Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Tasterturfunktionen sind Durcheinander! Virus? / Hardwareproblem? / Bitte Log Analyse auswerten (https://www.trojaner-board.de/102393-tasterturfunktionen-durcheinander-virus-hardwareproblem-bitte-log-analyse-auswerten.html)

Pumukelsinn 11.08.2011 19:23
Tasterturfunktionen sind Durcheinander! Virus? / Hardwareproblem? / Bitte Log Analyse auswerten
 
Guten Tag,

Ich habe folgendes Problem.

Meine Tastertur schreibt auf manchen Tasten 2 Zeichen wie zum Beispiel i8, r4, u7. die Rücktaste bewirkt ein +.
Seltsam ist ,dass dieses nicht immer eintritt sondern Zufällig.
Ich bin sofort von einem Virus ausgegangen und habe alles scanen lassen. Ergebnis war nichts.
Dann habe ich Windows 7 runter gehauen und neu aufgespielt. Alle treiber für meinen Asus X72J Laptop installiert. Alles lief ca. 24std perfeckt. Dann fing das Problem wieder an. WICHTIG: Im abgesichertem Modus Tritt das Problem nicht auf.
Ich habe mich in Foren auf die suche nach gleichen Problemen gemacht und bin auf diese HighJackThis Log dateien gestoßen. Nun habe ich eure Variante gemacht mit dem defogger etc.
Ich besitze in der hinsicht keine Erfahrung und würde euch bitten einmal über meine log datei rüber zu schauen.

Hier meine text datei:OTL Logfile:
Code:
OTL logfile created on: 11.08.2011 21:07:24 - Run 1
OTL by OldTimer - Version 3.2.26.1    Folder = C:\Users\Sachsen\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,89 Gb Available Physical Memory | 74,89% Memory free
7,71 Gb Paging File | 6,32 Gb Available in Paging File | 81,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,85 Gb Total Space | 268,29 Gb Free Space | 90,08% Space Free | Partition Type: NTFS
Drive D: | 297,93 Gb Total Space | 289,45 Gb Free Space | 97,16% Space Free | Partition Type: NTFS
Drive F: | 60,58 Mb Total Space | 58,78 Mb Free Space | 97,03% Space Free | Partition Type: FAT
 
Computer Name: SACHSEN-ASUS | User Name: Sachsen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.08.11 21:06:22 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Users\Sachsen\AppData\Local\Temp\RBJC8D.exe
PRC - [2011.08.11 20:55:57 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Sachsen\Downloads\OTL.exe
PRC - [2011.08.09 22:31:57 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2011.04.29 12:46:50 | 000,126,976 | ---- | M] () -- C:\ManageEngine\EventLog\bin\wrapper.exe
PRC - [2011.04.29 12:46:50 | 000,049,248 | ---- | M] (Sun Microsystems, Inc.) -- C:\ManageEngine\EventLog\jre\bin\java.exe
PRC - [2011.04.21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.21 07:53:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.03.09 02:23:22 | 001,086,760 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
PRC - [2010.03.03 14:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.01.15 14:08:38 | 000,935,208 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009.11.12 10:10:06 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009.11.09 19:20:36 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009.10.26 20:29:32 | 006,998,656 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2009.10.26 10:10:42 | 000,174,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2009.09.24 13:50:02 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009.08.19 20:31:48 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2009.06.24 12:30:18 | 000,272,952 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
PRC - [2009.06.19 10:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009.06.19 10:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009.06.15 17:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2009.05.18 15:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008.12.22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008.03.31 02:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007.11.30 11:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
PRC - [2007.11.20 13:50:36 | 001,145,400 | ---- | M] (ASUS) -- C:\Programme\ASUS\Net4Switch\Net4Switch.exe
PRC - [2007.08.03 12:24:54 | 000,125,496 | ---- | M] () -- C:\Programme\ASUS\NB Probe\SPM\spmgr.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.08.11 20:55:57 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Sachsen\Downloads\OTL.exe
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.11.27 05:39:46 | 000,243,712 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_38986e29a8b510a2\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009.11.11 10:29:14 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.09.17 11:36:34 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009.08.22 11:03:14 | 000,838,528 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV:64bit: - [2009.08.06 14:17:46 | 000,118,672 | ---- | M] (Intel(R) Corporation) [On_Demand | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2011.07.20 11:30:03 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.29 12:46:50 | 000,126,976 | ---- | M] () [Auto | Running] -- C:\ManageEngine\EventLog\bin\wrapper.exe -- (eventloganalyzer)
SRV - [2011.04.21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.03 14:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.03.03 14:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.01.15 14:08:38 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.11.09 19:20:36 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.06.15 17:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.03.31 02:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2007.08.03 12:24:54 | 000,125,496 | ---- | M] () [On_Demand | Running] -- C:\Programme\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.07.20 11:30:48 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.07.20 11:30:48 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010.04.26 22:17:26 | 000,195,584 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.03.10 18:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.02.01 10:29:48 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.12.22 10:18:48 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.11.27 05:39:46 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009.11.11 11:02:12 | 006,104,576 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.11.11 11:02:12 | 006,104,576 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2009.10.26 06:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.10.05 03:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.09.30 03:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.09.17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.08.21 08:48:18 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009.08.06 23:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.08.06 14:17:34 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009.07.20 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.07 08:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.13 09:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2008.05.23 17:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011.04.29 12:46:50 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\npf.sys -- (NPF)
DRV - [2009.07.02 17:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV - [2007.08.03 06:26:48 | 000,017,464 | ---- | M] () [Kernel | Auto | Running] -- C:\Programme\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010.05.10 12:24:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.08.11 18:43:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.08.11 18:43:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sachsen\AppData\Roaming\mozilla\Extensions
[2011.08.11 18:43:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
[2011.07.08 09:31:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Tupit2]  File not found
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [Smart File Advisor] C:\Program Files (x86)\Smart File Advisor\sfa.exe (Filefacts.net)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [4Y3Y0C3AYF7W0I4VXLRPBAJ] C:\Recycle.Bin\B6232F3AF0F.exe (acoj Wymi)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.08.09 20:58:40 | 000,000,148 | ---- | M] () - F:\autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.08.11 21:02:18 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.08.11 19:07:56 | 000,000,000 | ---D | C] -- C:\Users\Sachsen\AppData\Roaming\Avira
[2011.08.11 18:54:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.08.11 18:54:21 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.08.11 18:54:21 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.08.11 18:54:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.08.11 18:54:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011.08.11 18:43:11 | 000,000,000 | ---D | C] -- C:\Users\Sachsen\AppData\Roaming\Mozilla
[2011.08.11 18:43:11 | 000,000,000 | ---D | C] -- C:\Users\Sachsen\AppData\Local\Mozilla
[2011.08.11 18:43:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011.08.11 18:30:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011.08.11 18:30:40 | 000,000,000 | ---D | C] -- C:\Users\Sachsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011.08.11 16:10:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitTorrent
[2011.08.11 16:09:49 | 000,000,000 | ---D | C] -- C:\Users\Sachsen\AppData\Roaming\BitTorrent
[2011.08.11 01:45:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Ableton
[2011.08.11 01:45:06 | 000,000,000 | ---D | C] -- C:\Users\Sachsen\Documents\Ableton
[2011.08.11 01:45:06 | 000,000,000 | ---D | C] -- C:\Users\Sachsen\AppData\Roaming\Ableton
[2011.08.11 01:28:22 | 000,000,000 | ---D | C] -- C:\Users\Sachsen\AppData\Local\Diagnostics
[2011.08.10 19:27:30 | 000,000,000 | ---D | C] -- C:\Users\Sachsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ableton
[2011.08.10 19:24:39 | 000,000,000 | ---D | C] -- C:\Users\Sachsen\Desktop\ab 1
[2011.08.10 19:21:31 | 000,368,640 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\ReWire.dll
[2011.08.10 19:21:31 | 000,233,472 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\REX Shared Library.dll
[2011.08.10 19:21:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ableton
[2011.08.10 18:29:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ableton
[2011.08.10 14:17:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart File Advisor
[2011.08.10 14:17:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IsoBuster
[2011.08.10 14:17:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart Projects
[2011.08.10 14:03:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smith Micro
[2011.08.10 13:53:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011.08.10 13:52:24 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2011.08.10 13:52:24 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2011.08.10 13:52:24 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2011.08.10 13:52:24 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2011.08.10 13:52:24 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2011.08.10 13:52:24 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2011.08.10 13:52:24 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2011.08.10 13:52:24 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2011.08.10 13:45:07 | 000,000,000 | ---D | C] -- C:\Users\Sachsen\Desktop\ableton live 2
[2011.08.10 13:43:59 | 000,000,000 | ---D | C] -- C:\Users\Sachsen\Desktop\ableton live 1
[2011.08.10 13:42:40 | 000,000,000 | ---D | C] -- C:\Users\Sachsen\Desktop\ableton live
[2011.08.10 12:46:12 | 000,000,000 | ---D | C] -- C:\Users\Sachsen\AppData\Local\Adobe
[2011.08.10 02:44:31 | 000,000,000 | ---D | C] -- C:\Log
[2011.08.10 02:44:27 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011.08.10 02:44:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellar Phoenix Windows Data Recovery - Home
[2011.08.10 02:44:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stellar Phoenix Windows Data Recovery
[2011.08.10 02:05:29 | 000,000,000 | ---D | C] -- C:\Users\Sachsen\AppData\Local\Nero_AG
[2011.08.10 01:47:12 | 000,000,000 | ---D | C] -- C:\Users\Sachsen\AppData\Roaming\Adobe
[2011.08.10 01:47:11 | 000,000,000 | ---D | C] -- C:\Users\Sachsen\AppData\Roaming\Google
[2011.08.10 01:47:05 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.08.10 01:47:04 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011.08.10 01:46:57 | 000,000,000 | ---D | C] -- C:\Users\Sachsen\AppData\Local\Google
[2011.08.10 01:46:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2011.08.10 01:46:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2011.08.10 01:10:40 | 000,000,000 | ---D | C] -- C:\Users\Sachsen\AppData\Roaming\WinRAR
[2011.08.10 01:10:40 | 000,000,000 | ---D | C] -- C:\Users\Sachsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.08.10 01:10:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.08.10 01:10:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2011.08.10 00:48:58 | 000,080,384 | ---- | C] (Tnqbkvw Software) -- C:\Users\Public\Documents\19792079
[2011.08.10 00:27:49 | 000,000,000 | ---D | C] -- C:\Users\Sachsen\AppData\Roaming\ATI
[2011.08.10 00:27:49 | 000,000,000 | ---D | C] -- C:\Users\Sachsen\AppData\Local\ATI
[2011.08.10 00:27:39 | 000,000,000 | ---D | C] -- C:\Users\Sachsen\AppData\Roaming\Nero
[2011.08.10 00:25:32 | 000,000,000 | R--D | C] -- C:\Users\Sachsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011.08.10 00:25:32 | 000,000,000 | R--D | C] -- C:\Users\Sachsen\Searches
[2011.08.10 00:25:32 | 000,000,000 | R--D | C] -- C:\Users\Sachsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011.08.10 00:25:11 | 000,000,000 | ---D | C] -- C:\Users\Sachsen\AppData\Roaming\Identities
[2011.08.10 00:25:04 | 000,000,000 | R--D | C] -- C:\Users\Sachsen\Contacts
[2011.08.10 00:25:00 | 000,000,000 | ---D | C] -- C:\Users\Sachsen\AppData\Local\VirtualStore
[2011.08.10 00:24:36 | 000,000,000 | --SD | C] -- C:\Users\Sachsen\AppData\Roaming\Microsoft
[2011.08.10 00:24:36 | 000,000,000 | R--D | C] -- C:\Users\Sachsen\Videos
[2011.08.10 00:24:36 | 000,000,000 | R--D | C] -- C:\Users\Sachsen\Saved Games
[2011.08.10 00:24:36 | 000,000,000 | R--D | C] -- C:\Users\Sachsen\Pictures
[2011.08.10 00:24:36 | 000,000,000 | R--D | C] -- C:\Users\Sachsen\Music
[2011.08.10 00:24:36 | 000,000,000 | R--D | C] -- C:\Users\Sachsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011.08.10 00:24:36 | 000,000,000 | R--D | C] -- C:\Users\Sachsen\Links
[2011.08.10 00:24:36 | 000,000,000 | R--D | C] -- C:\Users\Sachsen\Favorites
[2011.08.10 00:24:36 | 000,000,000 | R--D | C] -- C:\Users\Sachsen\Downloads
[2011.08.10 00:24:36 | 000,000,000 | R--D | C] -- C:\Users\Sachsen\Documents
[2011.08.10 00:24:36 | 000,000,000 | R--D | C] -- C:\Users\Sachsen\Desktop
[2011.08.10 00:24:36 | 000,000,000 | R--D | C] -- C:\Users\Sachsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011.08.10 00:24:36 | 000,000,000 | -HSD | C] -- C:\Users\Sachsen\Vorlagen
[2011.08.10 00:24:36 | 000,000,000 | -HSD | C] -- C:\Users\Sachsen\AppData\Local\Verlauf
[2011.08.10 00:24:36 | 000,000,000 | -HSD | C] -- C:\Users\Sachsen\AppData\Local\Temporary Internet Files
[2011.08.10 00:24:36 | 000,000,000 | -HSD | C] -- C:\Users\Sachsen\Startmenü
[2011.08.10 00:24:36 | 000,000,000 | -HSD | C] -- C:\Users\Sachsen\SendTo
[2011.08.10 00:24:36 | 000,000,000 | -HSD | C] -- C:\Users\Sachsen\Recent
[2011.08.10 00:24:36 | 000,000,000 | -HSD | C] -- C:\Users\Sachsen\Netzwerkumgebung
[2011.08.10 00:24:36 | 000,000,000 | -HSD | C] -- C:\Users\Sachsen\Lokale Einstellungen
[2011.08.10 00:24:36 | 000,000,000 | -HSD | C] -- C:\Users\Sachsen\Documents\Eigene Videos
[2011.08.10 00:24:36 | 000,000,000 | -HSD | C] -- C:\Users\Sachsen\Documents\Eigene Musik
[2011.08.10 00:24:36 | 000,000,000 | -HSD | C] -- C:\Users\Sachsen\Eigene Dateien
[2011.08.10 00:24:36 | 000,000,000 | -HSD | C] -- C:\Users\Sachsen\Documents\Eigene Bilder
[2011.08.10 00:24:36 | 000,000,000 | -HSD | C] -- C:\Users\Sachsen\Druckumgebung
[2011.08.10 00:24:36 | 000,000,000 | -HSD | C] -- C:\Users\Sachsen\Cookies
[2011.08.10 00:24:36 | 000,000,000 | -HSD | C] -- C:\Users\Sachsen\AppData\Local\Anwendungsdaten
[2011.08.10 00:24:36 | 000,000,000 | -HSD | C] -- C:\Users\Sachsen\Anwendungsdaten
[2011.08.10 00:24:36 | 000,000,000 | -H-D | C] -- C:\Users\Sachsen\AppData
[2011.08.10 00:24:36 | 000,000,000 | ---D | C] -- C:\Users\Sachsen\AppData\Local\Temp
[2011.08.10 00:24:36 | 000,000,000 | ---D | C] -- C:\Users\Sachsen\AppData\Local\Microsoft
[2011.08.10 00:24:36 | 000,000,000 | ---D | C] -- C:\Users\Sachsen\AppData\Roaming\Media Center Programs
[2011.08.10 00:24:36 | 000,000,000 | ---D | C] -- C:\Users\Sachsen\AppData\Roaming\Macromedia
[2011.08.10 00:24:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2011.08.10 00:24:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2011.08.10 00:24:12 | 000,000,000 | -HSD | C] -- C:\Programme
[2011.08.10 00:24:12 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2011.08.10 00:24:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2011.08.10 00:24:12 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2011.08.10 00:24:12 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2011.08.10 00:24:12 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2011.08.10 00:24:12 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2011.08.10 00:24:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2011.08.10 00:24:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2011.08.10 00:20:02 | 000,360,448 | ---- | C] (MySQL AB) -- C:\Windows\SysWow64\myodbc3.dll
[2011.08.10 00:07:58 | 000,032,512 | ---- | C] (CACE Technologies) -- C:\Windows\SysWow64\drivers\npf.sys
[2011.08.10 00:07:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManageEngine EventLog Analyzer 7
[2011.08.10 00:07:24 | 000,000,000 | ---D | C] -- C:\ManageEngine
[2011.08.09 23:52:55 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011.08.09 23:01:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro
[2011.08.09 22:58:01 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011.08.09 22:45:05 | 000,000,000 | ---D | C] -- C:\ProgramData\P4G
[2011.08.09 22:45:05 | 000,000,000 | ---D | C] -- C:\Program Files\P4G
[2011.08.09 22:44:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\P4G
[2011.08.09 22:44:40 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2011.08.09 22:42:16 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS
[2011.08.09 22:37:41 | 000,183,296 | ---- | C] (ASUSTeK) -- C:\Windows\SysWow64\ACEngSvr.exe
[2011.08.09 22:36:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2011.08.09 22:35:45 | 000,000,000 | ---D | C] -- C:\eSupport
[2011.08.09 22:35:36 | 000,035,384 | ---- | C] (ASUSTek Computer Inc) -- C:\Windows\SysNative\drivers\AsDsm.sys
[2011.08.09 22:33:49 | 000,359,552 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\SysNative\FBAgent.exe
[2011.08.09 22:33:49 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS
[2011.08.09 22:33:46 | 000,000,000 | -H-D | C] -- C:\ASUS.DAT
[2011.08.09 22:33:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility
[2011.08.09 22:32:52 | 000,520,192 | ---- | C] (ScreenTime Media) -- C:\Windows\SysWow64\K_Series_ScreenSaver_EN.scr
[2011.08.09 22:32:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\K_Series_ScreenSaver_EN dir
[2011.08.09 22:32:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2011.08.09 22:31:53 | 003,054,136 | ---- | C] (ASUS) -- C:\Windows\AsScrPro.exe
[2011.08.09 22:31:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AmUStor
[2011.08.09 22:31:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AmIcoSingLun
[2011.08.09 22:28:53 | 012,532,736 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\idtcpl64.cpl
[2011.08.09 22:28:53 | 003,309,568 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stlang64.dll
[2011.08.09 22:28:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs
[2011.08.09 22:27:59 | 000,209,920 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\staco64.dll
[2011.08.09 22:27:58 | 000,505,344 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\drivers\stwrt64.sys
[2011.08.09 22:27:53 | 000,431,616 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stcplx64.dll
[2011.08.09 22:27:52 | 001,435,136 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapo64.dll
[2011.08.09 22:27:52 | 000,616,448 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapi64.dll
[2011.08.09 22:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2011.08.09 22:27:30 | 001,542,656 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys
[2011.08.09 22:27:25 | 000,015,416 | ---- | C] ( ) -- C:\Windows\SysNative\drivers\kbfiltr.sys
[2011.08.09 22:25:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
[2011.08.09 22:25:07 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011.08.09 22:23:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011.08.09 22:23:05 | 000,121,872 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\drivers\AtiHdmi.sys
[2011.08.09 22:22:57 | 000,479,232 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIDEMGX.dll
[2011.08.09 22:22:42 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011.08.09 22:22:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2011.08.09 21:58:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2011.08.09 21:57:57 | 000,000,000 | ---D | C] -- C:\Intel
[2011.08.09 21:57:55 | 000,056,344 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\HECIx64.sys
[2011.08.09 21:51:29 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2011.08.09 21:51:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2011.08.09 21:50:59 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011.08.09 21:50:43 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.08.09 21:45:19 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.08.11 21:05:50 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.08.11 21:05:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.11 21:05:23 | 3105,259,520 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.11 21:04:58 | 000,020,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.11 21:04:58 | 000,020,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.11 21:02:11 | 339,632,233 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.08.11 20:57:52 | 000,000,000 | ---- | M] () -- C:\Users\Sachsen\defogger_reenable
[2011.08.11 20:56:14 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.11 19:36:12 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.08.11 19:18:36 | 000,001,466 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2011.08.11 19:17:59 | 000,001,498 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2011.08.11 18:54:32 | 000,002,033 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.08.11 18:43:06 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.08.11 18:30:40 | 000,002,985 | ---- | M] () -- C:\Users\Sachsen\Desktop\HiJackThis.lnk
[2011.08.11 16:10:58 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2011.08.11 01:41:05 | 000,000,239 | ---- | M] () -- C:\Windows\spwdrhgsa.INI
[2011.08.10 19:00:35 | 650,382,612 | ---- | M] () -- C:\Users\Sachsen\Desktop\ableton_live_trial_822[3].zip
[2011.08.10 18:59:25 | 650,382,612 | ---- | M] () -- C:\Users\Sachsen\Desktop\ableton_live_trial_822[2].zip
[2011.08.10 18:47:59 | 650,382,612 | ---- | M] () -- C:\Users\Sachsen\Desktop\ableton_live_trial_822[1].zip
[2011.08.10 18:27:10 | 650,382,612 | ---- | M] () -- C:\Users\Sachsen\Desktop\ableton_live_trial_822.zip
[2011.08.10 14:17:56 | 000,001,159 | ---- | M] () -- C:\Users\Sachsen\Desktop\IsoBuster.lnk
[2011.08.10 13:54:02 | 001,514,526 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.08.10 13:54:02 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.08.10 13:54:02 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.08.10 13:54:02 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.08.10 13:54:02 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.08.10 02:44:20 | 000,001,182 | ---- | M] () -- C:\Users\Sachsen\Desktop\Stellar Phoenix Windows Data Recovery - Home.lnk
[2011.08.10 01:15:59 | 010,346,721 | ---- | M] () -- C:\Users\Sachsen\Desktop\7LOHv1.2.zip
[2011.08.10 01:10:30 | 001,531,359 | ---- | M] () -- C:\Users\Sachsen\Desktop\wrar401d.exe
[2011.08.10 01:09:23 | 000,139,471 | ---- | M] () -- C:\Users\Sachsen\Desktop\7Loader_1.6.rar
[2011.08.10 00:48:58 | 000,080,384 | ---- | M] (Tnqbkvw Software) -- C:\Users\Public\Documents\19792079
[2011.08.10 00:23:54 | 000,052,953 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011.08.10 00:23:54 | 000,052,953 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011.08.09 23:51:13 | 000,000,105 | ---- | M] () -- C:\Windows\SysNative\FastBoot.ini
[2011.08.09 23:49:03 | 000,000,024 | ---- | M] () -- C:\Windows\ATKPF.ini
[2011.08.09 23:06:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\1043_ASUSTeK_K72Jr.alu
[2011.08.09 22:41:25 | 000,000,080 | ---- | M] () -- C:\Windows\SysNative\Defrag.ini
[2011.08.09 22:39:50 | 000,001,760 | ---- | M] () -- C:\Users\Public\Desktop\ASUS MultiFrame.lnk
[2011.08.09 22:39:31 | 000,000,715 | ---- | M] () -- C:\Users\Public\Desktop\ASUS Net4Switch.lnk
[2011.08.09 22:37:40 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Splendid Utility.Lnk
[2011.08.09 22:37:16 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\SmartLogon Manager.lnk
[2011.08.09 22:35:45 | 000,000,721 | ---- | M] () -- C:\Users\Public\Desktop\eManual.Lnk
[2011.08.09 22:35:40 | 000,001,201 | ---- | M] () -- C:\Users\Public\Desktop\ASUS Data Security Manager.Lnk
[2011.08.09 22:35:36 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) -- C:\Windows\SysNative\drivers\AsDsm.sys
[2011.08.09 22:34:07 | 000,002,595 | ---- | M] () -- C:\Users\Public\Desktop\AI Recovery Burner.lnk
[2011.08.09 22:34:01 | 000,001,059 | ---- | M] () -- C:\Users\Public\Desktop\LifeFrame.lnk
[2011.08.09 22:33:46 | 000,002,617 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
[2011.08.09 22:33:39 | 000,002,595 | ---- | M] () -- C:\Users\Public\Desktop\ControlDeck.lnk
[2011.08.09 22:32:52 | 000,520,192 | ---- | M] (ScreenTime Media) -- C:\Windows\SysWow64\K_Series_ScreenSaver_EN.scr
[2011.08.09 22:31:57 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
[2011.07.20 11:30:48 | 000,116,568 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.07.20 11:30:48 | 000,083,120 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.08.11 21:02:11 | 339,632,233 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.08.11 20:57:52 | 000,000,000 | ---- | C] () -- C:\Users\Sachsen\defogger_reenable
[2011.08.11 18:54:32 | 000,002,033 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.08.11 18:43:06 | 000,001,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.08.11 18:43:06 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.08.11 18:30:40 | 000,002,985 | ---- | C] () -- C:\Users\Sachsen\Desktop\HiJackThis.lnk
[2011.08.11 16:10:58 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2011.08.11 01:17:58 | 000,008,704 | ---- | C] () -- C:\Windows\SysNative\OceanM.dll
[2011.08.11 01:17:57 | 003,519,488 | ---- | C] () -- C:\Windows\SysNative\Ableton Live Engine.dll
[2011.08.10 17:45:09 | 650,382,612 | ---- | C] () -- C:\Users\Sachsen\Desktop\ableton_live_trial_822[2].zip
[2011.08.10 17:44:21 | 650,382,612 | ---- | C] () -- C:\Users\Sachsen\Desktop\ableton_live_trial_822[3].zip
[2011.08.10 17:36:55 | 650,382,612 | ---- | C] () -- C:\Users\Sachsen\Desktop\ableton_live_trial_822[1].zip
[2011.08.10 17:29:45 | 650,382,612 | ---- | C] () -- C:\Users\Sachsen\Desktop\ableton_live_trial_822.zip
[2011.08.10 14:17:56 | 000,001,159 | ---- | C] () -- C:\Users\Sachsen\Desktop\IsoBuster.lnk
[2011.08.10 14:03:42 | 000,002,791 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StuffIt Expander 2010.lnk
[2011.08.10 02:44:20 | 000,001,182 | ---- | C] () -- C:\Users\Sachsen\Desktop\Stellar Phoenix Windows Data Recovery - Home.lnk
[2011.08.10 02:44:20 | 000,000,239 | ---- | C] () -- C:\Windows\spwdrhgsa.INI
[2011.08.10 01:46:59 | 000,001,112 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.10 01:46:59 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.08.10 01:17:07 | 010,787,373 | ---- | C] () -- C:\Users\Sachsen\Desktop\7Loader By Orbit30 & Hazar v1.2.exe
[2011.08.10 01:15:58 | 010,346,721 | ---- | C] () -- C:\Users\Sachsen\Desktop\7LOHv1.2.zip
[2011.08.10 01:10:24 | 001,531,359 | ---- | C] () -- C:\Users\Sachsen\Desktop\wrar401d.exe
[2011.08.10 01:09:21 | 000,139,471 | ---- | C] () -- C:\Users\Sachsen\Desktop\7Loader_1.6.rar
[2011.08.10 00:26:40 | 000,001,412 | ---- | C] () -- C:\Users\Sachsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011.08.10 00:26:40 | 000,001,406 | ---- | C] () -- C:\Users\Sachsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011.08.09 23:49:03 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2011.08.09 23:06:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\1043_ASUSTeK_K72Jr.alu
[2011.08.09 22:39:50 | 000,001,760 | ---- | C] () -- C:\Users\Public\Desktop\ASUS MultiFrame.lnk
[2011.08.09 22:39:31 | 000,000,715 | ---- | C] () -- C:\Users\Public\Desktop\ASUS Net4Switch.lnk
[2011.08.09 22:37:40 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Splendid Utility.Lnk
[2011.08.09 22:37:16 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\SmartLogon Manager.lnk
[2011.08.09 22:35:45 | 000,000,721 | ---- | C] () -- C:\Users\Public\Desktop\eManual.Lnk
[2011.08.09 22:35:40 | 000,001,201 | ---- | C] () -- C:\Users\Public\Desktop\ASUS Data Security Manager.Lnk
[2011.08.09 22:34:07 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll
[2011.08.09 22:34:07 | 000,003,116 | ---- | C] () -- C:\Windows\SysNative\wimfltr.inf
[2011.08.09 22:34:07 | 000,002,595 | ---- | C] () -- C:\Users\Public\Desktop\AI Recovery Burner.lnk
[2011.08.09 22:34:01 | 000,001,059 | ---- | C] () -- C:\Users\Public\Desktop\LifeFrame.lnk
[2011.08.09 22:33:49 | 000,001,498 | ---- | C] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2011.08.09 22:33:49 | 000,001,466 | ---- | C] () -- C:\Windows\SysNative\ServiceFilter.ini
[2011.08.09 22:33:49 | 000,000,105 | ---- | C] () -- C:\Windows\SysNative\FastBoot.ini
[2011.08.09 22:33:49 | 000,000,080 | ---- | C] () -- C:\Windows\SysNative\Defrag.ini
[2011.08.09 22:33:49 | 000,000,052 | ---- | C] () -- C:\Windows\SysNative\RemoveFont.ini
[2011.08.09 22:33:49 | 000,000,015 | ---- | C] () -- C:\Windows\SysNative\BootTime.ini
[2011.08.09 22:33:46 | 000,002,617 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
[2011.08.09 22:33:39 | 000,002,595 | ---- | C] () -- C:\Users\Public\Desktop\ControlDeck.lnk
[2011.08.09 22:22:57 | 000,018,618 | ---- | C] () -- C:\Windows\atiogl.xml
[2011.08.09 21:45:19 | 3105,259,520 | -HS- | C] () -- C:\hiberfil.sys
[2010.06.28 12:32:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.06.28 12:29:32 | 000,002,012 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:D63F3EFE

< End of report >
--- --- ---


keine angst... der user name des pc´s ist nicht mein name ;)
Ich hoffe ihr könnt mir weiter helfen!
Lg Pumu

cosinus 12.08.2011 12:28
Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Pumukelsinn 12.08.2011 15:03
Schon einmal vielen Dank für die annahme meines Problems ;)

Hier der Malewarebytes Vollscan report.

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7441

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12.08.2011 15:56:50
mbam-log-2011-08-12 (15-56-50).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 252366
Laufzeit: 12 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4Y3Y0C3AYF7W0I4VXLRPBAJ (Trojan.Spyeyes) -> Value: 4Y3Y0C3AYF7W0I4VXLRPBAJ -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\Users\Public\documents\19792079 (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Recycle.Bin\b6232f3af0f.exe (Trojan.Spyeyes) -> Quarantined and deleted successfully.
c:\Recycle.Bin\5ebf96c1db66c1d (Trojan.Spyeyes) -> Quarantined and deleted successfully.

lg pumu

cosinus 12.08.2011 15:05
Zitat:
c:\Recycle.Bin\b6232f3af0f.exe (Trojan.Spyeyes) -> Quarantined and deleted successfully.
c:\Recycle.Bin\5ebf96c1db66c1d (Trojan.Spyeyes) -> Quarantined and deleted successfully.
Machst du Onlinebanking oder ähnliche kritische Dinge an diesem Rechner?

Pumukelsinn 12.08.2011 15:12
Nein, nicht das ich davon wüsste. so etwas meide ich. Ist mir zu risikoreich.
Ich wäre jz auch ein wenig geshockt, wenn solche Sachen ohne mein Wissen von diesem Rechner durchgeführt werden.
Weshalb?

Gruß
pumu

cosinus 12.08.2011 18:32
Weil Onlinebanking und Bereinigung zu heikle Sachen sind!

Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Pumukelsinn 12.08.2011 18:53
So, da :)

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok

Kommt mir aber irgendwie spanisch vor. Denn bei 52% des scans sagt er irgendwas von "can not get update. Is Proxy Configured".
und dann soll ich auf Back klicken und nicht auf Fertig...

cosinus 12.08.2011 19:42
Du hast den Browser auch vorher per Rechtsklick als Admin ausgeführt?

Pumukelsinn 12.08.2011 20:22
jop hab ich.

cosinus 12.08.2011 20:25
Hm. Sollte dann eigentlich nicht so ein Log liefern. Mit welchen Browser hast du es denn gemacht?


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:56 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19