Trojaner-Board
Seite 2 von 4 1 2 34
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   [Schadprogramm] Windows Restore beseitigt und t.w. noch Probleme (https://www.trojaner-board.de/98419-schadprogramm-windows-restore-beseitigt-t-w-noch-probleme.html)

Drummer_Shoo 09.05.2011 20:53
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6540

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

09.05.2011 21:51:30
mbam-log-2011-05-09 (21-51-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|N:\|)
Durchsuchte Objekte: 450641
Laufzeit: 1 Stunde(n), 17 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Die Log von SASW folgt morgen.

Drummer_Shoo 10.05.2011 20:45
Liste der Anhänge anzeigen (Anzahl: 1)
Hier nun die Log von SASW:

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 05/10/2011 at 09:39 PM

Application Version : 4.52.1000

Core Rules Database Version : 7024
Trace Rules Database Version: 4836

Scan type      : Complete Scan
Total Scan Time : 02:14:13

Memory items scanned      : 782
Memory threats detected  : 0
Registry items scanned    : 8973
Registry threats detected : 0
File items scanned        : 299074
File threats detected    : 1

Trojan.Agent/Gen-OnlineGames[Wilao]
        N:\PROGRAMME\WINTERBERGUPDATER.EXE
Ausserdem bekam ich gestern und heute folgende Meldung:
http://www.trojaner-board.de/attachm...1&d=1305056689

cosinus 10.05.2011 21:04
Zitat:
N:\PROGRAMME\WINTERBERGUPDATER.EXE
Das Teil sagt dir was?

Zitat:
Ausserdem bekam ich gestern und heute folgende Meldung:
Einfach so oder warst du am Surfen? Wenn ja, mit welchem Browser auf welcher Website?

Drummer_Shoo 10.05.2011 21:08
Zu 1. Ja das Teil kenn ich.

Zu 2. Es war kein Brwoser offen und Programme liege, heut zumindest keine als ich die Meldung bekam.

cosinus 10.05.2011 21:18
Melde dich einfach nochmal falls die Meldung immer noch auftaucht.

Drummer_Shoo 14.05.2011 16:19
Die Meldung erscheint weiterhin täglich, wenn der PC läuft.
Ausserdem gibt es weiterhin Weiterleitung auf andere Seiten, wenn ich auf google Suchergebnisse klicke.

cosinus 14.05.2011 17:42
Mach nochmal ein frisches OTL-Log:

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Drummer_Shoo 15.05.2011 09:17
Code:
OTL logfile created on: 15.05.2011 08:43:43 - Run 4
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Melms\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 443,13 Gb Total Space | 334,41 Gb Free Space | 75,47% Space Free | Partition Type: NTFS
Drive D: | 7,02 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 517,49 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive N: | 232,83 Gb Total Space | 108,89 Gb Free Space | 46,77% Space Free | Partition Type: FAT32
 
Computer Name: MELMS-PC | User Name: Melms | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.05.01 23:00:36 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.11 20:21:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Melms\Desktop\OTL.exe
PRC - [2011.03.28 15:41:14 | 001,910,152 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011.03.28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011.03.20 11:42:20 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.02.15 03:32:52 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.12.08 14:31:06 | 000,628,736 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.11.16 14:48:32 | 000,152,576 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2010.11.03 09:32:50 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.06.18 19:38:22 | 000,619,800 | ---- | M] (hxxp://tortoisesvn.net) -- C:\Programme\TortoiseSVN\bin\TSVNCache.exe
PRC - [2010.05.20 23:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.20 23:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.11.20 13:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Programme\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009.10.27 09:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2008.11.04 11:06:36 | 001,105,920 | ---- | M] (TerraTec Electronic GmbH) -- C:\Programme\Common Files\TerraTec\Remote\TTTvRc.exe
PRC - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007.03.22 11:09:16 | 004,540,120 | ---- | M] ( ) -- C:\Programme\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe
PRC - [2007.03.22 11:09:16 | 001,689,304 | ---- | M] ( ) -- C:\Programme\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe
PRC - [2005.03.08 12:46:00 | 000,651,264 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\StCenter.exe
PRC - [2005.03.04 11:50:00 | 000,118,784 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.04.11 20:21:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Melms\Desktop\OTL.exe
MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.05.01 23:00:36 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.03.20 11:42:20 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.12.08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.07.04 11:44:03 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007.03.22 11:09:16 | 001,689,304 | ---- | M] ( ) [Auto | Running] -- C:\Programme\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe -- (AshampooDefragService)
SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2005.03.04 12:42:08 | 000,315,392 | ---- | M] (AVM Berlin) [On_Demand | Stopped] -- C:\Programme\Common Files\AVM\De_serv.exe -- (de_serv)
SRV - [2005.03.04 11:50:00 | 000,118,784 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (AVM IGD CTRL Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.03.20 11:42:20 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.12.02 12:13:28 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.12.02 12:13:22 | 000,018,304 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.11.22 23:55:16 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.10.13 22:49:42 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2010.08.14 17:59:32 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.08.14 17:59:32 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.07.10 06:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.05.10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.02.17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009.12.22 02:26:36 | 000,030,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009.11.20 13:15:18 | 000,137,728 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2009.11.20 13:15:16 | 000,058,880 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.05.05 03:00:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2009.04.29 15:37:26 | 000,025,088 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86)
DRV - [2009.03.18 17:35:40 | 000,026,176 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.07.27 12:46:06 | 000,251,680 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acehlp10.sys -- (acehlp10)
DRV - [2007.07.27 10:13:08 | 000,330,144 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV10.sys -- (acedrv10)
DRV - [2007.05.11 16:17:25 | 000,221,184 | ---- | M] (TerraTec Electronic GmbH.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Cinergy_HT_PCI_MKII.sys -- (Cinergy_HT_PCI_MKII) Cinergy HT PCI (MKII)
DRV - [2004.07.14 12:54:42 | 000,676,864 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 37 13 EE 64 48 11 CB 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.net/"
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.2
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.5.2
FF - prefs.js..extensions.enabledItems: longurlplease@darragh.curran:0.4.3
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: FirefoxAddon@similarWeb.com:1.2.06
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.03.18 21:07:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.03.18 21:07:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.04 17:40:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.04 17:28:20 | 000,000,000 | ---D | M]
 
[2010.06.26 15:07:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melms\AppData\Roaming\mozilla\Extensions
[2011.05.08 20:26:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melms\AppData\Roaming\mozilla\Firefox\Profiles\xsdvpeay.default\extensions
[2011.02.04 09:34:03 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Melms\AppData\Roaming\mozilla\Firefox\Profiles\xsdvpeay.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2011.01.14 09:29:30 | 000,000,000 | ---D | M] ("CoolPreviews") -- C:\Users\Melms\AppData\Roaming\mozilla\Firefox\Profiles\xsdvpeay.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2011.03.12 09:14:20 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Melms\AppData\Roaming\mozilla\Firefox\Profiles\xsdvpeay.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011.02.19 16:23:41 | 000,000,000 | ---D | M] (SimilarWeb) -- C:\Users\Melms\AppData\Roaming\mozilla\Firefox\Profiles\xsdvpeay.default\extensions\FirefoxAddon@similarWeb.com
[2011.05.10 08:24:38 | 000,001,056 | ---- | M] () -- C:\Users\Melms\AppData\Roaming\Mozilla\Firefox\Profiles\xsdvpeay.default\searchplugins\icqplugin.xml
[2011.05.04 17:40:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.07.17 09:13:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.01.12 09:21:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.05.03 20:02:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
File not found (No name found) --
[2010.07.17 09:13:10 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.01.12 09:21:14 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.05.03 20:02:49 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\MELMS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XSDVPEAY.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
() (No name found) -- C:\USERS\MELMS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XSDVPEAY.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI
[2011.04.14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2011.04.14 05:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.12.09 12:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.05.08 15:58:58 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Programme\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} -  File not found
O2 - BHO: (Idea2 SidebarBrowserMonitor Class) - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Programme\Desktop Sidebar\sbhelp.dll (Idea2)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} -  File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe ()
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [Remote Control Editor] C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe (TerraTec Electronic GmbH)
O4 - HKCU..\Run: [Shareaza] C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team)
O4 - HKCU..\Run: [SIDEBAR] C:\Program Files\Desktop Sidebar\dsidebar.exe (Idea2)
O4 - Startup: C:\Users\Melms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Melms\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TV-Browser.url ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download with &Shareaza - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O9 - Extra Button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll (Idea2)
O9 - Extra 'Tools' menuitem : Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Programme\Desktop Sidebar\sbhelp.dll (Idea2)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.10.08 11:01:14 | 000,000,025 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: NowWatching - hkey= - key= - C:\Users\Melms\AppData\Roaming\Tokback\NowWatching\2.2.0.0\NowWatching.exe (Tokback)
MsConfig - State: "bootini" - 2
 
SafeBootMin: AppMgmt -  File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt -  File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.09 21:54:31 | 000,000,000 | ---D | C] -- C:\Users\Melms\AppData\Roaming\SUPERAntiSpyware.com
[2011.05.09 21:54:31 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.05.09 21:54:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.05.09 21:54:22 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2011.05.09 20:32:14 | 011,061,040 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Melms\Desktop\SUPERAntiSpyware.exe
[2011.05.08 20:46:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.05.08 20:31:27 | 000,000,000 | ---D | C] -- C:\cofi4728c
[2011.05.08 20:30:55 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011.05.08 20:27:25 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Melms\Desktop\tdsskiller.exe
[2011.05.08 16:31:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.5
[2011.05.08 16:31:22 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.5
[2011.05.08 15:58:57 | 000,000,000 | ---D | C] -- C:\Users\Melms\AppData\Local\temp
[2011.05.08 15:51:03 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.05.08 15:51:03 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.05.08 15:51:03 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.05.08 15:50:58 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.05.08 15:50:57 | 000,000,000 | ---D | C] -- C:\cofi
[2011.05.08 15:48:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.05.08 15:40:10 | 003,063,136 | ---- | C] (Piriform Ltd) -- C:\Users\Melms\Desktop\ccsetup306.exe
[2011.05.06 22:20:31 | 000,000,000 | ---D | C] -- C:\Users\Melms\AppData\Roaming\Nokia
[2011.05.06 22:20:27 | 000,000,000 | ---D | C] -- C:\Users\Melms\AppData\Roaming\PC Suite
[2011.05.06 22:20:27 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2011.05.06 22:17:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.05.06 22:04:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia PC Suite
[2011.05.06 22:04:04 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PCSuite
[2011.05.06 22:04:02 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Nokia
[2011.05.06 22:03:56 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2011.05.06 22:03:44 | 000,000,000 | ---D | C] -- C:\Programme\PC Connectivity Solution
[2011.05.06 22:00:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations
[2011.05.06 20:39:52 | 001,582,304 | ---- | C] (Piriform Ltd) -- C:\Users\Melms\Desktop\rcsetup140_slim.exe
[2011.05.05 18:55:00 | 000,000,000 | ---D | C] -- C:\Users\Melms\AppData\Local\FT Software Updates
[2011.05.03 20:07:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.05.03 20:06:48 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.05.03 20:06:47 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2011.05.03 20:04:40 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2011.05.03 20:02:57 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2011.05.03 20:01:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.05.03 20:01:08 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2011.04.22 17:45:07 | 000,000,000 | ---D | C] -- C:\Users\Melms\AppData\Roaming\Need for Speed World
[2011.04.22 17:16:59 | 000,000,000 | ---D | C] -- C:\Users\Melms\AppData\Local\Electronic_Arts_Inc
[2011.04.18 19:48:41 | 000,000,000 | ---D | C] -- C:\Users\Melms\AppData\Roaming\TV-Browser
[2010.10.11 21:12:07 | 000,180,224 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.15 08:43:17 | 000,014,624 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.15 08:43:17 | 000,014,624 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.15 08:42:09 | 000,668,302 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.05.15 08:42:09 | 000,619,894 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.05.15 08:42:09 | 000,134,150 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.05.15 08:42:09 | 000,110,082 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.05.15 08:36:18 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.15 08:36:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.15 08:35:54 | 1610,309,632 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.15 00:24:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.10 21:44:16 | 000,025,473 | ---- | M] () -- C:\Users\Melms\Desktop\Bild2.png
[2011.05.09 21:54:24 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.05.09 20:32:36 | 011,061,040 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Melms\Desktop\SUPERAntiSpyware.exe
[2011.05.09 19:42:20 | 000,080,384 | ---- | M] () -- C:\Users\Melms\Desktop\MBRCheck.exe
[2011.05.09 19:03:34 | 000,302,080 | ---- | M] () -- C:\Users\Melms\Desktop\co0xc7nu.exe
[2011.05.08 20:30:46 | 004,343,565 | R--- | M] () -- C:\Users\Melms\Desktop\cofi.exe
[2011.05.08 20:27:27 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Melms\Desktop\tdsskiller.exe
[2011.05.08 16:14:03 | 000,065,446 | ---- | M] () -- C:\Users\Melms\Desktop\hilfäää.png
[2011.05.08 15:58:58 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.05.08 15:40:44 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.05.08 15:40:23 | 003,063,136 | ---- | M] (Piriform Ltd) -- C:\Users\Melms\Desktop\ccsetup306.exe
[2011.05.08 14:56:10 | 000,901,830 | ---- | M] () -- C:\Users\Melms\Desktop\Spulenbeispiele.PNG
[2011.05.08 14:30:23 | 000,037,261 | ---- | M] () -- C:\Users\Melms\Desktop\Img_00991.jpg
[2011.05.06 22:32:09 | 000,007,168 | ---- | M] () -- C:\Users\Melms\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.06 22:27:52 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2011.05.06 22:04:05 | 000,001,996 | ---- | M] () -- C:\Users\Public\Desktop\Nokia PC Suite.lnk
[2011.05.06 21:59:28 | 036,657,376 | ---- | M] () -- C:\Users\Melms\Desktop\Nokia_PC_Suite_ger_web.exe
[2011.05.06 20:39:55 | 001,582,304 | ---- | M] (Piriform Ltd) -- C:\Users\Melms\Desktop\rcsetup140_slim.exe
[2011.05.03 07:27:40 | 000,520,382 | ---- | M] () -- C:\Users\Melms\Desktop\woistderthread.png
[2011.04.30 14:38:47 | 000,358,993 | ---- | M] () -- C:\Users\Melms\Desktop\image.png
[2011.04.29 23:36:01 | 000,007,597 | ---- | M] () -- C:\Users\Melms\AppData\Local\Resmon.ResmonCfg
[2011.04.22 17:16:39 | 000,002,167 | ---- | M] () -- C:\Users\Public\Desktop\Need For Speed World.lnk
[2011.04.16 22:50:30 | 000,000,381 | ---- | M] () -- C:\Windows\BeatBox.INI
[2011.04.16 22:50:30 | 000,000,028 | ---- | M] () -- C:\Windows\Robota.INI
[2011.04.15 20:14:58 | 000,334,200 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2011.05.10 21:44:16 | 000,025,473 | ---- | C] () -- C:\Users\Melms\Desktop\Bild2.png
[2011.05.09 21:54:24 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.05.09 19:42:20 | 000,080,384 | ---- | C] () -- C:\Users\Melms\Desktop\MBRCheck.exe
[2011.05.09 19:03:31 | 000,302,080 | ---- | C] () -- C:\Users\Melms\Desktop\co0xc7nu.exe
[2011.05.08 16:14:03 | 000,065,446 | ---- | C] () -- C:\Users\Melms\Desktop\hilfäää.png
[2011.05.08 15:51:03 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.05.08 15:51:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.05.08 15:51:03 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.05.08 15:51:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.05.08 15:51:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.05.08 15:40:44 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.05.08 15:36:59 | 004,343,565 | R--- | C] () -- C:\Users\Melms\Desktop\cofi.exe
[2011.05.08 14:56:01 | 000,901,830 | ---- | C] () -- C:\Users\Melms\Desktop\Spulenbeispiele.PNG
[2011.05.08 14:30:23 | 000,037,261 | ---- | C] () -- C:\Users\Melms\Desktop\Img_00991.jpg
[2011.05.06 22:27:52 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2011.05.06 22:04:05 | 000,001,996 | ---- | C] () -- C:\Users\Public\Desktop\Nokia PC Suite.lnk
[2011.05.06 21:58:27 | 036,657,376 | ---- | C] () -- C:\Users\Melms\Desktop\Nokia_PC_Suite_ger_web.exe
[2011.05.04 17:40:05 | 000,001,112 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.05.03 07:27:40 | 000,520,382 | ---- | C] () -- C:\Users\Melms\Desktop\woistderthread.png
[2011.04.30 14:38:41 | 000,358,993 | ---- | C] () -- C:\Users\Melms\Desktop\image.png
[2011.04.22 17:16:39 | 000,002,167 | ---- | C] () -- C:\Users\Public\Desktop\Need For Speed World.lnk
[2011.03.20 20:48:15 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2011.02.27 01:45:09 | 000,000,381 | ---- | C] () -- C:\Windows\BeatBox.INI
[2011.02.27 01:45:09 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI
[2011.02.27 00:58:31 | 000,124,596 | ---- | C] () -- C:\Windows\System32\mlfcache.dat
[2011.02.05 20:09:24 | 000,139,152 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.02.05 20:09:18 | 000,139,152 | ---- | C] () -- C:\Users\Melms\AppData\Roaming\PnkBstrK.sys
[2011.02.05 20:08:43 | 000,111,928 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.02.05 20:08:40 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2011.02.05 20:08:40 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.02.03 21:56:57 | 000,000,019 | ---- | C] () -- C:\Windows\SoundConverter.INI
[2010.12.29 21:00:43 | 000,000,180 | ---- | C] () -- C:\Windows\System32\msftpd.exe
[2010.12.19 20:34:53 | 000,000,221 | ---- | C] () -- C:\Windows\SOFTEK.INI
[2010.10.19 17:18:19 | 000,002,464 | ---- | C] () -- C:\Windows\netdet.ini
[2010.10.15 21:00:00 | 000,007,168 | ---- | C] () -- C:\Users\Melms\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.11 21:12:07 | 000,237,568 | ---- | C] () -- C:\Windows\tsnp2uvc.exe
[2010.08.28 19:41:48 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2010.08.28 19:34:40 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.08.28 19:34:13 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.08.14 17:26:47 | 000,007,597 | ---- | C] () -- C:\Users\Melms\AppData\Local\Resmon.ResmonCfg
[2010.08.14 17:14:19 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.08.14 17:14:14 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.07.27 13:00:39 | 000,000,614 | ---- | C] () -- C:\Windows\eReg.dat
[2010.07.04 11:29:04 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009.08.03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009.07.14 10:47:43 | 000,668,302 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,134,150 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,334,200 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,619,894 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,110,082 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2010.07.20 15:35:15 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\#Company short name
[2011.01.23 20:41:11 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Aston
[2011.01.23 17:12:59 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Bump Technologies, Inc
[2011.05.15 08:42:12 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Desktop Sidebar
[2011.05.08 15:44:46 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\FileZilla
[2011.03.13 11:46:42 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\FRITZ!
[2011.05.15 00:35:20 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\ICQ
[2010.11.14 21:51:58 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Jasc
[2010.08.29 13:58:48 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Lern-o-Mat
[2010.08.28 19:43:37 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\MAGIX
[2011.04.22 17:45:07 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Need for Speed World
[2011.05.06 22:31:16 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Nokia
[2010.07.04 13:01:02 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\OpenOffice.org
[2011.05.06 22:20:27 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\PC Suite
[2011.02.16 13:00:53 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Shareaza
[2010.06.26 20:34:09 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Sierra
[2010.06.26 20:20:43 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Sierra Entertainment
[2010.06.27 21:49:29 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Subversion
[2011.05.05 20:26:07 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\TerraTec
[2010.10.31 14:46:00 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Tokback
[2011.05.15 08:42:01 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\TV-Browser
[2011.02.16 23:05:57 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\wargaming.net
[2011.03.25 15:10:55 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.07.20 15:35:15 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\#Company short name
[2010.12.19 19:53:48 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Adobe
[2010.10.01 16:11:13 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Apple Computer
[2011.01.23 20:41:11 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Aston
[2010.07.22 10:19:49 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Avira
[2011.01.23 17:12:59 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Bump Technologies, Inc
[2011.05.15 08:42:12 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Desktop Sidebar
[2011.03.18 21:17:18 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\DivX
[2011.05.13 21:10:37 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\dvdcss
[2011.05.08 15:44:46 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\FileZilla
[2011.03.13 11:46:42 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\FRITZ!
[2011.05.15 00:35:20 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\ICQ
[2010.06.21 15:44:21 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Identities
[2010.06.26 22:11:03 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\InstallShield
[2010.11.14 21:51:58 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Jasc
[2010.08.29 13:58:48 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Lern-o-Mat
[2010.06.21 15:49:08 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Macromedia
[2010.08.28 19:43:37 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\MAGIX
[2011.04.11 21:18:53 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Media Center Programs
[2010.10.31 14:46:04 | 000,000,000 | --SD | M] -- C:\Users\Melms\AppData\Roaming\Microsoft
[2011.02.17 13:25:31 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\mIRC
[2010.06.26 15:07:01 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Mozilla
[2011.04.22 17:45:07 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Need for Speed World
[2011.05.06 22:31:16 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Nokia
[2010.07.04 13:01:02 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\OpenOffice.org
[2011.05.06 22:20:27 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\PC Suite
[2011.02.16 13:00:53 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Shareaza
[2010.06.26 20:34:09 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Sierra
[2010.06.26 20:20:43 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Sierra Entertainment
[2010.06.27 21:49:29 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Subversion
[2011.05.09 21:54:31 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\SUPERAntiSpyware.com
[2011.05.05 20:26:07 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\TerraTec
[2010.10.31 14:46:00 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Tokback
[2010.07.17 08:46:19 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\TortoiseSVN
[2011.05.15 08:42:01 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\TV-Browser
[2010.06.26 15:56:08 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\vlc
[2011.02.16 23:05:57 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\wargaming.net
[2011.05.12 22:57:10 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\Winamp
[2010.07.02 19:03:57 | 000,000,000 | ---D | M] -- C:\Users\Melms\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.10.31 14:46:03 | 000,280,064 | ---- | M] (Tokback) -- C:\Users\Melms\AppData\Roaming\Tokback\NowWatching\2.2.0.0\NowWatching.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
 
< MD5 for: AHCIX86.SYS  >
[2009.07.01 08:18:34 | 000,184,328 | ---- | M] (Advanced Micro Devices, Inc) MD5=48002180D09FCB6A7BDA367CA9E2BC3D -- C:\Users\Melms\Downloads\win7_chipset\Packages\Drivers\SBDrv\SB7xx\RAID\XP\ahcix86.sys
[2010.01.06 12:27:18 | 000,190,256 | ---- | M] (Advanced Micro Devices, Inc) MD5=7E65511294917BF1C10AEE9F16D81ABD -- C:\Users\Melms\Downloads\win7_chipset\Packages\Drivers\SBDrv\SB8xx\RAID\XP\ahcix86.sys
 
< MD5 for: AHCIX86S.SYS  >
[2010.01.06 12:26:34 | 000,190,768 | ---- | M] (Advanced Micro Devices, Inc) MD5=1837E346202F9359088C6CD964F5C6AA -- C:\Users\Melms\Downloads\RAID_win7\W7\ahcix86s.sys
[2010.01.06 12:26:34 | 000,190,768 | ---- | M] (Advanced Micro Devices, Inc) MD5=1837E346202F9359088C6CD964F5C6AA -- C:\Users\Melms\Downloads\win7_chipset\Packages\Drivers\SBDrv\SB8xx\RAID\LH\ahcix86s.sys
[2010.01.06 12:26:34 | 000,190,768 | ---- | M] (Advanced Micro Devices, Inc) MD5=1837E346202F9359088C6CD964F5C6AA -- C:\Users\Melms\Downloads\win7_chipset\Packages\Drivers\SBDrv\SB8xx\RAID\W7\ahcix86s.sys
[2009.07.14 04:36:04 | 000,184,120 | ---- | M] (Advanced Micro Devices, Inc) MD5=4F104D2C68E39E5282E8E47DCF07BF25 -- C:\Users\Melms\Downloads\win7_chipset\Packages\Drivers\SBDrv\SB7xx\RAID\W7\ahcix86s.sys
[2009.07.07 08:57:12 | 000,184,120 | ---- | M] (Advanced Micro Devices, Inc) MD5=6EEE47ADFE3BC5694DF661DCA0F78D04 -- C:\Users\Melms\Downloads\win7_chipset\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\ERDNT\cache\user32.dll
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 16 bytes -> C:\Users\Melms\Downloads:Shareaza.GUID

< End of report >

cosinus 15.05.2011 11:47
Sieht unauffällig aus.
hast du rein zufällig einen Router? Wenn ja wurde da das Adminpasswort geändert?
Wenn nicht, setz diesen Router auf Werkseinstellungen zurück und konfiguriere ihn neu. Wichtig ist, dass du das unsichere vordefinierte Adminkennwort zum Router änderst!

Drummer_Shoo 25.05.2011 15:37
Die Routereinstellungen habe ich zur Zeit noch nicht zurückgesetzt.
Allerdings ist mir aufgefallen, dass diese Meldungen mit 2 Einträgen in dem Taskmanager über einstimmen, die iexplore.exe heissen.
Diese laufen ohne, dass ich den Internetexplorer laufen haben.

Sobald so eine Meldung erscheint und ich die .exe im Taskmanager beende, verschwindet auch die Meldung.

Ein beenden der .exe bringt allerdings auch nichts, da die .exe nach kurzer Zeit wieder im Tasmanger zu finden ist.

cosinus 25.05.2011 20:38
Setz erstmal den Router zurück bevor wir weiterbuddeln.
Denk an die Vergabe eines sicheren Passworts als erstes, damit durch ein unsicheres Standardpasswort ein potentieller Schädling nicht alles wieder umbiegen kann.

Drummer_Shoo 28.05.2011 11:01
So, der Router wurde nun zurückgesetzt und das PW geändert.

cosinus 28.05.2011 23:01
Ok. Bitte mal ESET ausführen.


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Drummer_Shoo 29.05.2011 12:57
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=35747d3ece915c45930be9419a55cfd5
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-05-29 11:55:21
# local_time=2011-05-29 01:55:21 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=768 16777215 100 0 29530823 29530823 0 0
# compatibility_mode=1797 16775165 100 94 49955 43195634 74138 0
# compatibility_mode=5893 16776573 100 94 95606 59097521 0 0
# compatibility_mode=8192 67108863 100 0 179 179 0 0
# scanned=336309
# found=7
# cleaned=0
# scan_time=11342
C:\Users\Melms\AppData\Local\temp\jar_cache3565516834617809017.tmp        a variant of Java/TrojanDownloader.OpenStream.NBV trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\Melms\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\65c97c66-61b7cc59        Java/TrojanDownloader.OpenStream.NBV trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\Melms\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\24d66229-57fd53a8        Java/TrojanDownloader.OpenStream.NBV trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\Melms\Downloads\MsgPlusLive-484.exe        a variant of Win32/MessengerPlus application (unable to clean)        00000000000000000000000000000000        I
N:\Programme\Nero-8.3.2.1_deu_trial.exe        Win32/Toolbar.AskSBar application (unable to clean)        00000000000000000000000000000000        I
N:\Programme\AIX_2.0_CORE_MOD.exe        a variant of Win32/Packed.ExeScript.B trojan (unable to clean)        00000000000000000000000000000000        I
N:\MELMS-PC\Backup Set 2010-07-04 105534\Backup Files 2010-07-04 105534\Backup files 1.zip        a variant of Win32/MessengerPlus application (unable to clean)        00000000000000000000000000000000        I

cosinus 29.05.2011 14:39
Zitat:
N:\Programme\AIX_2.0_CORE_MOD.exe a variant of Win32/Packed.ExeScript.B trojan (unable to clean)
N:\MELMS-PC\Backup Set 2010-07-04 105534\Backup Files 2010-07-04 105534\Backup files 1.zip a variant of Win32/MessengerPlus application (unable to clean)
Wasndas? AIX?
Ist das backupSet noch relevant für dich?


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:03 Uhr.
Seite 2 von 4 1 2 34
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131