Hijack auswertung

m4sterm1nd · 22.12.2010, 01:10

Hallo liebe Community,

ich bin der meinung, ich habe mir iwas eingefangen :-) (Trojaner, Keylogger soas in der art)

mein Freund Google meinte zu mir ich soll ma hijack laufen lassen und auswerten lassen, nur hab ich davon nicht wirklich viel ahnung und hoffe doch ganz dolle, dass ihr mir iwie helfen könnt.

Mein Hijack Log als Post:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:57:32, on 21.12.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\BitTorrent\BitTorrent.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2849855
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
R3 - URLSearchHook: BittorrentBar_DE Toolbar - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\tbBitt.dll
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.1.0\PriceGongIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll
O2 - BHO: BittorrentBar_DE Toolbar - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\tbBitt.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsof1.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsof1.dll
O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: BittorrentBar_DE Toolbar - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\tbBitt.dll
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\RunOnce: [MyWebSearch bar Uninstall] rundll32 C:\PROGRA~2\Uninstall Fun Web Products.dll,O -2
O4 - HKCU\..\Run: [IESearch] regsvr32 /s /u "C:\Users\Lars\AppData\Local\IE\IESearch.dll"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: CurseClientStartup.ccip
O8 - Extra context menu item: Free YouTube Download - C:\Users\Lars\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Lars\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\PROGRA~2\COMMON~1\MicroWorld\Agent\MWASER.EXE
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11932 bytes

Hoffe doch ihr könnt mir iwie helfen,

Liebe Grüße L***

cosinus · 22.12.2010, 21:09

Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

m4sterm1nd · 22.12.2010, 22:31

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 22.12.2010 22:26:00 - Run 1
OTL by OldTimer - Version 3.2.18.0     Folder = J:\
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 57,00% Memory free
12,00 Gb Paging File | 9,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 816,11 Gb Total Space | 179,55 Gb Free Space | 22,00% Space Free | Partition Type: NTFS
Drive D: | 14,52 Gb Total Space | 1,99 Gb Free Space | 13,74% Space Free | Partition Type: NTFS
Drive E: | 509,90 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive J: | 100,88 Gb Total Space | 3,23 Gb Free Space | 3,20% Space Free | Partition Type: NTFS
 
Computer Name: LARS-PC | User Name: Lars | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - J:\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
PRC - C:\läppi\musik\Carl Cox\Wow.exe (Blizzard Entertainment)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe (TeamSpeak Systems GmbH)
PRC - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - C:\PROGRA~2\COMMON~1\MicroWorld\Agent\MWASER.EXE (MicroWorld Technologies Inc.)
PRC - C:\PROGRA~2\COMMON~1\MicroWorld\Agent\MWAgent.exe (MicroWorld Technologies Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
 
 
========== Modules (SafeList) ==========
 
MOD - J:\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (MWAgent) -- C:\PROGRA~2\COMMON~1\MicroWorld\Agent\MWASER.EXE (MicroWorld Technologies Inc.)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (econceal) -- C:\Windows\SysNative\DRIVERS\econceal.sys File not found
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (bdfsfltr) -- C:\Windows\SysNative\drivers\bdfsfltr.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\drivers\Rtlh64.sys (Realtek Corporation                                            )
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsof1.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2849855
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaultthis.engineName: "BittorrentBar_DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849855&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "BittorrentBar_DE Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2849855&SearchSource=13"
FF - prefs.js..extensions.enabledItems: NPDyyno@dyyno.com:1.0.0.24
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.1.0.2
FF - prefs.js..extensions.enabledItems: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.1.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "  "
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Program Files (x86)\AutocompletePro\support@predictad.com File not found
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.11.01 12:20:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.10 11:01:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.10 11:01:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.12.10 11:01:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.01.28 03:46:04 | 000,000,000 | ---D | M]
 
[2010.08.22 20:02:51 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\mozilla\Extensions
[2010.08.22 20:02:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lars\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.12.22 01:09:02 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\mozilla\Firefox\Profiles\sqvnbnsx.default\extensions
[2010.05.22 15:29:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Lars\AppData\Roaming\mozilla\Firefox\Profiles\sqvnbnsx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.03.05 23:07:27 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Lars\AppData\Roaming\mozilla\Firefox\Profiles\sqvnbnsx.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.10.11 15:00:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lars\AppData\Roaming\mozilla\Firefox\Profiles\sqvnbnsx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.05.22 17:30:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lars\AppData\Roaming\mozilla\Firefox\Profiles\sqvnbnsx.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.11.11 16:10:50 | 000,000,000 | ---D | M] (uTorrentBar Toolbar) -- C:\Users\Lars\AppData\Roaming\mozilla\Firefox\Profiles\sqvnbnsx.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2010.03.22 21:21:29 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\Lars\AppData\Roaming\mozilla\Firefox\Profiles\sqvnbnsx.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2010.05.22 17:30:39 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Lars\AppData\Roaming\mozilla\Firefox\Profiles\sqvnbnsx.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010.12.02 14:31:27 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Lars\AppData\Roaming\mozilla\Firefox\Profiles\sqvnbnsx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010.12.08 16:21:53 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\mozilla\Firefox\Profiles\sqvnbnsx.default\extensions\engine@conduit.com
[2010.01.28 03:59:03 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\mozilla\Firefox\Profiles\sqvnbnsx.default\extensions\NPDyyno@dyyno.com
[2010.11.07 14:45:46 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\mozilla\Firefox\Profiles\sqvnbnsx.default\extensions\toolbar@ask.com
[2009.07.20 10:04:42 | 000,000,682 | ---- | M] () -- C:\Users\Lars\AppData\Roaming\Mozilla\FireFox\Profiles\sqvnbnsx.default\searchplugins\ask.xml
[2010.12.08 16:21:55 | 000,000,935 | ---- | M] () -- C:\Users\Lars\AppData\Roaming\Mozilla\FireFox\Profiles\sqvnbnsx.default\searchplugins\conduit.xml
[2010.03.21 15:47:09 | 000,002,055 | ---- | M] () -- C:\Users\Lars\AppData\Roaming\Mozilla\FireFox\Profiles\sqvnbnsx.default\searchplugins\daemon-search.xml
[2010.12.20 09:19:46 | 000,001,056 | ---- | M] () -- C:\Users\Lars\AppData\Roaming\Mozilla\FireFox\Profiles\sqvnbnsx.default\searchplugins\icqplugin.xml
[2009.04.02 17:02:23 | 000,001,632 | ---- | M] () -- C:\Users\Lars\AppData\Roaming\Mozilla\FireFox\Profiles\sqvnbnsx.default\searchplugins\live-search.xml
[2010.12.02 14:31:23 | 000,003,915 | ---- | M] () -- C:\Users\Lars\AppData\Roaming\Mozilla\FireFox\Profiles\sqvnbnsx.default\searchplugins\sweetim.xml
[2010.10.11 15:00:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.01.28 03:46:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.02.11 20:16:16 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npbittorrent.dll
[2010.08.11 06:17:03 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.08.11 06:17:03 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.08.11 06:17:03 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.08.11 06:17:03 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.08.11 06:17:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsof1.dll (Conduit Ltd.)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsof1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files (x86)\softonic-de3\tbsof1.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [IESearch]  File not found
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Lars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Lars\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Lars\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Lars\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Lars\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\awave.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\awave.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ba73ec74-35ee-11df-a8e0-00248c07c3ed}\Shell - "" = AutoRun
O33 - MountPoints2\{ba73ec74-35ee-11df-a8e0-00248c07c3ed}\Shell\AutoRun\command - "" = K:\DisneySplash.exe -- File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.22 00:50:54 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Roaming\Malwarebytes
[2010.12.22 00:50:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.12.22 00:50:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.12.22 00:50:35 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.12.22 00:50:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.12.22 00:50:07 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\MFtools
[2010.12.21 23:56:41 | 000,775,696 | ---- | C] (MyWebSearch.com) -- C:\Program Files (x86)\Uninstall Fun Web Products.dll
[2010.12.21 23:42:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010.12.15 15:50:29 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
[2010.12.15 15:50:29 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
[2010.12.15 15:50:29 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2010.12.15 15:50:29 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
[2010.12.15 15:50:29 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2010.12.15 15:50:29 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2010.12.15 15:50:29 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe
[2010.12.15 15:50:29 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe
[2010.12.15 15:50:24 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010.12.15 15:50:24 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010.12.15 15:50:23 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010.12.15 15:50:23 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010.12.15 15:50:16 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2010.12.15 15:50:16 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2010.12.15 15:50:15 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2010.12.15 15:50:04 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010.12.15 15:50:04 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010.12.15 15:50:04 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010.12.15 15:50:04 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010.12.15 15:50:04 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.12.15 15:50:04 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010.12.15 15:50:04 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.12.15 15:50:04 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.12.15 15:50:04 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010.12.15 15:50:04 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010.12.15 15:50:04 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010.12.15 15:50:04 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010.12.15 15:50:04 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010.12.15 15:50:04 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010.12.12 14:09:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyWebSearch
[2010.12.12 14:09:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FunWebProducts
[2010.12.08 16:21:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BittorrentBar_DE
[2010.12.05 18:18:49 | 000,000,000 | ---D | C] -- C:\Users\Lars\Documents\Disney Interactive Studios
[2010.12.05 18:05:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Disney Interactive Studios
[2010.12.02 14:51:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010.12.02 14:31:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PriceGong
[2010.12.02 14:31:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SweetIM
[2010.12.02 14:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM
[2010.11.30 17:19:00 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2010.11.30 17:18:59 | 000,036,160 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2010.11.30 17:18:59 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2010.11.30 17:18:59 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2010.11.30 17:18:59 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2010.11.30 17:18:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2011
[2010.11.30 17:16:50 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2010.11.29 20:42:41 | 000,000,000 | ---D | C] -- C:\Windows\rundll16.exe
[2010.11.29 20:42:41 | 000,000,000 | ---D | C] -- C:\Windows\logo1_.exe
[2010.11.27 14:24:03 | 000,000,000 | ---D | C] -- C:\FBackup
[2010.11.27 14:23:17 | 000,000,000 | ---D | C] -- C:\Windows\VDLL.DLL
[2010.11.27 14:23:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\runouce.exe
[2010.11.27 14:23:17 | 000,000,000 | ---D | C] -- C:\Windows\RUNDL132.EXE
[2010.11.27 14:23:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\regsvr.exe
[2010.11.27 14:23:17 | 000,000,000 | ---D | C] -- C:\Windows\logo_1.exe
[2010.11.27 14:15:32 | 000,003,221 | R--- | C] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\drivers\freadmem.sys
[2010.11.27 13:49:14 | 000,632,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr80.dll
[2010.11.27 13:49:13 | 000,554,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp80.dll
[2010.11.27 13:49:01 | 000,318,472 | ---- | C] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Windows\SysNative\drivers\bdfsfltr.sys
[2010.11.27 13:48:29 | 001,483,784 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\SysNative\contfilt.dll
[2010.11.27 13:48:29 | 000,634,376 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\SysNative\mwtsp.dll
[2010.11.27 13:48:29 | 000,214,536 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\SysNative\mwnsp.dll
[2010.11.27 13:48:04 | 000,000,000 | ---D | C] -- C:\Users\Lars\Application Data
[2010.11.27 13:47:22 | 000,000,000 | ---D | C] -- C:\ProgramData\OEM Links
[2010.11.27 13:47:17 | 000,000,000 | ---D | C] -- C:\ProgramData\MicroWorld
[2010.11.27 13:41:20 | 000,145,928 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\killproc.exe
[2010.11.27 13:41:20 | 000,125,448 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\BACKUP.10647471.killproc.exe
[2010.11.27 13:41:01 | 001,483,784 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\contf64.dll
[2010.11.27 13:41:01 | 001,161,736 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\contfilt.dll
[2010.11.27 13:41:01 | 000,214,536 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\mwnsp64.dll
[2010.11.27 13:41:01 | 000,178,696 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\mwnsp.dll
[2010.11.27 13:41:00 | 000,013,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sporder.dll
[2010.11.27 13:41:00 | 000,013,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\sporder.dll
[2010.11.27 13:41:00 | 000,013,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\sporder.exe
[2010.11.27 13:40:59 | 000,634,376 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\mwtsp64.dll
[2010.11.27 13:40:59 | 000,539,144 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\mwtsp.dll
[2010.11.27 13:40:59 | 000,237,576 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\inst_tspx.exe
[2010.11.27 13:40:59 | 000,178,696 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\inst_tsp.exe
[2010.11.27 13:40:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MicroWorld
[2010.11.25 13:02:36 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Roaming\Towii
[2010.11.25 13:02:36 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Roaming\Biixi
[2010.11.24 22:50:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft II
[2010.11.24 21:44:38 | 000,000,000 | ---D | C] -- C:\Users\Lars\Desktop\SC2-WingsOfLiberty-deDE-Installer
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.22 22:13:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.12.22 17:13:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.12.22 16:46:55 | 000,010,288 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.22 16:46:55 | 000,010,288 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.22 16:41:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.22 16:41:36 | 536,260,607 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.22 00:50:41 | 000,001,133 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.21 23:42:22 | 000,003,003 | ---- | M] () -- C:\Users\Lars\Desktop\HiJackThis.lnk
[2010.12.16 15:05:23 | 000,358,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.12.12 19:06:01 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLars.job
[2010.12.12 14:09:51 | 000,775,696 | ---- | M] (MyWebSearch.com) -- C:\Program Files (x86)\Uninstall Fun Web Products.dll
[2010.12.05 18:12:37 | 000,002,283 | ---- | M] () -- C:\Users\Public\Desktop\Split Second.lnk
[2010.12.02 14:51:34 | 000,002,399 | ---- | M] () -- C:\Users\Public\Desktop\Transformers(TM) - War for Cybertron(TM).lnk
[2010.12.02 02:06:32 | 000,019,456 | ---- | M] () -- C:\Users\Lars\Desktop\perso.doc
[2010.11.30 17:18:58 | 000,002,227 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2010.11.30 17:18:58 | 000,002,209 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
[2010.11.30 02:15:34 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.11.30 02:15:34 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.11.30 02:15:34 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.11.30 02:15:34 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.11.30 02:15:34 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.11.30 01:50:29 | 000,001,049 | ---- | M] () -- C:\Users\Lars\Desktop\Virtual DJ Pro.lnk
[2010.11.29 20:45:44 | 002,615,122 | ---- | M] () -- C:\Windows\REGBK00.ZIP
[2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.11.29 17:42:06 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.11.27 14:23:36 | 001,161,736 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\contfilt.dll
[2010.11.27 14:23:34 | 000,178,696 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\mwnsp.dll
[2010.11.27 14:23:33 | 000,539,144 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\mwtsp.dll
[2010.11.27 14:22:39 | 000,172,040 | ---- | M] () -- C:\Windows\SysWow64\unrar.dll
[2010.11.27 14:22:27 | 000,145,928 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\killproc.exe
[2010.11.27 14:15:32 | 000,003,221 | R--- | M] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\drivers\freadmem.sys
[2010.11.27 14:14:42 | 000,044,517 | ---- | M] () -- C:\Users\Lars\Documents\pinfect.zip
[2010.11.27 13:49:13 | 000,632,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr80.dll
[2010.11.27 13:49:12 | 000,554,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp80.dll
[2010.11.27 13:47:27 | 000,142,642 | ---- | M] () -- C:\Windows\winsbak2.reg
[2010.11.27 13:47:25 | 000,003,956 | ---- | M] () -- C:\Windows\winsbak.reg
[2010.11.27 13:24:18 | 000,206,767 | ---- | M] () -- C:\Users\Lars\Documents\ts3_clientui-win32-12815-2010-11-27 13_24_17.271937.dmp
[2010.11.27 13:24:18 | 000,205,807 | ---- | M] () -- C:\Users\Lars\Documents\ts3_clientui-win32-12815-2010-11-27 13_24_17.307939.dmp
[2010.11.25 23:14:48 | 736,053,248 | ---- | M] () -- C:\Users\Lars\Desktop\aoe-saw3d.avi
[2010.11.24 23:02:47 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2010.11.23 03:36:05 | 000,019,456 | ---- | M] () -- C:\Users\Lars\Desktop\Lars BeckerGifhorn.doc
 
========== Files Created - No Company Name ==========
 
[2010.12.22 00:50:41 | 000,001,133 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.21 23:42:22 | 000,003,003 | ---- | C] () -- C:\Users\Lars\Desktop\HiJackThis.lnk
[2010.12.05 18:12:37 | 000,002,283 | ---- | C] () -- C:\Users\Public\Desktop\Split Second.lnk
[2010.12.02 14:51:34 | 000,002,399 | ---- | C] () -- C:\Users\Public\Desktop\Transformers(TM) - War for Cybertron(TM).lnk
[2010.12.02 02:06:30 | 000,019,456 | ---- | C] () -- C:\Users\Lars\Desktop\perso.doc
[2010.11.30 17:18:58 | 000,002,227 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2010.11.30 17:18:58 | 000,002,209 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
[2010.11.30 01:50:29 | 000,001,049 | ---- | C] () -- C:\Users\Lars\Desktop\Virtual DJ Pro.lnk
[2010.11.29 23:53:00 | 736,053,248 | ---- | C] () -- C:\Users\Lars\Desktop\aoe-saw3d.avi
[2010.11.29 20:42:42 | 002,615,122 | ---- | C] () -- C:\Windows\REGBK00.ZIP
[2010.11.27 14:22:40 | 000,172,040 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010.11.27 14:14:42 | 000,044,517 | ---- | C] () -- C:\Users\Lars\Documents\pinfect.zip
[2010.11.27 13:47:27 | 000,142,642 | ---- | C] () -- C:\Windows\winsbak2.reg
[2010.11.27 13:47:25 | 000,003,956 | ---- | C] () -- C:\Windows\winsbak.reg
[2010.11.27 13:41:00 | 000,135,936 | ---- | C] () -- C:\Windows\SysWow64\ZIPDLL.DLL
[2010.11.27 13:41:00 | 000,130,816 | ---- | C] () -- C:\Windows\SysWow64\UNZDLL.DLL
[2010.11.27 13:24:17 | 000,206,767 | ---- | C] () -- C:\Users\Lars\Documents\ts3_clientui-win32-12815-2010-11-27 13_24_17.271937.dmp
[2010.11.27 13:24:17 | 000,205,807 | ---- | C] () -- C:\Users\Lars\Documents\ts3_clientui-win32-12815-2010-11-27 13_24_17.307939.dmp
[2010.11.24 22:50:25 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2010.11.23 03:36:03 | 000,019,456 | ---- | C] () -- C:\Users\Lars\Desktop\Lars BeckerGifhorn.doc
[2010.11.05 14:43:44 | 000,001,164 | ---- | C] () -- C:\Users\Lars\AppData\Local\9A5FF4EA.il
[2010.11.05 14:43:44 | 000,000,280 | ---- | C] () -- C:\Users\Lars\AppData\Local\IndexIE_9A5FF4EA.il
[2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.09.11 18:16:43 | 000,009,460 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010.09.05 20:46:12 | 000,000,007 | ---- | C] () -- C:\Windows\treeskp.sys
[2010.06.29 23:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010.06.15 18:52:48 | 000,007,597 | ---- | C] () -- C:\Users\Lars\AppData\Local\Resmon.ResmonCfg
[2010.06.14 21:23:56 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.02.17 19:36:19 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.12.06 20:23:58 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.09.27 13:19:21 | 000,001,776 | ---- | C] () -- C:\Users\Lars\AppData\Roaming\wklnhst.dat
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.05.08 12:35:14 | 000,000,051 | ---- | C] () -- C:\Windows\d.ini
[2009.02.13 09:36:52 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2009.02.13 09:36:52 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[1999.01.22 19:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\MSRTEDIT.DLL
 
========== LOP Check ==========
 
[2010.01.28 03:58:17 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Acreon
[2010.01.28 03:58:46 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Activision
[2010.01.28 03:58:47 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\AD ON Multimedia
[2010.11.29 21:28:12 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Biixi
[2010.11.20 14:08:29 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Bioshock2
[2010.12.22 22:29:38 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\BitTorrent
[2009.04.12 19:03:32 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\DAEMON Tools
[2010.01.28 03:58:47 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\DAEMON Tools Lite
[2010.01.28 03:58:47 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\DAEMON Tools Pro
[2010.01.28 03:58:47 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Desktopicon
[2010.10.28 00:10:55 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.01.28 03:58:48 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\FloodLightGames
[2010.09.12 12:03:02 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\GrabPro
[2010.12.19 16:26:18 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\ICQ
[2010.01.28 03:58:49 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\IrfanView
[2010.09.12 12:08:14 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Orbit
[2010.01.28 03:59:03 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\phonostar-Player
[2010.09.12 12:03:05 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\ProgSense
[2010.11.07 02:00:45 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\ProtectDisc
[2010.01.28 03:59:04 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\TeamViewer
[2010.01.28 03:59:04 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Template
[2010.08.22 20:02:50 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Thunderbird
[2010.01.28 03:59:04 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Toolbars
[2010.11.29 20:34:53 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Towii
[2010.07.14 13:26:37 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\TS3Client
[2010.11.30 17:18:48 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\TuneUp Software
[2010.11.22 18:19:13 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Ubisoft
[2010.11.12 01:55:52 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\uTorrent
[2010.11.13 16:10:24 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\vghd
[2010.01.28 03:59:05 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Vodafone
[2010.08.14 10:26:09 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\VoipCheapCom
[2010.09.27 03:05:42 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\WhiteSmokeTranslator
[2010.01.28 03:59:05 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\WildTangent
[2010.01.28 03:59:05 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\WinBatch
[2010.11.14 12:34:58 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:05EE1EEF

< End of report >

--- --- ---

m4sterm1nd · 23.12.2010, 00:17

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5378

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

23.12.2010 00:17:22
mbam-log-2010-12-23 (00-17-22).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 158664
Laufzeit: 5 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 16
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 8
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\program files (x86)\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Users\Lars\AppData\Roaming\whitesmoketranslator (PUP.WhiteSmoke) -> Not selected for removal.

Infizierte Dateien:
c:\program files (x86)\uninstall fun web products.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Users\Lars\AppData\Roaming\whitesmoketranslator\stat.log (PUP.WhiteSmoke) -> Not selected for removal.

cosinus · 23.12.2010, 09:50

Zitat:

Art des Suchlaufs: Quick-Scan

Du solltest einen Vollscan machen!

m4sterm1nd · 23.12.2010, 11:32

ok, wird gemacht

m4sterm1nd · 23.12.2010, 13:58

Hab einen kompletten suchlauf gemacht, dieser hatte aber nichts gefunden und somit auch keinen log gebracht. das was im quickscan gefunden wurde hatte ich entfernt.

cosinus · 23.12.2010, 14:52

Dann jetzt bitte frische OTL-Logs posten.

m4sterm1nd · 23.12.2010, 16:02

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 23.12.2010 15:56:55 - Run 2
OTL by OldTimer - Version 3.2.18.0     Folder = J:\
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 45,00% Memory free
12,00 Gb Paging File | 8,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 816,11 Gb Total Space | 178,51 Gb Free Space | 21,87% Space Free | Partition Type: NTFS
Drive D: | 14,52 Gb Total Space | 1,99 Gb Free Space | 13,74% Space Free | Partition Type: NTFS
Drive E: | 509,90 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive J: | 100,88 Gb Total Space | 3,23 Gb Free Space | 3,20% Space Free | Partition Type: NTFS
 
Computer Name: LARS-PC | User Name: Lars | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - J:\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
PRC - C:\läppi\musik\Carl Cox\Wow.exe (Blizzard Entertainment)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe (TeamSpeak Systems GmbH)
PRC - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - C:\PROGRA~2\COMMON~1\MicroWorld\Agent\MWASER.EXE (MicroWorld Technologies Inc.)
PRC - C:\PROGRA~2\COMMON~1\MicroWorld\Agent\MWAgent.exe (MicroWorld Technologies Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
 
 
========== Modules (SafeList) ==========
 
MOD - J:\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (MWAgent) -- C:\PROGRA~2\COMMON~1\MicroWorld\Agent\MWASER.EXE (MicroWorld Technologies Inc.)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (econceal) -- C:\Windows\SysNative\DRIVERS\econceal.sys File not found
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (bdfsfltr) -- C:\Windows\SysNative\drivers\bdfsfltr.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\drivers\Rtlh64.sys (Realtek Corporation                                            )
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsof1.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2849855
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaultthis.engineName: "BittorrentBar_DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849855&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "BittorrentBar_DE Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2849855&SearchSource=13"
FF - prefs.js..extensions.enabledItems: NPDyyno@dyyno.com:1.0.0.24
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.1.0.2
FF - prefs.js..extensions.enabledItems: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.1.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "  "
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Program Files (x86)\AutocompletePro\support@predictad.com File not found
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.11.01 12:20:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.10 11:01:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.10 11:01:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.12.10 11:01:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.01.28 03:46:04 | 000,000,000 | ---D | M]
 
[2010.08.22 20:02:51 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\mozilla\Extensions
[2010.08.22 20:02:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lars\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.12.23 01:13:16 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\mozilla\Firefox\Profiles\sqvnbnsx.default\extensions
[2010.05.22 15:29:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Lars\AppData\Roaming\mozilla\Firefox\Profiles\sqvnbnsx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.03.05 23:07:27 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Lars\AppData\Roaming\mozilla\Firefox\Profiles\sqvnbnsx.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.10.11 15:00:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lars\AppData\Roaming\mozilla\Firefox\Profiles\sqvnbnsx.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.05.22 17:30:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lars\AppData\Roaming\mozilla\Firefox\Profiles\sqvnbnsx.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.11.11 16:10:50 | 000,000,000 | ---D | M] (uTorrentBar Toolbar) -- C:\Users\Lars\AppData\Roaming\mozilla\Firefox\Profiles\sqvnbnsx.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2010.03.22 21:21:29 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\Lars\AppData\Roaming\mozilla\Firefox\Profiles\sqvnbnsx.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2010.05.22 17:30:39 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Lars\AppData\Roaming\mozilla\Firefox\Profiles\sqvnbnsx.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010.12.02 14:31:27 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Lars\AppData\Roaming\mozilla\Firefox\Profiles\sqvnbnsx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010.12.08 16:21:53 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\mozilla\Firefox\Profiles\sqvnbnsx.default\extensions\engine@conduit.com
[2010.01.28 03:59:03 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\mozilla\Firefox\Profiles\sqvnbnsx.default\extensions\NPDyyno@dyyno.com
[2010.11.07 14:45:46 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\mozilla\Firefox\Profiles\sqvnbnsx.default\extensions\toolbar@ask.com
[2009.07.20 10:04:42 | 000,000,682 | ---- | M] () -- C:\Users\Lars\AppData\Roaming\Mozilla\FireFox\Profiles\sqvnbnsx.default\searchplugins\ask.xml
[2010.12.08 16:21:55 | 000,000,935 | ---- | M] () -- C:\Users\Lars\AppData\Roaming\Mozilla\FireFox\Profiles\sqvnbnsx.default\searchplugins\conduit.xml
[2010.03.21 15:47:09 | 000,002,055 | ---- | M] () -- C:\Users\Lars\AppData\Roaming\Mozilla\FireFox\Profiles\sqvnbnsx.default\searchplugins\daemon-search.xml
[2010.12.20 09:19:46 | 000,001,056 | ---- | M] () -- C:\Users\Lars\AppData\Roaming\Mozilla\FireFox\Profiles\sqvnbnsx.default\searchplugins\icqplugin.xml
[2009.04.02 17:02:23 | 000,001,632 | ---- | M] () -- C:\Users\Lars\AppData\Roaming\Mozilla\FireFox\Profiles\sqvnbnsx.default\searchplugins\live-search.xml
[2010.12.02 14:31:23 | 000,003,915 | ---- | M] () -- C:\Users\Lars\AppData\Roaming\Mozilla\FireFox\Profiles\sqvnbnsx.default\searchplugins\sweetim.xml
[2010.10.11 15:00:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.01.28 03:46:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.02.11 20:16:16 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npbittorrent.dll
[2010.08.11 06:17:03 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.08.11 06:17:03 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.08.11 06:17:03 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.08.11 06:17:03 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.08.11 06:17:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsof1.dll (Conduit Ltd.)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\tbBitt.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsof1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files (x86)\softonic-de3\tbsof1.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [IESearch]  File not found
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Lars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Lars\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Lars\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Lars\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Lars\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\awave.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\awave.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ba73ec74-35ee-11df-a8e0-00248c07c3ed}\Shell - "" = AutoRun
O33 - MountPoints2\{ba73ec74-35ee-11df-a8e0-00248c07c3ed}\Shell\AutoRun\command - "" = K:\DisneySplash.exe -- File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.22 00:50:54 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Roaming\Malwarebytes
[2010.12.22 00:50:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.12.22 00:50:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.12.22 00:50:35 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.12.22 00:50:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.12.22 00:50:07 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\MFtools
[2010.12.21 23:42:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010.12.15 15:50:29 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
[2010.12.15 15:50:29 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
[2010.12.15 15:50:29 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2010.12.15 15:50:29 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
[2010.12.15 15:50:29 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2010.12.15 15:50:29 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2010.12.15 15:50:29 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe
[2010.12.15 15:50:29 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe
[2010.12.15 15:50:24 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010.12.15 15:50:24 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010.12.15 15:50:23 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010.12.15 15:50:23 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010.12.15 15:50:16 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2010.12.15 15:50:16 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2010.12.15 15:50:15 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2010.12.15 15:50:04 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010.12.15 15:50:04 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010.12.15 15:50:04 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010.12.15 15:50:04 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010.12.15 15:50:04 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.12.15 15:50:04 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010.12.15 15:50:04 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.12.15 15:50:04 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.12.15 15:50:04 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010.12.15 15:50:04 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010.12.15 15:50:04 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010.12.15 15:50:04 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010.12.15 15:50:04 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010.12.15 15:50:04 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010.12.08 16:21:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BittorrentBar_DE
[2010.12.05 18:18:49 | 000,000,000 | ---D | C] -- C:\Users\Lars\Documents\Disney Interactive Studios
[2010.12.05 18:05:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Disney Interactive Studios
[2010.12.02 14:51:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010.12.02 14:31:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PriceGong
[2010.12.02 14:31:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SweetIM
[2010.12.02 14:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM
[2010.11.30 17:19:00 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2010.11.30 17:18:59 | 000,036,160 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2010.11.30 17:18:59 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2010.11.30 17:18:59 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2010.11.30 17:18:59 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2010.11.30 17:18:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2011
[2010.11.30 17:16:50 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2010.11.29 20:42:41 | 000,000,000 | ---D | C] -- C:\Windows\rundll16.exe
[2010.11.29 20:42:41 | 000,000,000 | ---D | C] -- C:\Windows\logo1_.exe
[2010.11.27 14:24:03 | 000,000,000 | ---D | C] -- C:\FBackup
[2010.11.27 14:23:17 | 000,000,000 | ---D | C] -- C:\Windows\VDLL.DLL
[2010.11.27 14:23:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\runouce.exe
[2010.11.27 14:23:17 | 000,000,000 | ---D | C] -- C:\Windows\RUNDL132.EXE
[2010.11.27 14:23:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\regsvr.exe
[2010.11.27 14:23:17 | 000,000,000 | ---D | C] -- C:\Windows\logo_1.exe
[2010.11.27 14:15:32 | 000,003,221 | R--- | C] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\drivers\freadmem.sys
[2010.11.27 13:49:14 | 000,632,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr80.dll
[2010.11.27 13:49:13 | 000,554,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp80.dll
[2010.11.27 13:49:01 | 000,318,472 | ---- | C] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Windows\SysNative\drivers\bdfsfltr.sys
[2010.11.27 13:48:29 | 001,483,784 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\SysNative\contfilt.dll
[2010.11.27 13:48:29 | 000,634,376 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\SysNative\mwtsp.dll
[2010.11.27 13:48:29 | 000,214,536 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\SysNative\mwnsp.dll
[2010.11.27 13:48:04 | 000,000,000 | ---D | C] -- C:\Users\Lars\Application Data
[2010.11.27 13:47:22 | 000,000,000 | ---D | C] -- C:\ProgramData\OEM Links
[2010.11.27 13:47:17 | 000,000,000 | ---D | C] -- C:\ProgramData\MicroWorld
[2010.11.27 13:41:20 | 000,145,928 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\killproc.exe
[2010.11.27 13:41:20 | 000,125,448 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\BACKUP.10647471.killproc.exe
[2010.11.27 13:41:01 | 001,483,784 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\contf64.dll
[2010.11.27 13:41:01 | 001,161,736 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\contfilt.dll
[2010.11.27 13:41:01 | 000,214,536 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\mwnsp64.dll
[2010.11.27 13:41:01 | 000,178,696 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\mwnsp.dll
[2010.11.27 13:41:00 | 000,013,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sporder.dll
[2010.11.27 13:41:00 | 000,013,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\sporder.dll
[2010.11.27 13:41:00 | 000,013,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\sporder.exe
[2010.11.27 13:40:59 | 000,634,376 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\mwtsp64.dll
[2010.11.27 13:40:59 | 000,539,144 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\mwtsp.dll
[2010.11.27 13:40:59 | 000,237,576 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\inst_tspx.exe
[2010.11.27 13:40:59 | 000,178,696 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\inst_tsp.exe
[2010.11.27 13:40:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MicroWorld
[2010.11.25 13:02:36 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Roaming\Towii
[2010.11.25 13:02:36 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Roaming\Biixi
[2010.11.24 22:50:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft II
[2010.11.24 21:44:38 | 000,000,000 | ---D | C] -- C:\Users\Lars\Desktop\SC2-WingsOfLiberty-deDE-Installer
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.23 15:13:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.12.22 17:13:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.12.22 16:46:55 | 000,010,288 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.22 16:46:55 | 000,010,288 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.22 16:41:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.22 16:41:36 | 536,260,607 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.22 00:50:41 | 000,001,133 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.21 23:42:22 | 000,003,003 | ---- | M] () -- C:\Users\Lars\Desktop\HiJackThis.lnk
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.12.16 15:05:23 | 000,358,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.12.12 19:06:01 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLars.job
[2010.12.05 18:12:37 | 000,002,283 | ---- | M] () -- C:\Users\Public\Desktop\Split Second.lnk
[2010.12.02 14:51:34 | 000,002,399 | ---- | M] () -- C:\Users\Public\Desktop\Transformers(TM) - War for Cybertron(TM).lnk
[2010.12.02 02:06:32 | 000,019,456 | ---- | M] () -- C:\Users\Lars\Desktop\perso.doc
[2010.11.30 17:18:58 | 000,002,227 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2010.11.30 17:18:58 | 000,002,209 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
[2010.11.30 02:15:34 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.11.30 02:15:34 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.11.30 02:15:34 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.11.30 02:15:34 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.11.30 02:15:34 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.11.30 01:50:29 | 000,001,049 | ---- | M] () -- C:\Users\Lars\Desktop\Virtual DJ Pro.lnk
[2010.11.29 20:45:44 | 002,615,122 | ---- | M] () -- C:\Windows\REGBK00.ZIP
[2010.11.27 14:23:36 | 001,161,736 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\contfilt.dll
[2010.11.27 14:23:34 | 000,178,696 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\mwnsp.dll
[2010.11.27 14:23:33 | 000,539,144 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\mwtsp.dll
[2010.11.27 14:22:39 | 000,172,040 | ---- | M] () -- C:\Windows\SysWow64\unrar.dll
[2010.11.27 14:22:27 | 000,145,928 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\killproc.exe
[2010.11.27 14:15:32 | 000,003,221 | R--- | M] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\drivers\freadmem.sys
[2010.11.27 14:14:42 | 000,044,517 | ---- | M] () -- C:\Users\Lars\Documents\pinfect.zip
[2010.11.27 13:49:13 | 000,632,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr80.dll
[2010.11.27 13:49:12 | 000,554,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp80.dll
[2010.11.27 13:47:27 | 000,142,642 | ---- | M] () -- C:\Windows\winsbak2.reg
[2010.11.27 13:47:25 | 000,003,956 | ---- | M] () -- C:\Windows\winsbak.reg
[2010.11.27 13:24:18 | 000,206,767 | ---- | M] () -- C:\Users\Lars\Documents\ts3_clientui-win32-12815-2010-11-27 13_24_17.271937.dmp
[2010.11.27 13:24:18 | 000,205,807 | ---- | M] () -- C:\Users\Lars\Documents\ts3_clientui-win32-12815-2010-11-27 13_24_17.307939.dmp
[2010.11.25 23:14:48 | 736,053,248 | ---- | M] () -- C:\Users\Lars\Desktop\aoe-saw3d.avi
[2010.11.24 23:02:47 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
 
========== Files Created - No Company Name ==========
 
[2010.12.22 00:50:41 | 000,001,133 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.21 23:42:22 | 000,003,003 | ---- | C] () -- C:\Users\Lars\Desktop\HiJackThis.lnk
[2010.12.05 18:12:37 | 000,002,283 | ---- | C] () -- C:\Users\Public\Desktop\Split Second.lnk
[2010.12.02 14:51:34 | 000,002,399 | ---- | C] () -- C:\Users\Public\Desktop\Transformers(TM) - War for Cybertron(TM).lnk
[2010.12.02 02:06:30 | 000,019,456 | ---- | C] () -- C:\Users\Lars\Desktop\perso.doc
[2010.11.30 17:18:58 | 000,002,227 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2010.11.30 17:18:58 | 000,002,209 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
[2010.11.30 01:50:29 | 000,001,049 | ---- | C] () -- C:\Users\Lars\Desktop\Virtual DJ Pro.lnk
[2010.11.29 23:53:00 | 736,053,248 | ---- | C] () -- C:\Users\Lars\Desktop\aoe-saw3d.avi
[2010.11.29 20:42:42 | 002,615,122 | ---- | C] () -- C:\Windows\REGBK00.ZIP
[2010.11.27 14:22:40 | 000,172,040 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010.11.27 14:14:42 | 000,044,517 | ---- | C] () -- C:\Users\Lars\Documents\pinfect.zip
[2010.11.27 13:47:27 | 000,142,642 | ---- | C] () -- C:\Windows\winsbak2.reg
[2010.11.27 13:47:25 | 000,003,956 | ---- | C] () -- C:\Windows\winsbak.reg
[2010.11.27 13:41:00 | 000,135,936 | ---- | C] () -- C:\Windows\SysWow64\ZIPDLL.DLL
[2010.11.27 13:41:00 | 000,130,816 | ---- | C] () -- C:\Windows\SysWow64\UNZDLL.DLL
[2010.11.27 13:24:17 | 000,206,767 | ---- | C] () -- C:\Users\Lars\Documents\ts3_clientui-win32-12815-2010-11-27 13_24_17.271937.dmp
[2010.11.27 13:24:17 | 000,205,807 | ---- | C] () -- C:\Users\Lars\Documents\ts3_clientui-win32-12815-2010-11-27 13_24_17.307939.dmp
[2010.11.24 22:50:25 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2010.11.05 14:43:44 | 000,001,164 | ---- | C] () -- C:\Users\Lars\AppData\Local\9A5FF4EA.il
[2010.11.05 14:43:44 | 000,000,280 | ---- | C] () -- C:\Users\Lars\AppData\Local\IndexIE_9A5FF4EA.il
[2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.09.11 18:16:43 | 000,009,460 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010.09.05 20:46:12 | 000,000,007 | ---- | C] () -- C:\Windows\treeskp.sys
[2010.06.29 23:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010.06.15 18:52:48 | 000,007,597 | ---- | C] () -- C:\Users\Lars\AppData\Local\Resmon.ResmonCfg
[2010.06.14 21:23:56 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.02.17 19:36:19 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.12.06 20:23:58 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.09.27 13:19:21 | 000,001,776 | ---- | C] () -- C:\Users\Lars\AppData\Roaming\wklnhst.dat
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.05.08 12:35:14 | 000,000,051 | ---- | C] () -- C:\Windows\d.ini
[2009.02.13 09:36:52 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2009.02.13 09:36:52 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[1999.01.22 19:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\MSRTEDIT.DLL
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:05EE1EEF

< End of report >

--- --- ---

sorry für die umstände die ich mache, wie gesagt, kenne mich damit nicht wirklich aus :-)

Lieben Gruß und jetzt schon mal an alle ein frohes weihnachtsfest

cosinus · 23.12.2010, 20:36

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
[2010.11.25 13:02:36 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Roaming\Towii
[2010.11.25 13:02:36 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Roaming\Biixi
[2010.11.29 20:45:44 | 002,615,122 | ---- | M] () -- C:\Windows\REGBK00.ZIP
[2010.11.27 13:47:27 | 000,142,642 | ---- | M] () -- C:\Windows\winsbak2.reg
[2010.11.27 13:47:25 | 000,003,956 | ---- | M] () -- C:\Windows\winsbak.reg
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:05EE1EEF
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

23.12.2010, 14:52	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Hijack auswertung Dann jetzt bitte frische OTL-Logs posten. __________________ Logfiles bitte immer in CODE-Tags posten

Hijack auswertung

Log-Analyse und Auswertung: Hijack auswertung