Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
URL:mal laut Avast bei php von Facebook Explorer.exe

URL:mal laut Avast bei php von Facebook Explorer.exe


Plagegeister aller Art und deren Bekämpfung: URL:mal laut Avast bei php von Facebook Explorer.exe

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 24.05.2011, 22:18   #1
hnaqua
 
URL:mal laut Avast bei php von Facebook Explorer.exe - Standard

URL:mal laut Avast bei php von Facebook Explorer.exe


Hallo,

ich hab seit 2 Tagen immer wieder eine Meldung von Avast, das etwas geblockt wurde. Es soll sich um ein URL:mal handeln von der Explorer.EXE im Windows Ordner. Es wird eine Adresse ausgegeben die mit dem login von Facebook zu tun hat.

facebook.com/login.php?guide=6.0.6002!johannes-pc!2b7c9043.... ewig lang das Teil...

Der Block von Avast kommt recht unregelmäig. Auch wenn ich garnicht auf FB bin bzw. nicht mal Firefox oder den I-Explorer auf habe. Auch beim Neustart kommt der Block. Wenn ich das Internet nicht anhabe ist es bisher noch nicht passiert.

Leider kommt ein Scann von Avast zu keinem Ergebnis. Auch Spybot (Search an Destroy) hats nichts gefunden. Welche Scanns sollte ich noch machen lassen, bzw. mit was habe ich es hier überhaupt zu tun. Mein letzter Virus ist schon sooo lange her, dass ich da nicht mehr auf dem laufenden bin was zu tun ist.

Schonmal vielen Dank für Eure Hilfe.

Alt 25.05.2011, 12:24   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
URL:mal laut Avast bei php von Facebook Explorer.exe - Standard

URL:mal laut Avast bei php von Facebook Explorer.exe


Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!


Danach OTL-Custom:


CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________

__________________
Alt 26.05.2011, 19:23   #3
hnaqua
 
URL:mal laut Avast bei php von Facebook Explorer.exe - Standard

URL:mal laut Avast bei php von Facebook Explorer.exe


Hallo,

viel Dank für deine Antwort, der Scan hat zwar die ganze Nacht gedauert hab aber nun bei durch.

Heute ist bis jetzt nicht einmal mehr das Problem aufgetaucht. Gestern hab ich noch die ganzen Cookies von den Browsern gelöscht und Spybot Search and Destroy drauf gemacht, kann das daran liegen? Vielleicht ist es auch nur zufall...


Hier die Ergebnisse:
Zitat:
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6677

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

26.05.2011 07:55:12
mbam-log-2011-05-26 (07-55-12).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 649146
Laufzeit: 8 Stunde(n), 16 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 8

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4E3E0230AEBB4E96 (Trojan.SpyEyes) -> Value: 4E3E0230AEBB4E96 -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\downloads\wichtige software\msoe2007kg.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\downloads\wichtige software\bilder\keygen\keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
c:\program files\alcohol soft\alcohol 120\Langs\AX_RU.dll (Malware.Packer.GenX) -> Quarantined and deleted successfully.
c:\Spiele\gta4\gta crack\launchgtaiv.exe (Risktool.Crack) -> Quarantined and deleted successfully.
c:\Spiele\Lan\C&C 3\Keygen\triberum wars keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Spiele\rockstar games\grand theft auto iv\launchgtaiv.exe (Risktool.Crack) -> Quarantined and deleted successfully.
c:\Recycle.Bin\recycle.bin.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully.
c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.
und noch OTL:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 26.05.2011 18:58:23 - Run 2
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\Johannes\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,64 Gb Available Physical Memory | 55,13% Memory free
6,14 Gb Paging File | 4,78 Gb Available in Paging File | 77,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454,56 Gb Total Space | 34,89 Gb Free Space | 7,68% Space Free | Partition Type: NTFS
Drive D: | 11,20 Gb Total Space | 1,83 Gb Free Space | 16,35% Space Free | Partition Type: NTFS
 
Computer Name: JOHANNES-PC | User Name: Johannes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.05.25 21:57:21 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Johannes\Downloads\OTL(1).exe
PRC - [2011.05.07 12:13:11 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.03.28 15:41:14 | 001,910,152 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011.03.28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2010.09.07 18:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010.09.07 18:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009.05.15 12:36:50 | 000,251,184 | R--- | M] (BUFFALO INC.) -- C:\Program Files\BUFFALO\NASNAVI\nassvc.exe
PRC - [2009.05.15 12:36:48 | 000,206,128 | R--- | M] (BUFFALO INC.) -- C:\Program Files\BUFFALO\NASNAVI\nassche.exe
PRC - [2009.04.22 23:06:52 | 000,206,120 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe
PRC - [2009.04.22 22:53:22 | 000,296,320 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2009.04.22 22:53:22 | 000,116,104 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.01.26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008.09.26 03:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008.09.25 19:42:24 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008.09.25 19:41:44 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008.09.23 12:18:52 | 000,365,904 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008.09.23 12:03:38 | 000,912,688 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2008.09.11 13:52:52 | 000,237,650 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\stacsv.exe
PRC - [2008.09.11 13:50:38 | 000,446,556 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008.07.22 23:44:06 | 000,357,376 | ---- | M] (shbox.de) -- C:\Program Files\FreePDF_XP\fpassist.exe
PRC - [2008.06.27 17:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\AEstSrv.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.10.26 14:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Studium\Internet\VPN\cvpnd.exe
PRC - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.05.25 21:57:21 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Johannes\Downloads\OTL(1).exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (Norton Internet Security)
SRV - [2011.03.28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010.09.07 18:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010.09.07 18:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010.09.07 18:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010.05.22 01:44:39 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009.11.15 21:06:38 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2009.05.15 12:36:50 | 000,251,184 | R--- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files\BUFFALO\NASNAVI\nassvc.exe -- (NasPmService)
SRV - [2009.04.22 22:53:22 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2009.04.22 22:53:22 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2008.09.23 12:18:52 | 000,365,904 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008.09.11 13:52:52 | 000,237,650 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\stacsv.exe -- (STacSV)
SRV - [2008.06.27 17:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\AEstSrv.exe -- (AESTFilters)
SRV - [2008.02.03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.10.26 14:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Studium\Internet\VPN\cvpnd.exe -- (CVPND)
SRV - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010.09.07 17:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010.09.07 17:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010.09.07 17:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010.09.07 17:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010.09.07 17:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.07.24 21:05:50 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.09.23 10:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.06.22 20:38:22 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.06.22 20:26:04 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009.06.05 23:18:30 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.06.05 23:18:28 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008.09.26 03:36:34 | 000,059,376 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2008.09.13 09:13:00 | 007,391,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.09.11 13:54:44 | 000,389,120 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008.08.29 01:48:46 | 003,664,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.08.06 05:29:26 | 000,044,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.07.22 17:42:34 | 000,123,904 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.07.21 12:53:02 | 000,100,184 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.04.29 03:54:58 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2008.03.27 13:12:12 | 000,024,424 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008.03.27 13:11:34 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2008.01.02 12:36:30 | 000,076,288 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2007.10.26 14:27:00 | 000,306,300 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007.08.29 13:07:26 | 000,283,776 | ---- | M] (AfaTech                  ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA) Cinergy T USB XE (MKII)
DRV - [2007.07.27 12:46:06 | 000,251,680 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acehlp10.sys -- (acehlp10)
DRV - [2007.07.27 10:13:08 | 000,330,144 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV10.sys -- (acedrv10)
DRV - [2007.06.18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007.01.31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007.01.18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2004.07.14 13:54:42 | 000,676,864 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (Hardlock)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.16.1.102:80
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {d5ea4520-61a1-11da-8cd6-0800200c9a66}:2009.07.19
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.7.1
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.backup.ftp: "172.16.1.102"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "172.16.1.102"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "172.16.1.102"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "172.16.1.102"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "172.16.1.102"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "172.16.1.102"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "172.16.1.102"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "172.16.1.102"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "172.16.1.102"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.07 12:13:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.23 13:44:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.04.29 10:16:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.05.23 13:44:16 | 000,000,000 | ---D | M]
 
[2010.11.01 23:15:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Extensions
[2010.11.01 23:15:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.05.25 11:12:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\qs3pa8eu.default\extensions
[2010.04.28 22:07:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\qs3pa8eu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.05.14 19:13:35 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\qs3pa8eu.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2009.11.24 17:30:40 | 000,000,000 | ---D | M] (QuickProxy) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\qs3pa8eu.default\extensions\{d5ea4520-61a1-11da-8cd6-0800200c9a66}
[2010.01.04 16:53:38 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\qs3pa8eu.default\extensions\moveplayer@movenetworks.com
[2010.04.28 22:07:48 | 000,000,000 | ---D | M] (YouTube to MP3) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\qs3pa8eu.default\extensions\youtube2mp3@mondayx.de
[2011.02.07 12:01:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.06.13 10:55:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.11.04 19:44:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) -- 
() (No name found) -- C:\USERS\JOHANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS3PA8EU.DEFAULT\EXTENSIONS\{317B5128-0B0B-49B2-B2DB-1E7560E16C74}.XPI
() (No name found) -- C:\USERS\JOHANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QS3PA8EU.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2011.05.07 12:13:10 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010.09.15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.05.07 12:13:12 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.05.07 12:13:12 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011.05.07 12:13:12 | 000,001,153 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.05.07 12:13:12 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.05.07 12:13:12 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.05.07 12:13:12 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [msnmsgr]  File not found
O4 - HKCU..\Run: [OscarEditor]  File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator.lnk = C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.)
O4 - Startup: C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Memeo AutoBackup Launcher.lnk = C:\Users\Johannes\AppData\Roaming\Microsoft\Installer\{BD1F8143-C678-43CD-A296-A3A32A8C2976}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe (Macrovision Corporation)
O4 - Startup: C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk = C:\Program Files\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab (DLM Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Johannes\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Johannes\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0b955593-e663-11de-9d55-00235a31f909}\Shell\AutoRun\command - "" = I:\Seagate\Installer\InstallSeagateManager.exe
O33 - MountPoints2\{0b955593-e663-11de-9d55-00235a31f909}\Shell\Install\command - "" = I:\Seagate\Installer\InstallSeagateManager.exe
O33 - MountPoints2\{1bdec2c4-1a19-11df-b205-00235a31f909}\Shell - "" = AutoRun
O33 - MountPoints2\{1bdec2c4-1a19-11df-b205-00235a31f909}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{24b75ad4-1b1f-11df-bc08-00235a31f909}\Shell - "" = AutoRun
O33 - MountPoints2\{24b75ad4-1b1f-11df-bc08-00235a31f909}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{3d59da78-fab0-11de-bd44-00059a3c7800}\Shell\AutoRun\command - "" = I:\eexyv.exe
O33 - MountPoints2\{3d59da78-fab0-11de-bd44-00059a3c7800}\Shell\open\Command - "" = I:\eexyv.exe
O33 - MountPoints2\{52dabba5-3867-11e0-a7f0-e99f12824c27}\Shell - "" = AutoRun
O33 - MountPoints2\{52dabba5-3867-11e0-a7f0-e99f12824c27}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{5732f9ec-2955-11e0-98bb-dc9d4b940b22}\Shell - "" = AutoRun
O33 - MountPoints2\{5732f9ec-2955-11e0-98bb-dc9d4b940b22}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{5f672ebb-3b3b-11de-aec6-00235a31f909}\Shell - "" = AutoRun
O33 - MountPoints2\{5f672ebb-3b3b-11de-aec6-00235a31f909}\Shell\AutoRun\command - "" = G:\SetupStarter.exe
O33 - MountPoints2\{5f672ebc-3b3b-11de-aec6-00235a31f909}\Shell - "" = AutoRun
O33 - MountPoints2\{5f672ebc-3b3b-11de-aec6-00235a31f909}\Shell\AutoRun\command - "" = H:\setup\rsrc\Autorun.exe
O33 - MountPoints2\{5f672ebc-3b3b-11de-aec6-00235a31f909}\Shell\dinstall\command - "" = H:\Directx\dxsetup.exe
O33 - MountPoints2\{620e2a64-c47e-11de-9c3d-00235a31f909}\Shell\AutoRun\command - "" = I:\Toshiba\more4you.exe
O33 - MountPoints2\{6e7071c3-1a18-11df-a40e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6e7071c3-1a18-11df-a40e-806e6f6e6963}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{6f18941a-383e-11e0-a9a4-f0513f6a3843}\Shell - "" = AutoRun
O33 - MountPoints2\{6f18941a-383e-11e0-a9a4-f0513f6a3843}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{6f189428-383e-11e0-a9a4-f0513f6a3843}\Shell - "" = AutoRun
O33 - MountPoints2\{6f189428-383e-11e0-a9a4-f0513f6a3843}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{7861d485-6fdc-11e0-8ccc-f59d454cd7db}\Shell - "" = AutoRun
O33 - MountPoints2\{7861d485-6fdc-11e0-8ccc-f59d454cd7db}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{85c7bde3-04dc-11df-8057-00235a31f909}\Shell\AutoRun\command - "" = I:\Menu.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk - C:\Windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico - ()
MsConfig - StartUpReg: QlbCtrl.exe - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {610A36EE-F182-2DCF-EDE0-28D1587971F7} - LightScribe Control Panel
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8E8CAE47-26F3-1E1A-AB42-431141E1243C} - 
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E276A98D-7D10-29EA-F877-A29E36B76CD9} - 
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: SENTINEL - C:\Windows\System32\SNTI386.DLL (Rainbow Technologies, Inc.)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.25 21:54:37 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Malwarebytes
[2011.05.25 21:54:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.25 21:54:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Malwarebytes' Anti-Malware
[2011.05.25 21:54:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.05.25 21:54:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.05.25 21:54:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.05.24 22:31:48 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011.05.24 22:31:47 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011.05.24 17:47:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Spybot - Search & Destroy
[2011.05.24 17:47:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.05.24 17:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011.05.08 18:45:02 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Desktop\sap screens !!!!!!!!!!!!
[2011.05.06 10:45:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Microsoft Games for Windows Marketplace
[2008.01.25 12:47:00 | 000,217,088 | ---- | C] ( ) -- C:\Users\Johannes\AppData\Local\Interop.Microsoft.Office.Core.dll
[2007.08.09 16:50:38 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Users\Johannes\AppData\Local\stdole.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.26 18:56:34 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.26 18:17:37 | 000,685,918 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.05.26 18:17:37 | 000,651,472 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.05.26 18:17:37 | 000,148,980 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.05.26 18:17:37 | 000,125,858 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.05.26 18:11:50 | 000,002,515 | ---- | M] () -- C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Memeo AutoBackup Launcher.lnk
[2011.05.26 18:11:12 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.26 18:11:10 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.26 18:11:10 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.26 18:11:08 | 000,645,792 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.05.26 18:11:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.26 18:10:56 | 3186,577,408 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.26 08:06:19 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.05.26 08:00:14 | 000,002,682 | ---- | M] () -- C:\Windows\tasks\hpwebreg_CN0BCAM1P6.job
[2011.05.25 21:54:25 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.24 22:32:03 | 000,002,489 | ---- | M] () -- C:\Users\Johannes\Desktop\HiJackThis.lnk
[2011.05.24 17:47:11 | 000,001,015 | ---- | M] () -- C:\Users\Johannes\Desktop\Spybot - Search & Destroy.lnk
[2011.05.23 13:44:17 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.05.22 22:16:49 | 000,645,792 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.05.19 18:18:34 | 000,007,592 | ---- | M] () -- C:\Users\Johannes\AppData\Local\d3d9caps.dat
[2011.05.06 11:17:58 | 003,472,784 | ---- | M] () -- C:\Users\Johannes\Desktop\Nadine.psd
[2011.04.27 00:04:59 | 000,335,879 | ---- | M] () -- C:\Users\Johannes\Desktop\event4.jpg
 
========== Files Created - No Company Name ==========
 
[2011.05.25 21:54:25 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.24 22:31:48 | 000,002,489 | ---- | C] () -- C:\Users\Johannes\Desktop\HiJackThis.lnk
[2011.05.24 17:47:11 | 000,001,015 | ---- | C] () -- C:\Users\Johannes\Desktop\Spybot - Search & Destroy.lnk
[2011.05.07 12:13:15 | 000,000,818 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.05.06 11:17:57 | 003,472,784 | ---- | C] () -- C:\Users\Johannes\Desktop\Nadine.psd
[2011.04.27 00:04:55 | 000,335,879 | ---- | C] () -- C:\Users\Johannes\Desktop\event4.jpg
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.11.05 14:08:00 | 000,007,592 | ---- | C] () -- C:\Users\Johannes\AppData\Local\d3d9caps.dat
[2010.06.13 11:02:00 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.03.20 17:47:09 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009.12.16 11:30:05 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2009.11.29 00:31:16 | 000,000,000 | ---- | C] () -- C:\Windows\War3Unin.dat
[2009.11.23 20:00:48 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009.10.17 02:38:42 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009.10.17 02:38:42 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009.10.17 02:38:42 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009.10.17 02:33:20 | 000,000,096 | ---- | C] () -- C:\Users\Johannes\AppData\Local\fusioncache.dat
[2009.10.17 02:17:20 | 000,000,218 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009.10.06 00:36:28 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009.10.06 00:35:49 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2009.10.06 00:35:49 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2009.10.06 00:32:41 | 000,034,816 | ---- | C] () -- C:\Windows\System32\ODMA32.DLL
[2009.09.17 00:41:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.17 00:41:57 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.08.14 17:43:00 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.08.09 03:43:05 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2009.06.19 21:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009.06.05 23:18:30 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.06.05 23:18:28 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.05.29 10:20:13 | 002,192,926 | ---- | C] () -- C:\Users\Johannes\AppData\Local\tmpIMG_4921.JPG
[2009.05.07 18:15:04 | 000,014,319 | ---- | C] () -- C:\Windows\UN060501.INI
[2009.05.07 18:15:04 | 000,005,465 | ---- | C] () -- C:\Windows\UN070209.INI
[2009.05.07 00:22:06 | 002,138,733 | ---- | C] () -- C:\Users\Johannes\AppData\Local\tmpTON + SCHNECKEN 010.JPG
[2009.04.30 22:02:18 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2009.04.30 22:02:18 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2009.04.29 11:46:12 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.04.09 21:38:11 | 000,645,792 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.04.09 16:56:00 | 000,645,792 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.04.04 23:57:50 | 000,157,184 | ---- | C] () -- C:\Users\Johannes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.22 06:37:43 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.10.22 06:34:24 | 000,685,918 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.10.22 06:34:24 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.10.22 06:34:24 | 000,148,980 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.10.22 06:34:24 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.10.21 22:43:10 | 000,000,428 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat
[2008.10.21 21:47:09 | 000,218,480 | ---- | C] () -- C:\ProgramData\SymUpdate.exe
[2008.10.21 21:06:34 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007.10.26 14:28:18 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,322,232 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,651,472 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,125,858 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.03.09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
 
========== LOP Check ==========
 
[2010.06.20 21:39:39 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Avery
[2009.08.30 12:16:00 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Blumentals
[2009.05.07 21:32:25 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\DAEMON Tools Lite
[2009.05.07 21:13:32 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\DAEMON Tools Pro
[2011.03.11 23:26:09 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Desktopicon
[2009.06.18 22:18:30 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\F4
[2011.05.20 14:23:15 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\FileZilla
[2010.08.22 20:29:14 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\FOG Downloader
[2009.09.19 01:44:34 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Free Monitor for Google
[2009.08.18 01:17:57 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\HAPedit
[2010.02.20 15:20:13 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\NASNaviator2
[2009.09.22 18:19:06 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Nvu
[2009.08.18 13:31:14 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\OpenOffice.org
[2009.08.18 01:00:57 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Sam Francke
[2009.09.26 15:07:13 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\TerraTec
[2010.11.01 23:15:41 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Thunderbird
[2010.01.09 10:36:00 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Toolbars
[2010.02.02 02:47:13 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\TS3Client
[2009.04.08 10:14:11 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\WildTangent
[2009.12.27 13:20:03 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\wxMozBrowserLib
[2009.08.14 17:41:41 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\XnView
[2011.05.26 08:06:19 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.10.03 12:33:34 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Adobe
[2010.06.20 21:39:39 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Avery
[2009.08.30 12:16:00 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Blumentals
[2009.09.24 22:44:14 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\CyberLink
[2009.05.07 21:32:25 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\DAEMON Tools Lite
[2009.05.07 21:13:32 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\DAEMON Tools Pro
[2011.03.11 23:26:09 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Desktopicon
[2010.04.18 19:45:28 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\DivX
[2009.06.04 12:05:23 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Download Manager
[2011.03.23 01:12:53 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\dvdcss
[2009.06.18 22:18:30 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\F4
[2011.05.20 14:23:15 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\FileZilla
[2010.08.22 20:29:14 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\FOG Downloader
[2009.09.19 01:44:34 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Free Monitor for Google
[2009.12.01 10:50:04 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Google
[2009.08.18 01:17:57 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\HAPedit
[2009.04.04 20:00:01 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Hewlett-Packard
[2009.04.29 21:45:42 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\HP
[2009.04.04 19:53:20 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\HP TCS
[2011.04.08 11:00:50 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\HpUpdate
[2009.04.04 19:59:24 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Identities
[2009.11.15 23:36:42 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Macromedia
[2011.05.25 21:54:37 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Media Center Programs
[2010.06.24 09:15:48 | 000,000,000 | --SD | M] -- C:\Users\Johannes\AppData\Roaming\Microsoft
[2009.05.27 13:48:38 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Mozilla
[2010.02.20 15:20:13 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\NASNaviator2
[2009.09.22 18:19:06 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Nvu
[2009.08.18 13:31:14 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\OpenOffice.org
[2009.08.18 01:00:57 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Sam Francke
[2009.06.02 12:53:50 | 000,000,000 | RH-D | M] -- C:\Users\Johannes\AppData\Roaming\SecuROM
[2011.05.25 01:28:34 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Skype
[2011.05.25 00:08:43 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\skypePM
[2009.04.29 11:46:20 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Talkback
[2009.06.21 21:45:36 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\teamspeak2
[2009.09.26 15:07:13 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\TerraTec
[2010.11.01 23:15:41 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Thunderbird
[2010.01.09 10:36:00 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Toolbars
[2010.02.02 02:47:13 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\TS3Client
[2011.05.22 01:27:10 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\vlc
[2009.04.08 10:14:11 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\WildTangent
[2009.05.14 08:10:57 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\WinRAR
[2009.12.27 13:20:03 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\wxMozBrowserLib
[2009.08.14 17:41:41 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\XnView
 
< %APPDATA%\*.exe /s >
[2010.02.28 12:29:31 | 000,029,184 | R--- | M] () -- C:\Users\Johannes\AppData\Roaming\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe
[2011.05.24 22:31:49 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\Johannes\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
[2011.02.17 15:10:30 | 000,010,134 | R--- | M] () -- C:\Users\Johannes\AppData\Roaming\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe
[2010.02.20 15:29:09 | 000,030,894 | R--- | M] () -- C:\Users\Johannes\AppData\Roaming\Microsoft\Installer\{BD1F8143-C678-43CD-A296-A3A32A8C2976}\ARPPRODUCTICON.exe
[2010.02.20 15:29:09 | 000,073,728 | R--- | M] (Macrovision Corporation) -- C:\Users\Johannes\AppData\Roaming\Microsoft\Installer\{BD1F8143-C678-43CD-A296-A3A32A8C2976}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe
[2010.02.20 15:29:09 | 000,073,728 | R--- | M] (Macrovision Corporation) -- C:\Users\Johannes\AppData\Roaming\Microsoft\Installer\{BD1F8143-C678-43CD-A296-A3A32A8C2976}\NewShortcut5_6EA2867D4E8340A5A3471FF71A363544.exe
[2010.02.20 15:29:09 | 000,073,728 | R--- | M] (Macrovision Corporation) -- C:\Users\Johannes\AppData\Roaming\Microsoft\Installer\{BD1F8143-C678-43CD-A296-A3A32A8C2976}\NewShortcut6_6EA2867D4E8340A5A3471FF71A363544.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.10.22 06:50:46 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7f3e4ed9\atapi.sys
[2008.10.22 06:50:46 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_dd6376773aedb5e4\atapi.sys
[2008.10.22 06:50:46 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b7393fc6\atapi.sys
[2008.10.22 06:50:46 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_dbb74a7b3d9afbc1\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.05.17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.07.24 21:05:50 | 000,722,416 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\Johannes\Desktop\DVD x264.mkv:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Johannes\Desktop\8.avi:TOC.WMV

< End of report >
--- --- ---
__________________
Alt 26.05.2011, 20:09   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
URL:mal laut Avast bei php von Facebook Explorer.exe - Standard

URL:mal laut Avast bei php von Facebook Explorer.exe


Zitat:
c:\downloads\wichtige software\msoe2007kg.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
c:\downloads\wichtige software\bilder\keygen\keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
c:\program files\alcohol soft\alcohol 120\Langs\AX_RU.dll (Malware.Packer.GenX) -> Quarantined and deleted successfully.
c:\Spiele\gta4\gta crack\launchgtaiv.exe (Risktool.Crack) -> Quarantined and deleted successfully.
Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu URL:mal laut Avast bei php von Facebook Explorer.exe
adresse, avast, destroy, explorer.exe, firefox, garnicht, geblockt, interne, internet, lange, login, meldung, neustart, nicht mehr, nichts, recht, scan, scann, search, spybot, tagen, url mal, url:mal, virus, windows, überhaupt


« Firefox - Umleitung von Google auf Ask "Super Schnäppchen" und co... | BOD/TDss.M in meinem Botsektor! »


Ähnliche Themen: URL:mal laut Avast bei php von Facebook Explorer.exe


  1. diverse Virenfunde laut AVAST (Win32:Malware-gen)
    Log-Analyse und Auswertung - 16.02.2015 (13)
  2. win 7 laut Avast ist Firefox.exe infiziert
    Log-Analyse und Auswertung - 03.02.2015 (3)
  3. Win. 8.1: Website laut Avast bei Firefox infiziert
    Log-Analyse und Auswertung - 05.01.2015 (34)
  4. Laut Avast wurden 10 Viren in den letzten 30 Tagen blockiert
    Plagegeister aller Art und deren Bekämpfung - 14.12.2014 (5)
  5. Avast-Meldung: BSI Warnung (Identitätsdiebstahl) u. Virenfund v. Avast (HTML:Downloader-FG (Expl))
    Log-Analyse und Auswertung - 29.04.2014 (8)
  6. Nicht aktuell aber laut Avast schon
    Antiviren-, Firewall- und andere Schutzprogramme - 25.03.2014 (8)
  7. Windows 7 64-bit: laut Windows ist Avast (VistHaux.exe) deaktiviert; eine meiner Emailadressen war auf der BSI-Liste
    Log-Analyse und Auswertung - 26.01.2014 (3)
  8. Internet Explorer startet von allein. Laut Taskmanager auch mehrere Instanzen davon.
    Plagegeister aller Art und deren Bekämpfung - 08.08.2012 (7)
  9. CPU Lüfter zu laut
    Netzwerk und Hardware - 09.07.2012 (8)
  10. Avast- kein Avast Internet Security-Programm Update möglich 29.02.2012
    Plagegeister aller Art und deren Bekämpfung - 05.03.2012 (3)
  11. Lüfter sehr laut, Laut Highjackthis-Analyse Schadsoftware auf Laptop
    Log-Analyse und Auswertung - 05.12.2011 (10)
  12. Facebook-Trojaner: vinamost.net/images/facebook/get.php?image=IMG39348819.JPG
    Log-Analyse und Auswertung - 21.11.2011 (42)
  13. Avast Web Schutz verhindert Internet-Zugang über Firefox/Internet Explorer
    Antiviren-, Firewall- und andere Schutzprogramme - 27.05.2011 (7)
  14. Zuerst Facebook-Virus-Neu aufgesetzt,cpu Auslastung 100%,bei Facebook-Games extrem lahm!
    Log-Analyse und Auswertung - 03.02.2011 (11)
  15. Skype - Facebook Virus foto :P h**p://facebook.twitterbizzer.com/member_profile.php
    Plagegeister aller Art und deren Bekämpfung - 27.08.2010 (6)
  16. PC laut und langsam?
    Log-Analyse und Auswertung - 02.02.2010 (1)
  17. Laut AV 2 Trojaner
    Plagegeister aller Art und deren Bekämpfung - 23.07.2006 (11)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema URL:mal laut Avast bei php von Facebook Explorer.exe - Hallo, ich hab seit 2 Tagen immer wieder eine Meldung von Avast, das etwas geblockt wurde. Es soll sich um ein URL:mal handeln von der Explorer.EXE im Windows Ordner. Es - URL:mal laut Avast bei php von Facebook Explorer.exe...
Archiv
Du betrachtest: URL:mal laut Avast bei php von Facebook Explorer.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130