IE mit Werbung + Trojaner

pony · 05.05.2010, 07:18

Hallo Leute,

ich habe folgendes Problem, bei mir startete immer wieder der Internet-Explorer mit Werbung. Daraufhin habe ich dann ein wenig recherchiert und auch einige Programme durchlaufen lassen. Unter anderem Avira, Malwarebytes (mit Entfernung der Infizierten Objekte) auch habe ich die von euch nahegelegten Protokolle angefertigt, die Ergebnisse findet ihr unten. Ich hoffe ihr könnt mir bei der Beseitigung des Problems helfen.

Meldungen von Avira:

In der Datei 'C:\Users\Michel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2EDALDHZ\porntubeshow_com[1].htm'
wurde ein Virus oder unerwünschtes Programm 'HEUR/HTML.Malware' [heuristic] gefunden.
Ausgeführte Aktion: Zugriff erlauben

In der Datei 'C:\Users\Michel\AppData\Local\Mozilla\Firefox\Profiles\5i92rh75.default\Cache\9FB5F160d01'
wurde ein Virus oder unerwünschtes Programm 'HEUR/HTML.Malware' [heuristic] gefunden.
Ausgeführte Aktion: Zugriff erlauben

pony · 05.05.2010, 07:19

-------------
Ab hier Malwarebytes
-------------

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4067

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

05.05.2010 07:14:54
mbam-log-2010-05-05 (07-14-54).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 128287
Laufzeit: 22 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\m5t8ql3yw3 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit (Trojan.Agent) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> No action taken.
C:\Users\***\AppData\Local\Temp\Odx.exe (Trojan.FakeAlert) -> No action taken.
C:\Users\***\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> No action taken.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.
C:\Users\***\AppData\Roaming\sdra64.exe (Trojan.Agent) -> No action taken.

pony · 05.05.2010, 07:20

Logfile of random's system information tool 1.06 (written by random/random)
Run by *** at 2010-05-05 07:56:33
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 10 GB (7%) free of 141 GB
Total RAM: 3061 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:56:40, on 05.05.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\ehome\ehtray.exe
C:\Programme\Tools\Vidalia Bundle\Privoxy\privoxy.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Programme\Tools\Mozilla Firefox\firefox.exe
C:\program files\avira\antivir desktop\avscan.exe
C:\Users\***\Desktop\RSIT.exe
C:\Program Files\trend micro\***.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = **://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_de&c=81&bd=Presario&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = **://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = **://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_de&c=81&bd=Presario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = **://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = **://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = **://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_de&c=81&bd=Presario&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SparweltGutscheinAlarm.Sparwelt_Gutschein_Tool - {10945114-b19f-4614-8450-b25e444a1020} - mscoree.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Common Files\Justdo\Jd2002.dll
O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Schreiben\Adobe\AcrobatWriter\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Schreiben\Adobe\AcrobatWriter\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Schreiben\Adobe\AcrobatReader\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Privoxy.lnk = C:\Programme\Tools\Vidalia Bundle\Privoxy\privoxy.exe
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\Justdo\IECatcher.DLL/FlashCatcher.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\Tools\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\Tools\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate1c9a8d68daab45c) (gupdate1c9a8d68daab45c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13218 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\Registry Reviver-***-Startup.job
C:\Windows\tasks\User_Feed_Synchronization-{D88CADF5-5AB4-444D-ABFB-6C59F4D69291}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-04-04 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10945114-b19f-4614-8450-b25e444a1020}]
SparweltGutscheinAlarm.Sparwelt_Gutschein_Tool - C:\Windows\system32\mscoree.dll [2009-03-30 278848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-07-16 1266992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-12-11 304736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
Winload Toolbar - C:\Program Files\Winload\tbWinl.dll [2010-03-17 2355224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-16 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E}]
SnapFlash Class - C:\Program Files\Common Files\Justdo\Jd2002.dll [2006-03-16 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AC41D38F-B56D-40AD-94E0-B493D130C959}]
CmjBrowserHelperObject Object - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll [2005-09-13 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Programme\Schreiben\Adobe\AcrobatWriter\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-21 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Nero Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-09-30 1182088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-16 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}]
Google Gears Helper - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll [2010-02-23 2121728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22 517688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-07-16 1266992]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Programme\Schreiben\Adobe\AcrobatWriter\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Nero Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-09-30 1182088]
{40c3cc16-7269-4b32-9531-17f2950fb06f} - Winload Toolbar - C:\Program Files\Winload\tbWinl.dll [2010-03-17 2355224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2007-08-28 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2007-08-28 154136]
"Persistence"=C:\Windows\system32\igfxpers.exe [2007-08-28 137752]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2007-06-30 159744]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-10-04 178712]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-12-06 202032]
"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2007-09-14 222504]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-10-04 480560]
"pdfSaver3"= []
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]
""= []
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-04-13 1135912]
"Adobe Reader Speed Launcher"=C:\Programme\Schreiben\Adobe\AcrobatReader\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Programme\Schreiben\Adobe\AcrobatReader\Reader\Reader_sl.exe [2010-04-04 36272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-05-29 149040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
C:\Users\***\Program Files\DNA\btdna.exe [2008-12-16 342848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Programme\Tools\DAEMON Tools Lite\daemon.exe -autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-06-02 80896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-08-23 455968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMReminderService]
C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe [2005-09-13 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe [2007-05-24 1226288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
C:\Programme\Tools\PDFDrucker\PDFPrintBackend.exe [2005-07-03 71080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
C:\Program Files\HP\QuickPlay\QPService.exe [2007-12-20 468264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\programme\tools\quicktime\qttask.exe [2008-06-29 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Real Desktop]
C:\Programme\Tools\Real Desktop\Real Desktop.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-16 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-12-11 185872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Programme\Player\Winamp\winampa.exe [2008-08-04 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
C:\PROGRA~3\SCHREI~1\Adobe\ACROBA~1\Distillr\acrotray.exe [2003-05-15 217193]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lotus Organizer EasyClip.lnk]
C:\lotus\organize\easyclip.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lotus QuickStart.lnk]
C:\lotus\wordpro\ltsstart.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lotus SmartCenter.lnk]
C:\lotus\smartctr\smartctr.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lotus SuiteStart.lnk]
C:\lotus\smartctr\suitest.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Nokia Nseries PC Suite.lnk]
C:\PROGRA~1\Nokia\NNPCS\RUNLAU~1.EXE [2008-03-14 933888]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Privoxy.lnk - C:\Programme\Tools\Vidalia Bundle\Privoxy\privoxy.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2007-08-20 200704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Programme\Internet\BitTorrent\bittorrent.exe"="C:\Programme\Internet\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ec951a9-7808-11dd-8220-001eec1b3b50}]
shell\AutoRun\command - EXPLORER.EXE
shell\explore\command - EXPLORER.EXE
shell\open\command - EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ec951b1-7808-11dd-8220-001eec1b3b50}]
shell\AutoRun\command - EXPLORER.EXE
shell\explore\command - EXPLORER.EXE
shell\open\command - EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4beb9edc-ff5c-11de-87ec-001eec1b3b50}]
shell\AutoRun\command - F:\installer.exe
shell\verb\command - F:\installer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{526c5d89-9b68-11dd-b7a1-001eec1b3b50}]
shell\AutoRun\command - H:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{597ccaad-5e7b-11de-97f8-001eec1b3b50}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73d012e9-fbac-11de-b300-001eec1b3b50}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7881956e-1496-11df-8a07-001eec1b3b50}]
shell\AutoRun\command - G:\autorun.exe AUTOSTART

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{adcc5731-6868-11dd-b75e-001eec1b3b50}]
shell\AutoRun\command - H:\umenu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b6a4b137-eb9a-11dd-a762-001eec1b3b50}]
shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c803421d-29f9-11df-88f3-001eec1b3b50}]
shell\AutoRun\command - I:\Toshiba\more4you.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e00cd069-6ec4-11dd-9bc9-001eec1b3b50}]
shell\AutoRun\command - RECYCLER\autorun.exe
shell\open\command - RECYCLER\autorun.exe

======List of files/folders created in the last 1 months======

2010-05-05 06:54:47 ----D---- C:\Program Files\trend micro
2010-05-05 06:54:43 ----D---- C:\rsit
2010-05-05 06:51:00 ----D---- C:\Users\***\AppData\Roaming\Malwarebytes
2010-05-05 06:50:33 ----D---- C:\ProgramData\Malwarebytes
2010-05-05 06:06:02 ----D---- C:\ProgramData\AOL
2010-05-05 04:22:28 ----D---- C:\Users\***\AppData\Roaming\HPAppData
2010-05-05 03:40:52 ----SHD---- C:\Users\***\AppData\Roaming\lowsec
2010-05-04 22:19:12 ----A---- C:\Windows\system32\telnet.exe
2010-04-27 23:05:48 ----SHD---- C:\Config.Msi
2010-04-22 02:24:23 ----A---- C:\Windows\avisplitter.ini
2010-04-22 02:16:24 ----A---- C:\Windows\system32\yv12vfw.dll
2010-04-22 02:16:22 ----A---- C:\Windows\system32\ff_vfw.dll.manifest
2010-04-22 02:05:54 ----D---- C:\Users\***\AppData\Roaming\SparweltGutschein
2010-04-22 02:05:53 ----D---- C:\Program Files\Conduit
2010-04-22 02:05:51 ----D---- C:\Program Files\Winload
2010-04-22 02:05:45 ----D---- C:\Program Files\Sparwelt.de
2010-04-22 01:56:57 ----D---- C:\Users\***\AppData\Roaming\DivX
2010-04-22 01:56:41 ----D---- C:\Program Files\Common Files\PX Storage Engine
2010-04-22 01:56:03 ----D---- C:\Program Files\Common Files\DivX Shared
2010-04-22 01:55:23 ----D---- C:\Program Files\DivX
2010-04-22 01:55:10 ----D---- C:\ProgramData\DivX
2010-04-21 13:32:06 ----D---- C:\Windows\system32\eu-ES
2010-04-21 13:32:06 ----D---- C:\Windows\system32\ca-ES
2010-04-21 13:32:04 ----D---- C:\Windows\system32\vi-VN
2010-04-21 12:22:22 ----D---- C:\Windows\system32\EventProviders
2010-04-21 01:54:19 ----D---- C:\.jagex_cache_32
2010-04-21 01:07:21 ----D---- C:\Users\***\AppData\Roaming\inkscape
2010-04-14 00:01:58 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-04-14 00:01:58 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-04-14 00:01:56 ----A---- C:\Windows\system32\vbscript.dll
2010-04-14 00:01:52 ----A---- C:\Windows\system32\iphlpsvc.dll
2010-04-13 19:40:17 ----A---- C:\Windows\system32\wintrust.dll
2010-04-13 19:40:16 ----A---- C:\Windows\system32\cabview.dll
2010-04-13 03:07:08 ----D---- C:\Users\***\AppData\Roaming\.purple
2010-04-13 03:05:34 ----D---- C:\Program Files\Common Files\GTK
2010-04-06 01:54:45 ----D---- C:\Users\***\AppData\Roaming\Avira

======List of files/folders modified in the last 1 months======

2010-05-05 07:56:29 ----D---- C:\Windows\Temp
2010-05-05 07:29:23 ----SHD---- C:\System Volume Information
2010-05-05 07:28:07 ----D---- C:\Windows\System32
2010-05-05 07:28:07 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-05-05 07:28:06 ----D---- C:\Windows\inf
2010-05-05 07:24:03 ----D---- C:\Windows\Tasks
2010-05-05 07:22:31 ----D---- C:\Windows\Prefetch
2010-05-05 07:20:14 ----D---- C:\Program Files\Common Files
2010-05-05 07:20:13 ----D---- C:\Windows
2010-05-05 07:20:06 ----D---- C:\Windows\system32\drivers
2010-05-05 07:20:06 ----D---- C:\Windows\ehome
2010-05-05 06:54:47 ----RD---- C:\Program Files
2010-05-05 06:50:34 ----HD---- C:\ProgramData
2010-05-05 06:44:50 ----D---- C:\Windows\Debug
2010-05-05 06:14:11 ----D---- C:\Windows\system32\Tasks
2010-05-05 06:06:21 ----SD---- C:\Windows\Downloaded Program Files
2010-05-05 04:16:48 ----SHD---- C:\Windows\Installer
2010-05-05 04:15:39 ----D---- C:\Program Files\HP
2010-05-05 03:41:11 ----D---- C:\Users\***\AppData\Roaming\BitTorrent
2010-05-05 03:00:27 ----D---- C:\Windows\winsxs
2010-05-04 22:17:23 ----D---- C:\Windows\system32\catroot
2010-05-04 22:12:07 ----D---- C:\ProgramData\Google Updater
2010-05-04 02:18:10 ----D---- C:\Users\***\AppData\Roaming\vlc
2010-05-04 00:51:31 ----D---- C:\Windows\rescache
2010-05-03 13:22:10 ----D---- C:\Windows\system32\en-US
2010-05-03 12:14:44 ----D---- C:\Users\***\AppData\Roaming\gtk-2.0
2010-04-30 13:00:07 ----D---- C:\Windows\system32\catroot2
2010-04-22 20:24:15 ----D---- C:\Windows\Microsoft.NET
2010-04-22 20:24:01 ----RSD---- C:\Windows\assembly
2010-04-22 02:23:20 ----D---- C:\ProgramData\VistaCodecs
2010-04-22 02:05:52 ----SD---- C:\Users\***\AppData\Roaming\Microsoft
2010-04-21 13:43:27 ----SHD---- C:\boot
2010-04-21 13:33:49 ----D---- C:\Program Files\Windows Mail
2010-04-21 13:33:49 ----D---- C:\Program Files\Windows Calendar
2010-04-21 13:33:48 ----D---- C:\Program Files\Movie Maker
2010-04-21 13:33:46 ----D---- C:\Program Files\Windows Sidebar
2010-04-21 13:33:46 ----D---- C:\Program Files\Windows Media Player
2010-04-21 13:33:46 ----D---- C:\Program Files\Internet Explorer
2010-04-21 13:33:45 ----D---- C:\Program Files\Windows Journal
2010-04-21 13:33:45 ----D---- C:\Program Files\Windows Collaboration
2010-04-21 13:33:43 ----D---- C:\Program Files\Windows Photo Gallery
2010-04-21 13:33:43 ----D---- C:\Program Files\Common Files\System
2010-04-21 13:33:38 ----D---- C:\Windows\servicing
2010-04-21 13:33:38 ----D---- C:\Program Files\Windows Defender
2010-04-21 13:33:26 ----D---- C:\Windows\IME
2010-04-21 13:33:25 ----D---- C:\Windows\system32\XPSViewer
2010-04-21 13:33:25 ----D---- C:\Windows\system32\sk-SK
2010-04-21 13:33:25 ----D---- C:\Windows\system32\lv-LV
2010-04-21 13:33:25 ----D---- C:\Windows\system32\ko-KR
2010-04-21 13:33:25 ----D---- C:\Windows\system32\hr-HR
2010-04-21 13:33:25 ----D---- C:\Windows\system32\et-EE
2010-04-21 13:33:25 ----D---- C:\Windows\system32\da-DK
2010-04-21 13:33:17 ----D---- C:\Windows\system32\oobe
2010-04-21 13:33:17 ----D---- C:\Windows\system32\migration
2010-04-21 13:33:17 ----D---- C:\Windows\system32\it-IT
2010-04-21 13:33:17 ----D---- C:\Windows\system32\el-GR
2010-04-21 13:33:17 ----D---- C:\Windows\system32\de-DE
2010-04-21 13:33:13 ----D---- C:\Windows\system32\ru-RU
2010-04-21 13:33:13 ----D---- C:\Windows\system32\fr-FR
2010-04-21 13:33:13 ----D---- C:\Windows\system32\AdvancedInstallers
2010-04-21 13:33:12 ----D---- C:\Windows\system32\sv-SE
2010-04-21 13:33:12 ----D---- C:\Windows\system32\SLUI
2010-04-21 13:33:12 ----D---- C:\Windows\system32\setup
2010-04-21 13:33:12 ----D---- C:\Windows\system32\pt-PT
2010-04-21 13:33:12 ----D---- C:\Windows\system32\hu-HU
2010-04-21 13:33:12 ----D---- C:\Windows\system32\he-IL
2010-04-21 13:33:12 ----D---- C:\Windows\system32\fi-FI
2010-04-21 13:33:12 ----D---- C:\Windows\system32\cs-CZ
2010-04-21 13:33:10 ----D---- C:\Windows\system32\zh-CN
2010-04-21 13:33:10 ----D---- C:\Windows\system32\sr-Latn-CS
2010-04-21 13:33:10 ----D---- C:\Windows\system32\manifeststore
2010-04-21 13:33:10 ----D---- C:\Windows\system32\en
2010-04-21 13:33:09 ----D---- C:\Windows\system32\zh-TW
2010-04-21 13:33:09 ----D---- C:\Windows\system32\uk-UA
2010-04-21 13:33:09 ----D---- C:\Windows\system32\sl-SI
2010-04-21 13:33:09 ----D---- C:\Windows\system32\ro-RO
2010-04-21 13:33:09 ----D---- C:\Windows\system32\pl-PL
2010-04-21 13:33:09 ----D---- C:\Windows\system32\ja-JP
2010-04-21 13:33:09 ----D---- C:\Windows\system32\es-ES
2010-04-21 13:33:09 ----D---- C:\Windows\system32\bg-BG
2010-04-21 13:33:07 ----D---- C:\Windows\system32\th-TH
2010-04-21 13:33:06 ----D---- C:\Windows\system32\tr-TR
2010-04-21 13:33:05 ----D---- C:\Windows\system32\wbem
2010-04-21 13:33:03 ----D---- C:\Windows\system32\nl-NL
2010-04-21 13:33:03 ----D---- C:\Windows\system32\nb-NO
2010-04-21 13:33:03 ----D---- C:\Windows\system32\lt-LT
2010-04-21 13:33:03 ----D---- C:\Windows\system32\ar-SA
2010-04-21 13:33:02 ----D---- C:\Windows\system32\pt-BR
2010-04-21 13:33:02 ----D---- C:\Windows\system32\migwiz
2010-04-21 13:32:12 ----RSD---- C:\Windows\Fonts
2010-04-21 13:32:12 ----D---- C:\Windows\AppPatch
2010-04-21 13:32:04 ----D---- C:\Windows\system32\Boot
2010-04-16 20:00:00 ----A---- C:\Windows\system32\ff_vfw.dll
2010-04-15 00:08:07 ----D---- C:\Program Files\Google
2010-04-14 03:06:15 ----D---- C:\ProgramData\Microsoft Help
2010-04-13 23:58:39 ----D---- C:\Users\***\AppData\Roaming\Skype
2010-04-13 23:58:07 ----D---- C:\Users\***\AppData\Roaming\skypePM
2010-04-13 03:05:21 ----D---- C:\Programme
2010-04-12 22:34:36 ----D---- C:\Users\***\AppData\Roaming\FileZilla
2010-04-06 19:52:54 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\Windows\System32\drivers\prodrv06.sys [2006-12-23 80768]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [2008-10-26 235840]
R2 ACEDRV07;ACEDRV07; \??\C:\Windows\system32\drivers\ACEDRV07.sys [2009-11-01 101376]
R2 acedrv10;acedrv10; \??\C:\Windows\system32\drivers\acedrv10.sys [2007-10-28 583128]
R2 acedrv11;acedrv11; \??\C:\Windows\system32\drivers\acedrv11.sys [2009-01-19 277544]
R2 acehlp10;acehlp10; \??\C:\Windows\system32\drivers\acehlp10.sys [2007-10-26 250560]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-10-01 281760]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-10-01 25888]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 8704]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-06-25 155136]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-05-31 735232]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-02-27 201728]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-19 16768]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-06-20 984064]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-06-20 208896]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-08-20 1790976]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2007-04-23 50176]
R3 RTSTOR;USB Mass Storage Device; C:\Windows\system32\drivers\RTSTOR.SYS [2007-09-28 56832]
R3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-21 9216]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-06-20 660480]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
S3 a870b01a;a870b01a; C:\Windows\system32\drivers\a870b01a.sys []
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-10-11 176640]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2007-11-29 16896]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2007-11-29 19328]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm60x32.sys [2006-11-02 429056]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 8064]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 usbser;Nokia USB Serial Port; C:\Windows\system32\DRIVERS\usbser.sys [2009-04-11 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 8064]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-21 267432]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-20 65536]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2007-12-06 144688]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-10-04 358936]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-08-23 79136]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2005-09-16 53248]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
R2 TeamViewer4;TeamViewer 4; C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe [2009-01-28 185640]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-07-10 386560]
S2 gupdate1c9a8d68daab45c;Google Update Service (gupdate1c9a8d68daab45c); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-19 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-21 183280]
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-06-05 654848]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-24 181800]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-05-24 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-29 271920]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe [2008-02-20 354816]

-----------------EOF-----------------

IE mit Werbung + Trojaner

Plagegeister aller Art und deren Bekämpfung: IE mit Werbung + Trojaner

IE mit Werbung + Trojaner

Protokoll Malwarebytes

IE mit Werbung + Trojaner

Ähnliche Themen: IE mit Werbung + Trojaner