Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Startfenster.com Trotz AdwCleaner immernoch vorhanden!

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 27.11.2012, 21:49   #1
Cody666
 
Startfenster.com Trotz AdwCleaner immernoch vorhanden! - Standard

Startfenster.com Trotz AdwCleaner immernoch vorhanden!



Hallo zusammen,

Ich habe mir auch auf vlc.de den berühmten startfenster.com "nerver" eingefangen... Mittlerweile hab ich auch gemerkt das die vlc-Seite eigentlich nicht vlc.de heißt... mist!
Ich bin diesem(http://www.trojaner-board.de/126470-...kein-ende.html) Beitrag hier gefolgt und habe zunächst nur ADW Cleaner und die Rootkitsuche über Kaspersky laufen lassen was reperaturen angeht. Ansonsten habe ich alle Logs mit den Programmen erstellen lassen die im Beitrag gepostet wurden. Diese findet ihre weiter unten. Allerdings scheint dieses startfenster-Ding immernoch da zu sein... Es wurde ja immer darauf hingewiesen bei allen anderen Programmen nicht ohne Anweisung auf "Fix" zu klicken also warte ich damit noch.
Weiß jemand was ich noch tuen kann?
Ich lasse gerade noch den ESET Online Scanner laufen, seinen Log, werde ich dann auchnocheinmal posten.






ADW Scan
Code:
ATTFilter
# AdwCleaner v2.009 - Datei am 27/11/2012 um 21:48:47 erstellt
# Aktualisiert am 24/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzer : TentGXNotebook - JU8
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\TentGXNotebook\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\TentGXNotebook\AppData\Roaming\Mozilla\Firefox\Profiles\uiszdrvr.default\searchplugins\icqplugin.xml
Ordner Gefunden : C:\ProgramData\boost_interprocess
Ordner Gefunden : C:\Users\TentGXNotebook\AppData\Roaming\Mozilla\Firefox\Profiles\uiszdrvr.default\Conduit

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v14.0.1 (de)

Profilname : default 
Datei : C:\Users\TentGXNotebook\AppData\Roaming\Mozilla\Firefox\Profiles\uiszdrvr.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1044 octets] - [27/11/2012 21:48:47]

########## EOF - C:\AdwCleaner[R1].txt - [1104 octets] ##########
         



ADW Löschen

Code:
ATTFilter
# AdwCleaner v2.009 - Datei am 27/11/2012 um 21:49:50 erstellt
# Aktualisiert am 24/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzer : TentGXNotebook - JU8
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\TentGXNotebook\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\TentGXNotebook\AppData\Roaming\Mozilla\Firefox\Profiles\uiszdrvr.default\searchplugins\icqplugin.xml
Gelöscht mit Neustart : C:\ProgramData\boost_interprocess
Gelöscht mit Neustart : C:\Users\TentGXNotebook\AppData\Roaming\Mozilla\Firefox\Profiles\uiszdrvr.default\Conduit

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v14.0.1 (de)

Profilname : default 
Datei : C:\Users\TentGXNotebook\AppData\Roaming\Mozilla\Firefox\Profiles\uiszdrvr.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1173 octets] - [27/11/2012 21:48:47]
AdwCleaner[S1].txt - [1118 octets] - [27/11/2012 21:49:50]

########## EOF - C:\AdwCleaner[S1].txt - [1178 octets] ##########
         



OTL Scan
Code:
ATTFilter
OTL logfile created on: Di. 27.11.2012 21:55:08 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\TentGXNotebook\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: ddd. dd.MM.yyyy
 
3,74 Gb Total Physical Memory | 2,31 Gb Available Physical Memory | 61,77% Memory free
7,48 Gb Paging File | 5,91 Gb Available in Paging File | 79,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 143,06 Gb Total Space | 77,94 Gb Free Space | 54,48% Space Free | Partition Type: NTFS
Drive D: | 141,93 Gb Total Space | 5,97 Gb Free Space | 4,21% Space Free | Partition Type: NTFS
Drive E: | 7,84 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 7,41 Gb Total Space | 3,10 Gb Free Space | 41,85% Space Free | Partition Type: FAT32
 
Computer Name: JU8 | User Name: TentGXNotebook | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\TentGXNotebook\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\AFLICS\AfterFLICS.exe ()
PRC - C:\Programme\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4bdeb88758dccd625f4703ed77aaf348\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c2f9dd7db911053edcaaadf5fefc500a\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AfterFLICS v3) -- C:\Program Files (x86)\AFLICS\AfterFLICS.exe ()
SRV - (mi-raysat_3dsmax2012_64) -- C:\Programme\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Rovi Corporation)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3974148183-1780751842-2865962323-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startfenster.com
IE - HKU\S-1-5-21-3974148183-1780751842-2865962323-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3974148183-1780751842-2865962323-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3974148183-1780751842-2865962323-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 B4 81 60 00 A4 CD 01  [binary data]
IE - HKU\S-1-5-21-3974148183-1780751842-2865962323-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3974148183-1780751842-2865962323-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3974148183-1780751842-2865962323-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.startfenster.com"
FF - prefs.js..extensions.enabledAddons: add-to-searchbox@maltekraus.de:2.0
FF - prefs.js..extensions.enabledAddons: contact@searchfiles.de:1.3
FF - prefs.js..extensions.enabledAddons: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.2.0
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.5
FF - prefs.js..extensions.enabledAddons: artur.dubovoy@gmail.com:3.8.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.15
FF - prefs.js..extensions.enabledItems: contact@searchfiles.de:1.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledItems: artur.dubovoy@gmail.com:3.4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: virtualKeyboard@kaspersky.ru:11.0.2.579
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.2.579
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20111107
FF - prefs.js..extensions.enabledItems: add-to-searchbox@maltekraus.de:2.0
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.7.3
FF - prefs.js..extensions.enabledItems: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.2.0
FF - prefs.js..keyword.URL: " hxxp://www.google.de/search?hl=de&q="
FF - prefs.js..network.proxy.autoconfig_url: "file:///C:\\Users\\Niko\\AppData\\Local\\Temp\\proxtube.pac"
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012/10/29 13:23:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/10/29 13:23:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012/10/29 13:23:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/28 18:21:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/10/07 21:18:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012/08/27 20:32:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TentGXNotebook\AppData\Roaming\mozilla\Extensions
[2012/11/27 21:40:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TentGXNotebook\AppData\Roaming\mozilla\Firefox\Profiles\uiszdrvr.default\extensions
[2012/10/06 09:48:15 | 000,000,000 | ---D | M] (WOT) -- C:\Users\TentGXNotebook\AppData\Roaming\mozilla\Firefox\Profiles\uiszdrvr.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/08/27 20:34:10 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Users\TentGXNotebook\AppData\Roaming\mozilla\Firefox\Profiles\uiszdrvr.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
[2012/08/27 20:34:10 | 000,000,000 | ---D | M] (Add to Search Bar) -- C:\Users\TentGXNotebook\AppData\Roaming\mozilla\Firefox\Profiles\uiszdrvr.default\extensions\add-to-searchbox@maltekraus.de
[2012/08/27 20:34:10 | 000,000,000 | ---D | M] (File Search) -- C:\Users\TentGXNotebook\AppData\Roaming\mozilla\Firefox\Profiles\uiszdrvr.default\extensions\contact@searchfiles.de
[2012/09/30 10:06:35 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\TentGXNotebook\AppData\Roaming\mozilla\Firefox\Profiles\uiszdrvr.default\extensions\ich@maltegoetz.de
[2012/11/27 21:40:45 | 000,234,741 | ---- | M] () (No name found) -- C:\Users\TentGXNotebook\AppData\Roaming\mozilla\firefox\profiles\uiszdrvr.default\extensions\artur.dubovoy@gmail.com.xpi
[2012/10/31 22:21:14 | 002,042,908 | ---- | M] () (No name found) -- C:\Users\TentGXNotebook\AppData\Roaming\mozilla\firefox\profiles\uiszdrvr.default\extensions\firebug@software.joehewitt.com.xpi
[2012/11/24 13:09:56 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\TentGXNotebook\AppData\Roaming\mozilla\firefox\profiles\uiszdrvr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/11/27 21:40:45 | 000,243,496 | ---- | M] () (No name found) -- C:\Users\TentGXNotebook\AppData\Roaming\mozilla\firefox\profiles\uiszdrvr.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2011/11/15 19:53:00 | 000,001,650 | ---- | M] () -- C:\Users\TentGXNotebook\AppData\Roaming\mozilla\firefox\profiles\uiszdrvr.default\searchplugins\5-built-in-types--python-v272-documentation.xml
[2010/08/05 21:23:52 | 000,001,976 | ---- | M] () -- C:\Users\TentGXNotebook\AppData\Roaming\mozilla\firefox\profiles\uiszdrvr.default\searchplugins\rapidshare-google-arama.xml
[2012/08/27 20:32:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/07/14 01:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/14 01:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/07/14 01:45:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/14 01:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/07/14 01:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/07/14 01:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/07/14 01:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012/08/28 20:33:47 | 000,001,699 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1 209.34.83.73:443
O1 - Hosts: 127.0.0.1 209.34.83.73:43
O1 - Hosts: 127.0.0.1 209.34.83.73
O1 - Hosts: 127.0.0.1 209.34.83.67:443
O1 - Hosts: 127.0.0.1 209.34.83.67:43
O1 - Hosts: 127.0.0.1 209.34.83.67
O1 - Hosts: 127.0.0.1 ood.opsource.net
O1 - Hosts: 127.0.0.1 CRL.VERISIGN.NET
O1 - Hosts: 127.0.0.1 199.7.52.190:80
O1 - Hosts: 5 more lines...
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avp] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3974148183-1780751842-2865962323-1000..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7569DF90-088F-4ED9-ABD1-73C9E9264907}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/24 22:52:32 | 000,176,128 | ---- | M] () - F:\autoexec.bin -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/11/27 21:53:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\TentGXNotebook\Desktop\OTL.exe
[2012/11/27 21:42:12 | 000,000,000 | ---D | C] -- C:\Users\TentGXNotebook\AppData\Roaming\vlc
[2012/11/27 21:41:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012/11/09 14:42:48 | 000,000,000 | ---D | C] -- C:\Users\TentGXNotebook\AppData\Roaming\OpenOffice.org
[2012/11/09 14:38:05 | 000,000,000 | --SD | C] -- C:\Users\TentGXNotebook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2012/11/09 14:37:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2012/11/09 14:34:09 | 000,000,000 | ---D | C] -- C:\Program Files\OPenoffice
[2012/11/02 17:31:32 | 000,000,000 | ---D | C] -- C:\Users\TentGXNotebook\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/10/29 11:47:09 | 000,000,000 | ---D | C] -- C:\Users\TentGXNotebook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012/10/29 11:47:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012/10/29 11:47:05 | 000,000,000 | ---D | C] -- C:\Users\TentGXNotebook\AppData\Roaming\Notepad++
[2012/10/29 11:47:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
 
========== Files - Modified Within 30 Days ==========
 
[2012/11/27 21:58:08 | 001,611,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/27 21:58:08 | 000,696,370 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/11/27 21:58:08 | 000,651,648 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/27 21:58:08 | 000,147,634 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/11/27 21:58:08 | 000,120,580 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/27 21:53:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\TentGXNotebook\Desktop\OTL.exe
[2012/11/27 21:51:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/27 21:51:17 | 3010,842,624 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/27 21:48:47 | 000,480,125 | ---- | M] () -- C:\Users\TentGXNotebook\Desktop\adwcleaner.exe
[2012/11/27 21:40:43 | 000,001,198 | ---- | M] () -- C:\Users\TentGXNotebook\Desktop\Startfenster.lnk
[2012/11/27 21:40:08 | 023,053,640 | ---- | M] () -- C:\Users\TentGXNotebook\Desktop\vlc-2.0.4-win32.exe
[2012/11/24 13:34:44 | 000,015,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/24 13:34:44 | 000,015,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/18 13:37:29 | 159,671,222 | ---- | M] () -- C:\Users\TentGXNotebook\Desktop\Children of Men - Uprising scene (HD).mp4
[2012/11/17 10:22:29 | 001,311,118 | ---- | M] () -- C:\Users\TentGXNotebook\Desktop\passbild_neu.psd
[2012/11/15 19:08:33 | 004,909,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/09 14:38:06 | 000,001,248 | ---- | M] () -- C:\Users\TentGXNotebook\Desktop\OpenOffice.org 3.4.1.lnk
[2012/11/05 20:43:32 | 000,026,759 | ---- | M] () -- C:\Users\TentGXNotebook\Desktop\R2011-01_Junge-Niko_pixomondo_20110307.pdf
[2012/11/02 17:30:35 | 000,359,185 | ---- | M] () -- C:\Users\TentGXNotebook\Desktop\Logo_FINAL_1.eps
[2012/11/02 12:18:23 | 000,024,155 | ---- | M] () -- C:\Users\TentGXNotebook\Desktop\RotAE1.1.jsx
[2012/10/29 13:23:40 | 000,637,272 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
 
========== Files Created - No Company Name ==========
 
[2012/11/27 21:48:28 | 000,480,125 | ---- | C] () -- C:\Users\TentGXNotebook\Desktop\adwcleaner.exe
[2012/11/27 21:40:43 | 000,001,198 | ---- | C] () -- C:\Users\TentGXNotebook\Desktop\Startfenster.lnk
[2012/11/27 21:40:06 | 023,053,640 | ---- | C] () -- C:\Users\TentGXNotebook\Desktop\vlc-2.0.4-win32.exe
[2012/11/18 13:23:49 | 159,671,222 | ---- | C] () -- C:\Users\TentGXNotebook\Desktop\Children of Men - Uprising scene (HD).mp4
[2012/11/17 10:22:28 | 001,311,118 | ---- | C] () -- C:\Users\TentGXNotebook\Desktop\passbild_neu.psd
[2012/11/09 14:38:06 | 000,001,248 | ---- | C] () -- C:\Users\TentGXNotebook\Desktop\OpenOffice.org 3.4.1.lnk
[2012/11/05 20:43:31 | 000,026,759 | ---- | C] () -- C:\Users\TentGXNotebook\Desktop\R2011-01_Junge-Niko_pixomondo_20110307.pdf
[2012/11/02 17:30:35 | 000,359,185 | ---- | C] () -- C:\Users\TentGXNotebook\Desktop\Logo_FINAL_1.eps
[2012/11/02 12:18:21 | 000,024,155 | ---- | C] () -- C:\Users\TentGXNotebook\Desktop\RotAE1.1.jsx
[2012/09/04 19:16:48 | 000,000,132 | ---- | C] () -- C:\Users\TentGXNotebook\AppData\Roaming\Adobe CS6-OpenEXR-Format - Voreinstellungen
[2012/08/29 18:38:18 | 001,589,182 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/27 21:13:22 | 000,017,408 | ---- | C] () -- C:\Users\TentGXNotebook\AppData\Local\WebpageIcons.db
[2012/08/27 19:00:01 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/08/27 18:57:48 | 000,001,105 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2012/08/27 18:57:17 | 000,001,105 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009/07/14 02:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         



ASWMBR Scan
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-27 22:07:35
-----------------------------
22:07:35.532    OS Version: Windows x64 6.1.7600 
22:07:35.532    Number of processors: 4 586 0x2502
22:07:35.532    ComputerName: JU8  UserName: 
22:07:36.542    Initialize success
22:08:48.730    AVAST engine defs: 12112701
22:09:41.115    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:09:41.115    Disk 0 Vendor: TOSHIBA_ GJ00 Size: 305245MB BusType: 3
22:09:41.146    Disk 0 MBR read successfully
22:09:41.162    Disk 0 MBR scan
22:09:41.162    Disk 0 Windows 7 default MBR code
22:09:41.178    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        13312 MB offset 2048
22:09:41.193    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 27265024
22:09:41.193    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       146492 MB offset 27469824
22:09:41.193    Disk 0 Partition - 00     0F Extended LBA            145339 MB offset 327485440
22:09:41.224    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       145338 MB offset 327487488
22:09:41.256    Disk 0 scanning C:\Windows\system32\drivers
22:09:49.617    Service scanning
22:10:16.278    Modules scanning
22:10:16.278    Disk 0 trace - called modules:
22:10:16.325    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
22:10:16.325    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007025060]
22:10:16.325    3 CLASSPNP.SYS[fffff880022f743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004fee050]
22:10:17.105    AVAST engine scan C:\Windows
22:10:18.696    AVAST engine scan C:\Windows\system32
22:13:08.128    AVAST engine scan C:\Windows\system32\drivers
22:13:17.488    AVAST engine scan C:\Users\TentGXNotebook
22:19:08.161    AVAST engine scan C:\ProgramData
22:22:48.511    Scan finished successfully
22:23:50.084    Disk 0 MBR has been saved successfully to "C:\Users\TentGXNotebook\Desktop\MBR.dat"
22:23:50.084    The log file has been saved successfully to "C:\Users\TentGXNotebook\Desktop\aswMBR.txt"
         

Alt 28.11.2012, 14:19   #2
ryder
/// TB-Ausbilder
 
Startfenster.com Trotz AdwCleaner immernoch vorhanden! - Standard

Startfenster.com Trotz AdwCleaner immernoch vorhanden!



Sowas hier ...
Zitat:

O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
... macht nur dann Sinn, wenn man eine illegale Kopie betreiben will.

Supportstopp: Cracks oder Keygens
Zitat:
Lesestoff:
Cracks und Keygens
Den Kopierschutz von Software zu umgehen ist nach geltendem Recht illegal. Die Logfiles deuten stark darauf hin, dass du Cracks oder Keygeneratoren einsetzt oder den Kopierschutz von installierten Programmen umgehst. Bitte habe Verständnis dafür, dass wir dies nicht unterstützen können und dürfen. Unsere Hilfe beschränkt sich daher nur auf das Neuaufsetzen deines Systems. Fragen dazu beantworten wir dir aber weiterhin gerne.
Damit ist das Thema beendet.
__________________

__________________

Antwort

Themen zu Startfenster.com Trotz AdwCleaner immernoch vorhanden!
adobe, adw cleaner, avast, avp.exe, bho, browser, classpnp.sys, computer, desktop, firefox, format, google, hal.dll, helper, home, igdpmd64.sys, internet, internet browser, internet explorer, kaspersky, log file, logfile, mozilla, plug-in, realtek, registrierungsdatenbank, registry, scan, security, system, tastatur, temp, windows



Ähnliche Themen: Startfenster.com Trotz AdwCleaner immernoch vorhanden!


  1. Malware trotz Neuinstallation vermutlich noch vorhanden
    Log-Analyse und Auswertung - 18.08.2015 (5)
  2. Win 7: Trojaner Downloader.Generic14.LBF wurde mit AVG "gesichert" Befall trotzdem immernoch vorhanden
    Log-Analyse und Auswertung - 15.06.2015 (9)
  3. ständige Umleitung zu Java und Adobe Updates, trotz mehrer Versuche der Entfernung mit ADWCleaner, JRT, etc
    Log-Analyse und Auswertung - 16.11.2014 (17)
  4. Browser sind trotz neuem aufsetzen immernoch sehr langsam
    Log-Analyse und Auswertung - 03.11.2014 (44)
  5. AdWare (via Traffic Junky) lässt sich trotz Malwarebytes und AdwCleaner nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 17.08.2014 (13)
  6. Windows 8.1: Maleware nach formatieren immernoch vorhanden
    Log-Analyse und Auswertung - 07.07.2014 (11)
  7. CPU Auslastung trotz AVG, Avira, Malwarebytes, ADWcleaner, Spybot etc. zu hoch
    Plagegeister aller Art und deren Bekämpfung - 16.06.2014 (9)
  8. Windows 7, Firefox-Browser: Spyware/Trojaner/Hijacker können trotz Anti-Malware und Adwcleaner nicht entfernt werden
    Plagegeister aller Art und deren Bekämpfung - 27.02.2014 (13)
  9. lollipop virus auf dem computer und trotz malwarebytes und adwcleaner und JRT immernoch lästige Popup-Fenster und Umleitungen
    Log-Analyse und Auswertung - 10.02.2014 (34)
  10. Snap.do trotz Deinstallation immernoch Startseite und "Web Search"
    Plagegeister aller Art und deren Bekämpfung - 10.01.2014 (6)
  11. Trotz Adw-cleaner Delta Search immer noch vorhanden?
    Log-Analyse und Auswertung - 10.08.2013 (11)
  12. ESET findet "multiple threats" trotz grünem Licht von MalwareBytes, AdwCleaner und JRT
    Plagegeister aller Art und deren Bekämpfung - 23.07.2013 (11)
  13. Malware trotz AdwCleaner und Junkware Removal Tool
    Plagegeister aller Art und deren Bekämpfung - 11.07.2013 (33)
  14. Virus gefunden und gelöscht... immernoch vorhanden?
    Log-Analyse und Auswertung - 21.09.2010 (9)
  15. HijackThis: Dateien nach fixen immernoch vorhanden
    Log-Analyse und Auswertung - 20.05.2010 (1)
  16. Virtumonde.dll trotz neu aufsetzten vorhanden
    Plagegeister aller Art und deren Bekämpfung - 19.03.2009 (0)
  17. TR/Vundo.Gen trotz zahlreicher Tipps immer noch vorhanden
    Plagegeister aller Art und deren Bekämpfung - 05.09.2006 (3)

Zum Thema Startfenster.com Trotz AdwCleaner immernoch vorhanden! - Hallo zusammen, Ich habe mir auch auf vlc.de den berühmten startfenster.com "nerver" eingefangen... Mittlerweile hab ich auch gemerkt das die vlc-Seite eigentlich nicht vlc.de heißt... mist! Ich bin diesem( http://www.trojaner-board.de/126470-...kein-ende.html - Startfenster.com Trotz AdwCleaner immernoch vorhanden!...
Archiv
Du betrachtest: Startfenster.com Trotz AdwCleaner immernoch vorhanden! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.