Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
InternetExplorer öffnet dauernd Werbung

InternetExplorer öffnet dauernd Werbung


Log-Analyse und Auswertung: InternetExplorer öffnet dauernd Werbung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 03.02.2011, 20:14   #1
n00bie
 
InternetExplorer öffnet dauernd Werbung - Standard

InternetExplorer öffnet dauernd Werbung


hallo!
Seit gestern Öffnet mein IE ständig unkontrollierbar Werbung..
In Goolle habe ich gelesen dass das ein Trojaner sein soll, welcher das verursacht
Sofort habe ich einen Suchlauf mit AVG gemacht und bin auch fündig geworden, und habe die Dateien sofort gelöscht
Doch die werbung kommt noch immer...
Hier mein Hyjackthis Logfile:

HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:12:56, on 03.02.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\3DataManager\3DataManager.exe
c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe
C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\SEBAST~1\AppData\Local\Temp\Omz.exe
C:\Users\SEBAST~1\AppData\Local\Temp\Omw.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\SEBAST~1\AppData\Local\Temp\Om2.exe
C:\Users\Sebastian\Desktop\Sicherheit&Leistung\HiJackThis204.exe
C:\Windows\SysWOW64\DllHost.exe
 
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [CE8SIIFGSU] C:\Users\SEBAST~1\AppData\Local\Temp\Omw.exe
O4 - .DEFAULT User Startup: DSL-Manager.lnk = C:\Program Files (x86)\DSL-Manager\DslMgr.exe (User 'Default user')
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3239A38-99DE-4C86-9FA7-7A31179D3D66}: NameServer = 213.94.78.17 213.94.78.16
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: CyberGhost VPN Client (CGVPNCliSrvc) - mobile concepts GmbH - C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Player-Netzwerkfreigabedienst (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WTGService - Unknown owner - C:\Program Files (x86)\3DataManager\WTGService.exe
 
--
End of file - 6305 bytes
--- --- ---


kann mir jemand helfen?
LG

Alt 03.02.2011, 21:19   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
InternetExplorer öffnet dauernd Werbung - Standard

InternetExplorer öffnet dauernd Werbung


Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________
Alt 04.02.2011, 07:33   #3
n00bie
 
InternetExplorer öffnet dauernd Werbung - Standard

InternetExplorer öffnet dauernd Werbung


Malwarebytes Log (alle infizierten dateien hab ich gelöscht so wies in der anleitung steht, waren glaub ich 19 funde) :

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5672

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

04.02.2011 07:20:31
mbam-log-2011-02-04 (07-20-31).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 159098
Laufzeit: 2 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 7
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 11

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\3FWHZQA3LT (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\CE8SIIFGSU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SMH2B46TDP (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CE8SIIFGSU (Trojan.Agent) -> Value: CE8SIIFGSU -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\sebastian\AppData\Local\Temp\Omw.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\sebastian\AppData\Local\Temp\Om0.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\sebastian\AppData\Local\Temp\Om2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\sebastian\AppData\Local\Temp\Om4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\sebastian\AppData\Local\Temp\Omv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\sebastian\AppData\Local\Temp\Omy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\sebastian\AppData\Local\Temp\Omz.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{35dc3473-a719-4d14-b7c1-fd326ca84a0c}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
Jetzt OTL, OTL.txt:

Code:
ATTFilter
OTL logfile created on: 04.02.2011 07:27:13 - Run 1
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Users\Sebastian\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 68,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 281,04 Gb Total Space | 61,23 Gb Free Space | 21,79% Space Free | Partition Type: NTFS
Drive D: | 6,83 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 16,75 Gb Total Space | 2,73 Gb Free Space | 16,28% Space Free | Partition Type: NTFS
Drive F: | 99,34 Mb Total Space | 95,42 Mb Free Space | 96,06% Space Free | Partition Type: FAT32
Drive L: | 298,09 Gb Total Space | 297,98 Gb Free Space | 99,96% Space Free | Partition Type: NTFS
 
Computer Name: BEARJUNIOR | User Name: Sebastian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Sebastian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\3DataManager\WTGService.exe ()
PRC - C:\Program Files (x86)\3DataManager\3DataManager.exe (WebToGo Mobile Internet GmbH)
PRC - c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe (CyberLink Corp.)
PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Sebastian\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (CGVPNCliSrvc) -- C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe (mobile concepts GmbH)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (avg9emc) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (WTGService) -- C:\Program Files (x86)\3DataManager\WTGService.exe ()
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (AvgTdiA) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AvgLdx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AvgMfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwusbdev) -- C:\Windows\SysNative\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (dgderdrv) -- C:\Windows\SysNative\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (BrSerIb) Brother MFC Serial Interface Driver(WDM) -- C:\Windows\SysNative\drivers\BrSerIb.sys (Brother Industries Ltd.)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (BrUsbSIb) Brother MFC Serial USB Driver(WDM) -- C:\Windows\SysNative\drivers\BrUsbSIb.sys (Brother Industries Ltd.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (hwusbdev) -- C:\Windows\SysWOW64\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (hwdatacard) -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKLM\..\URLSearchHook: {c9508125-4747-4733-b048-e4b82dc9716d} - Reg Error: Key error. File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://search.conduit.com?SearchSource=10&ctid=CT2102572
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "PHPNukeDE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2102572&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.13
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.8.6.1
FF - prefs.js..extensions.enabledItems: {9d81af43-de53-48d0-a199-42c2a226b24c}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {c9508125-4747-4733-b048-e4b82dc9716d}:2.7.2.0
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.31.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {c7478d43-2bd5-4844-98b8-c2a6aa9ed677}:3.2.5.2
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2102572&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010.11.25 07:24:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.10 23:22:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.10 23:22:12 | 000,000,000 | ---D | M]
 
[2010.06.19 11:33:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Extensions
[2011.02.03 20:54:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Firefox\Profiles\r5mswezv.default\extensions
[2011.01.26 19:38:47 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Firefox\Profiles\r5mswezv.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010.09.17 14:51:42 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Firefox\Profiles\r5mswezv.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2010.09.29 20:38:11 | 000,000,000 | ---D | M] (Softonic Deutsch FF Toolbar) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Firefox\Profiles\r5mswezv.default\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c}
[2010.10.08 16:34:17 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Firefox\Profiles\r5mswezv.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.01.11 18:42:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Firefox\Profiles\r5mswezv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.12.06 13:42:32 | 000,000,000 | ---D | M] (InnoGames Community Toolbar) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Firefox\Profiles\r5mswezv.default\extensions\{c7478d43-2bd5-4844-98b8-c2a6aa9ed677}
[2011.01.11 07:05:38 | 000,000,000 | ---D | M] (PHPNukeDE Toolbar) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Firefox\Profiles\r5mswezv.default\extensions\{c9508125-4747-4733-b048-e4b82dc9716d}
[2011.01.11 07:05:37 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Firefox\Profiles\r5mswezv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.01.26 19:38:46 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Firefox\Profiles\r5mswezv.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.11.25 15:46:33 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Firefox\Profiles\r5mswezv.default\extensions\battlefieldheroespatcher@ea.com
[2010.12.06 13:42:32 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Firefox\Profiles\r5mswezv.default\extensions\engine@conduit.com
[2010.11.19 17:06:53 | 000,001,751 | ---- | M] () -- C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\r5mswezv.default\searchplugins\ask.uk.xml
[2010.11.17 19:21:51 | 000,000,923 | ---- | M] () -- C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\r5mswezv.default\searchplugins\conduit.xml
[2010.08.26 19:55:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.08.05 19:50:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.25 07:24:06 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG9\FIREFOX
[2010.07.17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.08.22 11:57:02 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.08.22 11:57:02 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.07.28 14:15:32 | 000,002,036 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchCcd2.xml
[2010.08.22 11:57:02 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.08.22 11:57:02 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.08.22 11:57:02 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  File not found
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.06.16 13:22:04 | 000,021,960 | R--- | M] () - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2008.06.16 17:14:06 | 000,000,057 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4bcc676b-7ebf-11df-b647-fa06ec674182}\Shell - "" = AutoRun
O33 - MountPoints2\{4bcc676b-7ebf-11df-b647-fa06ec674182}\Shell\AutoRun\command - "" = I:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{740efbc5-76fb-11df-b399-c417fe485d93}\Shell - "" = AutoRun
O33 - MountPoints2\{740efbc5-76fb-11df-b399-c417fe485d93}\Shell\AutoRun\command - "" = H:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{740efc0c-76fb-11df-b399-c417fe485d93}\Shell - "" = AutoRun
O33 - MountPoints2\{740efc0c-76fb-11df-b399-c417fe485d93}\Shell\AutoRun\command - "" = D:\.\Autorun.exe -- [2008.06.16 13:22:04 | 000,021,960 | R--- | M] ()
O33 - MountPoints2\{89902e44-77ac-11df-bddb-c417fe485d93}\Shell - "" = AutoRun
O33 - MountPoints2\{89902e44-77ac-11df-bddb-c417fe485d93}\Shell\AutoRun\command - "" = D:\.\Autorun.exe -- [2008.06.16 13:22:04 | 000,021,960 | R--- | M] ()
O33 - MountPoints2\{9b03a888-7d61-11df-bad3-c417fe485d93}\Shell - "" = AutoRun
O33 - MountPoints2\{9b03a888-7d61-11df-bad3-c417fe485d93}\Shell\AutoRun\command - "" = D:\.\Autorun.exe -- [2008.06.16 13:22:04 | 000,021,960 | R--- | M] ()
O33 - MountPoints2\{9b03a89d-7d61-11df-bad3-d24eb6bdbc04}\Shell - "" = AutoRun
O33 - MountPoints2\{9b03a89d-7d61-11df-bad3-d24eb6bdbc04}\Shell\AutoRun\command - "" = J:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\.\Autorun.exe -- [2008.06.16 13:22:04 | 000,021,960 | R--- | M] ()
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\.\Autorun.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.02.04 07:16:26 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\Malwarebytes
[2011.02.04 07:16:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.02.04 07:16:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.02.04 07:16:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.02.04 07:16:18 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.02.04 07:16:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.02.03 21:23:17 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Sebastian\Desktop\OTL.exe
[2011.02.02 18:33:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP Software
[2011.02.02 18:33:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MP Software
[2011.02.02 18:05:51 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Documents\gegl-0.0
[2011.02.02 18:05:51 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\.gimp-2.6
[2011.02.02 18:05:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP
[2011.02.02 18:05:39 | 000,000,000 | ---D | C] -- C:\Programme\GIMP-2.0
[2011.02.02 17:41:37 | 000,000,000 | R--D | C] -- C:\Users\Sebastian\Desktop\Webdesign
[2011.02.02 14:22:39 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\Opera
[2011.02.02 14:22:39 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\Opera
[2011.02.02 14:22:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2011.02.01 21:21:30 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Documents\neue_homepage2
[2011.01.28 16:15:29 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\JLC's Software
[2011.01.28 16:15:24 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JLC's Software
[2011.01.28 16:15:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JLC's Software
[2011.01.28 16:15:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JLC's Software
[2011.01.28 15:32:45 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\RevoluTV
[2011.01.28 15:32:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RevoluTV
[2011.01.28 15:32:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RevoluTV
[2011.01.28 14:12:49 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\JonDo
[2011.01.28 13:56:42 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\j2mewtk
[2011.01.28 13:56:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sun Java (TM) Wireless Toolkit 2.5.2_01 for CLDC
[2011.01.28 13:55:19 | 000,000,000 | ---D | C] -- C:\WTK2.5.2_01
[2011.01.26 19:22:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\S.A.D
[2011.01.26 19:22:01 | 000,029,696 | ---- | C] (The OpenVPN Project) -- C:\Windows\SysNative\drivers\tap0901.sys
[2011.01.26 19:22:00 | 000,000,000 | ---D | C] -- C:\Programme\S.A.D
[2011.01.26 18:39:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zattoo4
[2011.01.25 16:23:18 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Documents\neue_homepage1
[2011.01.24 17:38:23 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Documents\Adobe Scripts
[2011.01.22 14:49:04 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.01.21 21:50:01 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2011.01.21 21:46:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2011.01.21 21:46:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2011.01.21 13:47:11 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Documents\games4you1
[2011.01.21 07:23:47 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Documents\neue_homepage
[2011.01.21 07:22:04 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Documents\games4you
[2011.01.20 21:08:01 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ViennaSoft
[2011.01.20 21:07:13 | 000,000,000 | ---D | C] -- C:\ViennaSoft
[2011.01.20 21:06:32 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2011.01.20 17:36:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nvu
[2011.01.20 17:36:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nvu
[2011.01.18 18:28:03 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Application Data
[2011.01.18 15:21:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IDoser v4
[2011.01.15 19:04:58 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\PackageAware
[2011.01.12 14:01:55 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011.01.12 14:01:55 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2011.01.12 14:01:55 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011.01.12 14:01:54 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2011.01.12 14:01:54 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2011.01.12 14:01:54 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2011.01.12 14:01:54 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011.01.12 14:01:54 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011.01.12 14:01:54 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011.01.12 14:01:54 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011.01.12 14:01:53 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2011.01.12 14:01:53 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2011.01.12 14:01:53 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2011.01.12 14:01:53 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011.01.12 14:01:53 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011.01.12 14:01:53 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011.01.12 14:01:53 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011.01.12 14:01:53 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011.01.12 14:01:53 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2011.01.12 14:01:53 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011.01.12 14:01:53 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2011.01.12 14:01:53 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2011.01.12 14:01:52 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2011.01.12 14:01:52 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011.01.12 14:01:52 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2011.01.12 14:01:52 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011.01.12 14:01:52 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011.01.12 14:00:57 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2011.01.12 14:00:57 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2011.01.09 02:05:30 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\IrfanView
[2011.01.09 02:05:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView
[2011.01.08 01:47:17 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\HP
[2011.01.08 01:47:17 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011.01.06 17:40:31 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Desktop\All-In-One-1.6
[2011.01.05 15:51:46 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Desktop\DSLAN
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.02.04 07:23:36 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.02.04 07:23:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.02.04 07:23:15 | 3163,709,440 | -HS- | M] () -- C:\hiberfil.sys
[2011.02.04 07:18:26 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.04 07:18:26 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.04 07:16:22 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.02.04 07:15:25 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.02.04 07:15:25 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.02.04 07:15:25 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.02.04 07:15:25 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.02.04 07:15:25 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.02.03 21:24:37 | 000,001,090 | ---- | M] () -- C:\Users\Sebastian\Desktop\Trojaner-Board! (favoriten) - Verknüpfung (5).lnk
[2011.02.03 21:24:24 | 000,001,090 | ---- | M] () -- C:\Users\Sebastian\Desktop\Trojaner-Board! (favoriten) - Verknüpfung (4).lnk
[2011.02.03 21:24:22 | 000,001,090 | ---- | M] () -- C:\Users\Sebastian\Desktop\Trojaner-Board! (favoriten) - Verknüpfung (3).lnk
[2011.02.03 21:24:20 | 000,001,090 | ---- | M] () -- C:\Users\Sebastian\Desktop\Trojaner-Board! (favoriten) - Verknüpfung (2).lnk
[2011.02.03 21:24:17 | 000,001,090 | ---- | M] () -- C:\Users\Sebastian\Desktop\Trojaner-Board! (favoriten) - Verknüpfung.lnk
[2011.02.03 21:23:22 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Sebastian\Desktop\OTL.exe
[2011.02.03 21:05:14 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.02.03 19:31:23 | 000,184,494 | ---- | M] () -- C:\Users\Sebastian\Desktop\games4you2.JPG
[2011.02.03 19:28:57 | 000,128,728 | ---- | M] () -- C:\Users\Sebastian\Desktop\games4you.JPG
[2011.02.03 17:23:05 | 000,000,105 | ---- | M] () -- C:\Users\Sebastian\Desktop\bg_203528.png
[2011.02.03 16:01:55 | 070,649,877 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2011.02.02 18:57:12 | 000,420,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.02.02 18:33:56 | 000,001,273 | ---- | M] () -- C:\Users\Sebastian\Desktop\Agama Web Buttons.lnk
[2011.02.02 18:05:47 | 000,000,918 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2011.02.02 17:40:45 | 000,001,441 | ---- | M] () -- C:\Users\Sebastian\Desktop\Internet Explorer.lnk
[2011.02.02 14:22:36 | 000,001,837 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2011.02.02 07:35:35 | 000,769,024 | ---- | M] () -- C:\Users\Sebastian\Documents\Dieser großteils mit schlammigem Untergrund bedeckte See ist der größte See Österreichs.doc
[2011.01.30 16:33:46 | 006,095,141 | ---- | M] () -- C:\Users\Sebastian\Desktop\Doodle.zip
[2011.01.28 16:15:25 | 000,002,144 | ---- | M] () -- C:\Users\Sebastian\Desktop\JLC's Internet TV.lnk
[2011.01.26 19:32:07 | 000,001,357 | ---- | M] () -- C:\Users\Sebastian\Desktop\Adobe Dreamweaver CS5.lnk
[2011.01.26 18:39:34 | 000,017,408 | ---- | M] () -- C:\Users\Sebastian\AppData\Local\WebpageIcons.db
[2011.01.24 20:39:29 | 001,076,736 | ---- | M] () -- C:\Users\Sebastian\Documents\Das Wiener Becken ist jene Großlandschaft Österreichs.doc
[2011.01.20 17:36:39 | 000,000,889 | ---- | M] () -- C:\Users\Sebastian\Desktop\Nvu.lnk
[2011.01.15 18:41:37 | 000,001,854 | ---- | M] () -- C:\Users\Sebastian\AppData\Roaming\GhostObjGAFix.xml
[2011.01.09 02:05:35 | 000,001,006 | ---- | M] () -- C:\Users\Sebastian\Desktop\IrfanView.lnk
[2011.01.07 13:14:31 | 000,001,170 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.02.04 07:16:22 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.02.03 21:24:37 | 000,001,090 | ---- | C] () -- C:\Users\Sebastian\Desktop\Trojaner-Board! (favoriten) - Verknüpfung (5).lnk
[2011.02.03 21:24:24 | 000,001,090 | ---- | C] () -- C:\Users\Sebastian\Desktop\Trojaner-Board! (favoriten) - Verknüpfung (4).lnk
[2011.02.03 21:24:22 | 000,001,090 | ---- | C] () -- C:\Users\Sebastian\Desktop\Trojaner-Board! (favoriten) - Verknüpfung (3).lnk
[2011.02.03 21:24:20 | 000,001,090 | ---- | C] () -- C:\Users\Sebastian\Desktop\Trojaner-Board! (favoriten) - Verknüpfung (2).lnk
[2011.02.03 21:24:17 | 000,001,090 | ---- | C] () -- C:\Users\Sebastian\Desktop\Trojaner-Board! (favoriten) - Verknüpfung.lnk
[2011.02.03 19:31:23 | 000,184,494 | ---- | C] () -- C:\Users\Sebastian\Desktop\games4you2.JPG
[2011.02.03 19:28:57 | 000,128,728 | ---- | C] () -- C:\Users\Sebastian\Desktop\games4you.JPG
[2011.02.03 17:23:05 | 000,000,105 | ---- | C] () -- C:\Users\Sebastian\Desktop\bg_203528.png
[2011.02.02 18:33:56 | 000,001,273 | ---- | C] () -- C:\Users\Sebastian\Desktop\Agama Web Buttons.lnk
[2011.02.02 18:05:47 | 000,000,918 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2011.02.02 17:50:32 | 000,000,889 | ---- | C] () -- C:\Users\Sebastian\Desktop\Nvu.lnk
[2011.02.02 17:50:27 | 000,001,357 | ---- | C] () -- C:\Users\Sebastian\Desktop\Adobe Dreamweaver CS5.lnk
[2011.02.02 17:40:45 | 000,001,441 | ---- | C] () -- C:\Users\Sebastian\Desktop\Internet Explorer.lnk
[2011.02.02 14:22:36 | 000,001,849 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2011.02.02 14:22:36 | 000,001,837 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2011.02.02 07:35:35 | 000,769,024 | ---- | C] () -- C:\Users\Sebastian\Documents\Dieser großteils mit schlammigem Untergrund bedeckte See ist der größte See Österreichs.doc
[2011.01.30 16:29:44 | 006,095,141 | ---- | C] () -- C:\Users\Sebastian\Desktop\Doodle.zip
[2011.01.28 16:15:25 | 000,002,144 | ---- | C] () -- C:\Users\Sebastian\Desktop\JLC's Internet TV.lnk
[2011.01.24 20:39:29 | 001,076,736 | ---- | C] () -- C:\Users\Sebastian\Documents\Das Wiener Becken ist jene Großlandschaft Österreichs.doc
[2011.01.21 21:46:40 | 000,001,361 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
[2011.01.21 21:46:35 | 000,001,527 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2011.01.21 21:46:27 | 000,001,270 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
[2011.01.21 21:45:41 | 000,001,005 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2011.01.09 02:05:35 | 000,001,006 | ---- | C] () -- C:\Users\Sebastian\Desktop\IrfanView.lnk
[2011.01.07 13:14:31 | 000,001,182 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2011.01.07 13:14:31 | 000,001,170 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2010.12.28 12:02:22 | 000,001,854 | ---- | C] () -- C:\Users\Sebastian\AppData\Roaming\GhostObjGAFix.xml
[2010.12.24 15:14:52 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.12.21 14:50:27 | 000,028,160 | ---- | C] () -- C:\Windows\SysWow64\IMETHARE.DLL
[2010.10.08 21:35:44 | 000,044,613 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\Perfmon.PerfmonCfg
[2010.10.03 08:54:41 | 000,037,353 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\tmpSNAPSHOT_20101002.8
[2010.10.03 08:54:37 | 000,030,411 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\tmpSNAPSHOT_20101002.7
[2010.10.03 08:54:36 | 000,030,260 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\tmpSNAPSHOT_20101002.6
[2010.10.03 08:54:35 | 000,030,293 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\tmpSNAPSHOT_20101002.5
[2010.10.03 08:54:32 | 000,037,353 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\tmpSNAPSHOT_20101002.4
[2010.10.03 08:54:32 | 000,030,411 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\tmpSNAPSHOT_20101002.3
[2010.10.03 08:54:30 | 000,030,260 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\tmpSNAPSHOT_20101002.2
[2010.10.03 08:54:27 | 000,030,293 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\tmpSNAPSHOT_20101002.1
[2010.10.03 08:54:26 | 000,037,353 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\tmpSNAPSHOT_20101002.0
[2010.10.03 08:54:26 | 000,030,293 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\tmpSNAPSHOT_20101002.JPG
[2010.09.22 17:17:37 | 000,001,248 | ---- | C] () -- C:\Windows\SysWow64\vscfdx.dll
[2010.09.22 17:17:35 | 000,000,068 | ---- | C] () -- C:\Windows\batchrec.ini
[2010.08.16 14:06:12 | 000,017,408 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\WebpageIcons.db
[2010.08.09 20:18:46 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\ImageSearchDLL.dll
[2010.08.09 20:18:46 | 000,094,208 | ---- | C] () -- C:\Windows\ImageSearchDLL.dll
[2010.06.21 19:31:05 | 000,000,226 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2010.06.21 19:31:05 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2010.06.21 19:29:41 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2010.06.21 19:29:41 | 000,000,009 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2010.06.20 16:47:34 | 000,000,096 | ---- | C] () -- C:\Users\Sebastian\AppData\Roaming\wklnhst.dat
[2010.06.13 16:32:10 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.05.16 14:29:39 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.05.16 11:10:50 | 000,000,000 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\QSwitch.txt
[2010.05.16 11:10:50 | 000,000,000 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\DSwitch.txt
[2010.05.16 11:10:50 | 000,000,000 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\AtStart.txt
[2010.05.16 11:10:49 | 000,000,464 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2010.02.26 01:44:32 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2010.02.26 01:44:28 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2010.02.26 01:44:19 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2010.02.26 01:44:03 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2010.02.26 01:43:31 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2010.02.26 01:41:50 | 000,209,040 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2010.02.26 01:41:50 | 000,204,944 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2010.02.26 01:41:50 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2010.02.26 01:41:50 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2010.02.26 01:41:50 | 000,192,656 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2010.02.26 01:41:50 | 000,024,720 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2010.02.26 01:17:14 | 000,000,283 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010.02.26 01:17:14 | 000,000,224 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010.01.08 23:23:16 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2010.01.08 23:20:47 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2010.01.08 23:19:57 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2010.01.08 23:19:31 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009.09.29 15:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2003.02.20 16:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
 
========== LOP Check ==========
 
[2011.01.10 20:41:58 | 000,000,000 | -HSD | M] -- C:\Users\Sebastian\AppData\Roaming\.#
[2010.08.24 23:11:56 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\.purple
[2011.01.30 09:59:03 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\3DataManager
[2010.06.23 15:20:35 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\avidemux
[2010.06.24 13:52:45 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Azureus
[2010.07.05 20:53:22 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Bump Technologies, Inc
[2011.01.22 14:49:04 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010.12.29 12:00:08 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\DAEMON Tools Lite
[2010.09.26 11:22:41 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.09.17 18:26:09 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\FlashGet
[2010.07.05 18:20:44 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\flightgear.org
[2010.06.23 14:58:56 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\FreeFLVConverter
[2011.02.02 18:33:49 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\GetRightToGo
[2010.08.11 21:11:17 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\gtk-2.0
[2011.01.09 02:05:30 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\IrfanView
[2011.01.28 16:15:29 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\JLC's Software
[2011.01.28 14:17:59 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\JonDo
[2010.09.30 08:05:25 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Notepad++
[2010.09.16 16:06:34 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Nvu
[2011.02.02 14:22:39 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Opera
[2010.08.23 20:31:19 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\PC Suite
[2010.06.13 20:04:50 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Playrix Entertainment
[2010.06.13 15:56:41 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Program Files (x86)
[2011.01.28 15:34:04 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\RevoluTV
[2010.09.03 20:17:36 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Samsung
[2010.07.05 18:09:21 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\supertuxkart
[2010.08.21 13:45:54 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\T-Online
[2010.11.01 14:14:42 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\TeamViewer
[2010.06.27 13:46:57 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Template
[2010.12.23 15:40:10 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\TS3Client
[2010.08.30 14:37:08 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Ubisoft
[2010.05.16 12:18:15 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Ulead Systems
[2011.01.15 19:06:00 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\Uniblue
[2010.06.13 12:33:55 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\WildTangent
[2010.12.22 19:25:20 | 000,000,000 | ---D | M] -- C:\Users\Sebastian\AppData\Roaming\_MDLogs
[2011.01.07 12:43:13 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.09.30 09:14:03 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Uniblue SpyEraser.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:F1960AD342EFA290

< End of report >
und dann noch die Extras.txt:

Code:
ATTFilter
OTL Extras logfile created on: 04.02.2011 07:27:13 - Run 1
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Users\Sebastian\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 68,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 281,04 Gb Total Space | 61,23 Gb Free Space | 21,79% Space Free | Partition Type: NTFS
Drive D: | 6,83 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 16,75 Gb Total Space | 2,73 Gb Free Space | 16,28% Space Free | Partition Type: NTFS
Drive F: | 99,34 Mb Total Space | 95,42 Mb Free Space | 96,06% Space Free | Partition Type: FAT32
Drive L: | 298,09 Gb Total Space | 297,98 Gb Free Space | 99,96% Space Free | Partition Type: NTFS
 
Computer Name: BEARJUNIOR | User Name: Sebastian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Value error.
htmlfile [print] -- Reg Error: Value error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [Browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Value error.
htmlfile [print] -- Reg Error: Value error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [Browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416015FF}" = Java(TM) 6 Update 15 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{64A3A4F4-B792-11D6-A78A-00B0D0160150}" = Java(TM) SE Development Kit 6 Update 15 (64-bit)
"{7FD7F421-39B2-4CAC-BC41-7D83DDBAB329}" = HP 3D DriveGuard
"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)
"6B8550A319DDC8B17F35F4A89988705E4592349B" = Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000)
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CyberGhost VPN_is1" = CyberGhost VPN
"FFE7D41DF3C645075BB149E21988B63996C34187" = ENE CIR Receiver Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinGimp-2.0_is1" = GIMP 2.6.8
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08DB3902-2CE0-474D-BCE3-0177766CE9F1}" = HP Support Assistant
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 21
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EBA8202-FBD5-4004-81EA-BDC38C054CE2}" = HP User Guides 0153
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E432692-A736-4F77-AF77-F9078CF88D31}" = HP Wireless Assistant
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{627EAB2D-F5AE-4815-AD8E-79129D7959E9}" = Memory Card File Rescue
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{971704F3-D10D-4E4D-90E5-C6163D96F987}_is1" = RevoluTV 2.5
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A4DDD706-37CE-4AFE-A77B-9E2CBE1A6117}" = Sun Java (TM) Wireless Toolkit 2.5.2_01 for CLDC
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.1 MUI
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B52CF9E3-1061-11DF-AB11-000374890932}" = Internet Software Paket 7
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C79312BD-3E76-4474-A10C-1435D1856A4B}" = Adobe Dreamweaver CS5
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = VideoStudio
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null 
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"3DataManager" = 3DataManager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agama Web Buttons_is1" = Agama Web Buttons
"AVG9Uninstall" = AVG Free 9.0
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"EasyBits Magic Desktop" = Magic Desktop
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = Corel VideoStudio 12
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null 
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"IrfanView" = IrfanView (remove only)
"JLC's Internet TV" = JLC's Internet TV
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Nvu_is1" = Nvu 1.0
"OpenAL" = OpenAL
"Opera 11.01.1190" = Opera 11.01
"PHPNukeDE Toolbar" = PHPNukeDE Toolbar
"PSP Video 9" = PSP Video 9 2.25
"SYSTEMCARE_025B3ECB-F8A1-45ff-BABC-140E08C7D8C5_is1" = Uniblue PowerSuite
"TeamViewer 6" = TeamViewer 6
"Warzone 2100" = Warzone 2100
"WildTangent hp Master Uninstall" = HP Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
LG
__________________
Alt 04.02.2011, 14:39   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
InternetExplorer öffnet dauernd Werbung - Standard

InternetExplorer öffnet dauernd Werbung


Zitat:
Art des Suchlaufs: Quick-Scan
Sry aber ich wollte einen Vollscan sehen...bitte nachholen und Log posten!
Denk dran vorher die Signaturen von Malwarebytes zu aktualisieren, da gibt es sehr häufig neue Updates!
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu InternetExplorer öffnet dauernd Werbung
adobe, avg, cyberghost, desktop, e-mail, explorer, firefox, google, hijack, hijackthis, internet, internet explorer, logfile, lsass.exe, mozilla, neu, nvidia, sicherheit, software, system, syswow64, temp, trojaner, unkontrollierbare werbung, virus, werbung, windows, wmp, öffnet


« Antivirus.net | HijackThisLogFile - svhost.exe, .. usw. »


Ähnliche Themen: InternetExplorer öffnet dauernd Werbung


  1. InternetExplorer Öffnet fenster bzw. ist von werbung verdeckt.
    Log-Analyse und Auswertung - 06.11.2014 (3)
  2. Internetexplorer öffnet sich selbst mit Werbung
    Diskussionsforum - 27.04.2014 (1)
  3. Internetexplorer öffnet Werbung & Ton geht aus
    Log-Analyse und Auswertung - 17.10.2010 (1)
  4. Internetexplorer öffnet Werbung (nach Anti Malware Infizierung)
    Log-Analyse und Auswertung - 01.09.2010 (3)
  5. Es öffnet sich dauernd Werbung!
    Log-Analyse und Auswertung - 24.08.2010 (1)
  6. Internetexplorer ständig im Hintergrund aktiv und öffnet manchmal Werbung
    Plagegeister aller Art und deren Bekämpfung - 29.07.2010 (31)
  7. Internet Explorer öffnet dauernd Werbung..
    Log-Analyse und Auswertung - 14.06.2010 (44)
  8. Internetexplorer öffnet sich permanent mit Werbung...
    Log-Analyse und Auswertung - 11.04.2010 (23)
  9. Internetexplorer öffnet Werbung
    Log-Analyse und Auswertung - 21.02.2010 (6)
  10. Internetexplorer öffnet sich von selbst -> Werbung
    Log-Analyse und Auswertung - 05.02.2010 (1)
  11. IE öffnet sich dauernd mir irgeneiner virenverseuchter Werbung
    Plagegeister aller Art und deren Bekämpfung - 09.11.2009 (1)
  12. Internetexplorer öffnet sich mit Werbung
    Log-Analyse und Auswertung - 22.09.2009 (5)
  13. Internetexplorer öffnet selbstständig Werbung
    Log-Analyse und Auswertung - 13.09.2009 (17)
  14. IE öffnet dauernd Werbung allein
    Log-Analyse und Auswertung - 13.08.2009 (4)
  15. IE öffnet dauernd Werbung
    Log-Analyse und Auswertung - 02.04.2009 (3)
  16. Hilfe!!! IE öffnet dauernd Werbung!!!
    Log-Analyse und Auswertung - 10.10.2008 (8)
  17. IE öffnet dauernd werbung und lässt sich nicht beenden
    Log-Analyse und Auswertung - 11.08.2006 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema InternetExplorer öffnet dauernd Werbung - hallo! Seit gestern Öffnet mein IE ständig unkontrollierbar Werbung.. In Goolle habe ich gelesen dass das ein Trojaner sein soll, welcher das verursacht Sofort habe ich einen Suchlauf mit AVG - InternetExplorer öffnet dauernd Werbung...
Archiv
Du betrachtest: InternetExplorer öffnet dauernd Werbung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131