Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Meine logfiles für den BP-Trojaner (https://www.trojaner-board.de/97520-logfiles-bp-trojaner.html)

Ghanaherz1 15.04.2011 17:40
Meine logfiles für den BP-Trojaner
 
OTL Logfile:
Code:
OTL logfile created on: 4/15/2011 7:56:47 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Basic Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.59 Gb Total Space | 21.61 Gb Free Space | 9.29% Space Free | Partition Type: NTFS
Drive H: | 348.93 Gb Total Space | 346.81 Gb Free Space | 99.39% Space Free | Partition Type: NTFS
Drive I: | 3.73 Gb Total Space | 3.71 Gb Free Space | 99.46% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto] -- -- (vsmon)
SRV - [2011/03/31 04:32:32 | 003,229,784 | ---- | M] () [Auto] -- C:\Program Files\Common Files\Akamai\netsession_win_a35e6b9.dll -- (Akamai)
SRV - [2011/03/18 11:50:58 | 002,271,608 | ---- | M] (TeamViewer GmbH) [Auto] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/02/16 10:49:08 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/12/13 09:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010/07/04 05:49:14 | 000,075,496 | ---- | M] (tzuk) [Auto] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010/06/07 11:05:06 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/12/16 13:26:00 | 003,453,712 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2008/01/24 20:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/01/20 22:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/09 10:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007/12/19 19:04:00 | 000,364,544 | R--- | M] (AVM Berlin) [Auto] -- C:\Program Files\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2007/12/05 05:04:10 | 000,695,624 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2007/11/26 05:46:14 | 000,023,880 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2007/11/07 04:35:40 | 000,378,184 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2007/08/15 07:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2007/07/24 07:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2007/07/18 10:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] -- -- (XDva383)
DRV - File not found [Kernel | On_Demand] -- -- (XDva380)
DRV - File not found [Kernel | On_Demand] -- -- (XDva375)
DRV - File not found [Kernel | On_Demand] -- -- (XDva372)
DRV - File not found [Kernel | On_Demand] -- -- (XDva370)
DRV - File not found [Kernel | On_Demand] -- -- (XDva367)
DRV - File not found [Kernel | On_Demand] -- -- (XDva366)
DRV - File not found [Kernel | On_Demand] -- -- (XDva362)
DRV - File not found [Kernel | On_Demand] -- -- (XDva361)
DRV - File not found [Kernel | On_Demand] -- -- (XDva359)
DRV - File not found [Kernel | On_Demand] -- -- (XDva358)
DRV - File not found [Kernel | On_Demand] -- -- (XDva354)
DRV - File not found [Kernel | On_Demand] -- -- (XDva352)
DRV - File not found [Kernel | On_Demand] -- -- (XDva351)
DRV - File not found [Kernel | On_Demand] -- -- (XDva349)
DRV - File not found [Kernel | On_Demand] -- -- (XDva347)
DRV - File not found [Kernel | On_Demand] -- -- (XDva346)
DRV - File not found [Kernel | On_Demand] -- -- (XDva343)
DRV - File not found [Kernel | On_Demand] -- -- (XDva341)
DRV - File not found [Kernel | On_Demand] -- -- (XDva337)
DRV - File not found [Kernel | On_Demand] -- -- (XDva336)
DRV - File not found [Kernel | On_Demand] -- -- (XDva332)
DRV - File not found [Kernel | On_Demand] -- -- (XDva328)
DRV - File not found [Kernel | On_Demand] -- -- (XDva327)
DRV - File not found [Kernel | On_Demand] -- -- (XDva289)
DRV - File not found [Kernel | On_Demand] -- -- (vsdatant7)
DRV - File not found [File_System | On_Demand] -- -- (StarOpen)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand] -- -- (EagleXNt)
DRV - File not found [Kernel | On_Demand] -- -- (EagleNT)
DRV - [2010/12/02 17:30:44 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010/07/04 05:49:10 | 000,119,016 | ---- | M] (tzuk) [Kernel | On_Demand] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010/06/07 19:57:00 | 010,888,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/05/15 11:30:46 | 000,457,304 | ---- | M] (Check Point Software Technologies LTD) [Kernel | Auto] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2007/12/19 19:04:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2007/12/19 02:45:00 | 000,170,000 | ---- | M] (AMD Technologies Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2007/12/02 07:51:42 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007/11/22 01:44:08 | 000,201,320 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007/11/22 01:44:08 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007/11/22 01:44:08 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007/11/22 01:44:04 | 000,033,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007/07/13 04:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2007/04/11 09:33:06 | 000,079,376 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/04/11 09:32:58 | 000,036,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/04/11 09:32:52 | 000,034,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/04/11 09:32:38 | 000,063,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/04/11 09:32:30 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2006/10/29 23:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2005/03/03 13:53:57 | 000,048,640 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005/02/23 11:59:54 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://downloads.phpnuke.org/de/index.php?rvs=google
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://downloads.phpnuke.org/de/index.php?rvs=google
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsof0.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Elena_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vb32&d=0110&m=aspire_m1200/3200/5200
IE - HKU\Elena_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKU\Elena_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://downloads.phpnuke.org/de/index.php?rvs=google
IE - HKU\Elena_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Elena_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKU\Elena_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=gppc
IE - HKU\Elena_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\Elena_ON_C\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\Elena_ON_C\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\Elena_ON_C\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKU\Elena_ON_C\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsof0.dll (Conduit Ltd.)
IE - HKU\Elena_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Elena_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Productivity 2.1 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2903600&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-sunm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-sunm"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://start.facemoods.com/?a=stonicde"
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {af8cc33b-1dd6-d41b-c6e1-76506b77a8d1}:4.6.6.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:2.6.0.15
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {00bf7b9c-acd2-4080-bea8-b1c41987070f}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: toolbar-ff@payback.de:1.0.3.71
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.0.19
FF - prefs.js..extensions.enabledItems: {c44f9e21-d93f-490c-b41c-b3548bdd19fc}:3.3.0.19
FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:2.0
FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:2.5.8.6
FF - prefs.js..keyword.URL: "hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/03/29 05:03:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/24 09:13:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/24 09:13:02 | 000,000,000 | ---D | M]
 
[2010/01/27 13:21:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Elena\AppData\Roaming\Mozilla\Extensions
[2011/04/13 09:27:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\r25iv0tv.default\extensions
[2010/08/02 04:07:07 | 000,000,000 | ---D | M] (TranslatorBar 1 Toolbar) -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\r25iv0tv.default\extensions\{00bf7b9c-acd2-4080-bea8-b1c41987070f}
[2010/06/28 14:32:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\r25iv0tv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/03 09:16:14 | 000,000,000 | ---D | M] (Winload Toolbar) -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\r25iv0tv.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2010/05/07 08:46:17 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\r25iv0tv.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2010/04/03 17:27:17 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\r25iv0tv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/12/15 10:27:36 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\r25iv0tv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011/01/11 15:59:07 | 000,000,000 | ---D | M] (Productivity 2.1 Community Toolbar) -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\r25iv0tv.default\extensions\{c44f9e21-d93f-490c-b41c-b3548bdd19fc}
[2010/10/16 15:57:09 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\r25iv0tv.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011/02/21 15:58:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\r25iv0tv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/01/11 15:59:07 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\r25iv0tv.default\extensions\engine@conduit.com
[2011/02/27 11:53:43 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\r25iv0tv.default\extensions\ffxtlbr@Facemoods.com
[2011/03/03 09:16:12 | 000,000,000 | ---D | M] (Mein Gutscheincode Finder) -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\r25iv0tv.default\extensions\finder@meingutscheincode.de
[2011/02/21 15:58:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\r25iv0tv.default\extensions\staged-xpis
[2010/10/16 15:57:09 | 000,000,000 | ---D | M] ("PAYBACK Toolbar") -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\r25iv0tv.default\extensions\toolbar-ff@payback.de
[2010/11/20 12:11:19 | 000,002,397 | ---- | M] () -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\r25iv0tv.default\searchplugins\askcom.xml
[2011/01/10 07:55:34 | 000,000,935 | ---- | M] () -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\r25iv0tv.default\searchplugins\conduit.xml
[2011/04/10 14:33:11 | 000,000,950 | ---- | M] () -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\r25iv0tv.default\searchplugins\icqplugin-1.xml
[2010/10/29 14:13:46 | 000,000,950 | ---- | M] () -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\r25iv0tv.default\searchplugins\icqplugin-10.xml
[2010/12/15 10:28:08 | 000,000,950 | ---- | M] () -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\r25iv0tv.default\searchplugins\icqplugin-11.xml
[2011/03/24 09:13:24 | 000,000,950 | ---- | M] () -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\r25iv0tv.default\searchplugins\icqplugin-12.xml
[2011/03/27 12:26:49 | 000,000,950 | ---- | M] () -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\r25iv0tv.default\searchplugins\icqplugin-13.xml
[2010/04/19 12:56:15 | 000,000,950 | ---- | M] () -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\r25iv0tv.default\searchplugins\icqplugin-2.xml
[2010/06/25 05:11:08 | 000,000,950 | ---- | M] () -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\r25iv0tv.default\searchplugins\icqplugin-3.xml
[2010/07/06 08:14:34 | 000,000,950 | ---- | M] () -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\r25iv0tv.default\searchplugins\icqplugin-4.xml
[2010/07/25 06:17:58 | 000,000,950 | ---- | M] () -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\r25iv0tv.default\searchplugins\icqplugin-5.xml
[2010/08/01 04:22:39 | 000,000,950 | ---- | M] () -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\r25iv0tv.default\searchplugins\icqplugin-6.xml
[2010/09/16 14:23:32 | 000,000,950 | ---- | M] () -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\r25iv0tv.default\searchplugins\icqplugin-7.xml
[2010/10/05 14:39:40 | 000,000,950 | ---- | M] () -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\r25iv0tv.default\searchplugins\icqplugin-8.xml
[2010/10/24 03:13:06 | 000,000,950 | ---- | M] () -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\r25iv0tv.default\searchplugins\icqplugin-9.xml
[2010/06/21 11:35:24 | 000,001,042 | ---- | M] () -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\r25iv0tv.default\searchplugins\icqplugin.xml
[2010/04/19 12:55:44 | 000,000,266 | ---- | M] () -- C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\r25iv0tv.default\searchplugins\Search.xml
[2010/12/10 08:42:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/19 12:55:55 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{af8cc33b-1dd6-d41b-c6e1-76506b77a8d1}
[2010/05/24 09:52:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/12 14:13:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/03/07 04:58:04 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\PROGRAM FILES\FREE DOWNLOAD MANAGER\FIREFOX\EXTENSION
[2011/03/29 05:03:41 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2010/07/16 23:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/02/06 15:30:06 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2011/03/12 16:34:45 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011/03/12 16:34:45 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2011/03/27 12:30:08 | 000,002,047 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml
[2011/02/27 11:53:45 | 000,002,051 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchstonicde.xml
[2011/03/12 16:34:45 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011/03/12 16:34:45 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011/03/12 16:34:45 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll ()
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.4\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsof0.dll (Conduit Ltd.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.4\facemoodsTlbr.dll (facemoods.com)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsof0.dll (Conduit Ltd.)
O3 - HKU\Elena_ON_C\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O3 - HKU\Elena_ON_C\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKU\Elena_ON_C\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsof0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.4\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\Elena_ON_C..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
O4 - HKU\Elena_ON_C..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKU\Elena_ON_C..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - HKU\Elena_ON_C..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\Elena_ON_C..\Run: [Recycle.Bin.exe] C:\Recycle.Bin\Recycle.Bin.exe (Nfuhxg Ssyettkh)
O4 - HKU\Elena_ON_C..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKU\Elena_ON_C..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Elena_ON_C Winlogon: Shell - (C:\Users\Elena\Desktop\test.exe) - C:\Users\Elena\Desktop\test.exe (Eipunrwaso Ensmw)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/02/04 10:10:40 | 000,002,245 | ---- | M] () - H:\autodassichbewegtEOS.eos -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{b3d82d43-0ce1-11df-af9d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b3d82d43-0ce1-11df-af9d-806e6f6e6963}\Shell\AutoRun\command - "" = F:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/04/13 11:15:59 | 000,129,616 | ---- | C] (Eipunrwaso Ensmw) -- C:\Users\Elena\Desktop\test.exe
[2011/04/13 10:53:03 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
[2011/04/12 10:06:52 | 000,000,000 | ---D | C] -- C:\Users\Elena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gunner 3
[2011/04/12 10:06:49 | 000,000,000 | ---D | C] -- C:\The Games Page
[2011/03/25 18:42:21 | 000,000,000 | ---D | C] -- C:\Users\Elena\Desktop\BattleGears
[2011/03/25 18:20:35 | 000,000,000 | ---D | C] -- C:\Program Files\Derivative
[2011/03/25 16:29:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\world
[2011/03/25 16:21:07 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2011/03/23 09:08:06 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/03/23 09:08:06 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2008/07/22 04:01:25 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/04/15 10:00:59 | 000,055,781 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/04/15 10:00:57 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/15 10:00:57 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/15 10:00:56 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/15 10:00:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/15 10:00:47 | 3218,284,544 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/13 11:16:00 | 000,129,616 | ---- | M] (Eipunrwaso Ensmw) -- C:\Users\Elena\Desktop\test.exe
[2011/04/13 11:05:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/13 10:57:37 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/04/13 10:57:37 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/13 10:57:37 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/04/13 10:57:37 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/13 10:53:22 | 000,055,781 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/04/13 10:11:08 | 000,007,222 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2011/04/12 14:24:19 | 000,000,558 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Elena.job
[2011/04/01 12:00:15 | 000,001,925 | ---- | M] () -- C:\Users\Elena\Desktop\BattleGears.lnk
[2011/04/01 11:08:27 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamersFirst
[2011/03/30 08:47:44 | 000,001,674 | ---- | M] () -- C:\Users\Public\Documents\Dokument.rtf
[2011/03/27 04:59:55 | 000,000,570 | ---- | M] () -- C:\Users\Elena\Desktop\Davids referat.lnk
[2011/03/27 04:57:48 | 000,000,305 | ---- | M] () -- C:\Users\Elena\Desktop\Deutschhausi.lnk
[2011/03/25 17:44:07 | 000,000,083 | ---- | M] () -- C:\Windows\wwp.INI
[2011/03/25 16:29:23 | 000,000,144 | ---- | M] () -- C:\Windows\System32\server.properties
[2011/03/25 16:21:14 | 000,000,971 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2011/03/25 16:21:14 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2011/03/18 11:27:11 | 000,001,668 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/04/14 12:36:14 | 3218,284,544 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/27 05:03:00 | 000,000,305 | ---- | C] () -- C:\Users\Elena\Desktop\Deutschhausi.lnk
[2011/03/25 18:22:01 | 000,001,925 | ---- | C] () -- C:\Users\Elena\Desktop\BattleGears.lnk
[2011/03/25 17:44:07 | 000,000,083 | ---- | C] () -- C:\Windows\wwp.INI
[2011/03/25 16:29:22 | 000,000,144 | ---- | C] () -- C:\Windows\System32\server.properties
[2011/03/25 16:21:14 | 000,000,971 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2011/03/25 16:21:14 | 000,000,959 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2011/03/07 05:31:29 | 000,001,668 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2010/12/30 08:50:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/12/30 08:50:19 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/12/10 14:46:43 | 001,584,149 | ---- | C] () -- C:\Windows\System32\setupapinew.dll
[2010/12/10 14:46:43 | 000,874,502 | ---- | C] () -- C:\Windows\System32\kernel32new.dll
[2010/12/10 14:46:43 | 000,789,525 | ---- | C] () -- C:\Windows\System32\rpcrt4new.dll
[2010/12/10 14:46:43 | 000,681,478 | ---- | C] () -- C:\Windows\System32\msvcrtnew.dll
[2010/12/10 14:46:43 | 000,633,871 | ---- | C] () -- C:\Windows\System32\user32new.dll
[2010/12/10 14:46:43 | 000,376,832 | ---- | C] () -- C:\Windows\System32\M2000Twn.dll
[2010/12/10 14:46:43 | 000,134,671 | ---- | C] () -- C:\Windows\System32\winstanew.dll
[2010/12/10 14:46:43 | 000,096,783 | ---- | C] () -- C:\Windows\System32\powrprofnew.dll
[2010/12/10 14:46:43 | 000,087,558 | ---- | C] () -- C:\Windows\System32\ntdsapinew.dll
[2010/12/10 14:46:43 | 000,072,707 | ---- | C] () -- C:\Windows\System32\secur32new.dll
[2010/12/10 14:46:43 | 000,025,037 | ---- | C] () -- C:\Windows\System32\Nucleus.dll
[2010/12/10 14:46:43 | 000,000,236 | -H-- | C] () -- C:\Program Files\Common Files\dx.reg
[2010/12/10 14:46:42 | 000,974,354 | ---- | C] () -- C:\Windows\System32\crypt32new.dll
[2010/12/10 14:46:42 | 000,770,069 | ---- | C] () -- C:\Windows\System32\advapi32new.dll
[2010/12/10 14:46:42 | 000,171,023 | ---- | C] () -- C:\Windows\System32\apphelpnew.dll
[2010/10/19 14:28:11 | 000,106,596 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/09/04 09:46:38 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2010/09/04 09:46:38 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2010/07/26 07:13:47 | 000,001,910 | ---- | C] () -- C:\Windows\CDPLAYER.INI
[2010/07/04 15:02:55 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/06/16 14:00:16 | 000,055,781 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/06/16 13:58:46 | 000,055,781 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/06/16 13:30:57 | 000,000,160 | ---- | C] () -- C:\Windows\wininit.ini
[2010/05/02 07:10:14 | 000,657,472 | ---- | C] () -- C:\Users\Elena\AppData\Local\TempAnimeGUI6.png
[2010/03/31 05:07:00 | 000,000,037 | ---- | C] () -- C:\Windows\Viewer.ini
[2010/02/21 05:31:28 | 000,001,356 | ---- | C] () -- C:\Users\Elena\AppData\Local\d3d9caps.dat
[2010/02/21 05:31:27 | 000,000,552 | ---- | C] () -- C:\Users\Elena\AppData\Local\d3d8caps.dat
[2010/02/08 08:49:00 | 000,033,792 | ---- | C] () -- C:\Users\Elena\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/28 10:43:07 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/01/27 13:41:11 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[2010/01/27 13:21:53 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/01/27 13:15:00 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2010/01/18 08:38:28 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2010/01/18 08:38:28 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2008/03/17 07:31:15 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/03/17 07:31:15 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/03/17 06:52:58 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/03/17 06:52:58 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008/03/17 06:52:58 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat
[2008/01/21 04:21:25 | 000,628,504 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/01/21 04:21:25 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/01/21 04:21:25 | 000,126,248 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/01/21 04:21:25 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006/11/02 08:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:44:53 | 000,322,560 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/12/26 11:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/03 18:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 11:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 17:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== LOP Check ==========
 
[2011/03/10 14:20:51 | 000,000,000 | ---D | M] -- C:\Users\Elena\AppData\Roaming\.minecraft
[2008/03/17 07:02:04 | 000,000,000 | ---D | M] -- C:\Users\Elena\AppData\Roaming\Acer GameZone Console
[2010/03/28 17:38:32 | 000,000,000 | ---D | M] -- C:\Users\Elena\AppData\Roaming\Big Fish Games
[2010/04/18 13:36:25 | 000,000,000 | ---D | M] -- C:\Users\Elena\AppData\Roaming\Canneverbe Limited
[2010/06/11 10:34:50 | 000,000,000 | ---D | M] -- C:\Users\Elena\AppData\Roaming\eSobi
[2010/03/31 06:20:30 | 000,000,000 | ---D | M] -- C:\Users\Elena\AppData\Roaming\FOG Downloader
[2011/04/13 11:15:28 | 000,000,000 | ---D | M] -- C:\Users\Elena\AppData\Roaming\Free Download Manager
[2010/06/04 14:34:07 | 000,000,000 | ---D | M] -- C:\Users\Elena\AppData\Roaming\GetRightToGo
[2011/04/13 10:55:19 | 000,000,000 | ---D | M] -- C:\Users\Elena\AppData\Roaming\ICQ
[2011/01/21 12:13:10 | 000,000,000 | ---D | M] -- C:\Users\Elena\AppData\Roaming\Leadertech
[2010/03/16 10:11:15 | 000,000,000 | ---D | M] -- C:\Users\Elena\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010/12/10 08:50:08 | 000,000,000 | ---D | M] -- C:\Users\Elena\AppData\Roaming\OpenOffice.org
[2010/06/15 10:50:08 | 000,000,000 | ---D | M] -- C:\Users\Elena\AppData\Roaming\PlayFirst
[2010/10/21 13:42:21 | 000,000,000 | ---D | M] -- C:\Users\Elena\AppData\Roaming\ProtectDisc
[2010/10/21 13:42:43 | 000,000,000 | ---D | M] -- C:\Users\Elena\AppData\Roaming\The Games Company
[2010/09/15 11:32:12 | 000,000,000 | ---D | M] -- C:\Users\Elena\AppData\Roaming\TS3Client
[2010/12/18 12:13:15 | 000,000,000 | ---D | M] -- C:\Users\Elena\AppData\Roaming\Unity
[2010/10/24 13:16:54 | 000,000,000 | ---D | M] -- C:\Users\Elena\AppData\Roaming\VDownloader
[2010/07/06 10:23:53 | 000,000,000 | ---D | M] -- C:\ProgramData\Age of Empires 3
[2010/01/18 07:45:54 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2010/06/15 10:34:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Arcade Lab
[2010/04/18 13:36:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Canneverbe Limited
[2010/11/26 18:35:22 | 000,000,000 | ---D | M] -- C:\ProgramData\CheckPoint
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2010/01/18 07:45:54 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2008/03/17 07:32:16 | 000,000,000 | ---D | M] -- C:\ProgramData\eSobi
[2010/01/18 07:45:54 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2008/03/17 07:02:43 | 000,000,000 | ---D | M] -- C:\ProgramData\FloodLightGames
[2010/01/28 10:39:41 | 000,000,000 | ---D | M] -- C:\ProgramData\FreeDownloadManager.ORG
[2010/12/15 10:27:35 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ
[2010/01/28 13:52:40 | 000,000,000 | ---D | M] -- C:\ProgramData\InterAction studios
[2010/06/04 18:07:48 | 000,000,000 | ---D | M] -- C:\ProgramData\LightScribe
[2010/07/17 07:49:03 | 000,000,000 | ---D | M] -- C:\ProgramData\Nexon
[2010/01/31 06:48:53 | 000,000,000 | ---D | M] -- C:\ProgramData\NexonEU
[2010/03/21 11:25:43 | 000,000,000 | ---D | M] -- C:\ProgramData\NexonUS
[2010/06/15 10:50:08 | 000,000,000 | ---D | M] -- C:\ProgramData\PlayFirst
[2010/05/22 05:37:04 | 000,000,000 | ---D | M] -- C:\ProgramData\PMB Files
[2010/09/04 10:06:38 | 000,000,000 | ---D | M] -- C:\ProgramData\POPWWPROFILES
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010/01/18 07:45:54 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011/01/28 14:51:29 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2006/11/02 08:59:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2010/01/18 07:45:54 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2008/03/17 07:17:01 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010/10/19 14:16:33 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/14 19:00:00 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2010/05/31 19:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2011/04/13 10:11:09 | 000,032,532 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2010/07/06 10:23:53 | 000,000,000 | ---D | M](C:\Users\Elena\Documents\??? ????) -- C:\Users\Elena\Documents\Мои Игры
[2010/07/06 10:23:53 | 000,000,000 | ---D | C](C:\Users\Elena\Documents\??? ????) -- C:\Users\Elena\Documents\Мои Игры
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 498 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:BEB15613
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:2B99FE60
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C95B63DA
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:8173A019
< End of report >
--- --- ---

markusg 15.04.2011 17:57
auf deinem zweiten, dem sauberen, pc gehe auf start, programme zubehör editor, kopiere dort rein:

:OTL
O4 - HKU\Elena_ON_C..\Run: [Recycle.Bin.exe] C:\Recycle.Bin\Recycle.Bin.exe (Nfuhxg Ssyettkh)
O20 - HKU\Elena_ON_C Winlogon: Shell - (C:\Users\Elena\Desktop\test.exe) - C:\Users\Elena\Desktop\test.exe (Eipunrwaso Ensmw)
:Files
C:\Recycle.Bin
C:\Users\Elena\Desktop\test.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]


dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits in meinem post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt auf deinem stick.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.
danach:
öffne computer, öffne c: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
lade das archiv in unserem upload channel hoch.
http://www.trojaner-board.de/54791-a...ner-board.html

danach:

markusg 16.04.2011 10:06
ist angekommen.
der pc lässt sich starten?
download malwarebytes:
Malwarebytes
instalieren, öffnen, registerkarte aktualisierung, programm updaten.
schalte alle laufenden programme ab, trenne die internetverbindung.
registerkarte scanner, komplett scan, funde entfernen, log posten.

Ghanaherz1 18.04.2011 16:07
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6385

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

18.04.2011 13:43:59
mbam-log-2011-04-18 (13-43-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 353265
Laufzeit: 1 Stunde(n), 42 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 7

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{5c026fd8-4021-75c5-673f-f6b4d1c16a04} (Adware.LoudMo) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Recycle.Bin.exe (Trojan.SpyEyes) -> Value: Recycle.Bin.exe -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\downloads\flvdirect.exe (Adware.FLV) -> No action taken.
c:\program files\mozilla firefox\extensions\{af8cc33b-1dd6-d41b-c6e1-76506b77a8d1}\components\3zk9r9-zaq.dll (Adware.BHO) -> No action taken.
c:\Users\Elena\AppData\Local\Temp\component update 716 (Adware.LoudMo) -> No action taken.
c:\Users\Elena\AppData\LocalLow\Sun\Java\deployment\cache\6.0\37\1b8469a5-4518921f (Spyware.Passwords.XGen) -> No action taken.
c:\Users\Elena\Desktop\downloads\latein_demo\latein_demo\latein_demo.exe (Trojan.LVBP) -> No action taken.
c:\_OTL\movedfiles\04162011_003349\c_recycle.bin\recycle.bin.exe (Spyware.Passwords.XGen) -> No action taken.
c:\Users\Elena\AppData\Local\Temp\utt991.tmp.exe (Trojan.Pakes) -> No action taken.

markusg 18.04.2011 16:49
hast du die funde entfernt?

Ghanaherz1 18.04.2011 18:12
eig schon ja

markusg 18.04.2011 18:13
lade den ccleaner slim:
Piriform - Builds
falls der ccleaner bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Ghanaherz1 18.04.2011 20:10
7-Zip 4.65 01.09.2010 3,13MB notwendig
Activation Assistant for the 2007 Microsoft Office suites 15.06.2010 notwendig
Adobe AIR 15.06.2010 notwendig
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 08.04.2011 10.2.153.1 notwendig
Adobe Reader 9.4.2 - Deutsch Adobe Systems Incorporated 03.03.2011 167,4MB 9.4.2 notwendig
Adobe Shockwave Player 11.5 Adobe Systems, Inc. 22.02.2011 8,23MB 11.5.9.620 notwendig
Advertising Center 15.06.2010 notwendig
Age Of Empires 3 - the Asian Dynasties 10.12.2010 2.687MB notwendig
Akamai NetSession Interface 16.06.2010 629MB notwendig
Apple Application Support Apple Inc. 17.04.2011 51,0MB 1.5.1 notwendig
Apple Mobile Device Support Apple Inc. 03.03.2011 21,8MB 3.4.0.25 unnötig
Apple Software Update Apple Inc. 18.10.2010 2,26MB 2.1.2.120 notwendig
ATI Catalyst Install Manager 15.06.2010 13,9MB notwendig
AutocompletePro 23.10.2010 0,86MB notwendig
AviSynth 2.5 10.01.2011 5,67MB notwendig
Bonjour Apple Inc. 03.03.2011 1,14MB 2.0.4.0 notwendig
CCleaner Piriform 17.04.2011 3,60MB 3.05 notwendig
CDDRV_Installer 15.06.2010 unnötig
Deer Hunter - The 2005 Season Atari, Inc. 20.01.2011 590MB unnötig
eSobi v2 15.06.2010 unnötig
Facemoods Toolbar 26.03.2011 1,72MB unnötig
Fantasy Earth Zero 15.06.2010 unnötig
FormatFactory 2.60 Free Time 10.01.2011 112,9MB 2.60 unnötig
Fraps 14.10.2010 15,4MB notwendig
GamersFirst LIVE! GamersFirst 03.12.2010 7,02MB unnötig
Google Chrome Google Inc. 30.06.2010 215MB 10.0.648.204 unnötig
Google Desktop Google 31.07.2010 40,2MB 5.9.1005.12335 unnötig
Google Toolbar for Internet Explorer 15.06.2010 unnötig
Google Toolbar for Internet Explorer Google Inc. 25.02.2011 10,3MB 6.6.1409.1944 unnötig
ICQ7.2 ICQ 14.12.2010 43,7MB 7.2 notwendig
Icy Tower v1.4 Free Lunch Design 16.12.2010 4,67MB unnötig
iTunes Apple Inc. 11.03.2011 143,0MB 10.2.1.1 notwendig
Java(TM) 6 Update 16 Sun Microsystems, Inc. 09.12.2010 97,7MB 6.0.160 notwendig
Java(TM) 6 Update 21 15.06.2010 94,5MB notwendig
Java(TM) 6 Update 4 Sun Microsystems, Inc. 14.10.2010 137,7MB 1.6.0.40 notwendig
KhalInstallWrapper 15.06.2010 unnötig
League of Legends 15.06.2010 unnötig
LightScribe 1.4.142.1 15.06.2010 unnötig
Malwarebytes' Anti-Malware Malwarebytes Corporation 16.04.2011 4,80MB notwendig
McDonald's Fairies Name of your company 28.12.2010 31,2MB unnötig
Microsoft .NET Framework 3.5 Language Pack SP1 - deu 15.06.2010 notwendig
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 25.06.2010 120,3MB 4.0.30319 notwendig
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 25.06.2010 24,5MB 4.0.30319 notwendig
Microsoft LifeCam Microsoft Corporation 04.02.2011 30,1MB 3.60.253.0 notwendig
Microsoft Office Excel MUI (German) 2007 15.06.2010 notwendig
Microsoft Office Home and Student 2007 15.06.2010 notwendig
Microsoft Office OneNote MUI (German) 2007 15.06.2010 notwendig
Microsoft Office PowerPoint MUI (German) 2007 15.06.2010 notwendig
Microsoft Office Proof (English) 2007 15.06.2010 unnötig
Microsoft Office Proof (French) 2007 15.06.2010 unnötig
Microsoft Office Proof (German) 2007 15.06.2010 notwendig
Microsoft Office Proof (Italian) 2007 15.06.2010 unnötig
Microsoft Office Proofing (German) 2007 15.06.2010 notwendig
Microsoft Office Shared MUI (German) 2007 15.06.2010 notwendig
Microsoft Office Word MUI (German) 2007 15.06.2010 notwendig
Microsoft Visual C++ 2005 Redistributable 09.12.2010 2,69MB notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 Microsoft Corporation 25.12.2010 0,22MB 9.0.21022.218 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 30.03.2011 0,58MB notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 15.06.2010 0,58MB notwendig
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 18.08.2010 11,0MB 10.0.30319 notwendig
Microsoft Works 15.06.2010 283MB notwendig
MobileMe Control Panel Apple Inc. 19.12.2010 12,0MB 3.1.5.0 unnötig
Mozilla Firefox (3.6.16) Mozilla 23.03.2011 31,4MB 3.6.16 (de) notwendig
MSXML 4.0 SP2 (KB954430) 15.06.2010 35,00KB notwendig
MSXML 4.0 SP2 (KB973688) 15.06.2010 1,34MB notwendig
Nero ControlCenter 15.06.2010 unnötig
Nero Installer 15.06.2010 unnötig
Nero Online Upgrade 15.06.2010 unnötig
Nero StartSmart 15.06.2010 unnötig
neroxml 15.06.2010 unnötig
Norton Security Scan Symantec Corporation 22.02.2011 11,7MB 2.7.6.13 notwendig
Nostale(DE) Gameforge 4D GmbH 12.11.2010 1.915MB notwendig
NTI Media Maker 8 15.06.2010 unnötig
NVIDIA Display Control Panel NVIDIA Corporation 15.06.2010 147,0MB 6.14.12.5721 notwendig
NVIDIA Drivers NVIDIA Corporation 15.06.2010 1,17MB 1.10.61.39 notwendig
NVIDIA PhysX NVIDIA Corporation 15.06.2010 73,8MB 9.10.0223 notwendig
NVIDIA Stereoscopic 3D Driver NVIDIA Corporation 15.06.2010 15,1MB 1.0 notwendig
OpenOffice.org 3.2 OpenOffice.org 25.12.2010 363MB 3.2.9502 notwendig
PowerDirector 15.06.2010 notwendig
Prince of Persia Warrior Within 03.09.2010 3.315MB 1.00.999 notwendig
QuickTime Apple Inc. 14.12.2010 73,7MB 7.69.80.9 notwendig
Realtek High Definition Audio Driver 25.01.2011 15,9MB notwendig
RocketDock 1.3.5 Punk Software 17.06.2010 12,0MB notwendig
S4 League_EU 13.10.2010 1.657MB 1.00.0000 notwendig
Safari Apple Inc. 17.04.2011 41,3MB 5.33.21.1 unnötig
Sandboxie 3.46 26.02.2011 2,46MB unnötig
Skype™ 5.1 Skype Technologies S.A. 24.02.2011 22,6MB 5.1.112 notwendig
softonic-de3 Toolbar 17.06.2010 4,87MB unnötig
TeamSpeak 2 RC2 Dominating Bytes Design 13.09.2010 2.0.32.60 unnötig
TeamSpeak 3 Client TeamSpeak Systems GmbH 14.09.2010 30,4MB unnötig
TeamViewer 6 TeamViewer GmbH 24.03.2011 22,7MB 6.0.10418 notwendig
Unity Web Player Unity Technologies ApS 10.09.2010 80,00KB 2.6.1f3_31223 notwendig
VDownloader 2.10.509.2 Vitzo Limited 23.10.2010 11,8MB notwendig
Winload Toolbar 02.03.2011 2,46MB unnötig
Worms World Party 08.10.2010 2,78MB unnötig
ZoneAlarm 26.11.2010 10,9MB unnötig

markusg 19.04.2011 10:07
deinstaliere:

Adobe Reader 9.4.2
Adobe - Adobe Reader herunterladen - Alle Versionen
lade die neueste version.
bitte ohne mcafee virus scan!
öffne den adobe reader, bearbeiten, voreinstellungen, javascript, dort den haken raus, internet, ebenfalls alle haken raus.
so werden keine pdfs mehr automatisch geladen und es kann dir kein schadcode mehr auf diese weise untergeschoben werden.
unter allgemein, nur zertifizierte zusatzmodule verwenden anhaken.
unter update, auf instalieren stellen.
klicke übernehmen /ok
deinstaliere.
Bonjour
CDDRV_Installer
Deer Hunter
eSobi
Facemoods
Fantasy Earth
FormatFactory 2.60
GamersFirst LIVE
Google Chrome
Google Desktop
beide
Google Toolbar
Icy Tower
Java alle 3 versionen.
Java SE Downloads
neueste version laden, mit klick auf download jre.
deinstaliere:
KhalInstallWrapper
League of Legends
LightScribe
McDonald's
MobileMe
Mozilla Firefox , klicke auf hilfe, update, version 4 instalieren.
Nero alle
neroxml
NTI
Safari
Sandboxie bleibt, dieses tool hätte die infektion verhindern können! ich zeige dir wies geht.
deinstaliere:
softonic
TeamSpeak beide.
Winload Toolbar
Worms World
ZoneAlarm

bereinige mit dem ccleaner dateien + die registry.


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:34 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19