Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Trojan.Sirefef und Riskware.Tool.HCK Problem

Trojan.Sirefef und Riskware.Tool.HCK Problem


Log-Analyse und Auswertung: Trojan.Sirefef und Riskware.Tool.HCK Problem

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 27.07.2012, 12:42   #1
HerrEpic
 
Trojan.Sirefef und Riskware.Tool.HCK Problem - Standard

Trojan.Sirefef und Riskware.Tool.HCK Problem


hallo liebe Community ich habe vor kurzem einen Vollscan mit MAM durchgeführt und folgenden Logbekommen:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.27.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
User :: USER-PC [Administrator]

27.07.2012 11:19:44
mbam-log-2012-07-27 (13-04-01).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 695616
Laufzeit: 1 Stunde(n), 43 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bösartig: () Gut: (regedit.exe "%1") -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\User\AppData\Local\{132915c5-305a-68a1-df57-d6a318455e4b}\n (Trojan.Sirefef) -> Keine Aktion durchgeführt.
C:\Users\User\Desktop\Aufnahme\SonyVegas11_ShadowVegasTV\ShadowVegasTV.exe (RiskWare.Tool.HCK) -> Keine Aktion durchgeführt.

(Ende)


Ich habe den Scan nur durchgeführt weil mir aufgefallen ist, dass mein PC aufeinmal irgendwelche Sounds zu unbestimmten Zeiten abgespielt hat, die ich überhaupt nicht gekannt habe.
Im Sound Mixer steht werend der Wiedergabe, dass die Sounds von einem Unbekannten Programm kommen.

Ich hoffe ihr könnt mir helfen dies zu entfernen.

Liebe Grüße
HerrEpic

Ok ich habe einen erneuten Suchlauf gestartet nachdem ich eine Datei *hust* von meinem PC gelöscht habe.
Jetzt zeigt er mir nurnoch den Trojan.Sirefef an. Hier der Code:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.27.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
User :: USER-PC [Administrator]

27.07.2012 16:17:11
mbam-log-2012-07-27 (16-17-11).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 695849
Laufzeit: 1 Stunde(n), 48 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\User\AppData\Local\{132915c5-305a-68a1-df57-d6a318455e4b}\n (Trojan.Sirefef) -> Löschen bei Neustart.

(Ende)
Ich bitte um hilfe bei der Beseitigung dieses Problems.

Alt 27.07.2012, 17:55   #2
HerrEpic
 
Trojan.Sirefef und Riskware.Tool.HCK Problem - Standard

Trojan.Sirefef und Riskware.Tool.HCK Problem


So tut mir leid ich habe jetzt auch mit OTL fertig gescannt.
Hier der log:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 27.07.2012 18:45:12 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\User\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 69,82% Memory free
8,00 Gb Paging File | 6,46 Gb Available in Paging File | 80,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 540,36 Gb Free Space | 58,02% Space Free | Partition Type: NTFS
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.27 18:43:47 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2012.07.02 12:33:28 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.06.27 12:29:26 | 001,996,200 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012.05.26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\User\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.05.15 21:34:40 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.03.14 17:38:14 | 000,913,752 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2012.03.06 18:39:50 | 000,574,296 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
PRC - [2012.02.23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012.02.10 06:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.02.09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.03.18 17:50:58 | 002,271,608 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010.11.30 15:06:28 | 000,253,952 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
PRC - [2009.12.31 15:13:52 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\User\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
PRC - [2009.08.27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009.08.19 09:53:30 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2009.08.19 09:52:28 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2006.08.11 12:15:36 | 000,200,704 | ---- | M] (InterVideo Inc.) -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009.08.18 15:54:22 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.06.23 11:12:11 | 000,074,184 | ---- | M] () [Unknown (-1) | Unknown] -- C:\Windows\SysNative\drivers\2179ce807bdaa4b8.sys -- (2179ce807bdaa4b8)
SRV - [2012.07.27 00:40:53 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.10 21:05:19 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai)
SRV - [2012.07.09 14:50:17 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.07.02 12:33:28 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.06.27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.06.25 15:52:52 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.15 21:34:40 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.14 17:38:14 | 000,913,752 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.02.10 06:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.02.09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.06.29 16:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011.03.18 17:50:58 | 002,271,608 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.08.27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.08.07 12:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2006.08.11 12:15:36 | 000,200,704 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.06.23 11:12:11 | 000,074,184 | ---- | M] () [Unknown (-1) | Unknown (-1) | Unknown] -- C:\Windows\SysNative\drivers\2179ce807bdaa4b8.sys -- (2179ce807bdaa4b8)
DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] () [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbflt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:49:51 | 000,146,432 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\RMCAST.sys -- (RMCAST)
DRV:64bit: - [2010.11.09 15:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010.04.20 16:54:56 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.04.20 16:54:55 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009.10.12 16:23:22 | 000,114,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009.09.10 16:31:56 | 000,117,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.09 04:00:00 | 000,055,280 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.25 14:34:54 | 000,151,592 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1029unic.sys -- (s1029unic)
DRV:64bit: - [2009.05.25 14:34:54 | 000,139,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1029mgmt.sys -- (s1029mgmt)
DRV:64bit: - [2009.05.25 14:34:54 | 000,135,208 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1029obex.sys -- (s1029obex)
DRV:64bit: - [2009.05.25 14:34:52 | 000,158,760 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1029mdm.sys -- (s1029mdm)
DRV:64bit: - [2009.05.25 14:34:52 | 000,034,856 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1029nd5.sys -- (s1029nd5)
DRV:64bit: - [2009.05.25 14:34:50 | 000,019,496 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1029mdfl.sys -- (s1029mdfl)
DRV:64bit: - [2009.05.25 14:34:48 | 000,116,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1029bus.sys -- (s1029bus)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.youtube.com/?gl=DE&hl=de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0F 2B 93 4E 98 E0 CA 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GFRE_de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
 
========== FireFox ==========
 
FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=hxxp://go.web.de/br/moz4_keyurl_search/?su="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.youtube.com/?gl=DE&hl=de"
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {c0332589-973e-411e-890a-d598fb853995}:1.3.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.67.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: c:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Creative Software Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2011.04.28 00:50:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.25 15:52:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.11 17:00:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.25 15:52:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.11 17:00:27 | 000,000,000 | ---D | M]
 
[2010.04.30 14:08:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2012.07.25 22:44:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xo224cex.default\extensions
[2012.07.16 17:35:37 | 000,000,000 | ---D | M] (Bigpoint Games DE Community Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xo224cex.default\extensions\{0e3dbc69-a682-48da-84e1-82c63a5d678e}
[2010.05.21 15:12:14 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xo224cex.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.06.25 00:01:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xo224cex.default\extensions\{c0332589-973e-411e-890a-d598fb853995}
[2012.05.20 22:40:17 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xo224cex.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012.07.11 21:23:36 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xo224cex.default\extensions\battlefieldheroespatcher@ea.com
[2011.09.27 14:16:04 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xo224cex.default\extensions\battlefieldplay4free@ea.com
[2012.03.02 14:57:33 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xo224cex.default\extensions\ffxtlbr@babylon.com
[2011.03.31 22:14:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xo224cex.default\extensions\nostmp
[2012.06.25 15:52:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.28 11:04:03 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.03.31 22:14:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2011.03.31 22:14:26 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de
[2012.02.28 17:01:15 | 000,258,567 | ---- | M] () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XO224CEX.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
[2012.03.28 20:11:56 | 000,685,019 | ---- | M] () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XO224CEX.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI
[2011.08.07 01:05:52 | 000,032,816 | ---- | M] () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XO224CEX.DEFAULT\EXTENSIONS\PAGEHACKER-NICO@NC.XPI
[2012.06.29 13:45:50 | 000,572,017 | ---- | M] () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XO224CEX.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012.06.25 15:52:52 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2007.11.21 11:48:26 | 000,098,304 | ---- | M] (Bitmanagement Software GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npBSContact.dll
[2012.06.25 15:52:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.25 15:52:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.25 15:52:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.25 15:52:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.25 15:52:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.25 15:52:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: BS Contact (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npBSContact.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Media Go Detector (Enabled) = c:\Program Files (x86)\Sony\Media Go\npmediago.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Skype Click to Call = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\User\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.120.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DF0E7C9-C46C-4F0A-8E3E-CE816AEB5038}: DhcpNameServer = 192.168.120.11
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{12f8aa1f-6431-11e0-b9ae-40618633ea85}\Shell - "" = AutoRun
O33 - MountPoints2\{12f8aa1f-6431-11e0-b9ae-40618633ea85}\Shell\AutoRun\command - "" = K:\Autorun.exe
O33 - MountPoints2\{1ae4878a-3db8-11e0-babb-40618633ea85}\Shell - "" = AutoRun
O33 - MountPoints2\{1ae4878a-3db8-11e0-babb-40618633ea85}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{6e947830-fc82-11df-bb84-40618633ea85}\Shell - "" = AutoRun
O33 - MountPoints2\{6e947830-fc82-11df-bb84-40618633ea85}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{6e94783b-fc82-11df-bb84-40618633ea85}\Shell - "" = AutoRun
O33 - MountPoints2\{6e94783b-fc82-11df-bb84-40618633ea85}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{a8307481-b9bf-11df-b923-40618633ea85}\Shell - "" = AutoRun
O33 - MountPoints2\{a8307481-b9bf-11df-b923-40618633ea85}\Shell\AutoRun\command - "" = K:\Startme.exe
O33 - MountPoints2\{fbce6124-4bdd-11e0-bebe-40618633ea85}\Shell - "" = AutoRun
O33 - MountPoints2\{fbce6124-4bdd-11e0-bebe-40618633ea85}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.27 18:43:26 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012.07.17 15:43:36 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\.minecraft
[2012.07.15 13:45:48 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2012.07.15 13:45:35 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.15 13:45:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.15 13:45:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.15 13:45:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.15 13:44:05 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\User\Desktop\mbam-setup-1.62.0.1300.exe
[2012.07.14 02:39:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.07.14 02:38:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012.07.13 09:46:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Risen2
[2012.07.11 20:58:03 | 000,000,000 | ---D | C] -- C:\srcds
[2012.07.11 20:57:14 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Garrys Server
[2012.07.05 22:18:52 | 000,000,000 | ---D | C] -- C:\Users\User\temp
[2012.06.29 13:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.06.29 13:45:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012.06.28 00:45:08 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\nb_rb
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.27 18:43:47 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012.07.27 18:42:53 | 000,000,000 | ---- | M] () -- C:\Users\User\defogger_reenable
[2012.07.27 18:42:39 | 000,050,477 | ---- | M] () -- C:\Users\User\Desktop\Defogger.exe
[2012.07.27 18:40:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.27 18:16:47 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.27 18:16:47 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.27 18:15:29 | 001,619,988 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.27 18:15:29 | 000,698,960 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.27 18:15:29 | 000,654,278 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.27 18:15:29 | 000,149,156 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.27 18:15:29 | 000,122,110 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.27 18:09:27 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.27 18:09:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.27 18:09:15 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.27 17:52:02 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.27 03:52:49 | 000,030,597 | ---- | M] () -- C:\Users\User\Desktop\484x235_Concept_Art_1.jpg
[2012.07.26 11:55:05 | 000,078,182 | ---- | M] () -- C:\Users\User\Desktop\normale Protesse.JPG
[2012.07.17 15:51:51 | 000,037,997 | ---- | M] () -- C:\Users\User\Desktop\X-RayMod_v024_WithoutFly.zip
[2012.07.15 13:45:35 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.15 13:44:47 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\User\Desktop\mbam-setup-1.62.0.1300.exe
[2012.07.12 16:39:57 | 000,000,221 | ---- | M] () -- C:\Users\User\Desktop\Risen 2.url
[2012.07.11 21:40:29 | 000,270,240 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.07.11 21:40:29 | 000,270,240 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.07.11 21:00:27 | 000,001,154 | ---- | M] () -- C:\Users\User\Desktop\server_download.bat
[2012.07.11 02:30:28 | 000,000,220 | ---- | M] () -- C:\Users\User\Desktop\Garrys Mod.url
[2012.07.09 21:36:50 | 000,000,222 | ---- | M] () -- C:\Users\User\Desktop\Terraria.url
[2012.07.09 21:36:37 | 000,018,539 | ---- | M] () -- C:\Users\User\Desktop\terraria Kaufen.JPG
[2012.07.06 16:21:19 | 000,099,890 | ---- | M] () -- C:\Users\User\Desktop\Granade Trompete.JPG
[2012.07.06 16:20:45 | 000,097,947 | ---- | M] () -- C:\Users\User\Desktop\Granade Posaune.JPG
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.30 17:56:44 | 000,001,799 | ---- | M] () -- C:\Users\User\Desktop\bfx_iStream2.zip
[2012.06.29 13:45:19 | 000,000,926 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2012.06.28 00:55:28 | 000,003,416 | ---- | M] () -- C:\Users\User\Desktop\md5.zip
[2012.06.28 00:44:53 | 000,001,318 | ---- | M] () -- C:\Users\User\Desktop\nb_rb.rar
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.27 18:42:53 | 000,000,000 | ---- | C] () -- C:\Users\User\defogger_reenable
[2012.07.27 18:42:38 | 000,050,477 | ---- | C] () -- C:\Users\User\Desktop\Defogger.exe
[2012.07.27 03:52:49 | 000,030,597 | ---- | C] () -- C:\Users\User\Desktop\484x235_Concept_Art_1.jpg
[2012.07.26 11:55:05 | 000,078,182 | ---- | C] () -- C:\Users\User\Desktop\normale Protesse.JPG
[2012.07.17 15:51:50 | 000,037,997 | ---- | C] () -- C:\Users\User\Desktop\X-RayMod_v024_WithoutFly.zip
[2012.07.15 14:04:49 | 000,023,040 | ---- | C] () -- C:\Windows\Installer\{132915c5-305a-68a1-df57-d6a318455e4b}\U\800000cb.@
[2012.07.15 13:45:35 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.12 16:39:57 | 000,000,221 | ---- | C] () -- C:\Users\User\Desktop\Risen 2.url
[2012.07.11 21:00:27 | 000,001,154 | ---- | C] () -- C:\Users\User\Desktop\server_download.bat
[2012.07.11 02:30:27 | 000,000,220 | ---- | C] () -- C:\Users\User\Desktop\Garrys Mod.url
[2012.07.09 21:36:50 | 000,000,222 | ---- | C] () -- C:\Users\User\Desktop\Terraria.url
[2012.07.09 21:36:36 | 000,018,539 | ---- | C] () -- C:\Users\User\Desktop\terraria Kaufen.JPG
[2012.07.06 16:21:19 | 000,099,890 | ---- | C] () -- C:\Users\User\Desktop\Granade Trompete.JPG
[2012.07.06 16:20:45 | 000,097,947 | ---- | C] () -- C:\Users\User\Desktop\Granade Posaune.JPG
[2012.07.05 22:18:48 | 000,001,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012.06.30 17:56:43 | 000,001,799 | ---- | C] () -- C:\Users\User\Desktop\bfx_iStream2.zip
[2012.06.29 13:45:19 | 000,000,926 | ---- | C] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2012.06.28 00:55:27 | 000,003,416 | ---- | C] () -- C:\Users\User\Desktop\md5.zip
[2012.06.28 00:44:53 | 000,001,318 | ---- | C] () -- C:\Users\User\Desktop\nb_rb.rar
[2012.06.22 23:45:17 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{132915c5-305a-68a1-df57-d6a318455e4b}\U\80000000.@
[2012.06.22 23:45:16 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{132915c5-305a-68a1-df57-d6a318455e4b}\U\00000001.@
[2012.06.04 17:41:34 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2012.05.28 14:42:37 | 000,014,602 | ---- | C] () -- C:\Users\User\.recently-used.xbel
[2012.03.02 15:30:31 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012.02.09 21:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.01.11 17:11:13 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{132915c5-305a-68a1-df57-d6a318455e4b}\@
[2012.01.11 17:11:13 | 000,002,048 | -HS- | C] () -- C:\Users\User\AppData\Local\{132915c5-305a-68a1-df57-d6a318455e4b}\@
[2012.01.09 19:59:13 | 000,210,456 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2012.01.09 19:59:13 | 000,206,360 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2012.01.09 19:59:13 | 000,198,168 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2012.01.09 19:59:13 | 000,198,168 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2012.01.09 19:59:13 | 000,194,072 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2012.01.09 19:59:13 | 000,026,136 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2011.12.21 16:16:00 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\{B4BBB027-CB2A-4161-8A40-00627FF5962F}
[2011.11.27 02:29:16 | 000,036,892 | ---- | C] () -- C:\Windows\SysWow64\bassmod.dll
[2011.10.09 23:29:39 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\mslck.dat
[2011.10.09 23:28:01 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\fldlckun.exe
[2011.09.29 18:34:50 | 000,157,540 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.07.15 17:57:45 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2011.06.15 22:37:20 | 001,641,574 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.03.09 21:39:57 | 001,350,807 | ---- | C] () -- C:\Users\User\AppData\Roaming\yanghack.exe
[2011.03.09 21:16:53 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Roaming\chrtmp
[2011.02.11 23:36:55 | 000,270,240 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.02.11 23:36:54 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.09.01 19:20:26 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.09.01 19:20:26 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7010.DAT
[2010.07.08 12:22:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.05.30 13:42:51 | 000,010,752 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== LOP Check ==========
 
[2012.07.26 23:21:07 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\.minecraft
[2011.11.05 20:53:05 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\.spoutcraft
[2012.04.30 19:27:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Audacity
[2012.03.02 14:57:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Babylon
[2011.09.25 01:34:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Blender Foundation
[2012.06.10 23:21:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Blockscape
[2011.09.02 02:18:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.04.24 18:05:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools Lite
[2012.02.24 00:52:18 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DVDVideoSoft
[2011.07.02 11:34:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.09.11 17:55:55 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DzSoft
[2012.07.27 04:17:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FileZilla
[2011.03.27 14:00:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FOG Downloader
[2012.03.02 14:57:32 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GetRightToGo
[2012.05.28 14:42:37 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\gtk-2.0
[2012.04.24 17:59:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\IObit
[2011.07.13 00:22:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\JavaEditor
[2011.09.29 17:31:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LolClient
[2012.03.08 00:36:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LOVE
[2011.03.11 17:00:50 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\MAGIX
[2011.05.12 23:34:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mumble
[2011.05.09 23:56:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Notepad++
[2010.08.29 13:01:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org
[2012.01.08 01:50:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Origin
[2012.04.24 13:57:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Publish Providers
[2012.04.20 18:58:13 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\pymclevel
[2011.12.10 06:04:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Sierra
[2012.04.24 14:06:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Sony
[2010.09.06 17:29:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Sony Setup
[2011.11.17 01:38:11 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010.11.30 15:06:26 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\T-Mobile
[2011.02.04 20:25:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\T-Mobile Internet Manager
[2011.11.29 23:30:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TeamViewer
[2012.06.21 22:36:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TS3Client
[2011.11.19 20:52:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ubisoft
[2012.01.09 20:00:57 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ulead Systems
[2012.07.27 18:09:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uTorrent
[2011.12.21 19:53:37 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Wireshark
[2012.07.13 09:37:59 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 164 bytes -> C:\Users\User\Desktop\chemie.jpeg:3or4kl4x13tuuug3Byamue2s4b

< End of report >
--- --- ---


Und die Extras im Anhang.
So jetzt dürfte ich alle Schritte erfüllt haben und hoffe, dass ihr mir helfen könnt.

PS: Ich habe ein 64-Bit-System...
__________________
Antwort

Themen zu Trojan.Sirefef und Riskware.Tool.HCK Problem
administrator, aktion, anti-malware, appdata, autostart, bestimmte, bestimmten, dateien, desktop, durchgeführt, explorer, folge, folgende, problem, programm, regedit.exe, registrierung, service, shell, sounds, speicher, unbekannte, version, überhaupt, zeiten


« BKA/ Bundespolizei Trojaner | Log Files nach Entfernen von Live Security Platinum - Was muss ich nun noch tun? »


Ähnliche Themen: Trojan.Sirefef und Riskware.Tool.HCK Problem


  1. riskware.tool.ck
    Plagegeister aller Art und deren Bekämpfung - 18.06.2013 (3)
  2. Bundespolizei: Troyaner (RiskWare.Tool.CK) entdeckt - was tun?
    Log-Analyse und Auswertung - 28.03.2013 (1)
  3. Riskware.Tool.CK
    Log-Analyse und Auswertung - 12.01.2013 (1)
  4. Trojan.Downloader, Riskware.tool.ck, exploit.drop.gs & Trojan.Ransom.SUGen in different locations!
    Plagegeister aller Art und deren Bekämpfung - 12.12.2012 (1)
  5. Trojan.Agent.CK + Riskware.Tool.CK + Riskware.Tool.CK+ PUP.Hacktool.Patcher gefunden :(
    Plagegeister aller Art und deren Bekämpfung - 23.11.2012 (1)
  6. RiskWare.Tool.CK
    Mülltonne - 30.10.2012 (0)
  7. RiskWare.Tool.HCK - Infektion?
    Log-Analyse und Auswertung - 14.09.2012 (7)
  8. C:\Windows\KMService.exe (RiskWare.Tool.CK) Infizierte Datei!
    Plagegeister aller Art und deren Bekämpfung - 02.08.2012 (8)
  9. Virusbefall (Trojan.Generic, Trojan.Sirefef, Win64.Sirefef, Win32.Atraps) bei windows installer & Co
    Plagegeister aller Art und deren Bekämpfung - 23.07.2012 (19)
  10. MBAM findet A0082384.exe (RiskWare.Tool.CK)
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (27)
  11. MBM Log, gefunden: RiskWare.Tool.HCK + RiskWare.Tool.CK + Trojan.Dropper (GMX ACC verschickt Spam)
    Log-Analyse und Auswertung - 11.07.2012 (3)
  12. Build2.exe (Backdoor.Bot) / Build.exe (RiskWare.Tool.CK)
    Log-Analyse und Auswertung - 26.06.2012 (1)
  13. Trojan:Win64/Sirefef.K, Sirefef.E und Sirefef.D kommen immer wieder
    Plagegeister aller Art und deren Bekämpfung - 04.01.2012 (1)
  14. RiskWare.Tool.CK in ..sytem volume information..
    Plagegeister aller Art und deren Bekämpfung - 08.09.2011 (0)
  15. Malwarebytes findet Trojan.Bancos + RiskWare.Tool.CK + Trojan.Agent.CK...
    Plagegeister aller Art und deren Bekämpfung - 18.05.2011 (7)
  16. Generic.Bot.H, Riskware.Tool.CK, Trojan.MSIL und andere Funde
    Plagegeister aller Art und deren Bekämpfung - 06.11.2010 (9)
  17. not-a-virus:RiskWare.Tool.Madtol.c
    Plagegeister aller Art und deren Bekämpfung - 30.04.2005 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojan.Sirefef und Riskware.Tool.HCK Problem - hallo liebe Community ich habe vor kurzem einen Vollscan mit MAM durchgeführt und folgenden Logbekommen: Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.27.04 Windows 7 Service Pack 1 x64 NTFS Internet - Trojan.Sirefef und Riskware.Tool.HCK Problem...
Archiv
Du betrachtest: Trojan.Sirefef und Riskware.Tool.HCK Problem auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55