytes 07.07.2010 17:15:18
VBASE023.VDF : 7.10.9.60 150016 Bytes 11.07.2010 17:15:19
VBASE024.VDF : 7.10.9.79 113152 Bytes 13.07.2010 17:15:19
VBASE025.VDF : 7.10.9.99 158720 Bytes 16.07.2010 17:15:20
VBASE026.VDF : 7.10.9.112 155136 Bytes 19.07.2010 17:15:21
VBASE027.VDF : 7.10.9.113 2048 Bytes 19.07.2010 17:15:21
VBASE028.VDF : 7.10.9.114 2048 Bytes 19.07.2010 17:15:21
VBASE029.VDF : 7.10.9.115 2048 Bytes 19.07.2010 17:15:21
VBASE030.VDF : 7.10.9.116 2048 Bytes 19.07.2010 17:15:21
VBASE031.VDF : 7.10.9.121 59904 Bytes 19.07.2010 17:15:21
Engineversion : 8.2.4.12
AEVDF.DLL : 8.1.2.0 106868 Bytes 19.07.2010 17:15:35
AESCRIPT.DLL : 8.1.3.40 1360250 Bytes 19.07.2010 17:15:35
AESCN.DLL : 8.1.6.1 127347 Bytes 19.07.2010 17:15:33
AESBX.DLL : 8.1.3.1 254324 Bytes 19.07.2010 17:15:35
AERDL.DLL : 8.1.4.6 541043 Bytes 19.07.2010 17:15:33
AEPACK.DLL : 8.2.2.6 430452 Bytes 19.07.2010 17:15:31
AEOFFICE.DLL : 8.1.1.6 201081 Bytes 19.07.2010 17:15:30
AEHEUR.DLL : 8.1.1.38 2724214 Bytes 19.07.2010 17:15:30
AEHELP.DLL : 8.1.11.6 242038 Bytes 19.07.2010 17:15:25
AEGEN.DLL : 8.1.3.14 381299 Bytes 19.07.2010 17:15:25
AEEMU.DLL : 8.1.2.0 393588 Bytes 19.07.2010 17:15:24
AECORE.DLL : 8.1.15.4 192886 Bytes 19.07.2010 17:15:23
AEBB.DLL : 8.1.1.0 53618 Bytes 19.07.2010 17:15:23
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 10:59:10
AVPREF.DLL : 10.0.0.0 44904 Bytes 14.01.2010 10:59:07
AVREP.DLL : 10.0.0.8 62209 Bytes 18.02.2010 15:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 01.04.2010 11:35:44
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 01.04.2010 11:39:49
AVARKT.DLL : 10.0.0.14 227176 Bytes 01.04.2010 11:22:11
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26.01.2010 08:53:25
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 11:57:53
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 14:38:54
NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 13:40:55
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 12:10:08
RCTEXT.DLL : 10.0.53.0 98152 Bytes 09.04.2010 13:14:28

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: ShlExt
Konfigurationsdatei...................: C:\Users\Keno\AppData\Local\Temp\deda5972.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: aus
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: niedrig
Abweichende Gefahrenkategorien........: +APPL,

Beginn des Suchlaufs: Montag, 19. Juli 2010 19:28

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <OS>
C:\Users\Keno\AppData\Roaming\Microsoft\Windows\Templatesa4RCw32Tpf5M1Gim0F8AbQd67ZePk90JnNy9s7S6XtYc2z1W3KqLo41.exe
[FUND] Ist das Trojanische Pferd TR/Dropper.Gen
C:\Users\Keno\AppData\Roaming\Microsoft\Windows\TemplatesAt18Gcy9MKd4p7NJf65ErLk02Bno3WXm2q5P8DsQa16Sjw7TCb3i4YHx0e9R2.exe
[FUND] Ist das Trojanische Pferd TR/Dropper.Gen
C:\Users\Keno\AppData\Roaming\Microsoft\Windows\TemplatesCa12Gqj0F3EgWf9r7Y5Zok4NJc8e6DPp59Hxn4KMi0z7Q2Awb31.exe
[FUND] Ist das Trojanische Pferd TR/Dropper.Gen
C:\Users\Keno\AppData\Roaming\Microsoft\Windows\TemplatesCj17Nfi8KZt9m3YSp26TrAd04Wqg5XEa84Bxb2QRy9k7FHc30Gew6D5Mno1PJz2s4L6Hyt0N2.exe
[FUND] Ist das Trojanische Pferd TR/Dropper.Gen
C:\Users\Keno\AppData\Roaming\Microsoft\Windows\Templatesj8L6Kab3HBe5p4R2Drd1QZy97EoFi0n8Y1AqPf2z3MNs60Tkc5S7CgGw49XxWt42Jms3A81.exe
[FUND] Ist das Trojanische Pferd TR/Dropper.Gen
C:\Users\Keno\AppData\Roaming\Microsoft\Windows\TemplatesKg52Goz3M0Ncf8J1FmDp7s9R6Brw4Q6SxXi3j2H4Aea0WYd91Pyn81.exe
[FUND] Ist das Trojanische Pferd TR/Dropper.Gen
C:\Users\Keno\AppData\Roaming\Microsoft\Windows\TemplatesKs2t3MLe68QbTy7a1BYg0x9A4Rfj5WFm1k6SJc90Gzi3PNd74CoZw82Dnq5X6Hrp12.exe
[FUND] Ist das Trojanische Pferd TR/Dropper.Gen
C:\Users\Keno\AppData\Roaming\Microsoft\Windows\Templatesm2RGj1k3D8Zfs4A9Jra5CHd76Lio0E0Fxq1WMt5y9P2Qnz3S7TeBw4b8KNp6g7X2Yc2.exe
[FUND] Ist das Trojanische Pferd TR/Dropper.Gen
C:\Users\Keno\AppData\Roaming\Microsoft\Windows\Templateso7H9PsZm1q4RCc8f3S5DyYn6k2G0Aie3XWd8r1QFz27KaLw5g4B0Tjt9N1.exe
[FUND] Ist das Trojanische Pferd TR/Dropper.Gen
C:\Users\Keno\AppData\Roaming\Microsoft\Windows\Templatesy0ZTb4i8XFz3r7C9QaEx56Dwc1R2AfJp1q8KSe2g5PBd73Wnk4HLs6o9N0YtGm2.exe
[FUND] Ist das Trojanische Pferd TR/Dropper.Gen
C:\Users\Keno\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\10000001400002h\msiexec.exe
[FUND] Ist das Trojanische Pferd TR/Bumat.A.2749
C:\Users\Keno\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\11300002h\splwow64.exe
[FUND] Ist das Trojanische Pferd TR/Agent.53248.CG
C:\Users\Keno\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\300000002ca00002h\OFFDIAG.EXE
[FUND] Ist das Trojanische Pferd TR/Orsam.A.2026
C:\Users\Keno\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\300000007100002h\SETUP.EXE
[FUND] Ist das Trojanische Pferd TR/Gendal.53248.P
C:\Users\Keno\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\30000000d900002h\DW20.EXE
[FUND] Ist das Trojanische Pferd TR/Bumat.A.1865

Beginne mit der Desinfektion:
C:\Users\Keno\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\30000000d900002h\DW20.EXE
[FUND] Ist das Trojanische Pferd TR/Bumat.A.1865
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '49f76de0.qua' verschoben!
C:\Users\Keno\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\300000007100002h\SETUP.EXE
[FUND] Ist das Trojanische Pferd TR/Gendal.53248.P
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '518e4235.qua' verschoben!
C:\Users\Keno\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\300000002ca00002h\OFFDIAG.EXE
[FUND] Ist das Trojanische Pferd TR/Orsam.A.2026
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '03c318de.qua' verschoben!
C:\Users\Keno\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\11300002h\splwow64.exe
[FUND] Ist das Trojanische Pferd TR/Agent.53248.CG
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '65ce5743.qua' verschoben!
C:\Users\Keno\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\10000001400002h\msiexec.exe
[FUND] Ist das Trojanische Pferd TR/Bumat.A.2749
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '20577a70.qua' verschoben!
C:\Users\Keno\AppData\Roaming\Microsoft\Windows\Templatesy0ZTb4i8XFz3r7C9QaEx56Dwc1R2AfJp1q8KSe2g5PBd73Wnk4HLs6o9N0YtGm2.exe
[FUND] Ist das Trojanische Pferd TR/Dropper.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5f504823.qua' verschoben!
C:\Users\Keno\AppData\Roaming\Microsoft\Windows\Templateso7H9PsZm1q4RCc8f3S5DyYn6k2G0Aie3XWd8r1QFz27KaLw5g4B0Tjt9N1.exe
[FUND] Ist das Trojanische Pferd TR/Dropper.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '13e86469.qua' verschoben!
C:\Users\Keno\AppData\Roaming\Microsoft\Windows\Templatesm2RGj1k3D8Zfs4A9Jra5CHd76Lio0E0Fxq1WMt5y9P2Qnz3S7TeBw4b8KNp6g7X2Yc2.exe
[FUND] Ist das Trojanische Pferd TR/Dropper.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '6ff02439.qua' verschoben!
C:\Users\Keno\AppData\Roaming\Microsoft\Windows\TemplatesKs2t3MLe68QbTy7a1BYg0x9A4Rfj5WFm1k6SJc90Gzi3PNd74CoZw82Dnq5X6Hrp12.exe
[FUND] Ist das Trojanische Pferd TR/Dropper.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '42aa0b74.qua' verschoben!
C:\Users\Keno\AppData\Roaming\Microsoft\Windows\TemplatesKg52Goz3M0Ncf8J1FmDp7s9R6Brw4Q6SxXi3j2H4Aea0WYd91Pyn81.exe
[FUND] Ist das Trojanische Pferd TR/Dropper.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5bc230ee.qua' verschoben!
C:\Users\Keno\AppData\Roaming\Microsoft\Windows\Templatesj8L6Kab3HBe5p4R2Drd1QZy97EoFi0n8Y1AqPf2z3MNs60Tkc5S7CgGw49XxWt42Jms3A81.exe
[FUND] Ist das Trojanische Pferd TR/Dropper.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '379e1cde.qua' verschoben!
C:\Users\Keno\AppData\Roaming\Microsoft\Windows\TemplatesCj17Nfi8KZt9m3YSp26TrAd04Wqg5XEa84Bxb2QRy9k7FHc30Gew6D5Mno1PJz2s4L6Hyt0N2.exe
[FUND] Ist das Trojanische Pferd TR/Dropper.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4627254b.qua' verschoben!
C:\Users\Keno\AppData\Roaming\Microsoft\Windows\TemplatesCa12Gqj0F3EgWf9r7Y5Zok4NJc8e6DPp59Hxn4KMi0z7Q2Awb31.exe
[FUND] Ist das Trojanische Pferd TR/Dropper.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '483d158c.qua' verschoben!
C:\Users\Keno\AppData\Roaming\Microsoft\Windows\TemplatesAt18Gcy9MKd4p7NJf65ErLk02Bno3WXm2q5P8DsQa16Sjw7TCb3i4YHx0e9R2.exe
[FUND] Ist das Trojanische Pferd TR/Dropper.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '0d146cce.qua' verschoben!
C:\Users\Keno\AppData\Roaming\Microsoft\Windows\Templatesa4RCw32Tpf5M1Gim0F8AbQd67ZePk90JnNy9s7S6XtYc2z1W3KqLo41.exe
[FUND] Ist das Trojanische Pferd TR/Dropper.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '041f6865.qua' verschoben!


Ende des Suchlaufs: Montag, 19. Juli 2010 23:51
Benötigte Zeit: 4:22:41 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

27677 Verzeichnisse wurden überprüft
548228 Dateien wurden geprüft
15 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
15 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
548213 Dateien ohne Befall
4325 Archive wurden durchsucht
0 Warnungen
15 Hinweise

markusg 24.07.2010 16:13
ok rechtsklick avira schirm, guard deaktivieren.
dann öffne avira, verwaltung, quarantäne, folgende datei suchen.
C:\Users\Keno\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\30000000d900002h\DW20.EXE
[FUND] Ist das Trojanische Pferd TR/Bumat.A.1865
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '49f76de0.qua' verschoben!
klicke auf wiederherstellen in, desktop wählen.
Submit your sample
hier die datei mal mit verdacht auf fehlalarm hochladen.
poste die file id oder tracking number.
des weiteren die datei bei virustotal prüfen, ergebniss posten.
lösche die daei, leere den papierkorb, schalte avira wieder ein.

Drey 24.07.2010 16:40
Das geht leider nicht, ich habe alle Dateien direkt nach dem Scan gelöscht.

markusg 24.07.2010 17:03
das waren aber evtl. fehlalarme, hast du sie aus der quarantäne gelöscht?
das braucht man eig nicht, dort können sie keinen schaden anrichten

Drey 24.07.2010 19:07
Da gehe ich lieber auf Nummer sicher ;).ja sie sind alle gelöscht, seitdem läuft mein pc aber wieder merklich schneller.

markusg 24.07.2010 19:15
nutze den eset online scan log posten
Free ESET Online Antivirus Scanner

Drey 27.07.2010 17:23
#
# A fatal error has been detected by the Java Runtime Environment:
#
# EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x6d0b6ae0, pid=4020, tid=4120
#
# JRE version: 6.0_20-b02
# Java VM: Java HotSpot(TM) Client VM (16.3-b01 mixed mode, sharing windows-x86 )
# Problematic frame:
# C [awt.dll+0xb6ae0]
#
# If you would like to submit a bug report, please visit:
# hxxp://java.sun.com/webapps/bugreport/crash.jsp
# The crash happened outside the Java Virtual Machine in native code.
# See problematic frame for where to report the bug.
#

--------------- T H R E A D ---------------

Current thread (0x023fd000): JavaThread "AWT-Windows" daemon [_thread_in_native, id=4120, stack(0x05b90000,0x05be0000)]

siginfo: ExceptionCode=0xc0000005, reading address 0x00000000

Registers:
EAX=0x05bdfa78, EBX=0x05663190, ECX=0x000001e0, EDX=0x00000280
ESP=0x05bdfa60, EBP=0x76e01450, ESI=0x00000000, EDI=0x00000280
EIP=0x6d0b6ae0, EFLAGS=0x00010212

Top of Stack: (sp=0x05bdfa60)
0x05bdfa60: 05bdfa78 00001000 00000000 05597580
0x05bdfa70: 00000001 05bdfa68 05bdfa6c 6d0ae4bd
0x05bdfa80: 00000000 00000000 05597580 6d0ae58a
0x05bdfa90: 00000000 05597580 00000001 6d0ae68e
0x05bdfaa0: 05597580 6d0637c2 04c8f820 00000000
0x05bdfab0: 6d0b05c0 00000001 6d102f50 6d102938
0x05bdfac0: 04c8f820 6d0b19e2 6d102f48 6d0b1bc9
0x05bdfad0: 6d09a453 00000000 00001018 00000000

Instructions: (pc=0x6d0b6ae0)
0x6d0b6ad0: 05 00 20 00 00 50 c1 e2 05 8d 44 24 14 50 8b fa
0x6d0b6ae0: 8b 16 57 c1 e1 05 51 56 ff 52 2c 85 c0 0f 8c 93


Stack: [0x05b90000,0x05be0000], sp=0x05bdfa60, free space=13e05bdf544k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
C [awt.dll+0xb6ae0]

Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
j sun.awt.windows.WToolkit.eventLoop()V+0
j sun.awt.windows.WToolkit.run()V+77
j java.lang.Thread.run()V+11
v ~StubRoutines::call_stub

--------------- P R O C E S S ---------------

Java Threads: ( => current thread )
0x0559ec00 JavaThread "Thread-14" [_thread_in_native, id=1872, stack(0x058a0000,0x058f0000)]
0x055a2000 JavaThread "Thread-2" daemon [_thread_in_native, id=2800, stack(0x050f0000,0x05140000)]
0x055a0800 JavaThread "Thread-3451" [_thread_blocked, id=1272, stack(0x07640000,0x07690000)]
0x055a0400 JavaThread "Swing-Shell" daemon [_thread_blocked, id=3284, stack(0x095d0000,0x09620000)]
0x0559f800 JavaThread "LinkGrabberView: infoupdate" [_thread_blocked, id=1400, stack(0x094b0000,0x09500000)]
0x0559f000 JavaThread "DownloadView: infoupdate" [_thread_blocked, id=2256, stack(0x09120000,0x09170000)]
0x0559e400 JavaThread "PremiumStatusUpdateTimer" [_thread_blocked, id=5608, stack(0x05ce0000,0x05d30000)]
0x0559e000 JavaThread "ClipboardHandler" [_thread_blocked, id=672, stack(0x07cf0000,0x07d40000)]
0x0559d800 JavaThread "AWT-EventQueue-1" [_thread_blocked, id=2652, stack(0x07b50000,0x07ba0000)]
0x0559d400 JavaThread "ByteBuffer debugger" [_thread_blocked, id=4532, stack(0x07ac0000,0x07b10000)]
0x0559b000 JavaThread "UploadedCRCObserver" [_thread_blocked, id=3368, stack(0x079a0000,0x079f0000)]
0x0559cc00 JavaThread "Http-Server Consumer" [_thread_in_native, id=5912, stack(0x07a30000,0x07a80000)]
0x0559c000 JavaThread "DestroyJavaVM" [_thread_blocked, id=3420, stack(0x00200000,0x00250000)]
0x0559b400 JavaThread "TimerQueue" daemon [_thread_blocked, id=3424, stack(0x082b0000,0x08300000)]
0x0564e400 JavaThread "SyntheticaCleanerThread" daemon [_thread_blocked, id=5888, stack(0x07910000,0x07960000)]
=>0x023fd000 JavaThread "AWT-Windows" daemon [_thread_in_native, id=4120, stack(0x05b90000,0x05be0000)]
0x04c0d800 JavaThread "AWT-Shutdown" [_thread_blocked, id=3820, stack(0x05b00000,0x05b50000)]
0x04c0d400 JavaThread "Java2D Disposer" daemon [_thread_blocked, id=5708, stack(0x05a70000,0x05ac0000)]
0x04c8dc00 JavaThread "EventSender" [_thread_blocked, id=320, stack(0x053e0000,0x05430000)]
0x04cb5000 JavaThread "EventSenderWatchDog" [_thread_blocked, id=4056, stack(0x051f0000,0x05240000)]
0x02415000 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=4408, stack(0x04a50000,0x04aa0000)]
0x0240d800 JavaThread "CompilerThread0" daemon [_thread_blocked, id=5112, stack(0x049c0000,0x04a10000)]
0x0240c800 JavaThread "Attach Listener" daemon [_thread_blocked, id=3048, stack(0x04930000,0x04980000)]
0x02409800 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=5564, stack(0x048a0000,0x048f0000)]
0x02405800 JavaThread "Finalizer" daemon [_thread_blocked, id=6012, stack(0x04810000,0x04860000)]
0x02400c00 JavaThread "Reference Handler" daemon [_thread_blocked, id=1172, stack(0x04780000,0x047d0000)]

Other Threads:
0x023ff000 VMThread [stack: 0x046f0000,0x04740000] [id=2236]
0x02416c00 WatcherThread [stack: 0x04ae0000,0x04b30000] [id=2852]

VM state:not at safepoint (normal execution)

VM Mutex/Monitor currently owned by a thread: None

Heap
def new generation total 12480K, used 527K [0x14520000, 0x152a0000, 0x1efc0000)
eden space 11136K, 4% used [0x14520000, 0x145a3c70, 0x15000000)
from space 1344K, 0% used [0x15000000, 0x15000000, 0x15150000)
to space 1344K, 0% used [0x15150000, 0x15150000, 0x152a0000)
tenured generation total 27428K, used 16455K [0x1efc0000, 0x20a89000, 0x34520000)
the space 27428K, 59% used [0x1efc0000, 0x1ffd1ce8, 0x1ffd1e00, 0x20a89000)
compacting perm gen total 16896K, used 16641K [0x34520000, 0x355a0000, 0x38520000)
the space 16896K, 98% used [0x34520000, 0x355606e8, 0x35560800, 0x355a0000)
ro space 10240K, 51% used [0x38520000, 0x38a4ae00, 0x38a4ae00, 0x38f20000)
rw space 12288K, 54% used [0x38f20000, 0x395b72d8, 0x395b7400, 0x39b20000)

Dynamic libraries:
0x00400000 - 0x00424000 C:\Program Files (x86)\Java\jre6\bin\javaw.exe
0x77580000 - 0x77700000 C:\Windows\SysWOW64\ntdll.dll
0x76df0000 - 0x76ef0000 C:\Windows\syswow64\kernel32.dll
0x76f20000 - 0x76f66000 C:\Windows\syswow64\KERNELBASE.dll
0x75610000 - 0x756b0000 C:\Windows\syswow64\ADVAPI32.dll
0x75330000 - 0x753dc000 C:\Windows\syswow64\msvcrt.dll
0x76ce0000 - 0x76cf9000 C:\Windows\SysWOW64\sechost.dll
0x769f0000 - 0x76ae0000 C:\Windows\syswow64\RPCRT4.dll
0x750f0000 - 0x75150000 C:\Windows\syswow64\SspiCli.dll
0x750e0000 - 0x750ec000 C:\Windows\syswow64\CRYPTBASE.dll
0x765b0000 - 0x766b0000 C:\Windows\syswow64\USER32.dll
0x76f70000 - 0x77000000 C:\Windows\syswow64\GDI32.dll
0x77550000 - 0x7755a000 C:\Windows\syswow64\LPK.dll
0x75150000 - 0x751ed000 C:\Windows\syswow64\USP10.dll
0x77000000 - 0x77060000 C:\Windows\system32\IMM32.DLL
0x767e0000 - 0x768ac000 C:\Windows\syswow64\MSCTF.dll
0x7c340000 - 0x7c396000 C:\Program Files (x86)\Java\jre6\bin\msvcr71.dll
0x6d800000 - 0x6da97000 C:\Program Files (x86)\Java\jre6\bin\client\jvm.dll
0x74e60000 - 0x74e92000 C:\Windows\system32\WINMM.dll
0x72ba0000 - 0x72beb000 C:\Windows\system32\apphelp.dll
0x6d7b0000 - 0x6d7bc000 C:\Program Files (x86)\Java\jre6\bin\verify.dll
0x6d330000 - 0x6d34f000 C:\Program Files (x86)\Java\jre6\bin\java.dll
0x6d290000 - 0x6d298000 C:\Program Files (x86)\Java\jre6\bin\hpi.dll
0x768b0000 - 0x768b5000 C:\Windows\syswow64\PSAPI.DLL
0x6d7f0000 - 0x6d7ff000 C:\Program Files (x86)\Java\jre6\bin\zip.dll
0x6d610000 - 0x6d623000 C:\Program Files (x86)\Java\jre6\bin\net.dll
0x768c0000 - 0x768f5000 C:\Windows\syswow64\WS2_32.dll
0x755b0000 - 0x755b6000 C:\Windows\syswow64\NSI.dll
0x73080000 - 0x730bc000 C:\Windows\system32\mswsock.dll
0x72ea0000 - 0x72ea6000 C:\Windows\System32\wship6.dll
0x6d630000 - 0x6d639000 C:\Program Files (x86)\Java\jre6\bin\nio.dll
0x72f70000 - 0x72f80000 C:\Windows\system32\NLAapi.dll
0x72f20000 - 0x72f64000 C:\Windows\system32\DNSAPI.dll
0x72f10000 - 0x72f18000 C:\Windows\System32\winrnr.dll
0x72f00000 - 0x72f10000 C:\Windows\system32\napinsp.dll
0x72ee0000 - 0x72ef2000 C:\Windows\system32\pnrpnsp.dll
0x72eb0000 - 0x72ed4000 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
0x76d90000 - 0x76de7000 C:\Windows\syswow64\SHLWAPI.dll
0x72e70000 - 0x72e95000 C:\Program Files (x86)\Bonjour\mdnsNSP.dll
0x733a0000 - 0x733bc000 C:\Windows\system32\Iphlpapi.DLL
0x73390000 - 0x73397000 C:\Windows\system32\WINNSI.DLL
0x73070000 - 0x73075000 C:\Windows\System32\wshtcpip.dll
0x72d00000 - 0x72d06000 C:\Windows\system32\rasadhlp.dll
0x72d10000 - 0x72d48000 C:\Windows\System32\fwpuclnt.dll
0x6d000000 - 0x6d14a000 C:\Program Files (x86)\Java\jre6\bin\awt.dll
0x74a90000 - 0x74ae1000 C:\Windows\system32\WINSPOOL.DRV
0x76440000 - 0x7659c000 C:\Windows\syswow64\ole32.dll
0x74b90000 - 0x74d2e000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\COMCTL32.dll
0x74b70000 - 0x74b83000 C:\Windows\system32\DWMAPI.DLL
0x74eb0000 - 0x74f30000 C:\Windows\system32\uxtheme.dll
0x63570000 - 0x635b0000 D:\Programme\FRAPS32.DLL
0x75760000 - 0x763a9000 C:\Windows\syswow64\shell32.dll
0x6d230000 - 0x6d284000 C:\Program Files (x86)\Java\jre6\bin\fontmanager.dll
0x692e0000 - 0x694a3000 C:\Windows\system32\d3d9.dll
0x74e00000 - 0x74e09000 C:\Windows\system32\VERSION.dll
0x71f30000 - 0x71f36000 C:\Windows\system32\d3d8thk.dll
0x69250000 - 0x692d1000 C:\Windows\system32\aticfx32.dll
0x745f0000 - 0x745f9000 C:\Windows\system32\atiu9pag.dll
0x66120000 - 0x664c6000 C:\Windows\system32\atiumdag.dll
0x65e20000 - 0x66119000 C:\Windows\system32\atiumdva.dll
0x6d570000 - 0x6d603000 C:\Program Files (x86)\Java\jre6\bin\mlib_image.dll
0x6d1a0000 - 0x6d1c3000 C:\Program Files (x86)\Java\jre6\bin\dcpr.dll
0x6d790000 - 0x6d798000 C:\Program Files (x86)\Java\jre6\bin\sunmscapi.dll
0x77060000 - 0x7717c000 C:\Windows\syswow64\CRYPT32.dll
0x76900000 - 0x7690c000 C:\Windows\syswow64\MSASN1.dll
0x731a0000 - 0x731b6000 C:\Windows\system32\CRYPTSP.dll
0x73160000 - 0x7319b000 C:\Windows\system32\rsaenh.dll
0x733c0000 - 0x733d7000 C:\Windows\system32\USERENV.dll
0x74df0000 - 0x74dfb000 C:\Windows\system32\profapi.dll
0x76d00000 - 0x76d8f000 C:\Windows\syswow64\OLEAUT32.dll
0x756b0000 - 0x75733000 C:\Windows\syswow64\CLBCatQ.DLL
0x72bf0000 - 0x72ce5000 C:\Windows\system32\propsys.dll
0x730c0000 - 0x730e1000 C:\Windows\system32\ntmarta.dll
0x755c0000 - 0x75605000 C:\Windows\syswow64\WLDAP32.dll
0x75410000 - 0x755ad000 C:\Windows\syswow64\SETUPAPI.dll
0x753e0000 - 0x75407000 C:\Windows\syswow64\CFGMGR32.dll
0x75740000 - 0x75752000 C:\Windows\syswow64\DEVOBJ.dll
0x6b160000 - 0x6b2f8000 C:\Windows\system32\NetworkExplorer.dll
0x73e90000 - 0x73f8b000 C:\Windows\system32\WindowsCodecs.dll
0x10000000 - 0x10024000 C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
0x09720000 - 0x09743000 C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
0x72600000 - 0x72631000 C:\Windows\system32\EhStorShell.dll
0x6f030000 - 0x6f24f000 C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
0x6ef30000 - 0x6f022000 C:\Program Files (x86)\Microsoft Office\Office12\GrooveUtil.DLL
0x766b0000 - 0x767a4000 C:\Windows\syswow64\WININET.dll
0x765a0000 - 0x765a3000 C:\Windows\syswow64\Normaliz.dll
0x751f0000 - 0x75325000 C:\Windows\syswow64\urlmon.dll
0x76ae0000 - 0x76cd9000 C:\Windows\syswow64\iertutil.dll
0x72fd0000 - 0x7306b000 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCR80.dll
0x72670000 - 0x72677000 C:\Program Files (x86)\Microsoft Office\Office12\GrooveNew.DLL
0x72650000 - 0x7266b000 C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.DLL
0x74e10000 - 0x74e15000 C:\Windows\system32\MSImg32.dll
0x6ee50000 - 0x6eebf000 C:\Windows\system32\ntshrui.dll
0x74950000 - 0x74969000 C:\Windows\system32\srvcli.dll
0x72640000 - 0x7264b000 C:\Windows\system32\cscapi.dll
0x725f0000 - 0x725fa000 C:\Windows\system32\slc.dll
0x6dbf0000 - 0x6dc1e000 C:\Windows\System32\shdocvw.dll
0x72cf0000 - 0x72cfe000 C:\Windows\system32\RpcRtRemote.dll

VM Arguments:
jvm_args: -Xmx512m
java_command: D:\Programme\JDownloader.jar
Launcher Type: SUN_STANDARD

Environment Variables:
CLASSPATH=.;C:\Program Files (x86)\QuickTime\QTSystem\QTJava.zip
PATH=C:\Program Files (x86)\PC Connectivity Solution\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Java\jre6\bin
USERNAME=Keno
OS=Windows_NT
PROCESSOR_IDENTIFIER=AMD64 Family 17 Model 3 Stepping 1, AuthenticAMD



--------------- S Y S T E M ---------------

OS: Windows 7 Build 7600

CPU:total 2 (2 cores per cpu, 1 threads per core) family 17 model 3 stepping 1, cmov, cx8, fxsr, mmx, sse, sse2, sse3, mmxext, 3dnow, 3dnowext

Memory: 4k page, physical 4193400k(1411888k free), swap 8384900k(4847912k free)

vm_info: Java HotSpot(TM) Client VM (16.3-b01) for windows-x86 JRE (1.6.0_20-b02), built on Apr 12 2010 13:52:23 by "java_re" with MS VC++ 7.1 (VS2003)

time: Tue Jul 27 15:52:46 2010
elapsed time: 8455 seconds

markusg 27.07.2010 17:36
woher kommt die meldung infos bitte

Drey 27.07.2010 21:48
Ist das nicht das log?

markusg 28.07.2010 13:46
ja aber wobei ist denn das log aufgetreten ist doch ne java fehlermeldung.


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:06 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131