Firefox öffnet Werbeseiten.Vorheriger Befall durch Antimalware Doctor.Still Infected?

kl210 · 03.05.2010, 19:08

Hallo,
hab gerade den lästigen Antimalware Doctor Kram aufm Pc gehabt. Habe ich durch Antimalware Malwarebytes sowie einer Kombi aus CCleaner, rKill und Avager in den Griff bekommen. Sprich wenn Windows startet wird mir keine "Sicherheitsrisiko" und "Sie sind mit wasweißichwas infiziert" Meldungen mehr ins Gesicht geworfen. Auch den Task Manager kann ich ohne Probleme nutzen.. Nur wenn ich Firefox nutze werde ich auf willkürliche Werbeseiten geschickt. Es öffnet sich ein neuer Tab und da werd ich dann mit Werbung "belästigt".
Hab ich jetzt noch einen Virus oder versucht Firefox mich zu nötigen?^^
Der HjackThis Log sowie der OTL Log folgen in den nächsten Posts.
Danke schonmal für Hilfe :-)

kl210 · 03.05.2010, 19:10

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:09:31, on 03.05.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\PowerForPhone\PowerForPhone.exe
C:\Windows\ASScrPro.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apvfb.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\explorer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ICQ7.0\ICQ.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\Hihhrtrt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix: 
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 8419 bytes

kl210 · 03.05.2010, 19:24

Code:

ATTFilter

OTL logfile created on: 03.05.2010 20:11:03 - Run 2
OTL by OldTimer - Version 3.2.4.0     Folder = C:\Users\Kai\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 60,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 93,16 Gb Total Space | 37,81 Gb Free Space | 40,59% Space Free | Partition Type: NTFS
Drive D: | 86,32 Gb Total Space | 19,83 Gb Free Space | 22,97% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 298,08 Gb Total Space | 50,83 Gb Free Space | 17,05% Space Free | Partition Type: exFAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: KAI-PC
Current User Name: Kai
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Kai\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
PRC - C:\Windows\ASScrPro.exe ()
PRC - C:\Program Files\P4G\BatteryLife.exe (ATK)
PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\ATK Hotkey\Hcontrol.exe ()
PRC - C:\Program Files\ATK Hotkey\WDC.exe ()
PRC - C:\Program Files\PowerForPhone\PowerForPhone.exe ()
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()
PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
PRC - C:\Program Files\ATK Hotkey\KBFiltr.exe ()
PRC - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
PRC - C:\Program Files\ATKOSD2\ATKOSD2.exe ()
PRC - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.)
PRC - C:\Program Files\Apoint2K\Apvfb.exe (ALPS)
PRC - C:\Program Files\Apoint2K\HidFind.exe (Alps Electric Co., Ltd.)
PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Kai\Downloads\OTL.exe (OldTimer Tools)
MOD - c:\progra~1\mcafee\sitead~1\saHook.dll (McAfee, Inc.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
SRV - (InCDsrv) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG)
SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
SRV - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (mfetdi2k) -- C:\Windows\System32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (MODEMCSA) -- C:\Windows\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys ()
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (incdrm) -- C:\Windows\System32\drivers\InCDRm.sys (Nero AG)
DRV - (InCDPass) -- C:\Windows\System32\drivers\InCDPass.sys (Nero AG)
DRV - (InCDfs) -- C:\Windows\System32\drivers\InCDfs.sys (Nero AG)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys ()
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUSTeK Computer
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ASUSTeK Computer
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010.04.21 15:42:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.28 13:16:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.04 13:59:10 | 000,000,000 | ---D | M]
 
[2010.03.20 01:36:27 | 000,000,000 | ---D | M] -- C:\Users\Kai\AppData\Roaming\mozilla\Extensions
[2010.05.03 12:44:34 | 000,000,000 | ---D | M] -- C:\Users\Kai\AppData\Roaming\mozilla\Firefox\Profiles\g13ghbpy.default\extensions
[2010.03.22 16:57:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kai\AppData\Roaming\mozilla\Firefox\Profiles\g13ghbpy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.03 12:44:34 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010.04.14 12:29:58 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2010.04.04 12:39:32 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.04.04 12:39:32 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.04.04 12:39:32 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.04.04 12:39:32 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.04.04 12:39:33 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.05.02 20:08:25 | 000,392,526 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	Proben bei 1000Gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 13578 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.05.02 20:01:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.05.02 20:01:24 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010.05.02 19:05:23 | 000,000,000 | ---D | C] -- C:\rsit
[2010.05.02 17:11:50 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.05.02 17:06:59 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010.05.02 17:06:23 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Kai\Desktop\ssssssstall202.exe
[2010.05.02 15:24:39 | 000,000,000 | ---D | C] -- C:\Users\Kai\AppData\Roaming\Malwarebytes
[2010.05.02 15:24:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.05.02 15:24:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.05.02 15:24:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.05.02 15:24:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.05.02 15:09:48 | 000,000,000 | ---D | C] -- C:\Users\Kai\AppData\Roaming\4A6E72645F7D18C973453FEE54B33152
[2010.05.02 15:00:07 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.05.02 14:38:37 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010.05.02 14:38:12 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010.05.02 14:36:40 | 000,000,000 | ---D | C] -- C:\ATI
[2010.05.02 14:17:57 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Cleaner Pro
[2010.05.02 13:31:13 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.05.02 03:06:17 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010.05.01 13:36:47 | 000,000,000 | ---D | C] -- C:\Users\Kai\AppData\Local\storage
[2010.04.29 19:11:25 | 000,000,000 | ---D | C] -- C:\Users\Kai\Documents\Mount&Blade Warband
[2010.04.26 21:01:33 | 000,000,000 | ---D | C] -- C:\Users\Kai\Documents\Red Alert 3
[2010.04.21 22:24:30 | 000,000,000 | ---D | C] -- C:\Users\Kai\AppData\Roaming\Red Alert 3
[2010.04.21 18:36:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2010.04.20 16:37:45 | 000,000,000 | ---D | C] -- C:\Users\Kai\Desktop\Handypics
[2010.04.20 16:22:12 | 000,000,000 | ---D | C] -- C:\Users\Kai\AppData\Roaming\PC Suite
[2010.04.20 16:22:11 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2010.04.20 16:22:11 | 000,000,000 | ---D | C] -- C:\Users\Kai\AppData\Roaming\Nokia
[2010.04.20 13:38:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite
[2010.04.20 13:38:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia
[2010.04.20 13:38:13 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010.04.20 13:38:11 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2010.04.20 13:36:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010.04.20 13:36:06 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010.04.20 13:30:05 | 000,091,136 | ---- | C] (Nokia) -- C:\Windows\System32\nmwcdcls.dll
[2010.04.20 13:30:04 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia
[2010.04.20 13:29:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations
[2010.04.20 13:14:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010.04.20 13:08:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010.04.19 12:28:21 | 000,000,000 | ---D | C] -- C:\Users\Kai\Documents\Settlers7
[2010.04.15 10:09:55 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.04.15 10:09:54 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.04.15 10:09:47 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.04.15 10:09:42 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010.04.15 10:09:41 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010.04.11 21:57:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\Unleashed
[2010.04.07 09:51:16 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2010.04.07 04:43:20 | 005,430,272 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys
[2010.04.07 04:16:30 | 000,143,360 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atiapfxx.exe
[2010.04.07 04:16:20 | 000,489,472 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\System32\aticfx32.dll
[2010.04.07 04:13:10 | 000,446,464 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\ATIDEMGX.dll
[2010.04.07 04:12:38 | 000,372,736 | ---- | C] (AMD) -- C:\Windows\System32\atieclxx.exe
[2010.04.07 04:12:12 | 014,321,664 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atioglxx.dll
[2010.04.07 04:12:04 | 000,172,032 | ---- | C] (AMD) -- C:\Windows\System32\atiesrxx.exe
[2010.04.07 04:10:48 | 000,159,744 | ---- | C] (AMD) -- C:\Windows\System32\atitmmxx.dll
[2010.04.07 04:10:32 | 000,356,352 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\atipdlxx.dll
[2010.04.07 04:10:18 | 000,278,528 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\Oemdspif.dll
[2010.04.07 04:10:10 | 000,011,776 | ---- | C] (AMD) -- C:\Windows\System32\atimuixx.dll
[2010.04.07 04:10:00 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\ati2edxx.dll
[2010.04.07 04:06:26 | 003,164,160 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\System32\atidxx32.dll
[2010.04.07 03:46:48 | 000,050,176 | ---- | C] (AMD) -- C:\Windows\System32\coinst.dll
[2010.04.07 03:40:46 | 003,707,904 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\System32\atiumdag.dll
[2010.04.07 03:40:18 | 000,053,248 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticalrt.dll
[2010.04.07 03:40:10 | 000,053,248 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticalcl.dll
[2010.04.07 03:38:12 | 004,018,176 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticaldd.dll
[2010.04.07 03:23:52 | 000,237,568 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atiadlxx.dll
[2010.04.07 03:23:40 | 000,012,800 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiglpxx.dll
[2010.04.07 03:23:32 | 000,014,848 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atigktxx.dll
[2010.04.07 03:23:10 | 000,157,184 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\drivers\atikmpag.sys
[2010.04.07 03:22:44 | 000,028,160 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiuxpag.dll
[2010.04.07 03:22:30 | 000,020,480 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiu9pag.dll
[2010.04.07 03:22:00 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\ati2erec.dll
[2010.04.07 03:21:08 | 002,983,936 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiumdva.dll
[2010.04.07 03:08:52 | 000,052,224 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atimpc32.dll
[2010.04.07 03:08:52 | 000,052,224 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\amdpcom32.dll
[2010.04.06 16:03:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2010.04.06 14:49:54 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2010.04.05 12:31:36 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010.04.04 14:01:15 | 000,000,000 | ---D | C] -- C:\Users\Kai\Desktop\Microsoft Office
[2010.04.04 14:00:17 | 000,032,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msonpmon.dll
[2010.04.04 13:59:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010.04.04 13:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010.04.04 13:57:44 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010.04.04 13:57:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010.04.04 13:54:12 | 000,000,000 | ---D | C] -- C:\Users\Kai\AppData\Local\Microsoft Help
[2010.04.04 13:54:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010.04.04 13:53:13 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010.04.04 13:38:36 | 000,000,000 | ---D | C] -- C:\Users\Kai\AppData\Local\Seven Zip
[2007.01.24 12:08:39 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
 
========== Files - Modified Within 30 Days ==========
 
[2010.05.03 20:17:50 | 005,505,024 | -HS- | M] () -- C:\Users\Kai\NTUSER.DAT
[2010.05.03 20:17:23 | 000,000,278 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010.05.03 20:16:57 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.03 20:14:58 | 000,823,808 | ---- | M] () -- C:\Windows\System32\drivers\mcdei.sys
[2010.05.03 19:50:21 | 000,002,379 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.05.03 18:55:12 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.03 18:55:12 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.03 16:21:02 | 000,000,213 | ---- | M] () -- C:\Users\Kai\Desktop\Left 4 Dead.url
[2010.05.03 14:57:39 | 000,001,742 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk
[2010.05.03 14:57:06 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2010.05.03 14:55:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.03 14:54:25 | 2146,656,256 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.03 13:03:26 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.05.03 13:03:15 | 000,524,288 | -HS- | M] () -- C:\Users\Kai\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.05.03 13:03:15 | 000,065,536 | -HS- | M] () -- C:\Users\Kai\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.05.03 13:02:58 | 001,631,965 | -H-- | M] () -- C:\Users\Kai\AppData\Local\IconCache.db
[2010.05.03 00:37:25 | 000,008,188 | ---- | M] () -- C:\Users\Kai\Desktop\hi
[2010.05.02 23:11:26 | 000,135,168 | ---- | M] () -- C:\zip.exe
[2010.05.02 23:11:26 | 000,000,574 | ---- | M] () -- C:\cleanup.bat
[2010.05.02 20:08:25 | 000,392,526 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.05.02 20:06:31 | 000,000,680 | ---- | M] () -- C:\Users\Kai\AppData\Local\d3d9caps.dat
[2010.05.02 20:01:28 | 000,001,062 | ---- | M] () -- C:\Users\Kai\Desktop\Spybot - Search & Destroy.lnk
[2010.05.02 17:11:55 | 000,001,677 | ---- | M] () -- C:\Users\Kai\Desktop\CCleaner.lnk
[2010.05.02 17:07:00 | 000,001,863 | ---- | M] () -- C:\Users\Kai\Desktop\HijackThis.lnk
[2010.05.02 17:06:30 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Kai\Desktop\ssssssstall202.exe
[2010.05.02 15:45:53 | 000,000,825 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.02 15:08:41 | 000,176,128 | ---- | M] () -- C:\Windows\Dgetaa.exe
[2010.05.01 14:27:51 | 000,000,841 | ---- | M] () -- C:\Users\Kai\Desktop\conviction_game.exe - Verknüpfung.lnk
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.25 21:12:14 | 734,181,376 | ---- | M] () -- C:\Users\Kai\Desktop\7a6f0033e545ad75b1c13394c90921e0.divx
[2010.04.24 12:56:32 | 003,746,448 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.04.24 12:56:32 | 000,662,084 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010.04.24 12:56:32 | 000,657,132 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2010.04.24 12:56:32 | 000,650,834 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2010.04.24 12:56:32 | 000,621,952 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.04.24 12:56:32 | 000,590,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.04.24 12:56:32 | 000,123,820 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2010.04.24 12:56:32 | 000,123,658 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.04.24 12:56:32 | 000,119,748 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2010.04.24 12:56:32 | 000,112,308 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2010.04.24 12:56:32 | 000,102,094 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.04.23 22:59:58 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.04.21 16:23:16 | 000,010,240 | ---- | M] () -- C:\Users\Kai\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.21 12:28:00 | 000,099,864 | ---- | M] () -- C:\Users\Kai\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.04.21 12:24:50 | 000,367,656 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.04.20 16:22:47 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
[2010.04.20 13:38:37 | 000,001,910 | ---- | M] () -- C:\Users\Public\Desktop\Nokia PC Suite.lnk
[2010.04.20 13:08:09 | 000,000,219 | ---- | M] () -- C:\Windows\win.ini
[2010.04.19 20:01:14 | 000,000,196 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100502-200825.backup
[2010.04.19 12:39:41 | 000,000,959 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts2111
[2010.04.16 10:48:10 | 000,013,577 | ---- | M] () -- C:\Users\Kai\Desktop\freePositionPlanStudy-810-11545735217-33-105-83-8363-128-115-109-93.pdf
[2010.04.14 12:29:58 | 000,385,536 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys
[2010.04.14 12:29:58 | 000,312,616 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfefirek.sys
[2010.04.14 12:29:58 | 000,160,720 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfewfpk.sys
[2010.04.14 12:29:58 | 000,152,320 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2010.04.14 12:29:58 | 000,095,568 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeapfk.sys
[2010.04.14 12:29:58 | 000,083,496 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
[2010.04.14 12:29:58 | 000,064,304 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfenlfk.sys
[2010.04.14 12:29:58 | 000,055,456 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\cfwids.sys
[2010.04.14 12:29:58 | 000,051,688 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2010.04.14 12:29:58 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeclnk.sys
[2010.04.07 04:43:20 | 005,430,272 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys
[2010.04.07 04:16:34 | 000,038,400 | ---- | M] () -- C:\Windows\System32\atiapfxx.blb
[2010.04.07 04:16:30 | 000,143,360 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atiapfxx.exe
[2010.04.07 04:16:20 | 000,489,472 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\System32\aticfx32.dll
[2010.04.07 04:13:10 | 000,446,464 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\ATIDEMGX.dll
[2010.04.07 04:12:38 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
[2010.04.07 04:12:12 | 014,321,664 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atioglxx.dll
[2010.04.07 04:12:04 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
[2010.04.07 04:10:48 | 000,159,744 | ---- | M] (AMD) -- C:\Windows\System32\atitmmxx.dll
[2010.04.07 04:10:32 | 000,356,352 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\System32\atipdlxx.dll
[2010.04.07 04:10:18 | 000,278,528 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\System32\Oemdspif.dll
[2010.04.07 04:10:10 | 000,011,776 | ---- | M] (AMD) -- C:\Windows\System32\atimuixx.dll
[2010.04.07 04:10:00 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\System32\ati2edxx.dll
[2010.04.07 04:06:26 | 003,164,160 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\System32\atidxx32.dll
[2010.04.07 03:46:48 | 000,050,176 | ---- | M] (AMD) -- C:\Windows\System32\coinst.dll
[2010.04.07 03:40:46 | 003,707,904 | ---- | M] (ATI Technologies Inc. ) -- C:\Windows\System32\atiumdag.dll
[2010.04.07 03:40:18 | 000,053,248 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticalrt.dll
[2010.04.07 03:40:10 | 000,053,248 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticalcl.dll
[2010.04.07 03:38:12 | 004,018,176 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticaldd.dll
[2010.04.07 03:23:52 | 000,237,568 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atiadlxx.dll
[2010.04.07 03:23:40 | 000,012,800 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiglpxx.dll
[2010.04.07 03:23:32 | 000,014,848 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atigktxx.dll
[2010.04.07 03:23:10 | 000,157,184 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\drivers\atikmpag.sys
[2010.04.07 03:22:44 | 000,028,160 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiuxpag.dll
[2010.04.07 03:22:30 | 000,020,480 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiu9pag.dll
[2010.04.07 03:22:08 | 000,023,040 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
[2010.04.07 03:22:00 | 000,053,248 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\ati2erec.dll
[2010.04.07 03:21:08 | 002,983,936 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiumdva.dll
[2010.04.07 03:20:44 | 000,515,424 | ---- | M] () -- C:\Windows\System32\atiumdva.cap
[2010.04.07 03:08:52 | 000,052,224 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atimpc32.dll
[2010.04.07 03:08:52 | 000,052,224 | ---- | M] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\amdpcom32.dll
[2010.04.04 14:09:27 | 000,009,521 | ---- | M] () -- C:\Users\Kai\Desktop\SollyGeld (Automatisch gespeichert).xlsx
 
========== Files Created - No Company Name ==========

[2010.05.03 00:37:25 | 000,008,188 | ---- | C] () -- C:\Users\Kai\Desktop\hi
[2010.05.02 23:12:35 | 2146,656,256 | -HS- | C] () -- C:\hiberfil.sys
[2010.05.02 23:11:26 | 000,135,168 | ---- | C] () -- C:\zip.exe
[2010.05.02 23:11:26 | 000,000,574 | ---- | C] () -- C:\cleanup.bat
[2010.05.02 20:01:28 | 000,001,062 | ---- | C] () -- C:\Users\Kai\Desktop\Spybot - Search & Destroy.lnk
[2010.05.02 17:11:55 | 000,001,677 | ---- | C] () -- C:\Users\Kai\Desktop\CCleaner.lnk
[2010.05.02 17:07:00 | 000,001,863 | ---- | C] () -- C:\Users\Kai\Desktop\HijackThis.lnk
[2010.05.02 15:24:32 | 000,000,825 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.02 15:10:31 | 000,823,808 | ---- | C] () -- C:\Windows\System32\drivers\mcdei.sys
[2010.05.02 15:09:34 | 000,176,128 | ---- | C] () -- C:\Windows\Dgetaa.exe
[2010.05.02 15:09:11 | 000,000,278 | -H-- | C] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010.05.02 14:33:57 | 000,000,680 | ---- | C] () -- C:\Users\Kai\AppData\Local\d3d9caps.dat
[2010.05.01 14:27:51 | 000,000,841 | ---- | C] () -- C:\Users\Kai\Desktop\conviction_game.exe - Verknüpfung.lnk
[2010.04.25 21:32:14 | 734,181,376 | ---- | C] () -- C:\Users\Kai\Desktop\7a6f0033e545ad75b1c13394c90921e0.divx
[2010.04.20 16:22:47 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
[2010.04.20 13:38:37 | 000,001,910 | ---- | C] () -- C:\Users\Public\Desktop\Nokia PC Suite.lnk
[2010.04.20 13:22:50 | 000,000,945 | ---- | C] () -- C:\Users\Kai\Desktop\Microsoft Office Outlook.lnk
[2010.04.16 10:48:10 | 000,013,577 | ---- | C] () -- C:\Users\Kai\Desktop\freePositionPlanStudy-810-11545735217-33-105-83-8363-128-115-109-93.pdf
[2010.04.13 00:06:51 | 000,090,807 | ---- | C] () -- C:\Users\Kai\Desktop\Gutachten kurz.docx
[2010.04.07 04:16:34 | 000,038,400 | ---- | C] () -- C:\Windows\System32\atiapfxx.blb
[2010.04.07 03:22:08 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010.04.07 03:20:44 | 000,515,424 | ---- | C] () -- C:\Windows\System32\atiumdva.cap
[2010.03.22 19:31:16 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010.03.21 22:13:01 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.03.20 15:55:53 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.07 20:51:34 | 000,178,430 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2007.08.21 11:29:28 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2007.08.21 10:57:10 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007.05.25 04:15:15 | 001,743,232 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007.05.09 09:16:39 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2007.04.18 11:06:01 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
< End of report >

kl210 · 04.05.2010, 09:44

weiß niemand rat?

TFDSC · 08.06.2010, 10:45

Hallo zusammen,

hab genau das selbe Problem wie "kl210". Bei mir war ebenfalls ein Befall mit dem AntiMalwareDoctor vorhanden, den ich wie ich eiglt. dachte erfolgreich löschen konnte.

Nun öffnen sich in meinem Firefox von selbst lästige Werbetabs bzw. Fenster. Hab MalawareBytes durchlaufen lassen und die unten gefundenen Sachen behoben, das Problem besteht aber weiterhin! Ist das Problem ein Root-Kit -> HKEY_CLASSES_ROOT! AntiVir findet nichts, ZoneAlarm kann's scheinbar auch nicht verhindern. SpyBotSearch&Destroy findet auch nichts! CCleancer hab ich ebenfalls schon drüberlaufen lassen.

Mein HiJackThis Log findet meiner Ansicht nach nichts ... :

HiJackthis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:45:43, on 08.06.2010
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Programme\Avira\AntiVir Desktop\sched.exe
D:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\System32\svchost.exe
D:\Programme\Avira\AntiVir Desktop\avgnt.exe
D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\Lavasoft\Ad-Aware\Ad-Aware.exe
D:\Programme\Fifa Master\Creation Master 10\CreationMaster10.exe
D:\Programme\Microsoft Office\Office10\EXCEL.EXE
D:\Programme\Mozilla Firefox\bfirefox.exe
D:\Programme\Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Programme\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O4 - HKLM\..\Run: [avgnt] "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] D:\Programme\Anti-Malware\mbamgui.exe /install /silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BBDBE6B1-7778-4FE1-B7F7-C717FE2D8521}: NameServer = 82.145.9.38 89.246.64.38
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 2845 bytes

--- --- ---

[B]Malaware Bytes 1.46 fand folgendes: [/B]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4176

07.06.2010 21:34:17
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 142581
Laufzeit: 21 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 6
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adgj.aghlp (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adgj.aghlp.1 (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Dokumente und Einstellungen\All Users\Desktop\AntiVir.lnk (Rogue.Antivir2010) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\All\Startmenü\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

Weiss jemand Rat?

TFDSC · 08.06.2010, 10:59

was mir gerade aufgefallen ist, MalawareBytes scheint meine AntiVir Desktop Verknüpfung (oder das was sich als solche ausgegeben hat) gelöscht zu haben -> C:\Dokumente und Einstellungen\All Users\Desktop\AntiVir.lnk (Rogue.Antivir2010) -> Quarantined and deleted successfully.

Viell. findet AntiVir nichts, weils selbst davon befallen bzw. hintergangen wurde?

Firefox öffnet Werbeseiten.Vorheriger Befall durch Antimalware Doctor.Still Infected?

Log-Analyse und Auswertung: Firefox öffnet Werbeseiten.Vorheriger Befall durch Antimalware Doctor.Still Infected?