Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
ad.yieldmanager.com - lästige, sporadische werbe popups + weiterleitung auf falsche webseiten

ad.yieldmanager.com - lästige, sporadische werbe popups + weiterleitung auf falsche webseiten


Plagegeister aller Art und deren Bekämpfung: ad.yieldmanager.com - lästige, sporadische werbe popups + weiterleitung auf falsche webseiten

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 17.08.2012, 17:35   #1
OrangeSix
 
ad.yieldmanager.com - lästige, sporadische werbe popups + weiterleitung auf falsche webseiten - Standard

ad.yieldmanager.com - lästige, sporadische werbe popups + weiterleitung auf falsche webseiten


Hallo liebes Trojaner-Board Team!

Mein Notebook wurde von einem lästigen Werbepopup infiziert, dass ich einfach nicht mehr von meinem Browser bzw. von meinem Rechner bekomme.

OS ist Win7 64x und als Webbrowser benutze ich nur den Internetexplorer. Das Popup tritt sporadisch beim Surfen auf. In der Statusleiste ist dann meist eine URL mit ad.yieldmanager.com, wenn man mit der Maus über das Werbefenster fährt. Selbst im Steambrowser poppt gelegentlich dieses Werbefenster auf.

Auch beim Öffnen von Links (zb. hier im Forum) werde ich manchmal auf gänzlich andere Seiten weitergeleitet.

Die Tipps und Lösungsvorschläge zur Beseitigung des ad.yieldmanagers.com, die ich bei der Googlerecherche gefunden habe, waren leider alle auf Dauer nicht erfolgreich.
(Cookies löschen, Scans mit Spybot oder Malewarebytes) - Die Programme habe ich nach erfolgloser Suche wieder deinstalliert.

Als Security Tool benutze ich Microsoft Security Essentials mit dem ich eigentlich sehr zufrieden bin. Vor einigen Wochen hatte MSE bei nem vollständigen Scanvorgang folgenden Trojaner entdeckt:
Exploit:Java/CVE-2012-1723.A

Ich weiß nicht ob das was mit dem yieldmanager zu tun hat, vermute es aber.

Nachstehend nun meine Scanergebnisse von OTL.

Ich würde mich sehr freuen, wenn ich mit Eurer Hilfe diesen nervigen ad.yieldmanager beseitigen kann. Jedenfalls schonmal herzlichen Dank für Eure Bemühungen im Voraus.

OTL.txt
Code:
ATTFilter
OTL logfile created on: 17.08.2012 17:32:28 - Run 1
OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\XMG Roccat\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
7,99 Gb Total Physical Memory | 6,10 Gb Available Physical Memory | 76,36% Memory free
15,98 Gb Paging File | 14,10 Gb Available in Paging File | 88,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457,85 Gb Total Space | 12,27 Gb Free Space | 2,68% Space Free | Partition Type: NTFS
 
Computer Name: XMGROCCAT-MYSN | User Name: XMG Roccat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.17 17:29:23 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\XMG Roccat\Downloads\OTL.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.28 17:31:30 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010.12.14 16:59:24 | 000,467,216 | ---- | M] () -- C:\Program Files (x86)\Verbatim GREEN BUTTON\GREEN BUTTON.exe
PRC - [2010.09.07 11:26:10 | 000,532,480 | ---- | M] (ROCCAT) -- C:\Program Files (x86)\ROCCAT\Pyra Mouse\PyraMonitor.exe
PRC - [2009.12.31 14:02:46 | 002,413,568 | ---- | M] () -- C:\Program Files (x86)\Hotkey\Hotkey.exe
PRC - [2009.11.23 21:16:36 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
PRC - [2009.08.18 17:14:00 | 000,077,824 | ---- | M] (mychat) -- C:\Program Files (x86)\BisonCam\BisonHK.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.13 18:11:48 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll
MOD - [2012.06.13 18:11:15 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.13 18:11:09 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.09 20:52:17 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012.05.09 20:29:57 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll
MOD - [2012.05.09 20:29:42 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.09 20:29:38 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2010.12.14 16:59:24 | 000,467,216 | ---- | M] () -- C:\Program Files (x86)\Verbatim GREEN BUTTON\GREEN BUTTON.exe
MOD - [2009.12.31 14:02:46 | 002,413,568 | ---- | M] () -- C:\Program Files (x86)\Hotkey\Hotkey.exe
MOD - [2009.10.31 08:13:52 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\ROCCAT\Pyra Mouse\hiddriver.dll
MOD - [2009.06.06 15:50:32 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Hotkey\Audiodll.dll
MOD - [2009.02.18 22:57:54 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\BisonCam\KBHookDLL.dll
MOD - [2006.12.11 03:10:26 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Hotkey\AudioControlDLL.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.08.15 15:00:24 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.08.01 10:00:27 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.28 17:31:30 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.11.23 21:16:36 | 000,031,744 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotkey\PowerBiosServer.exe -- (PowerBiosServer)
SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.08.04 00:43:02 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2012.08.04 00:43:02 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2012.04.18 19:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.08.04 02:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.01.21 15:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.01.21 15:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.12.01 18:58:40 | 000,153,712 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009.09.15 12:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009.08.27 13:33:48 | 000,292,400 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.08.21 10:52:09 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.08.20 03:05:06 | 000,239,616 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006.06.20 16:29:22 | 000,066,048 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2006.06.20 16:29:20 | 000,032,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmHidLo.sys -- (WmHidLo)
DRV:64bit: - [2006.06.20 16:29:20 | 000,032,128 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2006.06.20 16:29:20 | 000,009,088 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2006.06.20 16:29:18 | 000,017,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2012.05.02 21:01:54 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2009.12.18 11:58:52 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://syb.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {AFB33D89-0C89-4E86-8AE2-19D4CE945A0D}
IE:64bit: - HKLM\..\SearchScopes\{AFB33D89-0C89-4E86-8AE2-19D4CE945A0D}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSBTDF&pc=MASB&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {E6C15617-D104-49C1-8320-AE7337CD024A}
IE - HKLM\..\SearchScopes\{E6C15617-D104-49C1-8320-AE7337CD024A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSBTDF&pc=MASB&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://syb.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKCU\..\SearchScopes,DefaultScope = {1F995DB9-730A-4BBB-AE9A-5FC8132C79E6}
IE - HKCU\..\SearchScopes\{1F995DB9-730A-4BBB-AE9A-5FC8132C79E6}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( )
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.28 00:54:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.07.31 14:09:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.08.15 22:33:26 | 000,000,000 | ---D | M]
 
[2011.01.07 16:11:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XMG Roccat\AppData\Roaming\Mozilla\Extensions
[2011.01.07 16:11:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XMG Roccat\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.04.26 23:44:49 | 000,574,660 | ---- | M] () (No name found) -- C:\USERS\XMG ROCCAT\APPDATA\ROAMING\THUNDERBIRD\PROFILES\RX5VIIDH.DEFAULT\EXTENSIONS\TBTESTPILOT@LABS.MOZILLA.COM.XPI
 
O1 HOSTS File: ([2012.07.02 16:34:32 | 000,001,401 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 68.168.222.227 www.google-analytics.com.
O1 - Hosts: 68.168.222.227 ad-emea.doubleclick.net.
O1 - Hosts: 68.168.222.227 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ApplyEsf-eDocPrintPro] "C:\Program Files\Common Files\MAYComputer\eDocPrintPro\\ApplyEsf.exe" File not found
O4:64bit: - HKLM..\Run: [BisonHK] C:\Program Files (x86)\BisonCam\BisonHK.exe (mychat)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite\launcher.exe (UPEK Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [ROCCAT Pyra Mouse] C:\Program Files (x86)\ROCCAT\Pyra Mouse\PyraMonitor.EXE (ROCCAT)
O4 - HKCU..\Run: [Clock Widget (HTC Home)] C:\Program Files (x86)\HTC Home\Clock.exe ()
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O4 - Startup: C:\Users\XMG Roccat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verbatim GREEN BUTTON.lnk = C:\Program Files (x86)\Verbatim GREEN BUTTON\GREEN BUTTON.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab (IGDTester Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F39A8FC-70CE-4397-913A-CD76EF4A8ECD}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97D8FBE9-C1CB-489D-9B5B-9C89167297D0}: DhcpNameServer = 212.186.211.21 195.34.133.21
O18:64bit: - Protocol\Handler\fluxhttp - No CLSID value found
O18:64bit: - Protocol\Handler\fluxhttp\0x00000007 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\Protector Suite\psqlpwd.dll) - C:\Programme\Protector Suite\psqlpwd.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e974698f-dd83-11e1-b89c-874b5244dcd1}\Shell - "" = AutoRun
O33 - MountPoints2\{e974698f-dd83-11e1-b89c-874b5244dcd1}\Shell\AutoRun\command - "" = E:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.15 22:32:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.08.13 23:10:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xider
[2012.08.08 17:08:13 | 000,000,000 | ---D | C] -- C:\Users\XMG Roccat\AppData\Roaming\Malwarebytes
[2012.08.08 17:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.08 00:02:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.08.08 00:02:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012.08.04 01:12:14 | 000,000,000 | ---D | C] -- C:\Users\XMG Roccat\Podcasts
[2012.08.04 01:12:14 | 000,000,000 | ---D | C] -- C:\Users\XMG Roccat\Documents\Media Go
[2012.08.04 01:11:09 | 000,000,000 | ---D | C] -- C:\Users\XMG Roccat\AppData\Local\Sony
[2012.08.04 01:11:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sony Shared
[2012.08.04 01:09:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation
[2012.08.04 01:04:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Media Go Install
[2012.08.04 01:04:49 | 000,000,000 | ---D | C] -- C:\Users\XMG Roccat\AppData\Roaming\Sony
[2012.08.04 00:43:02 | 000,027,760 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggsemc.sys
[2012.08.04 00:43:02 | 000,014,448 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggflt.sys
[2012.08.04 00:42:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Ericsson
[2012.08.04 00:42:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Ericsson
[2012.08.04 00:41:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2012.08.04 00:41:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2012.08.04 00:41:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2012.07.23 21:24:15 | 000,000,000 | ---D | C] -- C:\Users\XMG Roccat\OilRush
[2012.07.23 11:21:57 | 000,000,000 | ---D | C] -- C:\Users\XMG Roccat\Documents\WB Games
[2012.07.23 11:21:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD
[2012.07.23 11:21:29 | 000,000,000 | ---D | C] -- C:\Users\XMG Roccat\AppData\Local\Downloaded Installations
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.17 17:28:23 | 000,000,000 | ---- | M] () -- C:\Users\XMG Roccat\defogger_reenable
[2012.08.17 17:22:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.17 17:00:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.17 15:52:14 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.08.17 15:52:14 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.08.17 15:09:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.17 14:41:09 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.17 14:41:09 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.17 14:34:21 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.17 14:33:41 | 2138,365,951 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.16 18:31:38 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.08.15 22:28:54 | 000,289,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.13 23:10:40 | 000,001,740 | ---- | M] () -- C:\Users\XMG Roccat\Desktop\Edna Bricht Aus.lnk
[2012.08.07 16:44:09 | 001,648,868 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.07 16:44:09 | 000,709,694 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.07 16:44:09 | 000,663,272 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.07 16:44:09 | 000,154,154 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.07 16:44:09 | 000,126,362 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.05 21:24:41 | 000,000,696 | ---- | M] () -- C:\Users\XMG Roccat\Desktop\Skariatain.lnk
[2012.08.04 01:11:34 | 000,001,885 | ---- | M] () -- C:\Users\Public\Desktop\Media Go.lnk
[2012.08.04 00:45:53 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggflt_01009.Wdf
[2012.08.04 00:45:52 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsemc_01009.Wdf
[2012.08.04 00:43:02 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggsemc.sys
[2012.08.04 00:43:02 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\SysNative\drivers\ggflt.sys
[2012.08.04 00:41:48 | 000,002,098 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2012.07.31 23:16:24 | 000,000,219 | ---- | M] () -- C:\Users\XMG Roccat\Desktop\Portal 2.url
[2012.07.31 14:05:22 | 000,080,285 | ---- | M] () -- C:\Users\XMG Roccat\Documents\smartbob tarifanmeldung.pdf
[2012.07.22 22:41:19 | 000,000,221 | ---- | M] () -- C:\Users\XMG Roccat\Desktop\Sonic Generations.url
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.17 17:28:23 | 000,000,000 | ---- | C] () -- C:\Users\XMG Roccat\defogger_reenable
[2012.08.13 23:10:40 | 000,001,740 | ---- | C] () -- C:\Users\XMG Roccat\Desktop\Edna Bricht Aus.lnk
[2012.08.04 01:11:34 | 000,001,885 | ---- | C] () -- C:\Users\Public\Desktop\Media Go.lnk
[2012.08.04 00:45:53 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggflt_01009.Wdf
[2012.08.04 00:45:52 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ggsemc_01009.Wdf
[2012.08.04 00:41:48 | 000,002,098 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2012.07.31 23:16:24 | 000,000,219 | ---- | C] () -- C:\Users\XMG Roccat\Desktop\Portal 2.url
[2012.07.31 14:05:21 | 000,080,285 | ---- | C] () -- C:\Users\XMG Roccat\Documents\smartbob tarifanmeldung.pdf
[2012.07.22 22:41:19 | 000,000,221 | ---- | C] () -- C:\Users\XMG Roccat\Desktop\Sonic Generations.url
[2012.02.29 14:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.12.17 12:25:50 | 000,000,098 | ---- | C] () -- C:\Users\XMG Roccat\AppData\Local\fusioncache.dat
[2011.12.12 15:54:31 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\pv_c3.exe
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.11 21:41:34 | 000,000,000 | ---- | C] () -- C:\Users\XMG Roccat\AppData\Local\{35CB5006-8C25-42F1-80BE-C45A4B7642D0}
[2011.07.23 22:34:38 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011.07.17 13:01:46 | 000,007,637 | ---- | C] () -- C:\Users\XMG Roccat\AppData\Local\resmon.resmoncfg
[2011.01.26 14:54:13 | 001,626,762 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.01.24 20:22:57 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.01.24 20:22:55 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011.01.24 20:22:55 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.01.07 16:11:12 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.12.17 22:49:38 | 000,022,907 | ---- | C] () -- C:\Users\XMG Roccat\AppData\Local\backup.vtp
[2010.12.15 19:41:08 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.12.15 18:02:44 | 000,021,504 | ---- | C] () -- C:\Windows\jestertb.dll
[2010.12.10 04:07:17 | 000,000,102 | ---- | C] () -- C:\Windows\OEM.ini
 
========== LOP Check ==========
 
[2011.09.14 17:02:32 | 000,000,000 | ---D | M] -- C:\Users\XMG Roccat\AppData\Roaming\.minecraft
[2012.03.01 14:12:56 | 000,000,000 | ---D | M] -- C:\Users\XMG Roccat\AppData\Roaming\2K Sports
[2011.01.17 17:26:41 | 000,000,000 | ---D | M] -- C:\Users\XMG Roccat\AppData\Roaming\Bioshock
[2011.05.20 20:07:57 | 000,000,000 | ---D | M] -- C:\Users\XMG Roccat\AppData\Roaming\Bioshock2
[2011.01.23 15:23:23 | 000,000,000 | ---D | M] -- C:\Users\XMG Roccat\AppData\Roaming\OpenOffice.org
[2012.08.11 13:11:44 | 000,000,000 | ---D | M] -- C:\Users\XMG Roccat\AppData\Roaming\Origin
[2010.12.17 22:49:37 | 000,000,000 | ---D | M] -- C:\Users\XMG Roccat\AppData\Roaming\Protector Suite
[2012.03.26 15:59:06 | 000,000,000 | ---D | M] -- C:\Users\XMG Roccat\AppData\Roaming\Rovio
[2012.08.04 01:12:13 | 000,000,000 | ---D | M] -- C:\Users\XMG Roccat\AppData\Roaming\Sony
[2012.07.03 21:03:40 | 000,000,000 | RHSD | M] -- C:\Users\XMG Roccat\AppData\Roaming\System32
[2011.06.04 20:14:33 | 000,000,000 | ---D | M] -- C:\Users\XMG Roccat\AppData\Roaming\TeamViewer
[2011.09.23 18:20:37 | 000,000,000 | ---D | M] -- C:\Users\XMG Roccat\AppData\Roaming\The Creative Assembly
[2011.01.07 16:11:12 | 000,000,000 | ---D | M] -- C:\Users\XMG Roccat\AppData\Roaming\Thunderbird
[2012.07.20 17:08:00 | 000,000,000 | ---D | M] -- C:\Users\XMG Roccat\AppData\Roaming\TS3Client
[2012.06.26 20:49:05 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

 

Themen zu ad.yieldmanager.com - lästige, sporadische werbe popups + weiterleitung auf falsche webseiten
adobe, beseitigung, browser, downloader, error, explorer, firefox, flash player, format, google earth, helper, home, infiziert, launch, logfile, maus, nvidia, nvidia update, object, plug-in, popups, realtek, registry, security, seiten, software, trojaner-board, werbe popups, werbefenster, windows


« Zeroaccess Trojaner in c:\windows\sassembly\GAC\Desktop.ini | Neue Version von Trojaner? »


Ähnliche Themen: ad.yieldmanager.com - lästige, sporadische werbe popups + weiterleitung auf falsche webseiten


  1. Falsche Weiterleitung, falsche Werbung, Laptop langsam, fährt lange runter
    Log-Analyse und Auswertung - 17.07.2015 (94)
  2. Sporadische Weiterleitung im Browser?
    Plagegeister aller Art und deren Bekämpfung - 15.06.2014 (5)
  3. Sporadische Weiterleitung im Browser?
    Mülltonne - 14.06.2014 (0)
  4. Sporadische Adf.ly-Popups, Verdacht auf Rootkit
    Log-Analyse und Auswertung - 16.06.2013 (28)
  5. Lästige POP UP Fenster und Weiterleitung
    Plagegeister aller Art und deren Bekämpfung - 27.03.2013 (18)
  6. ad.yieldmanager erzeugt nervige Werbebanner/Popups
    Plagegeister aller Art und deren Bekämpfung - 10.03.2013 (9)
  7. ad.yieldmanager - popups
    Plagegeister aller Art und deren Bekämpfung - 23.01.2013 (37)
  8. Falsche Weiterleitung von Links und Werbe-Popup unten Rechts
    Plagegeister aller Art und deren Bekämpfung - 13.11.2012 (36)
  9. Falsche Weiterleitung von Links und Werbe-Popup unten Rechts Falsche Weiterleitung von Links und Werbe-Popup unten Rechts
    Mülltonne - 03.09.2012 (1)
  10. Einloggen unmöglich Weiterleitung auf falsche Webseiten
    Plagegeister aller Art und deren Bekämpfung - 11.11.2011 (3)
  11. Lästige IPhone - Internetexplorer öffnet unkontrolliert Webseiten - HILFE !!!
    Plagegeister aller Art und deren Bekämpfung - 15.06.2011 (15)
  12. Lästige Popups in Firefox und IE
    Log-Analyse und Auswertung - 25.12.2008 (6)
  13. lästige advertisement popups
    Mülltonne - 16.11.2008 (1)
  14. Lästige Popups
    Plagegeister aller Art und deren Bekämpfung - 19.07.2008 (1)
  15. Lästige Popups
    Plagegeister aller Art und deren Bekämpfung - 11.01.2007 (10)
  16. Lästige Popups
    Log-Analyse und Auswertung - 06.09.2006 (4)
  17. Extrem lästige Popups
    Log-Analyse und Auswertung - 31.10.2005 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema ad.yieldmanager.com - lästige, sporadische werbe popups + weiterleitung auf falsche webseiten - Hallo liebes Trojaner-Board Team! Mein Notebook wurde von einem lästigen Werbepopup infiziert, dass ich einfach nicht mehr von meinem Browser bzw. von meinem Rechner bekomme. OS ist Win7 64x und - ad.yieldmanager.com - lästige, sporadische werbe popups + weiterleitung auf falsche webseiten...

Alle Zeitangaben in WEZ +1. Es ist jetzt 01:05 Uhr.

Kontakt - Trojaner-Board - Archiv - Datenschutzerklärung - Nach oben

Copyright ©2000-2025, Trojaner-Board
Archiv
Du betrachtest: ad.yieldmanager.com - lästige, sporadische werbe popups + weiterleitung auf falsche webseiten auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19