Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Backdoor.Agent in HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell

Backdoor.Agent in HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell


Plagegeister aller Art und deren Bekämpfung: Backdoor.Agent in HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 27.01.2012, 22:16   #11
Hajaku
 
Backdoor.Agent in HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell - Standard

Backdoor.Agent in HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell


Habe das Programm dreimal gestartet aber es schien nur die OTL.txt

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 27.01.2012 21:53:27 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Tuan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 62,39% Memory free
6,20 Gb Paging File | 4,93 Gb Available in Paging File | 79,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 583,02 Gb Total Space | 394,28 Gb Free Space | 67,63% Space Free | Partition Type: NTFS
Drive D: | 13,15 Gb Total Space | 1,82 Gb Free Space | 13,85% Space Free | Partition Type: NTFS
 
Computer Name: TUAN-PC | User Name: Tuan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.24 19:00:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Tuan\Desktop\OTL.exe
PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.12.24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.11.10 04:11:50 | 000,417,792 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011.11.10 04:11:20 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011.11.09 22:07:44 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE
PRC - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.10.11 14:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.06.15 13:59:50 | 000,737,016 | ---- | M] (Tunngle.net GmbH) -- C:\Program Files\Tunngle\TnglCtrl.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.06.13 13:58:16 | 002,937,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2009.07.24 14:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009.06.26 16:21:00 | 000,757,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX3000.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.02.23 14:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008.11.09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008.06.02 15:14:04 | 000,075,008 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
PRC - [2008.05.02 01:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008.05.02 01:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2007.04.18 16:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.13 16:29:38 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\311bc26c3ed83409589eb6bae0eeb86e\System.Runtime.Remoting.ni.dll
MOD - [2012.01.13 16:29:37 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\fecd1103dd16dc1192402770caf56575\System.Web.ni.dll
MOD - [2011.11.10 03:11:06 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
MOD - [2011.11.09 22:10:38 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011.11.09 22:07:50 | 000,095,232 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
MOD - [2011.10.14 15:39:25 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\22e853d2fe1435baa459685dee7ce7b7\WindowsFormsIntegration.ni.dll
MOD - [2011.10.13 16:27:17 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5aab9bc687029a908fc01473f8e5f77b\UIAutomationProvider.ni.dll
MOD - [2011.10.13 15:53:08 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011.10.12 18:05:11 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\0d34a2f81f5d945e604ff66c1e64fc72\System.Xml.ni.dll
MOD - [2011.10.12 18:04:53 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011.10.12 18:04:44 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011.10.12 18:04:17 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8adb45c62e4c797bd4c706afe9e8bfb9\System.Core.ni.dll
MOD - [2011.10.12 18:04:12 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\231b0b42eff55de5c7d7debe555c16b7\PresentationFramework.Aero.ni.dll
MOD - [2011.10.12 18:04:10 | 014,328,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94f892556ec9fa7a508fc9d214ceaedf\PresentationFramework.ni.dll
MOD - [2011.10.12 18:03:48 | 012,216,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53f949f4664bb316f9b7a00d73a6e290\PresentationCore.ni.dll
MOD - [2011.10.12 18:03:30 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll
MOD - [2011.10.12 18:03:26 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011.10.12 18:02:24 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.05.28 21:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010.06.13 13:58:16 | 002,937,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] --  -- (AVK Tuner Service)
SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.12.21 14:43:16 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.11.10 04:11:20 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.11.09 22:07:44 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.15 13:59:50 | 000,737,016 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- C:\Program Files\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2009.07.24 14:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2008.11.09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008.05.02 01:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008.02.03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.12.08 17:47:52 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.11.10 04:44:12 | 008,913,920 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011.11.10 04:44:12 | 008,913,920 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011.11.10 03:12:20 | 000,263,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011.10.17 18:40:34 | 000,082,960 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2011.10.11 14:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.06.24 06:25:26 | 000,039,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.01)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.02.18 08:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2010.02.02 22:39:43 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2010.02.02 22:39:42 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2010.02.02 22:39:42 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2009.10.08 18:08:47 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.10.08 18:08:36 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.09.16 07:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV - [2009.06.26 16:21:02 | 001,956,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VX3000.sys -- (VX3000)
DRV - [2008.06.11 21:32:34 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\HP\DVDPlay\000.fcl -- ({22D78859-9CE9-4B77-BF18-AC83E81A9263})
DRV - [2008.06.06 20:13:40 | 000,145,440 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008.06.06 20:13:40 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008.05.22 10:39:34 | 000,015,360 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008.05.21 12:44:10 | 001,049,760 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008.02.29 02:13:36 | 000,079,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2008.02.29 02:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008.02.29 02:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008.02.29 02:12:56 | 000,063,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007.01.23 15:44:00 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2005.12.12 18:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=84&bd=Pavilion&pf=cndt
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com/?p=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://de.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.31.0
FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.53.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: screencaptureelite@plugin:2.0.0.20
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?AF=109130&tt=261211_ctrl&babsrc=adbartrp&mntrId=5e90e91800000000000000ff9250e086&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.93\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.93\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.7.1: C:\Users\Tuan\AppData\Local\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll (Yahoo! Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.18 14:14:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.11 21:57:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.11 21:57:18 | 000,000,000 | ---D | M]
 
[2010.07.13 15:07:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tuan\AppData\Roaming\mozilla\Extensions
[2012.01.27 18:06:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tuan\AppData\Roaming\mozilla\Firefox\Profiles\w97yn8xt.default\extensions
[2011.01.01 21:22:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tuan\AppData\Roaming\mozilla\Firefox\Profiles\w97yn8xt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.06.09 14:02:09 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Tuan\AppData\Roaming\mozilla\Firefox\Profiles\w97yn8xt.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012.01.25 21:14:27 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Tuan\AppData\Roaming\mozilla\Firefox\Profiles\w97yn8xt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.01.11 18:01:29 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\Users\Tuan\AppData\Roaming\mozilla\Firefox\Profiles\w97yn8xt.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2011.02.13 20:54:47 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Tuan\AppData\Roaming\mozilla\Firefox\Profiles\w97yn8xt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.01.27 18:06:12 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Tuan\AppData\Roaming\mozilla\Firefox\Profiles\w97yn8xt.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012.01.07 17:52:22 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Tuan\AppData\Roaming\mozilla\Firefox\Profiles\w97yn8xt.default\extensions\battlefieldheroespatcher@ea.com
[2011.11.08 17:41:31 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Tuan\AppData\Roaming\mozilla\Firefox\Profiles\w97yn8xt.default\extensions\battlefieldplay4free@ea.com
[2011.05.14 15:14:17 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Tuan\AppData\Roaming\mozilla\Firefox\Profiles\w97yn8xt.default\extensions\engine@conduit.com
[2011.03.18 16:31:45 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Tuan\AppData\Roaming\mozilla\Firefox\Profiles\w97yn8xt.default\extensions\personas@christopher.beard
[2011.12.30 17:25:13 | 000,000,000 | ---D | M] (Screen Capture Elite) -- C:\Users\Tuan\AppData\Roaming\mozilla\Firefox\Profiles\w97yn8xt.default\extensions\screencaptureelite@plugin
[2011.03.24 12:03:00 | 000,000,923 | ---- | M] () -- C:\Users\Tuan\AppData\Roaming\Mozilla\Firefox\Profiles\w97yn8xt.default\searchplugins\conduit.xml
[2011.10.29 15:23:12 | 000,003,915 | ---- | M] () -- C:\Users\Tuan\AppData\Roaming\Mozilla\Firefox\Profiles\w97yn8xt.default\searchplugins\sweetim.xml
[2012.01.02 17:32:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\TUAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W97YN8XT.DEFAULT\EXTENSIONS\{4B0A905D-B508-4574-8D12-B8FE120ACE09}.XPI
() (No name found) -- C:\USERS\TUAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W97YN8XT.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI
[2012.01.02 17:32:19 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.09.03 01:19:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.29 14:53:47 | 000,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011.09.03 01:13:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.03 01:19:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.03 01:19:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.03 01:19:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.03 01:19:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.01.24 22:56:19 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Tuan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to iPhone Converter - C:\Users\Tuan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoiphoneconverter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Tuan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Save YouTube Video - Reg Error: Value error. File not found
O8 - Extra context menu item: Save YouTube Video as MP3 - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range2 ([*] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab (Battlefield Heroes Updater)
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab (HPDDClientExec Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.27.2.cab (Battlefield Play4Free Updater)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68FF45E2-D6D8-4607-9E46-7D06E815F2D9}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9250E086-AF25-4450-9B25-0A68929A02F0}: DhcpNameServer = 7.254.254.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.10.27 16:51:08 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.27 19:57:17 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\Tuan\Desktop\aswMBR.exe
[2012.01.27 19:57:06 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Tuan\Desktop\TFC.exe
[2012.01.24 22:59:53 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.01.24 22:59:52 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\temp
[2012.01.24 22:59:06 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.01.24 22:43:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.01.24 22:43:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.01.24 22:43:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.01.24 22:43:13 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.01.24 22:43:12 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.01.24 22:43:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.01.24 22:36:49 | 004,388,468 | R--- | C] (Swearware) -- C:\Users\Tuan\Desktop\ComboFix.exe
[2012.01.24 19:00:50 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Tuan\Desktop\OTL.exe
[2012.01.24 18:56:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.01.24 18:55:05 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.01.24 18:55:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.01.23 21:39:20 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Roaming\Malwarebytes
[2012.01.23 21:39:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.23 21:39:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.23 21:39:11 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.01.23 21:39:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.01.11 21:57:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.01.11 21:56:33 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011.12.31 23:11:51 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Local\DDMSettings
[2011.12.29 15:21:14 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Roaming\LucasArts
[2011.12.29 14:53:53 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
[2011.12.29 14:53:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2011.12.29 14:53:39 | 000,000,000 | ---D | C] -- C:\Program Files\ExpressFiles
[2011.12.29 14:51:18 | 000,000,000 | ---D | C] -- C:\Users\Tuan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CD Key Generator
[2011.12.29 14:29:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts
[2011.12.29 14:23:54 | 000,000,000 | ---D | C] -- C:\Program Files\LucasArts
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.27 21:49:35 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.27 21:48:09 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.27 21:48:09 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.27 21:48:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.27 20:50:06 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.dat
[2012.01.27 20:30:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.27 20:03:59 | 000,000,512 | ---- | M] () -- C:\Users\Tuan\Desktop\MBR.dat
[2012.01.27 19:57:29 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Tuan\Desktop\aswMBR.exe
[2012.01.27 19:57:08 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Tuan\Desktop\TFC.exe
[2012.01.27 19:20:03 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTuan.job
[2012.01.27 18:12:14 | 000,140,496 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.01.27 18:12:08 | 000,280,736 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2012.01.27 17:41:21 | 000,280,736 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2012.01.25 18:32:41 | 000,010,240 | ---- | M] () -- C:\Users\Tuan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.24 22:56:19 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.01.24 22:37:05 | 004,388,468 | R--- | M] (Swearware) -- C:\Users\Tuan\Desktop\ComboFix.exe
[2012.01.24 22:06:49 | 000,128,195 | ---- | M] () -- C:\Users\Tuan\Desktop\Logfiles.zip
[2012.01.24 22:02:25 | 000,128,730 | ---- | M] () -- C:\Users\Tuan\Desktop\Avira Quarantäne.jpg
[2012.01.24 19:31:46 | 290,903,291 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.01.24 19:16:05 | 000,302,592 | ---- | M] () -- C:\Users\Tuan\Desktop\6cw5eej5.exe
[2012.01.24 19:02:15 | 000,000,000 | ---- | M] () -- C:\Users\Tuan\defogger_reenable
[2012.01.24 19:00:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Tuan\Desktop\OTL.exe
[2012.01.24 18:56:18 | 000,001,626 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.01.23 22:38:10 | 000,671,212 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.23 22:38:10 | 000,631,942 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.23 22:38:10 | 000,144,380 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.23 22:38:10 | 000,118,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.23 21:39:14 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.22 18:36:00 | 000,089,502 | ---- | M] () -- C:\Users\Tuan\Desktop\Unbenannt 2.odt
[2012.01.19 21:10:37 | 000,026,380 | ---- | M] () -- C:\Users\Tuan\Desktop\Unbenannt 1.odp
[2011.12.29 14:53:54 | 000,000,239 | ---- | M] () -- C:\user.js
 
========== Files Created - No Company Name ==========
 
[2012.01.27 20:03:59 | 000,000,512 | ---- | C] () -- C:\Users\Tuan\Desktop\MBR.dat
[2012.01.24 22:43:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.01.24 22:43:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.01.24 22:43:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.01.24 22:43:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.01.24 22:43:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.01.24 22:06:49 | 000,128,195 | ---- | C] () -- C:\Users\Tuan\Desktop\Logfiles.zip
[2012.01.24 22:02:25 | 000,128,730 | ---- | C] () -- C:\Users\Tuan\Desktop\Avira Quarantäne.jpg
[2012.01.24 19:31:46 | 290,903,291 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.01.24 19:16:05 | 000,302,592 | ---- | C] () -- C:\Users\Tuan\Desktop\6cw5eej5.exe
[2012.01.24 19:02:15 | 000,000,000 | ---- | C] () -- C:\Users\Tuan\defogger_reenable
[2012.01.24 18:56:18 | 000,001,626 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.01.23 23:29:17 | 000,010,240 | ---- | C] () -- C:\Users\Tuan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.23 22:38:15 | 001,950,518 | ---- | C] () -- C:\Users\Tuan\Desktop\Unbenannt 2.odp
[2012.01.23 22:38:15 | 000,214,847 | ---- | C] () -- C:\Users\Tuan\Desktop\Unbenannt 3.odt
[2012.01.23 22:38:15 | 000,039,563 | ---- | C] () -- C:\Users\Tuan\Desktop\Unbenannt.odt
[2012.01.23 21:39:14 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.19 22:03:37 | 000,089,502 | ---- | C] () -- C:\Users\Tuan\Desktop\Unbenannt 2.odt
[2012.01.17 18:21:18 | 000,026,380 | ---- | C] () -- C:\Users\Tuan\Desktop\Unbenannt 1.odp
[2011.12.29 14:53:54 | 000,000,239 | ---- | C] () -- C:\user.js
[2011.11.09 22:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll
[2011.11.09 22:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.10.25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OVDecoder.dll
[2011.10.21 20:30:14 | 000,243,168 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.07.03 14:49:14 | 000,001,449 | ---- | C] () -- C:\Windows\wininit.ini
[2011.07.03 14:48:24 | 000,040,960 | ---- | C] () -- C:\Windows\RAUNINST.EXE
[2011.06.28 17:57:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2011.06.03 16:01:06 | 000,000,479 | ---- | C] () -- C:\Windows\eReg.dat
[2010.10.19 17:18:44 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010.09.17 11:05:07 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010.07.13 15:07:33 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.02.24 18:37:15 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009.10.24 13:49:34 | 002,427,248 | ---- | C] () -- C:\Windows\System32\pbsvc_heroes.exe
[2009.10.08 18:08:47 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.10.08 18:08:36 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.08.01 16:56:42 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2009.06.21 19:24:31 | 000,023,888 | ---- | C] () -- C:\Users\Tuan\AppData\Roaming\UserTile.png
[2009.06.19 19:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009.06.19 14:55:24 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2009.05.27 17:55:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.05.27 17:55:34 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.05.18 14:12:39 | 000,000,760 | ---- | C] () -- C:\Users\Tuan\AppData\Roaming\setup_ldm.iss
[2009.04.11 21:34:35 | 000,000,067 | ---- | C] () -- C:\Windows\Backup.INI
[2009.04.01 20:25:09 | 000,000,000 | ---- | C] () -- C:\Users\Tuan\AppData\Roaming\wklnhst.dat
[2009.04.01 16:24:34 | 000,140,496 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.04.01 16:24:34 | 000,139,152 | ---- | C] () -- C:\Users\Tuan\AppData\Roaming\PnkBstrK.sys
[2009.04.01 16:24:00 | 000,280,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009.04.01 16:23:59 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc[1].exe
[2009.04.01 16:23:59 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009.03.24 16:32:15 | 000,055,205 | ---- | C] () -- C:\Windows\War3Unin.dat
[2009.03.23 18:54:07 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.10.28 01:21:06 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.10.28 01:21:06 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008.10.28 01:19:09 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.10.28 01:00:55 | 000,671,212 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.10.28 01:00:55 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.10.28 01:00:55 | 000,144,380 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.10.28 01:00:55 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.10.27 17:03:24 | 000,000,428 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat
[2008.10.27 16:52:00 | 000,260,107 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008.10.27 16:30:43 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008.10.27 16:30:43 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2008.10.27 16:25:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2007.04.10 22:46:48 | 000,015,498 | ---- | C] () -- C:\Windows\VX3000.ini
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,352,760 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,631,942 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,118,568 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2011.05.14 15:14:34 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\Ashampoo
[2011.07.03 19:35:32 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\DisneyInteractiveStudios
[2011.12.08 22:01:47 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\DVDVideoSoft
[2011.02.13 20:54:47 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.06 18:05:47 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\GetRightToGo
[2011.03.12 13:22:47 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\GrabPro
[2011.05.24 17:08:51 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\gtk-2.0
[2010.09.26 16:42:30 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\Image Zone Express
[2011.06.25 16:14:48 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\Leadertech
[2011.12.29 15:21:14 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\LucasArts
[2010.02.10 20:39:19 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\muvee Technologies
[2010.12.08 22:50:31 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\OpenOffice.org
[2011.12.31 23:57:58 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\Orbit
[2011.12.21 15:20:24 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\Origin
[2009.06.21 19:24:31 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\PeerNetworking
[2010.09.26 16:42:30 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\Printer Info Cache
[2010.11.01 19:25:49 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\ProgSense
[2011.12.23 22:49:14 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\Syke
[2009.04.01 20:25:11 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\Template
[2011.02.23 17:33:09 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\The Creative Assembly
[2011.06.28 20:46:28 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\Tunngle
[2009.11.27 18:16:14 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\Ubisoft
[2010.10.02 14:59:36 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\WinBatch
[2009.10.04 15:22:27 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\Windows Live Writer
[2009.09.28 12:59:51 | 000,000,000 | ---D | M] -- C:\Users\Tuan\AppData\Roaming\Zoner
[2012.01.27 20:50:09 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:BD36345D

< End of report >
--- --- ---
 

Themen zu Backdoor.Agent in HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell
anti-malware, appdata, avira, backdoor.agent, bild, entferne, falsch, gefunde, geschickt, hoffe, infizierte, local, malwarebytes, malwarebytes anti-malware, microsoft, ordner, programm, quarantäne, sicherheitshalber, software, thread, troja, trojaner-board, users, version, windows


« Windows wurde aus Sicherheitsgründen gesperrt..... | 50 Euro Gema Virus Frage zur Datenrettung »


Ähnliche Themen: Backdoor.Agent in HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell


  1. Malware in Hkcu/Microsoft/Windows/CurrentVersion/Run/BackgroundContainer
    Plagegeister aller Art und deren Bekämpfung - 14.12.2013 (18)
  2. 2 Trojaner gefunden HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Ytnaopy
    Log-Analyse und Auswertung - 24.05.2013 (56)
  3. Trojaner in HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run nicht dauerhaft löschbar
    Plagegeister aller Art und deren Bekämpfung - 27.02.2013 (32)
  4. Trojaner Trojan.Agent.Gen in HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Run¦1
    Log-Analyse und Auswertung - 02.02.2013 (24)
  5. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dll (Trojan.Agent) -> Daten: C:\Users\Papa\AppData\Roaming\dll\svchost.exe -> Keine Aktio
    Log-Analyse und Auswertung - 13.01.2013 (10)
  6. Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load
    Plagegeister aller Art und deren Bekämpfung - 27.10.2012 (31)
  7. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|12843 (Trojan.Agent) lässt sich nicht entfernen :(
    Plagegeister aller Art und deren Bekämpfung - 16.10.2012 (9)
  8. HKML\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run/14328 (Trojan.Agent) läßt sich nicht entfernen!
    Log-Analyse und Auswertung - 11.10.2012 (27)
  9. (Trojan.ZbotR.Gen) in HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{F94BBF9C-6512-2F70-5CF8-03CA54A5F682}
    Log-Analyse und Auswertung - 28.09.2012 (45)
  10. Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load
    Plagegeister aller Art und deren Bekämpfung - 26.08.2012 (10)
  11. HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom)
    Plagegeister aller Art und deren Bekämpfung - 20.07.2012 (10)
  12. R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    Log-Analyse und Auswertung - 22.04.2012 (3)
  13. Gleiches Problem wie Backdoor.Agent in HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Sh
    Plagegeister aller Art und deren Bekämpfung - 06.03.2012 (12)
  14. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{975670D0-7EFB-.....
    Plagegeister aller Art und deren Bekämpfung - 29.02.2012 (26)
  15. Malwarebytes kann Winlogon\Shell (Backdoor.Agent) nicht löschen
    Log-Analyse und Auswertung - 30.10.2011 (22)
  16. Virus/Rootki Problem:R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyS
    Plagegeister aller Art und deren Bekämpfung - 20.10.2010 (21)
  17. O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
    Mülltonne - 02.12.2008 (0)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Backdoor.Agent in HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell - Habe das Programm dreimal gestartet aber es schien nur die OTL.txt OTL Logfile: Code: Alles auswählen Aufklappen ATTFilter OTL logfile created on: 27.01.2012 21:53:27 - Run 2 OTL by OldTimer - Backdoor.Agent in HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell...
Archiv
Du betrachtest: Backdoor.Agent in HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19