| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Svchost.exe lässt sich nicht löschenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
17.07.2010, 12:04
| #1 |
 |  Svchost.exe lässt sich nicht löschen Zu aller erst möchte ich sagen, dass ich in meiner Suche noch keine Lösung gefunden habe, und dardurch auf dieses Board gestossen bin.Ich hoffe ihr könnt mir helfen  .Und zwar habe ich eine svchost.exe die von AVG nicht erkannt wird, aber auf jeden fall schädlich ist. Sie hat bereits Mozilla firefox und Internet Explorer attackiert, sodass merkwürdige kleine Programme namen firefox.exe 32 oder iexplorer.exe liefen mit ca.8000 kb . Die Probleme habe ich aber durch abschalten des Internet Explorers und Neuinstallation behoben. Ich möchte auch noch sagen, dass ich das Problem seit einer Installation eines heruntergeladenes Spiels habe. |
|
17.07.2010, 12:44
| #2 |
| /// Malware-holic   | Svchost.exe lässt sich nicht löschen download malwarebytes:
__________________Malwarebytes instalieren, öffnen, registerkarte aktualisierung, programm updaten. schalte nun alles an laufenden programmen ab, auch dein antivirus programm, trenne auch die internetverbindung, in dem du das netzwerkabel ziehst, bzw wlan deaktivirst, starte nun einen komplett scan mit malwarebytes, funde am ende löschen, evtl. muss der pc neu gestartet werden, avira + internet ein,log posten. ootl: Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt poste beide |
|
18.07.2010, 00:29
| #3 |
| | Svchost.exe lässt sich nicht löschen Malwarebytes' Anti-Malware 1.46
__________________www.malwarebytes.org Datenbank Version: 4321 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 17.07.2010 19:11:46 mbam-log-2010-07-17 (19-11-46).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|) Durchsuchte Objekte: 490499 Laufzeit: 1 Stunde(n), 52 Minute(n), 27 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 3 Infizierte Registrierungswerte: 4 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 5 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{e4v6hjw0-7300-jv52-28v2-5xow7r6os476} (Generic.Bot.H) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\JDK5SWFMZY (Trojan.FakeAlert) -> No action taken. HKEY_CURRENT_USER\Software\Zugo (Adware.Zugo) -> No action taken. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Trojan.Agent) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hkcu (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hklm (Trojan.Agent) -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Windows\Win32Gl\svchost.exe (Generic.Bot.H) -> No action taken. C:\Users\...\AppData\Roaming\cglogs.dat (Malware.Trace) -> No action taken. C:\Users\...\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> No action taken. C:\Users\...\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> No action taken. C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> No action taken. ... Die OTL Datei ist mir abhanden gekommen, meine sie aber abgespeichert zu haben  .Kann dazu erstmal nix zu sagen, ich werde den scan aber gerne wiederholen, wenn erwünscht. |
|
18.07.2010, 10:39
| #4 |
| | Svchost.exe lässt sich nicht löschen Edit:Es scheint als hätte OLT alle Viren erkannt und beseitigt. Danke für die Hilfe |
|
18.07.2010, 14:13
| #5 |
| /// Malware-holic | Svchost.exe lässt sich nicht löschen bitte poste das otl log. führe das programm also erneut aus. da wir nicht sicher sein können ob alles entfernt wurde, ist eine manuelle kontrolle nötig |
|
18.07.2010, 17:09
| #6 |
| | Svchost.exe lässt sich nicht löschen OTL Logfile: Code:
ATTFilter OTL logfile created on: 7/18/2010 5:44:59 PM - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Keno\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free 8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 116.44 Gb Total Space | 50.10 Gb Free Space | 43.03% Space Free | Partition Type: NTFS Drive D: | 334.67 Gb Total Space | 178.06 Gb Free Space | 53.21% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: KENO-PC Current User Name: Keno Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/07/18 12:14:55 | 000,218,808 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe PRC - [2010/07/18 06:45:23 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Keno\Desktop\OTL.exe PRC - [2010/07/16 14:24:14 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe PRC - [2010/07/16 14:24:09 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe PRC - [2010/07/01 00:56:14 | 000,015,320 | ---- | M] (Mozilla Corporation) -- D:\Programme\plugin-container.exe PRC - [2010/07/01 00:56:04 | 000,923,096 | ---- | M] (Mozilla Corporation) -- D:\Programme\firefox.exe PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010/06/08 13:39:01 | 000,133,368 | ---- | M] (ICQ, LLC.) -- C:\Program Files (x86)\ICQ7.0\ICQ.exe PRC - [2010/02/11 12:17:07 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2010/01/25 15:59:10 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2009/09/24 23:50:02 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe PRC - [2009/08/29 08:56:10 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe PRC - [2009/08/17 19:58:46 | 006,859,392 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe PRC - [2009/07/24 20:32:50 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe PRC - [2009/07/16 20:07:54 | 000,178,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe PRC - [2009/06/19 20:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe PRC - [2009/06/19 20:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe PRC - [2009/06/16 03:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe PRC - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009/05/19 01:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe PRC - [2009/04/20 21:09:30 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe PRC - [2008/12/23 03:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe PRC - [2008/08/14 07:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe PRC - [2008/08/14 06:59:56 | 000,301,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe PRC - [2008/07/18 20:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2008/03/31 12:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe ========== Modules (SafeList) ========== MOD - [2010/07/18 06:45:23 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Keno\Desktop\OTL.exe MOD - [2009/07/14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx MOD - [2009/07/14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2010/07/18 12:14:55 | 000,218,808 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB) SRV - [2010/07/16 14:24:09 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd) SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010/04/19 10:25:38 | 000,430,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service) SRV - [2010/03/30 11:16:14 | 001,823,112 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Programme\hamachi-2.exe -- (Hamachi2Svc) SRV - [2010/02/26 16:14:04 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010/02/11 12:17:07 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2009/09/15 03:03:42 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService) SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2009/06/16 03:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2008/12/08 18:01:58 | 000,533,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2008/10/25 12:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2008/03/31 12:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) ========== Driver Services (SafeList) ========== ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2757286898-206695463-168853225-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.qip.ru IE - HKU\S-1-5-21-2757286898-206695463-168853225-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru IE - HKU\S-1-5-21-2757286898-206695463-168853225-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru IE - HKU\S-1-5-21-2757286898-206695463-168853225-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/skins7/ IE - HKU\S-1-5-21-2757286898-206695463-168853225-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie IE - HKU\S-1-5-21-2757286898-206695463-168853225-1000\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\S-1-5-21-2757286898-206695463-168853225-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll () IE - HKU\S-1-5-21-2757286898-206695463-168853225-1000\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - Reg Error: Key error. File not found IE - HKU\S-1-5-21-2757286898-206695463-168853225-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2757286898-206695463-168853225-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://google.de" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.4 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.22 FF - prefs.js..extensions.enabledItems: netvideohunter@netvideohunter.com:1.3 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971 FF - prefs.js..extensions.enabledItems: firefox-ext@youtubekeep.com:1.3 FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3 FF - prefs.js..extensions.enabledItems: beamgeraet@web.de:4.11.0.8 FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7 FF - prefs.js..extensions.enabledItems: info@youtube-mp3.org:1.0.1 FF - prefs.js..extensions.enabledItems: fastYoutubeDownloader@yevgenyandrov.net:1.2.2 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10 FF - prefs.js..extensions.enabledItems: {6e764c17-863a-450f-bdd0-6772bd5aaa18}:1.0.3 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=skins7&tb_ver=2.0.0.2&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/12/26 15:29:54 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/03/04 18:20:15 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/06/03 16:54:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/05/29 13:15:46 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b1\extensions\\Components: D:\Programme\components [2010/07/14 17:56:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b1\extensions\\Plugins: D:\Programme\plugins [2010/07/14 14:37:51 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/03/04 18:20:15 | 000,000,000 | ---D | M] [2009/12/24 02:29:21 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\mozilla\Extensions [2010/07/14 17:45:11 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\mozilla\Firefox\Profiles\0ds3fu9d.default\extensions [2010/07/09 01:01:12 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Keno\AppData\Roaming\mozilla\Firefox\Profiles\0ds3fu9d.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/05/10 17:25:46 | 000,000,000 | ---D | M] (Media Converter) -- C:\Users\Keno\AppData\Roaming\mozilla\Firefox\Profiles\0ds3fu9d.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18} [2010/04/16 18:13:09 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\Keno\AppData\Roaming\mozilla\Firefox\Profiles\0ds3fu9d.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE} [2010/07/13 20:46:55 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Keno\AppData\Roaming\mozilla\Firefox\Profiles\0ds3fu9d.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010/05/29 17:41:46 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Keno\AppData\Roaming\mozilla\Firefox\Profiles\0ds3fu9d.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010/06/25 12:49:43 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Keno\AppData\Roaming\mozilla\Firefox\Profiles\0ds3fu9d.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} [2010/06/13 11:05:03 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\mozilla\Firefox\Profiles\0ds3fu9d.default\extensions\beamgeraet@web.de [2010/06/10 14:34:03 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\mozilla\Firefox\Profiles\0ds3fu9d.default\extensions\fastYoutubeDownloader@yevgenyandrov.net [2010/04/07 22:25:11 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\mozilla\Firefox\Profiles\0ds3fu9d.default\extensions\firefox-ext@youtubekeep.com [2010/05/29 17:41:47 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\mozilla\Firefox\Profiles\0ds3fu9d.default\extensions\info@youtube-mp3.org [2010/07/13 20:46:58 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\mozilla\Firefox\Profiles\0ds3fu9d.default\extensions\netvideohunter@netvideohunter.com [2010/04/27 18:31:58 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\mozilla\Firefox\Profiles\0ds3fu9d.default\extensions\youtube2mp3@mondayx.de [2010/03/27 16:34:40 | 000,002,004 | ---- | M] () -- C:\Users\Keno\AppData\Roaming\Mozilla\FireFox\Profiles\0ds3fu9d.default\searchplugins\3dlam-suche.xml [2009/12/24 04:27:05 | 000,002,254 | ---- | M] () -- C:\Users\Keno\AppData\Roaming\Mozilla\FireFox\Profiles\0ds3fu9d.default\searchplugins\askcom.xml [2010/07/12 13:27:07 | 000,000,950 | ---- | M] () -- C:\Users\Keno\AppData\Roaming\Mozilla\FireFox\Profiles\0ds3fu9d.default\searchplugins\icqplugin-1.xml [2010/04/22 13:33:22 | 000,000,945 | ---- | M] () -- C:\Users\Keno\AppData\Roaming\Mozilla\FireFox\Profiles\0ds3fu9d.default\searchplugins\icqplugin.xml [2009/12/24 03:03:34 | 000,002,061 | ---- | M] () -- C:\Users\Keno\AppData\Roaming\Mozilla\FireFox\Profiles\0ds3fu9d.default\searchplugins\qipsearch.xml [2010/07/14 18:52:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010/07/14 14:37:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/07/14 14:37:07 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2009/12/21 07:47:02 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll () O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-2757286898-206695463-168853225-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-2757286898-206695463-168853225-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKU\S-1-5-21-2757286898-206695463-168853225-1000\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll () O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2757286898-206695463-168853225-1000..\Run: [SRS Premium Sound] C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe (SRS Labs, Inc.) O4 - HKU\S-1-5-21-2757286898-206695463-168853225-1000..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-2757286898-206695463-168853225-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll () O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: ADSMTray - hkey= - key= - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.) MsConfig:64bit - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig:64bit - StartUpReg: P2Go_Menu - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: Hamachi2Svc - D:\Programme\hamachi-2.exe (LogMeIn Inc.) SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.dvacm - C:\PROGRA~2\COMMON~1\ULEADS~1\Vio\Dvacm.acm (Ulead Systems, Inc.) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.mpegacm - C:\PROGRA~2\COMMON~1\ULEADS~1\MPEG\mpegacm.acm (Ulead Systems, Inc.) Drivers32: msacm.ulmp3acm - C:\PROGRA~2\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm (Ulead systems) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2010/07/18 11:41:30 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Keno\Desktop\OTL.exe [2010/07/17 17:15:37 | 000,000,000 | ---D | C] -- C:\Users\Keno\AppData\Roaming\Malwarebytes [2010/07/17 17:15:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010/07/17 17:15:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/07/17 13:23:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2010/07/14 17:51:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared [2010/07/14 17:49:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX [2010/07/14 14:37:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010/07/14 14:37:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2010/07/14 14:37:18 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2010/07/14 14:37:18 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2010/07/14 14:37:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2010/07/14 14:37:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2010/07/14 14:37:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2010/07/12 23:54:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\thriXXX [2010/07/12 23:54:37 | 000,000,000 | ---D | C] -- C:\Users\Keno\AppData\Roaming\thriXXX [2010/07/06 18:47:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities [2010/06/24 12:02:13 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll [2010/06/24 12:02:13 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe [2010/06/24 12:02:13 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll [2010/06/24 12:02:13 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll [2010/06/24 09:02:21 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll [2010/06/24 09:02:20 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax [2010/06/24 09:02:19 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax [2010/06/21 16:53:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip [2010/06/21 15:11:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2010/06/21 14:53:08 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/07/18 17:46:32 | 003,407,872 | -HS- | M] () -- C:\Users\Keno\NTUSER.DAT [2010/07/18 17:02:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/07/18 12:14:55 | 000,218,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2010/07/18 12:14:55 | 000,218,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010/07/18 11:58:00 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2010/07/18 11:57:58 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/07/18 11:57:37 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/07/18 11:57:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/07/18 11:57:15 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys [2010/07/18 11:56:24 | 003,828,899 | -H-- | M] () -- C:\Users\Keno\AppData\Local\IconCache.db [2010/07/18 06:45:23 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Keno\Desktop\OTL.exe [2010/07/17 17:24:31 | 000,007,598 | ---- | M] () -- C:\Users\Keno\AppData\Local\Resmon.ResmonCfg [2010/07/17 17:15:29 | 000,000,780 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/07/17 16:58:19 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk [2010/07/17 16:57:38 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010/07/14 17:51:44 | 000,001,669 | ---- | M] () -- C:\Users\Keno\Desktop\DivX Movies.lnk [2010/07/14 14:37:52 | 000,000,625 | ---- | M] () -- C:\Users\Public\Desktop\JDownloader.lnk [2010/07/14 14:37:07 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2010/07/14 14:37:07 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2010/07/14 14:37:07 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2010/07/14 14:37:07 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2010/07/11 15:47:29 | 000,000,772 | ---- | M] () -- C:\Users\Keno\Desktop\DESKTOP.lnk [2010/07/06 18:47:24 | 000,000,990 | ---- | M] () -- C:\Users\Keno\Desktop\Glary Utilities.lnk [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/07/17 17:15:29 | 000,000,780 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/07/14 17:51:44 | 000,001,669 | ---- | C] () -- C:\Users\Keno\Desktop\DivX Movies.lnk [2010/07/14 14:37:52 | 000,000,625 | ---- | C] () -- C:\Users\Public\Desktop\JDownloader.lnk [2010/07/11 15:47:31 | 000,000,772 | ---- | C] () -- C:\Users\Keno\Desktop\DESKTOP.lnk [2010/07/06 18:47:25 | 000,000,324 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job [2010/07/06 18:47:24 | 000,000,990 | ---- | C] () -- C:\Users\Keno\Desktop\Glary Utilities.lnk [2010/06/25 17:53:33 | 000,055,808 | ---- | C] () -- D:\Documents\Lebenslaufneu12-6-10.doc [2010/06/21 15:16:01 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010/06/20 19:31:20 | 000,024,576 | -HS- | C] () -- C:\Users\Keno\Thumbs.db [2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010/03/01 20:56:43 | 000,691,592 | ---- | C] () -- C:\Windows\SysWow64\OGACheckControl.DLL [2010/02/06 20:43:35 | 000,290,816 | ---- | C] () -- C:\Windows\SysWow64\decdll.dll [2010/01/22 17:15:37 | 000,000,116 | ---- | C] () -- C:\Windows\SysWow64\applet.ini [2009/12/28 23:16:29 | 001,524,494 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009/12/24 11:33:49 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2009/08/19 10:33:09 | 000,000,035 | ---- | C] () -- C:\Windows\OOBEPlayer.ini [2009/07/29 07:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini [2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/06/19 21:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2009/06/19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2003/03/11 18:25:54 | 000,313,856 | ---- | C] () -- C:\Windows\SysWow64\ThriXXX000089.dll [2003/03/11 12:56:52 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\ThriXXX010205PNG.dll [2003/03/11 12:56:36 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\ThriXXX010104Z.dll [2003/03/11 12:56:24 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\ThriXXX015003JP2.dll [2003/01/29 11:10:06 | 000,046,592 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll [2003/01/29 11:10:06 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll ========== LOP Check ========== [2009/12/24 11:25:55 | 000,000,000 | -HSD | M] -- C:\Users\Keno\AppData\Roaming\.# [2010/05/16 11:11:52 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Asus WebStorage [2010/05/25 08:20:47 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\AVG9 [2010/05/18 19:11:12 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2010/02/11 07:30:40 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\DAEMON Tools Lite [2009/12/29 00:01:33 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\DAEMON Tools Pro [2010/02/05 20:15:15 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\EeeStorageUploader [2010/02/06 20:44:06 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\FreeVideoConverter [2009/12/24 11:25:35 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\GameConsole [2009/12/24 11:03:11 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\GlarySoft [2010/07/18 13:35:13 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\ICQ [2010/03/01 21:06:12 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\My ClickOnce Applications [2010/03/04 18:10:11 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Nokia [2009/12/31 16:15:03 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Nokia Ovi Suite [2010/02/10 20:20:50 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Participatory Culture Foundation [2010/02/05 17:31:47 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\PC Suite [2010/07/14 12:45:54 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\PCF-VLC [2010/01/07 19:09:00 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\QIP [2010/04/27 21:26:35 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\TeamViewer [2009/12/26 21:26:27 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Teeworlds [2010/05/16 11:11:31 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\temp [2010/02/22 19:14:13 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Thinstall [2010/07/12 23:54:37 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\thriXXX [2010/04/05 19:49:14 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\TS3Client [2009/12/29 16:47:37 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Ubisoft [2010/01/25 19:48:10 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Ulead Systems [2010/05/18 22:18:35 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Uniblue [2010/05/18 22:35:08 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\widestream [2010/07/18 11:58:00 | 000,000,324 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job [2010/07/11 13:56:20 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2009/12/24 11:25:55 | 000,000,000 | -HSD | M] -- C:\Users\Keno\AppData\Roaming\.# [2009/12/31 11:18:42 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Adobe [2010/04/01 19:08:02 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Apple Computer [2010/05/16 11:11:52 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Asus WebStorage [2009/12/24 01:50:03 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\ATI [2010/05/25 08:20:47 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\AVG9 [2010/05/18 19:11:12 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2010/02/06 20:59:32 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\CyberLink [2010/02/11 07:30:40 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\DAEMON Tools Lite [2009/12/29 00:01:33 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\DAEMON Tools Pro [2010/05/30 21:24:42 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\DivX [2010/06/22 20:55:31 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\dvdcss [2010/02/05 20:15:15 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\EeeStorageUploader [2010/02/06 20:44:06 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\FreeVideoConverter [2009/12/24 11:25:35 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\GameConsole [2009/12/24 11:03:11 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\GlarySoft [2010/01/25 15:59:46 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Google [2010/07/18 13:35:13 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\ICQ [2009/12/24 01:49:28 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Identities [2009/12/24 02:26:52 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Macromedia [2010/07/17 17:15:37 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Malwarebytes [2009/07/14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Media Center Programs [2010/06/19 19:51:02 | 000,000,000 | --SD | M] -- C:\Users\Keno\AppData\Roaming\Microsoft [2010/03/02 18:06:33 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Microsoft Corporation [2009/12/24 02:29:21 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Mozilla [2010/03/01 21:06:12 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\My ClickOnce Applications [2010/03/04 18:10:11 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Nokia [2009/12/31 16:15:03 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Nokia Ovi Suite [2010/02/10 20:20:50 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Participatory Culture Foundation [2010/02/05 17:31:47 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\PC Suite [2010/07/14 12:45:54 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\PCF-VLC [2010/01/07 19:09:00 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\QIP [2010/03/06 20:15:45 | 000,000,000 | RH-D | M] -- C:\Users\Keno\AppData\Roaming\SecuROM [2010/06/25 14:00:31 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Skype [2010/06/25 13:49:36 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\skypePM [2010/04/27 21:26:35 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\TeamViewer [2009/12/26 21:26:27 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Teeworlds [2010/05/16 11:11:31 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\temp [2010/02/22 19:14:13 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Thinstall [2010/07/12 23:54:37 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\thriXXX [2010/04/05 19:49:14 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\TS3Client [2009/12/29 16:47:37 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Ubisoft [2010/01/25 19:48:10 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Ulead Systems [2010/05/18 22:18:35 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Uniblue [2010/07/13 01:00:11 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\vlc [2010/05/18 22:35:08 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\widestream [2010/03/02 18:14:01 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Winamp [2009/12/26 22:21:39 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2010/03/07 03:46:44 | 000,077,542 | R--- | M] () -- C:\Users\...\AppData\Roaming\Microsoft\Installer\{3FC6307A-0EDE-9922-5898-3512D1CA44EE}\ARPPRODUCTICON.exe [2010/05/15 13:03:56 | 000,049,790 | ---- | M] (Nc9a4HSg7p5XJi1e0BTo3x2ZYm86Fkf7CQb92Pdq3M8KtDz15EsLj04AnRw6y1G6Wro8SJb5r9N7MgEm34AjTc02Fqs0G5Pei4W1ZdHn6x3L7RpKw89XkDz27BaQt45Yfy8C9WoJa01BkSf32Cby6P9QwKn1s7EFt0m3HXz2x6ZLj8r5Y4MgDd28Acq0R4GiNe6p5TRe3y1NPa79ZgHq86JtWf0m7A2FkGp1w5T4Csd3E9KiSc4n9BLo1r6MDx72Ybj8XQz5q3G0Lsb8W0Cig7Z5Szj2PMc46Kwt9R3EyJn1) -- C:\Users\Keno\AppData\Roaming\Microsoft\Windows\Templatesa4RCw32Tpf5M1Gim0F8AbQd67ZePk90JnNy9s7S6XtYc2z1W3KqLo41.exe [2010/05/15 13:03:56 | 000,924,160 | ---- | M] (KbW) -- C:\Users\...\AppData\Roaming\Microsoft\Windows\Templatesa4RCw32Tpf5M1Gim0F8AbQd67ZePk90JnNy9s7S6XtYc2z1W3KqLo42.exe [2010/05/15 13:03:56 | 000,000,000 | ---- | M] () -- C:\Users\...\AppData\Roaming\Microsoft\Windows\Templatesa4RCw32Tpf5M1Gim0F8AbQd67ZePk90JnNy9s7S6XtYc2z1W3KqLo43.exe [2010/05/15 13:02:01 | 000,924,160 | ---- | M] (KbW) -- C:\Users\...\AppData\Roaming\Microsoft\Windows\TemplatesAt18Gcy9MKd4p7NJf65ErLk02Bno3WXm2q5P8DsQa16Sjw7TCb3i4YHx0e9R1.exe [2010/05/15 13:02:01 | 000,073,716 | ---- | M] (Lo9k4K1Hya6C7Xmn5YAq8s3JPp0e2E0Zci1M2Gwz6Q3FrTd48Bjf7D9WgSt5b8R5NxZw7n3X6Gdj1M0Los9H2CgTa42RmDt1x6JQr3i8PNz7p0KFc95Efe4A7Wbq2S8BkYy31AqHy4x9SFs6i5M0GeDr10Ejn6T3JpBd79Cow5ZYk42Pfm8NXb3g6KQt5a2RWc4z8L9Lps7EGq01Wfk6T7Bma5XZg41Frb3D0MtAw28Cji9N1Qnc0JRy29KdHe4x3Y8PoSz56HgAa7f8D7CeJd1b9GWc6r5R3MtKz4o2BFs0) -- C:\Users\...\AppData\Roaming\Microsoft\Windows\TemplatesAt18Gcy9MKd4p7NJf65ErLk02Bno3WXm2q5P8DsQa16Sjw7TCb3i4YHx0e9R2.exe [2010/05/15 13:02:01 | 000,000,000 | ---- | M] () -- C:\Users\...\AppData\Roaming\Microsoft\Windows\TemplatesAt18Gcy9MKd4p7NJf65ErLk02Bno3WXm2q5P8DsQa16Sjw7TCb3i4YHx0e9R3.exe [2010/05/11 19:41:30 | 000,049,790 | ---- | M] (Nc9a4HSg7p5XJi1e0BTo3x2ZYm86Fkf7CQb92Pdq3M8KtDz15EsLj04AnRw6y1G6Wro8SJb5r9N7MgEm34AjTc02Fqs0G5Pei4W1ZdHn6x3L7RpKw89XkDz27BaQt45Yfy8C9WoJa01BkSf32Cby6P9QwKn1s7EFt0m3HXz2x6ZLj8r5Y4MgDd28Acq0R4GiNe6p5TRe3y1NPa79ZgHq86JtWf0m7A2FkGp1w5T4Csd3E9KiSc4n9BLo1r6MDx72Ybj8XQz5q3G0Lsb8W0Cig7Z5Szj2PMc46Kwt9R3EyJn1) -- C:\Users\...\AppData\Roaming\Microsoft\Windows\TemplatesCa12Gqj0F3EgWf9r7Y5Zok4NJc8e6DPp59Hxn4KMi0z7Q2Awb31.exe [2010/05/11 19:41:30 | 000,924,160 | ---- | M] (KbW) -- C:\Users\...\AppData\Roaming\Microsoft\Windows\TemplatesCa12Gqj0F3EgWf9r7Y5Zok4NJc8e6DPp59Hxn4KMi0z7Q2Awb32.exe [2010/05/11 19:41:31 | 000,000,000 | ---- | M] () -- C:\Users\..\AppData\Roaming\Microsoft\Windows\TemplatesCa12Gqj0F3EgWf9r7Y5Zok4NJc8e6DPp59Hxn4KMi0z7Q2Awb33.exe [2010/05/12 15:10:58 | 000,924,160 | ---- | M] (KbW) -- C:\Users\...\AppData\Roaming\Microsoft\Windows\TemplatesCj17Nfi8KZt9m3YSp26TrAd04Wqg5XEa84Bxb2QRy9k7FHc30Gew6D5Mno1PJz2s4L6Hyt0N1.exe [2010/05/12 15:10:58 | 000,073,716 | ---- | M] (Lo9k4K1Hya6C7Xmn5YAq8s3JPp0e2E0Zci1M2Gwz6Q3FrTd48Bjf7D9WgSt5b8R5NxZw7n3X6Gdj1M0Los9H2CgTa42RmDt1x6JQr3i8PNz7p0KFc95Efe4A7Wbq2S8BkYy31AqHy4x9SFs6i5M0GeDr10Ejn6T3JpBd79Cow5ZYk42Pfm8NXb3g6KQt5a2RWc4z8L9Lps7EGq01Wfk6T7Bma5XZg41Frb3D0MtAw28Cji9N1Qnc0JRy29KdHe4x3Y8PoSz56HgAa7f8D7CeJd1b9GWc6r5R3MtKz4o2BFs0) -- C:\Users\...\AppData\Roaming\Microsoft\Windows\TemplatesCj17Nfi8KZt9m3YSp26TrAd04Wqg5XEa84Bxb2QRy9k7FHc30Gew6D5Mno1PJz2s4L6Hyt0N2.exe [2010/05/12 15:10:58 | 000,000,000 | ---- | M] () -- C:\Users\Keno\AppData\Roaming\Microsoft\Windows\TemplatesCj17Nfi8KZt9m3YSp26TrAd04Wqg5XEa84Bxb2QRy9k7FHc30Gew6D5Mno1PJz2s4L6Hyt0N3.exe [2010/05/12 15:09:54 | 000,049,790 | ---- | M] (Nc9a4HSg7p5XJi1e0BTo3x2ZYm86Fkf7CQb92Pdq3M8KtDz15EsLj04AnRw6y1G6Wro8SJb5r9N7MgEm34AjTc02Fqs0G5Pei4W1ZdHn6x3L7RpKw89XkDz27BaQt45Yfy8C9WoJa01BkSf32Cby6P9QwKn1s7EFt0m3HXz2x6ZLj8r5Y4MgDd28Acq0R4GiNe6p5TRe3y1NPa79ZgHq86JtWf0m7A2FkGp1w5T4Csd3E9KiSc4n9BLo1r6MDx72Ybj8XQz5q3G0Lsb8W0Cig7Z5Szj2PMc46Kwt9R3EyJn1) -- C:\Users\...\AppData\Roaming\Microsoft\Windows\Templatesj8L6Kab3HBe5p4R2Drd1QZy97EoFi0n8Y1AqPf2z3MNs60Tkc5S7CgGw49XxWt42Jms3A81.exe [2010/05/12 15:09:54 | 000,924,160 | ---- | M] (KbW) -- C:\Users\...\AppData\Roaming\Microsoft\Windows\Templatesj8L6Kab3HBe5p4R2Drd1QZy97EoFi0n8Y1AqPf2z3MNs60Tkc5S7CgGw49XxWt42Jms3A82.exe [2010/05/12 15:09:54 | 000,000,000 | ---- | M] () -- C:\Users\Keno\AppData\Roaming\Microsoft\Windows\Templatesj8L6Kab3HBe5p4R2Drd1QZy97EoFi0n8Y1AqPf2z3MNs60Tkc5S7CgGw49XxWt42Jms3A83.exe [2010/05/11 19:41:41 | 000,049,790 | ---- | M] (Nc9a4HSg7p5XJi1e0BTo3x2ZYm86Fkf7CQb92Pdq3M8KtDz15EsLj04AnRw6y1G6Wro8SJb5r9N7MgEm34AjTc02Fqs0G5Pei4W1ZdHn6x3L7RpKw89XkDz27BaQt45Yfy8C9WoJa01BkSf32Cby6P9QwKn1s7EFt0m3HXz2x6ZLj8r5Y4MgDd28Acq0R4GiNe6p5TRe3y1NPa79ZgHq86JtWf0m7A2FkGp1w5T4Csd3E9KiSc4n9BLo1r6MDx72Ybj8XQz5q3G0Lsb8W0Cig7Z5Szj2PMc46Kwt9R3EyJn1) -- C:\Users\...\AppData\Roaming\Microsoft\Windows\TemplatesKg52Goz3M0Ncf8J1FmDp7s9R6Brw4Q6SxXi3j2H4Aea0WYd91Pyn81.exe [2010/05/11 19:41:41 | 000,924,160 | ---- | M] (KbW) -- C:\Users\Keno\AppData\Roaming\Microsoft\Windows\TemplatesKg52Goz3M0Ncf8J1FmDp7s9R6Brw4Q6SxXi3j2H4Aea0WYd91Pyn82.exe [2010/05/11 19:41:41 | 000,000,000 | ---- | M] () -- C:\Users\...\AppData\Roaming\Microsoft\Windows\TemplatesKg52Goz3M0Ncf8J1FmDp7s9R6Brw4Q6SxXi3j2H4Aea0WYd91Pyn83.exe [2010/05/12 16:25:35 | 000,924,160 | ---- | M] (KbW) -- C:\Users\...\AppData\Roaming\Microsoft\Windows\TemplatesKs2t3MLe68QbTy7a1BYg0x9A4Rfj5WFm1k6SJc90Gzi3PNd74CoZw82Dnq5X6Hrp11.exe [2010/05/12 16:25:35 | 000,073,716 | ---- | M] (Lo9k4K1Hya6C7Xmn5YAq8s3JPp0e2E0Zci1M2Gwz6Q3FrTd48Bjf7D9WgSt5b8R5NxZw7n3X6Gdj1M0Los9H2CgTa42RmDt1x6JQr3i8PNz7p0KFc95Efe4A7Wbq2S8BkYy31AqHy4x9SFs6i5M0GeDr10Ejn6T3JpBd79Cow5ZYk42Pfm8NXb3g6KQt5a2RWc4z8L9Lps7EGq01Wfk6T7Bma5XZg41Frb3D0MtAw28Cji9N1Qnc0JRy29KdHe4x3Y8PoSz56HgAa7f8D7CeJd1b9GWc6r5R3MtKz4o2BFs0) -- C:\Users\...\AppData\Roaming\Microsoft\Windows\TemplatesKs2t3MLe68QbTy7a1BYg0x9A4Rfj5WFm1k6SJc90Gzi3PNd74CoZw82Dnq5X6Hrp12.exe [2010/05/12 16:25:35 | 000,000,000 | ---- | M] () -- C:\Users\...\AppData\Roaming\Microsoft\Windows\TemplatesKs2t3MLe68QbTy7a1BYg0x9A4Rfj5WFm1k6SJc90Gzi3PNd74CoZw82Dnq5X6Hrp13.exe [2010/05/11 19:41:36 | 000,924,160 | ---- | M] (KbW) -- C:\Users\Keno\AppData\Roaming\Microsoft\Windows\Templatesm2RGj1k3D8Zfs4A9Jra5CHd76Lio0E0Fxq1WMt5y9P2Qnz3S7TeBw4b8KNp6g7X2Yc1.exe [2010/05/11 19:41:36 | 000,073,716 | ---- | M] (Lo9k4K1Hya6C7Xmn5YAq8s3JPp0e2E0Zci1M2Gwz6Q3FrTd48Bjf7D9WgSt5b8R5NxZw7n3X6Gdj1M0Los9H2CgTa42RmDt1x6JQr3i8PNz7p0KFc95Efe4A7Wbq2S8BkYy31AqHy4x9SFs6i5M0GeDr10Ejn6T3JpBd79Cow5ZYk42Pfm8NXb3g6KQt5a2RWc4z8L9Lps7EGq01Wfk6T7Bma5XZg41Frb3D0MtAw28Cji9N1Qnc0JRy29KdHe4x3Y8PoSz56HgAa7f8D7CeJd1b9GWc6r5R3MtKz4o2BFs0) -- C:\Users\...\AppData\Roaming\Microsoft\Windows\Templatesm2RGj1k3D8Zfs4A9Jra5CHd76Lio0E0Fxq1WMt5y9P2Qnz3S7TeBw4b8KNp6g7X2Yc2.exe [2010/05/11 19:41:36 | 000,000,000 | ---- | M] () -- C:\Users\...\AppData\Roaming\Microsoft\Windows\Templatesm2RGj1k3D8Zfs4A9Jra5CHd76Lio0E0Fxq1WMt5y9P2Qnz3S7TeBw4b8KNp6g7X2Yc3.exe [2010/05/15 13:01:51 | 000,049,790 | ---- | M] (Nc9a4HSg7p5XJi1e0BTo3x2ZYm86Fkf7CQb92Pdq3M8KtDz15EsLj04AnRw6y1G6Wro8SJb5r9N7MgEm34AjTc02Fqs0G5Pei4W1ZdHn6x3L7RpKw89XkDz27BaQt45Yfy8C9WoJa01BkSf32Cby6P9QwKn1s7EFt0m3HXz2x6ZLj8r5Y4MgDd28Acq0R4GiNe6p5TRe3y1NPa79ZgHq86JtWf0m7A2FkGp1w5T4Csd3E9KiSc4n9BLo1r6MDx72Ybj8XQz5q3G0Lsb8W0Cig7Z5Szj2PMc46Kwt9R3EyJn1) -- C:\Users\...\AppData\Roaming\Microsoft\Windows\Templateso7H9PsZm1q4RCc8f3S5DyYn6k2G0Aie3XWd8r1QFz27KaLw5g4B0Tjt9N1.exe [2010/05/15 13:01:51 | 000,924,160 | ---- | M] (KbW) -- C:\Users\...\AppData\Roaming\Microsoft\Windows\Templateso7H9PsZm1q4RCc8f3S5DyYn6k2G0Aie3XWd8r1QFz27KaLw5g4B0Tjt9N2.exe [2010/05/15 13:01:52 | 000,000,000 | ---- | M] () -- C:\Users\...\AppData\Roaming\Microsoft\Windows\Templateso7H9PsZm1q4RCc8f3S5DyYn6k2G0Aie3XWd8r1QFz27KaLw5g4B0Tjt9N3.exe [2010/05/11 19:42:50 | 000,924,160 | ---- | M] (KbW) -- C:\Users\...\AppData\Roaming\Microsoft\Windows\Templatesy0ZTb4i8XFz3r7C9QaEx56Dwc1R2AfJp1q8KSe2g5PBd73Wnk4HLs6o9N0YtGm1.exe [2010/05/11 19:42:50 | 000,073,716 | ---- | M] (Lo9k4K1Hya6C7Xmn5YAq8s3JPp0e2E0Zci1M2Gwz6Q3FrTd48Bjf7D9WgSt5b8R5NxZw7n3X6Gdj1M0Los9H2CgTa42RmDt1x6JQr3i8PNz7p0KFc95Efe4A7Wbq2S8BkYy31AqHy4x9SFs6i5M0GeDr10Ejn6T3JpBd79Cow5ZYk42Pfm8NXb3g6KQt5a2RWc4z8L9Lps7EGq01Wfk6T7Bma5XZg41Frb3D0MtAw28Cji9N1Qnc0JRy29KdHe4x3Y8PoSz56HgAa7f8D7CeJd1b9GWc6r5R3MtKz4o2BFs0) -- C:\Users\...\AppData\Roaming\Microsoft\Windows\Templatesy0ZTb4i8XFz3r7C9QaEx56Dwc1R2AfJp1q8KSe2g5PBd73Wnk4HLs6o9N0YtGm2.exe [2010/05/11 19:42:50 | 000,000,000 | ---- | M] () -- C:\Users\...\AppData\Roaming\Microsoft\Windows\Templatesy0ZTb4i8XFz3r7C9QaEx56Dwc1R2AfJp1q8KSe2g5PBd73Wnk4HLs6o9N0YtGm3.exe [2010/03/01 21:06:12 | 000,107,768 | ---- | M] (Add-in Express Ltd) -- C:\Users\...\AppData\Roaming\My ClickOnce Applications\products.exe [2010/03/11 09:17:44 | 064,164,264 | ---- | M] () -- C:\Users\...\AppData\Roaming\Nokia\Ovi Suite\Software Updater\NokiaOviSuite2Installer.exe [2010/05/17 19:27:50 | 000,611,840 | ---- | M] (LinGon/CES) -- C:\Users\...\AppData\Roaming\QIP\Profiles\....@qip.ru\RcvdFiles\...\...\Just Cause 2 + 30 Trainer CES-LinGon\Just Cause 2 + 30 Trainer CES-LinGoexen. [2010/05/17 19:27:51 | 000,606,720 | ---- | M] (LinGon/CES) -- C:\Users\...AppData\Roaming\QIP\Profiles\keno1993@qip.ru\RcvdFiles\...\...\Just Cause 2 + 30 Trainer CES-LinGon\RT 2 version\Just Cause 2 - RT 2- Trainer CE-LinGon.exe [2010/02/23 19:39:22 | 000,053,248 | ---- | M] () -- C:\Users\...\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\10000001400002h\msiexec.exe [2010/02/22 19:18:29 | 000,053,248 | ---- | M] () -- C:\Users\...\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\1000000a00003h\imjppdmg.exe [2010/02/22 19:14:31 | 000,053,248 | ---- | M] () -- C:\Users\...\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\11300002h\splwow64.exe [2010/02/22 19:33:37 | 000,053,248 | ---- | M] () -- C:\Users\...\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\30000000111800002h\EXCEL.EXE [2010/02/22 19:17:43 | 000,053,248 | ---- | M] () -- C:\Users\...\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\300000002500002h\MSTORE.EXE [2010/02/22 19:19:00 | 000,053,248 | ---- | M] () -- C:\Users\...\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\300000002ca00002h\OFFDIAG.EXE [2010/02/23 19:39:04 | 000,053,248 | ---- | M] () -- C:\Users\...\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\300000003f00002h\CLVIEW.EXE [2010/02/22 19:24:38 | 000,053,248 | ---- | M] () -- C:\Users\...\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\300000005700002h\WINWORD.EXE [2010/02/22 19:14:33 | 000,053,248 | ---- | M] () -- C:\Users\...\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\300000007100002h\SETUP.EXE [2010/02/22 19:14:22 | 000,053,248 | ---- | M] () -- C:\Users\...\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\300000007300002h\POWERPNT.EXE [2010/02/22 19:18:27 | 000,053,248 | ---- | M] () -- C:\Users\...\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\30000000a0300002h\MSACCESS.EXE [2010/02/22 19:17:44 | 000,053,248 | ---- | M] () -- C:\Users\...\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\30000000cf00002h\MSTORDB.EXE [2010/02/22 19:19:12 | 000,053,248 | ---- | M] () -- C:\Users\...\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\30000000d900002h\DW20.EXE < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll < MD5 for: USERINIT.EXE > [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 03:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtmsft.dll [2009.07.14 03:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtrans.dll [2010.03.08 23:33:56 | 000,427,520 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\vbscript.dll [2009.08.29 08:59:32 | 011,406,336 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\wmp.dll [4 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] ========== Alternate Data Streams ========== @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AB689DEA @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:D282699C @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:15024E60 @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:734E442A @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:B88E99C8 @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:4CF61E54 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:A724744F < End of report > |
|
18.07.2010, 17:37
| #7 |
| /// Malware-holic | Svchost.exe lässt sich nicht löschen besuche: VirusTotal - Free Online Virus and Malware Scan prüfe dort: C:\Users\Keno\AppData\Roaming\Microsoft\Windows\Templatesa4RCw32Tpf5M1Gim0F8AbQd67ZePk90JnNy9s7S6XtYc2z1W3KqLo41.exe falls dateie bereits analysiert, klicke erneut prüfen, poste das ergebniss |
|
18.07.2010, 17:45
| #8 |
| | Svchost.exe lässt sich nicht löschen Antivirus Version Last Update Result a-squared 5.0.0.31 2010.07.18 - AhnLab-V3 2010.07.18.00 2010.07.18 - AntiVir 8.2.4.12 2010.07.16 TR/Dropper.Gen Antiy-AVL 2.0.3.7 2010.07.15 - Authentium 5.2.0.5 2010.07.17 - Avast 4.8.1351.0 2010.07.18 - Avast5 5.0.332.0 2010.07.18 - AVG 9.0.0.836 2010.07.18 - BitDefender 7.2 2010.07.18 - CAT-QuickHeal 11.00 2010.07.16 - ClamAV 0.96.0.3-git 2010.07.18 - Comodo 5467 2010.07.18 - DrWeb 5.0.2.03300 2010.07.18 - eSafe 7.0.17.0 2010.07.18 - eTrust-Vet 36.1.7715 2010.07.16 - F-Prot 4.6.1.107 2010.07.17 - F-Secure 9.0.15370.0 2010.07.18 - Fortinet 4.1.143.0 2010.07.18 - GData 21 2010.07.18 - Ikarus T3.1.1.84.0 2010.07.18 - Jiangmin 13.0.900 2010.07.18 - Kaspersky 7.0.0.125 2010.07.18 - McAfee 5.400.0.1158 2010.07.18 - McAfee-GW-Edition 2010.1 2010.07.16 - Microsoft 1.6004 2010.07.18 - NOD32 5288 2010.07.18 - Norman 6.05.11 2010.07.18 - nProtect 2010-07-18.02 2010.07.18 - Panda 10.0.2.7 2010.07.18 Suspicious file PCTools 7.0.3.5 2010.07.18 - Prevx 3.0 2010.07.18 - Rising 22.56.04.04 2010.07.16 - Sophos 4.55.0 2010.07.18 - Sunbelt 6600 2010.07.18 - Symantec 20101.1.1.7 2010.07.18 - TheHacker 6.5.2.1.318 2010.07.16 - TrendMicro 9.120.0.1004 2010.07.18 - TrendMicro-HouseCall 9.120.0.1004 2010.07.18 - VBA32 3.12.12.6 2010.07.16 - ViRobot 2010.7.12.3932 2010.07.18 - VirusBuster 5.0.27.0 2010.07.18 - Additional information File size: 49790 bytes MD5...: 7941c31d937e2ec156b79173430f855d SHA1..: 5936043b1e23e0ab5263905b4f7ace1bf1cdeb29 SHA256: bbbf14ee52201c6a0e8dbc9e157246e3a416d4676e1ae3e7c2e356e98a38e32c ssdeep: 1536:9dPF52s1/OHy5c/qEl12BTiEXDYC5rtBH8ZKBz6Zu:Xys1DNDYC5hBH8ZKB z6k PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x8824 timedatestamp.....: 0x4be35d2f (Fri May 07 00:22:07 2010) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .rsrc 0x2000 0x18b8 0x1a00 4.09 1ff0c9200f038426a4ee99c0e9f94611 .text 0x4000 0xa0b4 0xa200 6.60 34635ba5af716ed5b5ad3ffbfa118742 .reloc 0x10000 0xc 0x200 0.10 8790415dc1eaa3017bfdb23456f4ceec ( 1 imports ) > mscoree.dll: _CorExeMain ( 0 exports ) RDS...: NSRL Reference Data Set - pdfid.: - trid..: Windows Screen Saver (47.2%) Win32 Executable Generic (30.7%) Win16/32 Executable Delphi generic (7.4%) Generic Win/DOS Executable (7.2%) DOS Executable Generic (7.2%) Symantec Reputation Network: Suspicious.Insight hxxp://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99 sigcheck: publisher....: Nc9a4HSg7p5XJi1e0BTo3x2ZYm86Fkf7CQb92Pdq3M8KtDz15EsLj04AnRw6y1G6Wro8SJb5r9N7MgEm34AjTc02Fqs0G5Pei4W1ZdHn6x3L7RpKw89XkDz27BaQt45Yfy8C9WoJa01BkSf32Cby6P 9QwKn1s7EFt0m3HXz2x6ZLj8r5Y4MgDd28Acq0R4GiNe6p5TRe3y1NPa79ZgHq86JtWf0m7A2FkGp1w5T4Csd3E9KiSc4n9BLo1r6MDx72Ybj8XQz5q3G0Lsb8W0Cig7Z5Szj2PMc46Kwt9R3EyJn1 copyright....: Lm48Bid1YCr03DgHw65Rft7Z9MpNj2e8JAx92Saz7K6Wbq5XQs3n1PFo4y0E7GcTk3w5QEx12WsDe84Xqy6C0Fkb9T9Lni0P2Bad6GAz7m3R8KjMf5t1Z4NpJg2r8H4Yco3S0Lzt9HCg16Dpw5Z7Yy Ji71NcPd09Kqm6STb5k4F3AfXx28QnGe4o5R8Ejr1W9MaBs70Acr3R2Ppz6WZe13Htd2Q5Dng0F9Mbk4G6Kqs7JEx8o5N1SfYa4y0L3Cmj9XBi76TwRj82LyNr3e4B7EiFp9d2C1Pxf0ZAq65WcYo8 product......: Dz8b5NZp1i6APn79RtLs42Fkd3T0GxHj75Xro2KEc38CmYq40Qyw9B1Sgf6M0Wae2J9Hgd7D6Kji3B1QtTb5r8R4Gwn3ZFk94YmSq05Exz1PJf67MsAc8o2LNp8a6X2CyWe05CsZm4p1L9GfMq73Dd k5B7Kje1P6Jbn3F4Tza2HWg08Qwx9X9Scy6RNi4r1AEo8t5Y0FpEb7k2S3HfWg7m4QKt92Dja6CPi05GwMs81Acx3N3ZyXd6e4BYr8n5T9LqJz2o0RTk71Qpo2RXb63Wyi4CJd87EeHm05ZqBt91Ln description..: i7LPe25MoYj4g3NJs6t8HFf1d9D0CmBr6b3AKx8z1Z5WnRw9k2X0Eaq4S7GcTp74Qys6G3Nmo2MEk58Djy9AKt01Faz8Q0Yge6CHb25Pcr7X4Swx1JZq93WnRi12LdBf5p9T3Gsk6T4Jod7RWg0x8N Kq13Pia8F9ZfEz42Ytp7MDj56BrCe0y1HSb8m9A0QwLn6c7XLq52KnHr4e3FCw70BdZt19Xck4R5Ajo3SYa6x8PEf2i6D8MsTm9b0GQz57JyWg1p3N2MeDz47Jys1G6Cqd9E2Nxo0PXp35KcQb4w8B original name: DownloadStub.exe internal name: DownloadStub.exe file version.: 682.9562.45.296 comments.....: Rg8d1X2Dsx0WSo46CbQq57JjZt39Ppr9Y0MzHy86Kwe1LNc7m5ABi23EkGn4a0TFf6r2ACe39Xjs5G4DiMw17Spt8W3RbPg0a6ZNf84Yxz2FEo9q5KTn71JyQk4d6HBc85Lme2C1Lip9Z7Sfb0FPk3 r1TDa7t5J3Rwg9W6MjAn02YzKy8o4QHd1c0E6Gqx8BXs29NmMp5y7J3HeZg45Stz6C0Ffa8D3Tso9BYi21Rcd4N7Pjm2G0LbQw34Akq5W7Ern1XKx8f9TYp60Czb8QDy3m7J9Msw6E4Xdr5H1RkFg2 signers......: - signing date.: - verified.....: Unsigned |
|
18.07.2010, 17:51
| #9 |
| /// Malware-holic | Svchost.exe lässt sich nicht löschen bitte lad die datei mal hier zu uns hoch. http://www.trojaner-board.de/54791-a...ner-board.html gib bescheid, wenn das erledigt ist. |
|
18.07.2010, 18:01
| #10 |
| | Svchost.exe lässt sich nicht löschen Die Datei ist hochgeladen. |
|
18.07.2010, 22:58
| #11 |
| /// Malware-holic | Svchost.exe lässt sich nicht löschen ich meld mich morgen. weis noch net obs schädlich ist |
|
20.07.2010, 15:07
| #12 |
| /// Malware-holic | Svchost.exe lässt sich nicht löschen datei scheint io, sind noch probleme aufgetreten? |
|
24.07.2010, 14:14
| #13 |
| | Svchost.exe lässt sich nicht löschen Nein. ich habe auch nochmal antiVir drauf gespielt und rüber laufen lassen, er hat 15 infizierte Dateien entfernt, seitdem habe ich keine Probleme mehr damit. Danke für die Hilfe. Lg |
|
24.07.2010, 14:30
| #14 |
| /// Malware-holic | Svchost.exe lässt sich nicht löschen was hat avira gefunden, kannst du mal das log zu finden unter bereichte, posten? |
|
24.07.2010, 15:45
| #15 |
| | Svchost.exe lässt sich nicht löschen Avira AntiVir Personal Erstellungsdatum der Reportdatei: Montag, 19. Juli 2010 19:28 Es wird nach 2365352 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - FREE Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 x64 Windowsversion : (plain) [6.1.7600] Boot Modus : Normal gebootet Benutzername : ... Computername : ...-PC Versionsinformationen: BUILD.DAT : 10.0.0.567 32097 Bytes 19.04.2010 15:50:00 AVSCAN.EXE : 10.0.3.0 433832 Bytes 01.04.2010 11:37:35 AVSCAN.DLL : 10.0.3.0 56168 Bytes 30.03.2010 10:42:16 LUKE.DLL : 10.0.2.3 104296 Bytes 07.03.2010 17:32:59 LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36 VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.2009 18:27:49 VBASE002.VDF : 7.10.3.1 3143680 Bytes 20.01.2010 16:37:42 VBASE003.VDF : 7.10.3.75 996864 Bytes 26.01.2010 15:37:42 VBASE004.VDF : 7.10.4.203 1579008 Bytes 05.03.2010 10:29:03 VBASE005.VDF : 7.10.6.82 2494464 Bytes 15.04.2010 17:14:59 VBASE006.VDF : 7.10.7.218 2294784 Bytes 02.06.2010 17:15:09 VBASE007.VDF : 7.10.7.219 2048 Bytes 02.06.2010 17:15:09 VBASE008.VDF : 7.10.7.220 2048 Bytes 02.06.2010 17:15:09 VBASE009.VDF : 7.10.7.221 2048 Bytes 02.06.2010 17:15:09 VBASE010.VDF : 7.10.7.222 2048 Bytes 02.06.2010 17:15:09 VBASE011.VDF : 7.10.7.223 2048 Bytes 02.06.2010 17:15:09 VBASE012.VDF : 7.10.7.224 2048 Bytes 02.06.2010 17:15:09 VBASE013.VDF : 7.10.8.37 270336 Bytes 10.06.2010 17:15:11 VBASE014.VDF : 7.10.8.69 138752 Bytes 14.06.2010 17:15:11 VBASE015.VDF : 7.10.8.102 130560 Bytes 16.06.2010 17:15:12 VBASE016.VDF : 7.10.8.135 152064 Bytes 21.06.2010 17:15:12 VBASE017.VDF : 7.10.8.163 432128 Bytes 23.06.2010 17:15:14 VBASE018.VDF : 7.10.8.194 133632 Bytes 27.06.2010 17:15:15 VBASE019.VDF : 7.10.8.220 134656 Bytes 29.06.2010 17:15:16 VBASE020.VDF : 7.10.8.252 171520 Bytes 04.07.2010 17:15:16 VBASE021.VDF : 7.10.9.19 131072 Bytes 06.07.2010 17:15:17 VBASE022.VDF : 7.10.9.36 297472 Bytes 07.07.2010 17:15:18 VBASE023.VDF : 7.10.9.60 150016 Bytes 11.07.2010 17:15:19 VBASE024.VDF : 7.10.9.79 113152 Bytes 13.07.2010 17:15:19 VBASE025.VDF : 7.10.9.99 158720 Bytes 16.07.2010 17:15:20 VBASE026.VDF : 7.10.9.112 155136 Bytes 19.07.2010 17:15:21 VBASE027.VDF : 7.10.9.113 2048 Bytes 19.07.2010 17:15:21 VBASE028.VDF : 7.10.9.114 2048 Bytes 19.07.2010 17:15:21 VBASE029.VDF : 7.10.9.115 2048 Bytes 19.07.2010 17:15:21 VBASE030.VDF : 7.10.9.116 2048 Bytes 19.07.2010 17:15:21 VBASE031.VDF : 7.10.9.121 59904 Bytes 19.07.2010 17:15:21 Engineversion : 8.2.4.12 AEVDF.DLL : 8.1.2.0 106868 Bytes 19.07.2010 17:15:35 AESCRIPT.DLL : 8.1.3.40 1360250 Bytes 19.07.2010 17:15:35 AESCN.DLL : 8.1.6.1 127347 Bytes 19.07.2010 17:15:33 AESBX.DLL : 8.1.3.1 254324 Bytes 19.07.2010 17:15:35 AERDL.DLL : 8.1.4.6 541043 Bytes 19.07.2010 17:15:33 AEPACK.DLL : 8.2.2.6 430452 Bytes 19.07.2010 17:15:31 AEOFFICE.DLL : 8.1.1.6 201081 Bytes 19.07.2010 17:15:30 AEHEUR.DLL : 8.1.1.38 2724214 Bytes 19.07.2010 17:15:30 AEHELP.DLL : 8.1.11.6 242038 Bytes 19.07.2010 17:15:25 AEGEN.DLL : 8.1.3.14 381299 Bytes 19.07.2010 17:15:25 AEEMU.DLL : 8.1.2.0 393588 Bytes 19.07.2010 17:15:24 AECORE.DLL : 8.1.15.4 192886 Bytes 19.07.2010 17:15:23 AEBB.DLL : 8.1.1.0 53618 Bytes 19.07.2010 17:15:23 AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 10:59:10 AVPREF.DLL : 10.0.0.0 44904 Bytes 14.01.2010 10:59:07 AVREP.DLL : 10.0.0.8 62209 Bytes 18.02.2010 15:47:40 AVREG.DLL : 10.0.3.0 53096 Bytes 01.04.2010 11:35:44 AVSCPLR.DLL : 10.0.3.0 83816 Bytes 01.04.2010 11:39:49 AVARKT.DLL : 10.0.0.14 227176 Bytes 01.04.2010 11:22:11 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26.01.2010 08:53:25 SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 11:57:53 AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 14:38:54 NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 13:40:55 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 12:10:08 RCTEXT.DLL : 10.0.53.0 98152 Bytes 09.04.2010 13:14:28 Konfiguration für den aktuellen Suchlauf: Job Name..............................: ShlExt Konfigurationsdatei...................: C:\Users\Keno\AppData\Local\Temp\deda5972.avp Protokollierung.......................: niedrig Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, Durchsuche aktive Programme...........: aus Durchsuche Registrierung..............: aus Suche nach Rootkits...................: aus Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: niedrig Abweichende Gefahrenkategorien........: +APPL, Beginn des Suchlaufs: Montag, 19. Juli 2010 19:28 Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' <OS> C:\Users\Keno\AppData\Roaming\Microsoft\Windows\Templatesa4RCw32Tpf5M1Gim0F8AbQd67ZePk90JnNy9s7S6XtYc2z1W3KqLo41.exe [FUND] Ist das Trojanische Pferd TR/Dropper.Gen C:\Users\Keno\AppData\Roaming\Microsoft\Windows\TemplatesAt18Gcy9MKd4p7NJf65ErLk02Bno3WXm2q5P8DsQa16Sjw7TCb3i4YHx0e9R2.exe [FUND] Ist das Trojanische Pferd TR/Dropper.Gen C:\Users\Keno\AppData\Roaming\Microsoft\Windows\TemplatesCa12Gqj0F3EgWf9r7Y5Zok4NJc8e6DPp59Hxn4KMi0z7Q2Awb31.exe [FUND] Ist das Trojanische Pferd TR/Dropper.Gen C:\Users\Keno\AppData\Roaming\Microsoft\Windows\TemplatesCj17Nfi8KZt9m3YSp26TrAd04Wqg5XEa84Bxb2QRy9k7FHc30Gew6D5Mno1PJz2s4L6Hyt0N2.exe [FUND] Ist das Trojanische Pferd TR/Dropper.Gen C:\Users\Keno\AppData\Roaming\Microsoft\Windows\Templatesj8L6Kab3HBe5p4R2Drd1QZy97EoFi0n8Y1AqPf2z3MNs60Tkc5S7CgGw49XxWt42Jms3A81.exe [FUND] Ist das Trojanische Pferd TR/Dropper.Gen C:\Users\Keno\AppData\Roaming\Microsoft\Windows\TemplatesKg52Goz3M0Ncf8J1FmDp7s9R6Brw4Q6SxXi3j2H4Aea0WYd91Pyn81.exe [FUND] Ist das Trojanische Pferd TR/Dropper.Gen C:\Users\Keno\AppData\Roaming\Microsoft\Windows\TemplatesKs2t3MLe68QbTy7a1BYg0x9A4Rfj5WFm1k6SJc90Gzi3PNd74CoZw82Dnq5X6Hrp12.exe [FUND] Ist das Trojanische Pferd TR/Dropper.Gen C:\Users\Keno\AppData\Roaming\Microsoft\Windows\Templatesm2RGj1k3D8Zfs4A9Jra5CHd76Lio0E0Fxq1WMt5y9P2Qnz3S7TeBw4b8KNp6g7X2Yc2.exe [FUND] Ist das Trojanische Pferd TR/Dropper.Gen C:\Users\Keno\AppData\Roaming\Microsoft\Windows\Templateso7H9PsZm1q4RCc8f3S5DyYn6k2G0Aie3XWd8r1QFz27KaLw5g4B0Tjt9N1.exe [FUND] Ist das Trojanische Pferd TR/Dropper.Gen C:\Users\Keno\AppData\Roaming\Microsoft\Windows\Templatesy0ZTb4i8XFz3r7C9QaEx56Dwc1R2AfJp1q8KSe2g5PBd73Wnk4HLs6o9N0YtGm2.exe [FUND] Ist das Trojanische Pferd TR/Dropper.Gen C:\Users\Keno\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\10000001400002h\msiexec.exe [FUND] Ist das Trojanische Pferd TR/Bumat.A.2749 C:\Users\Keno\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\11300002h\splwow64.exe [FUND] Ist das Trojanische Pferd TR/Agent.53248.CG C:\Users\Keno\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\300000002ca00002h\OFFDIAG.EXE [FUND] Ist das Trojanische Pferd TR/Orsam.A.2026 C:\Users\Keno\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\300000007100002h\SETUP.EXE [FUND] Ist das Trojanische Pferd TR/Gendal.53248.P C:\Users\Keno\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\30000000d900002h\DW20.EXE [FUND] Ist das Trojanische Pferd TR/Bumat.A.1865 Beginne mit der Desinfektion: C:\Users\Keno\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\30000000d900002h\DW20.EXE [FUND] Ist das Trojanische Pferd TR/Bumat.A.1865 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '49f76de0.qua' verschoben! C:\Users\Keno\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\300000007100002h\SETUP.EXE [FUND] Ist das Trojanische Pferd TR/Gendal.53248.P [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '518e4235.qua' verschoben! C:\Users\Keno\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\300000002ca00002h\OFFDIAG.EXE [FUND] Ist das Trojanische Pferd TR/Orsam.A.2026 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '03c318de.qua' verschoben! C:\Users\Keno\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\11300002h\splwow64.exe [FUND] Ist das Trojanische Pferd TR/Agent.53248.CG [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '65ce5743.qua' verschoben! C:\Users\Keno\AppData\Roaming\Thinstall\Microsoft Office Enterprise 2007\10000001400002h\msiexec.exe [FUND] Ist das Trojanische Pferd TR/Bumat.A.2749 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '20577a70.qua' verschoben! C:\Users\Keno\AppData\Roaming\Microsoft\Windows\Templatesy0ZTb4i8XFz3r7C9QaEx56Dwc1R2AfJp1q8KSe2g5PBd73Wnk4HLs6o9N0YtGm2.exe [FUND] Ist das Trojanische Pferd TR/Dropper.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5f504823.qua' verschoben! C:\Users\Keno\AppData\Roaming\Microsoft\Windows\Templateso7H9PsZm1q4RCc8f3S5DyYn6k2G0Aie3XWd8r1QFz27KaLw5g4B0Tjt9N1.exe [FUND] Ist das Trojanische Pferd TR/Dropper.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '13e86469.qua' verschoben! C:\Users\Keno\AppData\Roaming\Microsoft\Windows\Templatesm2RGj1k3D8Zfs4A9Jra5CHd76Lio0E0Fxq1WMt5y9P2Qnz3S7TeBw4b8KNp6g7X2Yc2.exe [FUND] Ist das Trojanische Pferd TR/Dropper.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '6ff02439.qua' verschoben! C:\Users\Keno\AppData\Roaming\Microsoft\Windows\TemplatesKs2t3MLe68QbTy7a1BYg0x9A4Rfj5WFm1k6SJc90Gzi3PNd74CoZw82Dnq5X6Hrp12.exe [FUND] Ist das Trojanische Pferd TR/Dropper.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '42aa0b74.qua' verschoben! C:\Users\Keno\AppData\Roaming\Microsoft\Windows\TemplatesKg52Goz3M0Ncf8J1FmDp7s9R6Brw4Q6SxXi3j2H4Aea0WYd91Pyn81.exe [FUND] Ist das Trojanische Pferd TR/Dropper.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5bc230ee.qua' verschoben! C:\Users\Keno\AppData\Roaming\Microsoft\Windows\Templatesj8L6Kab3HBe5p4R2Drd1QZy97EoFi0n8Y1AqPf2z3MNs60Tkc5S7CgGw49XxWt42Jms3A81.exe [FUND] Ist das Trojanische Pferd TR/Dropper.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '379e1cde.qua' verschoben! C:\Users\Keno\AppData\Roaming\Microsoft\Windows\TemplatesCj17Nfi8KZt9m3YSp26TrAd04Wqg5XEa84Bxb2QRy9k7FHc30Gew6D5Mno1PJz2s4L6Hyt0N2.exe [FUND] Ist das Trojanische Pferd TR/Dropper.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4627254b.qua' verschoben! C:\Users\Keno\AppData\Roaming\Microsoft\Windows\TemplatesCa12Gqj0F3EgWf9r7Y5Zok4NJc8e6DPp59Hxn4KMi0z7Q2Awb31.exe [FUND] Ist das Trojanische Pferd TR/Dropper.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '483d158c.qua' verschoben! C:\Users\Keno\AppData\Roaming\Microsoft\Windows\TemplatesAt18Gcy9MKd4p7NJf65ErLk02Bno3WXm2q5P8DsQa16Sjw7TCb3i4YHx0e9R2.exe [FUND] Ist das Trojanische Pferd TR/Dropper.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '0d146cce.qua' verschoben! C:\Users\Keno\AppData\Roaming\Microsoft\Windows\Templatesa4RCw32Tpf5M1Gim0F8AbQd67ZePk90JnNy9s7S6XtYc2z1W3KqLo41.exe [FUND] Ist das Trojanische Pferd TR/Dropper.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '041f6865.qua' verschoben! Ende des Suchlaufs: Montag, 19. Juli 2010 23:51 Benötigte Zeit: 4:22:41 Stunde(n) Der Suchlauf wurde vollständig durchgeführt. 27677 Verzeichnisse wurden überprüft 548228 Dateien wurden geprüft 15 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 15 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 548213 Dateien ohne Befall 4325 Archive wurden durchsucht 0 Warnungen 15 Hinweise |
|
| Themen zu Svchost.exe lässt sich nicht löschen |
| abschalten, attackiert, avg, board, erkannt, explorer, firefox, firefox.exe, hoffe, iexplorer.exe, interne, internet, internet explorer, kleine, löschen, lösung, merkwürdige, mozilla, namen, neuinstallation, nicht erkannt, nicht löschen, probleme, programme, suche, svchost.exe |
Linear-Darstellung
