Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Ständiges öffnen des internet exploreres

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 28.05.2010, 00:05   #1
SpeeedY
 
Ständiges öffnen des internet exploreres - Standard

Ständiges öffnen des internet exploreres



Guten Tag
Ich bin vollkommen neu hier und bin nur hier, weil ich durch die Suche in Google auf euch gestoßen bin.

Es geht darum, dass seit vorgestern mir durchgehend der internet-explorer mit Werbungen aufgeht.
Dazu hab ich hier auch schon etwas gefunden konnte doch mit einer "hijackthis" auswertung nichts anfangen.
Deshalb habe ich mir nun dieses Programm ebenfalls heruntergeladen und eine solche Auswertung vorgenommen.
Könnt ihr mir sagen, ob das nun in Ordnung ist?

Scan saved at 23:45:06, on 27.05.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\QIP 2010\qip.exe
C:\Users\User\AppData\Roaming\QipGuard\QipGuard.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Users\Public\winnsvc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\User\AppData\Local\Temp\Qjn.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\User\AppData\Local\Temp\Qjl.exe
C:\Users\user\Desktop\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: QipLI - {6B5863A0-C43F-4C0A-982B-CC0E9125783F} - C:\Users\Frank\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Frank\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Infium] "C:\Program Files (x86)\QIP 2010\qip.exe" /autorun
O4 - HKCU\..\Run: [QIP Internet Guardian] C:\Users\Frank\AppData\Roaming\QipGuard\QipGuard.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Canaveral] rundll32.exe C:\Users\Frank\AppData\Local\Temp\sshnas21.dll,BackupReadW
O4 - HKCU\..\Run: [M5T8QL3YW3] C:\Users\Frank\AppData\Local\Temp\Qjl.exe
O4 - HKCU\..\Run: [Windows System Manager] C:\Users\Public\winnsvc.exe
O4 - HKCU\..\Run: [comctl32] C:\Users\Frank\AppData\Roaming\mgrlsa32.exe
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6834 bytes

Mfg SpeedY

Alt 28.05.2010, 18:27   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ständiges öffnen des internet exploreres - Standard

Ständiges öffnen des internet exploreres



Hallo und

bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 29.05.2010, 00:18   #3
SpeeedY
 
Ständiges öffnen des internet exploreres - Standard

Ständiges öffnen des internet exploreres



Hier mal die erste Logdatei:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4152

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

28.05.2010 23:51:13
mbam-log-2010-05-28 (23-51-13).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Durchsuchte Objekte: 220971
Laufzeit: 18 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 10

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\canaveral (Trojan.Downloader) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Frank\AppData\Local\Temp\1168.exe (Trojan.Banker) -> Quarantined and deleted successfully.
C:\Users\Frank\AppData\Local\Temp\1274709144.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
C:\Users\Frank\AppData\Local\Temp\5857.exe (Trojan.Banker) -> Quarantined and deleted successfully.
C:\Users\Frank\AppData\Local\Temp\5927.exe (Trojan.Banker) -> Quarantined and deleted successfully.
C:\Users\Frank\AppData\Local\Temp\5980.exe (Trojan.Banker) -> Quarantined and deleted successfully.
C:\Users\Frank\AppData\Local\Temp\6055.exe (Trojan.Banker) -> Quarantined and deleted successfully.
C:\Users\Frank\AppData\Local\Temp\6335.exe (Trojan.Banker) -> Quarantined and deleted successfully.
C:\Users\Frank\AppData\Local\Temp\9261.exe (Trojan.Banker) -> Quarantined and deleted successfully.
C:\Users\Frank\AppData\Local\Temp\Qjj.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
C:\Users\Frank\AppData\Local\Temp\Qjm.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.



Und dann hier noch die andern zwei:
Einmal:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 29.05.2010 00:11:45 - Run 2
OTL by OldTimer - Version 3.2.5.0     Folder = C:\Users\Frank\Desktop\Antivir\OTL
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,17 Gb Total Space | 565,35 Gb Free Space | 94,83% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 232,83 Gb Total Space | 80,37 Gb Free Space | 34,52% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: FRANK-PC
Current User Name: Frank
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Frank\Desktop\Antivir\OTL\OTL.exe (OldTimer Tools)
PRC - C:\Users\Public\winnsvc.exe ()
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files (x86)\QIP 2010\qip.exe (QIP)
PRC - C:\Users\Frank\AppData\Roaming\QipGuard\QipGuard.exe ()
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Frank\Desktop\Antivir\OTL\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)
SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)
SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)
SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)
SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (VSS) -- C:\Windows\Vss [2009.07.14 05:20:14 | 000,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 05:20:14 | 000,000,000 | ---D | M]
SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation)
DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation)
DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation)
DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation)
DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation)
DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation)
DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation)
DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation)
DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation)
DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)
DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation)
DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)
DRV:64bit: - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\SysNative\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation)
DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation)
DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation)
DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation)
DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation)
DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation)
DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation)
DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation)
DRV:64bit: - (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (CSC) -- C:\Windows\CSC [2010.05.07 14:33:40 | 000,000,000 | ---D | M]
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 01 40 18 93 E3 ED CA 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (QipLI Class) - {6B5863A0-C43F-4C0A-982B-CC0E9125783F} - C:\Users\Frank\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll (TODO: <Company name>)
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Frank\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O4 - HKCU..\Run: [comctl32] C:\Users\Frank\AppData\Roaming\mgrlsa32.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Infium] C:\Program Files (x86)\QIP 2010\qip.exe (QIP)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe File not found
O4 - HKCU..\Run: [QIP Internet Guardian] C:\Users\Frank\AppData\Roaming\QipGuard\QipGuard.exe ()
O4 - HKCU..\Run: [Windows System Manager] C:\Users\Public\winnsvc.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.05.28 23:30:50 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\Malwarebytes
[2010.05.28 23:30:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.05.28 23:30:43 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.05.28 23:30:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.05.28 23:30:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.05.28 23:29:55 | 000,000,000 | ---D | C] -- C:\Users\Frank\Desktop\Antivir
[2010.05.27 23:37:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2010.05.27 23:37:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.05.25 18:35:37 | 000,516,096 | RHS- | C] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\svckrnl.exe
[2010.05.25 18:35:36 | 000,516,096 | RHS- | C] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\comtask.exe
[2010.05.25 18:35:18 | 000,516,096 | RHS- | C] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\csrspec.exe
[2010.05.25 18:35:08 | 000,516,096 | RHS- | C] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\spoolwin.exe
[2010.05.25 18:35:06 | 000,516,096 | RHS- | C] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\wuashp.exe
[2010.05.25 18:34:18 | 000,516,096 | RHS- | C] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\wuasvr.exe
[2010.05.25 18:34:18 | 000,516,096 | RHS- | C] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\wuamgr.exe
[2010.05.25 18:34:18 | 000,516,096 | RHS- | C] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\wuakrnl32.exe
[2010.05.25 18:34:18 | 000,516,096 | RHS- | C] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\shptask.exe
[2010.05.25 18:34:18 | 000,516,096 | RHS- | C] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\csrtask.exe
[2010.05.25 18:28:31 | 000,516,096 | RHS- | C] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\drvhost.exe
[2010.05.25 18:28:31 | 000,516,096 | RHS- | C] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\ctlcsr32.exe
[2010.05.25 18:28:30 | 000,516,096 | RHS- | C] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\drvsvc.exe
[2010.05.25 18:28:30 | 000,516,096 | RHS- | C] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\drvshp32.exe
[2010.05.25 18:28:30 | 000,516,096 | RHS- | C] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\ctlkrnl32.exe
[2010.05.25 18:25:31 | 000,516,096 | RHS- | C] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\csrwua.exe
[2010.05.25 18:25:05 | 000,516,096 | RHS- | C] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\krnlsvr32.exe
[2010.05.25 18:25:04 | 000,516,096 | RHS- | C] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\winmgr.exe
[2010.05.25 18:03:01 | 000,516,096 | RHS- | C] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\wuacsr32.exe
[2010.05.25 18:03:01 | 000,516,096 | RHS- | C] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\wuacsr.exe
[2010.05.25 18:03:01 | 000,516,096 | RHS- | C] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\taskctl.exe
[2010.05.25 18:03:01 | 000,516,096 | RHS- | C] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\svccsr.exe
[2010.05.25 18:03:01 | 000,516,096 | RHS- | C] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\mgrwua.exe
[2010.05.25 18:03:01 | 000,516,096 | RHS- | C] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\csrhost.exe
[2010.05.25 18:03:00 | 000,516,096 | RHS- | C] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\mgrlsa32.exe
[2010.05.25 17:44:03 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\WinRAR
[2010.05.25 16:19:05 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR
[2010.05.25 16:18:23 | 000,000,000 | ---D | C] -- C:\Users\Frank\Eigene Programme
[2010.05.16 14:26:24 | 000,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2010.05.16 14:26:22 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010.05.16 14:17:48 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\Google
[2010.05.16 14:17:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2010.05.16 14:17:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010.05.16 14:17:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010.05.16 14:17:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010.05.16 14:17:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2010.05.13 21:32:33 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\amcap.exe
[2010.05.13 21:32:32 | 000,057,344 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnp325.dll
[2010.05.13 21:32:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\csnp325.dll
[2010.05.13 21:24:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Philips ToUcam Camera
[2010.05.13 21:24:41 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2010.05.13 21:21:41 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\ElevatedDiagnostics
[2010.05.13 20:27:04 | 000,000,000 | ---D | C] -- C:\Users\Frank\Tracing
[2010.05.13 20:09:48 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2010.05.13 20:09:48 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2010.05.13 20:08:46 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010.05.13 20:08:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010.05.13 20:08:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010.05.13 19:54:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010.05.11 22:00:50 | 000,455,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2010.05.11 22:00:50 | 000,182,784 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2010.05.11 22:00:50 | 000,165,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2010.05.11 22:00:50 | 000,165,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2010.05.11 22:00:06 | 000,000,000 | ---D | C] -- C:\Programme\Java
[2010.05.11 21:33:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.05.11 21:33:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010.05.11 21:33:27 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010.05.11 21:33:27 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010.05.11 21:33:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010.05.11 21:33:27 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010.05.11 21:33:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010.05.11 21:30:56 | 000,922,400 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Frank\Documents\jre-6u20-windows-i586-iftw-rv.exe
[2010.05.10 18:19:40 | 000,000,000 | ---D | C] -- C:\Users\Frank\Documents\NFS Most Wanted
[2010.05.10 18:13:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA GAMES
[2010.05.10 18:13:00 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2010.05.10 18:13:00 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2010.05.09 16:24:59 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\Diagnostics
[2010.05.09 02:53:16 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2010.05.08 17:38:55 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010.05.08 17:38:55 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010.05.08 17:38:49 | 014,629,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010.05.08 17:38:48 | 011,406,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010.05.08 17:38:47 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010.05.08 17:38:47 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll
[2010.05.08 17:38:47 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll
[2010.05.08 17:38:46 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010.05.08 17:37:32 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010.05.08 17:37:32 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010.05.08 17:37:32 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010.05.08 17:37:32 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010.05.08 17:37:32 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2010.05.08 17:37:32 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010.05.08 17:37:20 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010.05.08 17:37:20 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2010.05.08 17:37:20 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2010.05.08 17:37:03 | 001,192,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010.05.08 17:37:03 | 001,026,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll
[2010.05.08 17:37:03 | 000,977,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010.05.08 17:37:03 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2010.05.08 17:37:03 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2010.05.08 17:37:03 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010.05.08 17:37:03 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2010.05.08 17:37:03 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010.05.08 17:36:10 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2010.05.08 17:36:10 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010.05.08 17:36:10 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010.05.08 17:36:10 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010.05.08 17:36:10 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iyuv_32.dll
[2010.05.08 17:36:10 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvidc32.dll
[2010.05.08 17:36:10 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msyuv.dll
[2010.05.08 17:36:10 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrle32.dll
[2010.05.08 17:36:10 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsbyuv.dll
[2010.05.08 17:35:54 | 005,509,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010.05.08 17:35:54 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010.05.08 17:35:54 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010.05.08 17:35:33 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010.05.08 17:35:33 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010.05.08 17:35:20 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2010.05.08 17:35:20 | 000,153,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ksecpkg.sys
[2010.05.07 20:31:30 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\Apple Computer
[2010.05.07 20:31:30 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\Apple Computer
[2010.05.07 20:31:27 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2010.05.07 20:31:27 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2010.05.07 20:31:27 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2010.05.07 20:31:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010.05.07 20:31:21 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010.05.07 20:31:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010.05.07 20:31:21 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.05.07 20:31:21 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010.05.07 20:30:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010.05.07 20:30:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010.05.07 20:30:48 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\Apple
[2010.05.07 20:30:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010.05.07 20:30:41 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Apple
[2010.05.07 20:30:37 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010.05.07 20:30:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010.05.07 20:30:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010.05.07 20:30:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010.05.07 20:15:26 | 098,435,368 | ---- | C] (Apple Inc.) -- C:\Users\Frank\Documents\iTunes64Setup.exe
[2010.05.07 19:57:09 | 097,547,048 | ---- | C] (Apple Inc.) -- C:\Users\Frank\Documents\iTunesSetup.exe
[2010.05.07 16:35:33 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\Macromedia
[2010.05.07 16:35:33 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\Adobe
[2010.05.07 16:35:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2010.05.07 16:34:26 | 001,924,976 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Frank\Documents\install_flash_player.exe
[2010.05.07 16:16:48 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\QipGuard
[2010.05.07 16:16:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QIP 2010
[2010.05.07 16:15:16 | 007,164,440 | ---- | C] (QIP.ru                                                      ) -- C:\Users\Frank\Documents\qip2010_3381.exe
[2010.05.07 16:08:10 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\QIP
[2010.05.07 16:07:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\jeak.de
[2010.05.07 15:32:15 | 000,000,000 | -HSD | C] -- C:\Boot
[2010.05.07 15:15:04 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\Opera
[2010.05.07 15:15:04 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\Opera
[2010.05.07 15:15:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2010.05.07 15:14:00 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010.05.07 14:45:09 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010.05.07 14:45:09 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010.05.07 14:45:08 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010.05.07 14:45:08 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010.05.07 14:41:55 | 000,000,000 | R--D | C] -- C:\Users\Frank\Searches
[2010.05.07 14:41:47 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\Identities
[2010.05.07 14:41:44 | 000,000,000 | R--D | C] -- C:\Users\Frank\Contacts
[2010.05.07 14:41:43 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\VirtualStore
[2010.05.07 14:41:35 | 000,000,000 | -HSD | C] -- C:\Users\Frank\Vorlagen
[2010.05.07 14:41:35 | 000,000,000 | -HSD | C] -- C:\Users\Frank\AppData\Local\Verlauf
[2010.05.07 14:41:35 | 000,000,000 | -HSD | C] -- C:\Users\Frank\AppData\Local\Temporary Internet Files
[2010.05.07 14:41:35 | 000,000,000 | -HSD | C] -- C:\Users\Frank\Startmenü
[2010.05.07 14:41:35 | 000,000,000 | -HSD | C] -- C:\Users\Frank\SendTo
[2010.05.07 14:41:35 | 000,000,000 | -HSD | C] -- C:\Users\Frank\Recent
[2010.05.07 14:41:35 | 000,000,000 | -HSD | C] -- C:\Users\Frank\Netzwerkumgebung
[2010.05.07 14:41:35 | 000,000,000 | -HSD | C] -- C:\Users\Frank\Lokale Einstellungen
[2010.05.07 14:41:35 | 000,000,000 | -HSD | C] -- C:\Users\Frank\Documents\Eigene Videos
[2010.05.07 14:41:35 | 000,000,000 | -HSD | C] -- C:\Users\Frank\Documents\Eigene Musik
[2010.05.07 14:41:35 | 000,000,000 | -HSD | C] -- C:\Users\Frank\Eigene Dateien
[2010.05.07 14:41:35 | 000,000,000 | -HSD | C] -- C:\Users\Frank\Documents\Eigene Bilder
[2010.05.07 14:41:35 | 000,000,000 | -HSD | C] -- C:\Users\Frank\Druckumgebung
[2010.05.07 14:41:35 | 000,000,000 | -HSD | C] -- C:\Users\Frank\Cookies
[2010.05.07 14:41:35 | 000,000,000 | -HSD | C] -- C:\Users\Frank\AppData\Local\Anwendungsdaten
[2010.05.07 14:41:35 | 000,000,000 | -HSD | C] -- C:\Users\Frank\Anwendungsdaten
[2010.05.07 14:41:34 | 000,000,000 | --SD | C] -- C:\Users\Frank\AppData\Roaming\Microsoft
[2010.05.07 14:41:34 | 000,000,000 | R--D | C] -- C:\Users\Frank\Videos
[2010.05.07 14:41:34 | 000,000,000 | R--D | C] -- C:\Users\Frank\Saved Games
[2010.05.07 14:41:34 | 000,000,000 | R--D | C] -- C:\Users\Frank\Pictures
[2010.05.07 14:41:34 | 000,000,000 | R--D | C] -- C:\Users\Frank\Music
[2010.05.07 14:41:34 | 000,000,000 | R--D | C] -- C:\Users\Frank\Links
[2010.05.07 14:41:34 | 000,000,000 | R--D | C] -- C:\Users\Frank\Favorites
[2010.05.07 14:41:34 | 000,000,000 | R--D | C] -- C:\Users\Frank\Downloads
[2010.05.07 14:41:34 | 000,000,000 | R--D | C] -- C:\Users\Frank\Documents
[2010.05.07 14:41:34 | 000,000,000 | R--D | C] -- C:\Users\Frank\Desktop
[2010.05.07 14:41:34 | 000,000,000 | -H-D | C] -- C:\Users\Frank\AppData
[2010.05.07 14:41:34 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\Temp
[2010.05.07 14:41:34 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Local\Microsoft
[2010.05.07 14:41:34 | 000,000,000 | ---D | C] -- C:\Users\Frank\AppData\Roaming\Media Center Programs
[2010.05.07 14:39:35 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2010.05.07 14:39:35 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2010.05.07 14:39:35 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010.05.07 14:39:35 | 000,000,000 | -HSD | C] -- C:\Programme
[2010.05.07 14:39:35 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien
[2010.05.07 14:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2010.05.07 14:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2010.05.07 14:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2010.05.07 14:39:35 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2010.05.07 14:39:35 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2010.05.07 14:39:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2010.05.07 14:39:34 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2010.05.07 14:39:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2010.05.07 14:39:30 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010.05.07 14:33:44 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010.05.07 14:33:40 | 000,000,000 | ---D | C] -- C:\Windows\CSC
 
========== Files - Modified Within 30 Days ==========
 
[2010.05.29 00:12:21 | 001,048,576 | -HS- | M] () -- C:\Users\Frank\NTUSER.DAT
[2010.05.29 00:00:34 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.05.29 00:00:34 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.05.29 00:00:34 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.05.29 00:00:34 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.05.29 00:00:34 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.05.28 23:59:44 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.28 23:59:44 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.28 23:55:08 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.05.28 23:54:36 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.28 23:54:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.28 23:54:29 | 3220,480,000 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.28 23:53:31 | 003,003,703 | -H-- | M] () -- C:\Users\Frank\AppData\Local\IconCache.db
[2010.05.28 23:30:46 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.27 23:10:25 | 000,000,412 | ---- | M] () -- C:\Windows\win.ini
[2010.05.25 18:35:37 | 000,516,096 | RHS- | M] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\svckrnl.exe
[2010.05.25 18:35:36 | 000,516,096 | RHS- | M] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\comtask.exe
[2010.05.25 18:35:18 | 000,516,096 | RHS- | M] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\csrspec.exe
[2010.05.25 18:35:08 | 000,516,096 | RHS- | M] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\spoolwin.exe
[2010.05.25 18:35:06 | 000,516,096 | RHS- | M] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\wuashp.exe
[2010.05.25 18:34:18 | 000,516,096 | RHS- | M] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\wuasvr.exe
[2010.05.25 18:34:18 | 000,516,096 | RHS- | M] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\wuakrnl32.exe
[2010.05.25 18:34:18 | 000,516,096 | RHS- | M] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\csrtask.exe
[2010.05.25 18:34:17 | 000,516,096 | RHS- | M] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\wuamgr.exe
[2010.05.25 18:34:17 | 000,516,096 | RHS- | M] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\shptask.exe
[2010.05.25 18:28:30 | 000,516,096 | RHS- | M] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\drvsvc.exe
[2010.05.25 18:28:30 | 000,516,096 | RHS- | M] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\drvshp32.exe
[2010.05.25 18:28:30 | 000,516,096 | RHS- | M] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\drvhost.exe
[2010.05.25 18:28:30 | 000,516,096 | RHS- | M] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\ctlkrnl32.exe
[2010.05.25 18:28:30 | 000,516,096 | RHS- | M] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\ctlcsr32.exe
[2010.05.25 18:25:31 | 000,516,096 | RHS- | M] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\csrwua.exe
[2010.05.25 18:25:04 | 000,516,096 | RHS- | M] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\winmgr.exe
[2010.05.25 18:25:04 | 000,516,096 | RHS- | M] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\krnlsvr32.exe
[2010.05.25 18:03:00 | 000,516,096 | RHS- | M] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\wuacsr32.exe
[2010.05.25 18:03:00 | 000,516,096 | RHS- | M] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\wuacsr.exe
[2010.05.25 18:03:00 | 000,516,096 | RHS- | M] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\taskctl.exe
[2010.05.25 18:03:00 | 000,516,096 | RHS- | M] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\svccsr.exe
[2010.05.25 18:03:00 | 000,516,096 | RHS- | M] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\mgrwua.exe
[2010.05.25 18:03:00 | 000,516,096 | RHS- | M] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\mgrlsa32.exe
[2010.05.25 18:03:00 | 000,516,096 | RHS- | M] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\csrhost.exe
[2010.05.25 16:18:42 | 001,618,487 | ---- | M] () -- C:\Users\Frank\winrar-x64-393d.exe
[2010.05.16 22:32:18 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010.05.16 14:26:22 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010.05.16 14:26:08 | 000,015,880 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2010.05.16 14:17:36 | 000,001,150 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.05.13 20:09:35 | 000,000,020 | ---- | M] () -- C:\Windows\Tú
[2010.05.11 22:00:46 | 000,455,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2010.05.11 22:00:46 | 000,182,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2010.05.11 22:00:46 | 000,165,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2010.05.11 22:00:46 | 000,165,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2010.05.11 21:33:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010.05.11 21:33:19 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010.05.11 21:33:19 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010.05.11 21:33:19 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010.05.11 21:31:01 | 000,922,400 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Frank\Documents\jre-6u20-windows-i586-iftw-rv.exe
[2010.05.10 18:19:23 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Need for Speed™ Most Wanted.lnk
[2010.05.09 14:04:02 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.05.07 20:32:55 | 000,057,560 | ---- | M] () -- C:\Users\Frank\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.05.07 20:31:28 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.05.07 20:30:03 | 098,435,368 | ---- | M] (Apple Inc.) -- C:\Users\Frank\Documents\iTunes64Setup.exe
[2010.05.07 20:11:51 | 097,547,048 | ---- | M] (Apple Inc.) -- C:\Users\Frank\Documents\iTunesSetup.exe
[2010.05.07 18:24:32 | 000,524,288 | -HS- | M] () -- C:\Users\Frank\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010.05.07 18:24:32 | 000,524,288 | -HS- | M] () -- C:\Users\Frank\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010.05.07 18:24:32 | 000,065,536 | -HS- | M] () -- C:\Users\Frank\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010.05.07 16:34:39 | 001,924,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Frank\Documents\install_flash_player.exe
[2010.05.07 16:19:50 | 000,001,061 | ---- | M] () -- C:\Users\Public\Desktop\QIP Infium 9034 Jeak-Edition.lnk
[2010.05.07 16:19:50 | 000,000,116 | ---- | M] () -- C:\Windows\SysWow64\applet.ini
[2010.05.07 16:16:15 | 007,164,440 | ---- | M] (QIP.ru                                                      ) -- C:\Users\Frank\Documents\qip2010_3381.exe
[2010.05.07 16:11:49 | 000,000,000 | -H-- | M] () -- C:\Users\Frank\Documents\Default.rdp
[2010.05.07 15:32:16 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010.05.07 15:15:02 | 000,000,833 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010.05.07 14:41:35 | 000,000,020 | -HS- | M] () -- C:\Users\Frank\ntuser.ini
[2010.05.07 14:39:52 | 000,171,136 | RHS- | M] () -- C:\w7ldr
[2010.05.07 14:35:48 | 000,057,050 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010.05.07 14:35:48 | 000,057,050 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010.05.07 14:34:44 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.04.29 12:19:14 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2010.05.28 23:30:46 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.25 16:18:31 | 001,618,487 | ---- | C] () -- C:\Users\Frank\winrar-x64-393d.exe
[2010.05.24 22:58:50 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.05.16 22:32:18 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010.05.16 14:38:26 | 000,015,880 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2010.05.16 14:17:36 | 000,001,150 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.05.13 21:32:33 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe
[2010.05.13 20:09:34 | 000,000,020 | ---- | C] () -- C:\Windows\Tú
[2010.05.10 18:19:23 | 000,002,185 | ---- | C] () -- C:\Users\Public\Desktop\Need for Speed™ Most Wanted.lnk
[2010.05.07 20:31:28 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.05.07 16:19:50 | 000,001,061 | ---- | C] () -- C:\Users\Public\Desktop\QIP Infium 9034 Jeak-Edition.lnk
[2010.05.07 16:11:49 | 000,000,000 | -H-- | C] () -- C:\Users\Frank\Documents\Default.rdp
[2010.05.07 16:07:35 | 000,000,116 | ---- | C] () -- C:\Windows\SysWow64\applet.ini
[2010.05.07 15:32:16 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2010.05.07 15:32:15 | 000,383,562 | RHS- | C] () -- C:\bootmgr
[2010.05.07 15:15:02 | 000,000,833 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2010.05.07 14:41:35 | 000,000,020 | -HS- | C] () -- C:\Users\Frank\ntuser.ini
[2010.05.07 14:41:34 | 001,048,576 | -HS- | C] () -- C:\Users\Frank\NTUSER.DAT
[2010.05.07 14:41:34 | 000,524,288 | -HS- | C] () -- C:\Users\Frank\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010.05.07 14:41:34 | 000,524,288 | -HS- | C] () -- C:\Users\Frank\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010.05.07 14:41:34 | 000,262,144 | -HS- | C] () -- C:\Users\Frank\ntuser.dat.LOG1
[2010.05.07 14:41:34 | 000,065,536 | -HS- | C] () -- C:\Users\Frank\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010.05.07 14:41:34 | 000,000,000 | -HS- | C] () -- C:\Users\Frank\ntuser.dat.LOG2
[2010.05.07 14:39:52 | 000,171,136 | RHS- | C] () -- C:\w7ldr
[2010.05.07 14:34:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.05.07 14:33:19 | 3220,480,000 | -HS- | C] () -- C:\hiberfil.sys
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
< End of report >
         
--- --- ---


Und zweimal:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 29.05.2010 00:11:45 - Run 2
OTL by OldTimer - Version 3.2.5.0     Folder = C:\Users\Frank\Desktop\Antivir\OTL
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,17 Gb Total Space | 565,35 Gb Free Space | 94,83% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 232,83 Gb Total Space | 80,37 Gb Free Space | 34,52% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: FRANK-PC
Current User Name: Frank
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\opera.exe (Opera Software)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
"{404BB1FF-A84F-432F-B77B-301E88E8D1C7}" = Apple Mobile Device Support
"{64A3A4F4-B792-11D6-A78A-00B0D0160200}" = Java(TM) SE Development Kit 6 Update 20 (64-bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{96D5EB02-DE18-4DCD-A713-929B4461CA8D}" = iTunes
"{C19D4D8F-4433-4F6D-9F0C-79589FD0B973}" = Bonjour
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{6492FF72-4DC5-4D9E-85D5-51574C8986C5}" = QIP Infium 9034 Jeak-Edition
"{70312451-0D00-4A84-B9B1-0D59B5180A4F}" = Opera 10.53
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QIP 2010" = QIP 2010 10.4.30.3381
"QipGuard" = QIP Internet Guardian
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 26.05.2010 15:23:23 | Computer Name = Frank-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 998
 
Error - 26.05.2010 15:23:24 | Computer Name = Frank-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 26.05.2010 15:23:24 | Computer Name = Frank-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2106
 
Error - 26.05.2010 15:23:24 | Computer Name = Frank-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2106
 
Error - 26.05.2010 15:23:25 | Computer Name = Frank-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 26.05.2010 15:23:25 | Computer Name = Frank-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3120
 
Error - 26.05.2010 15:23:25 | Computer Name = Frank-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3120
 
Error - 26.05.2010 15:23:26 | Computer Name = Frank-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 26.05.2010 15:23:26 | Computer Name = Frank-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4149
 
Error - 26.05.2010 15:23:26 | Computer Name = Frank-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4149
 
[ System Events ]
Error - 25.05.2010 18:24:22 | Computer Name = Frank-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 25.05.2010 18:24:23 | Computer Name = Frank-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 25.05.2010 18:24:24 | Computer Name = Frank-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 25.05.2010 18:24:25 | Computer Name = Frank-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 25.05.2010 18:24:26 | Computer Name = Frank-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 25.05.2010 18:24:30 | Computer Name = Frank-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 26.05.2010 03:06:34 | Computer Name = Frank-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 26.05.2010 03:06:34 | Computer Name = Frank-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 26.05.2010 09:25:08 | Computer Name = Frank-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 26.05.2010 18:59:44 | Computer Name = Frank-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
 
< End of report >
         
--- --- ---
__________________

Alt 29.05.2010, 02:43   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ständiges öffnen des internet exploreres - Standard

Ständiges öffnen des internet exploreres



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
Code:
ATTFilter
:OTL
PRC - C:\Users\Public\winnsvc.exe ()
O4 - HKCU..\Run: [Windows System Manager] C:\Users\Public\winnsvc.exe ()
[2010.05.25 18:35:37 | 000,516,096 | RHS- | C] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\svckrnl.exe
[2010.05.25 18:35:36 | 000,516,096 | RHS- | C] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\comtask.exe
[2010.05.25 18:35:18 | 000,516,096 | RHS- | C] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\csrspec.exe
[2010.05.25 18:35:08 | 000,516,096 | RHS- | C] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\spoolwin.exe
[2010.05.25 18:35:06 | 000,516,096 | RHS- | C] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\wuashp.exe
[2010.05.25 18:34:18 | 000,516,096 | RHS- | C] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\wuasvr.exe
[2010.05.25 18:34:18 | 000,516,096 | RHS- | C] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\wuamgr.exe
[2010.05.25 18:34:18 | 000,516,096 | RHS- | C] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\wuakrnl32.exe
[2010.05.25 18:34:18 | 000,516,096 | RHS- | C] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\shptask.exe
[2010.05.25 18:34:18 | 000,516,096 | RHS- | C] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\csrtask.exe
[2010.05.25 18:28:31 | 000,516,096 | RHS- | C] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\drvhost.exe
[2010.05.25 18:28:31 | 000,516,096 | RHS- | C] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\ctlcsr32.exe
[2010.05.25 18:28:30 | 000,516,096 | RHS- | C] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\drvsvc.exe
[2010.05.25 18:28:30 | 000,516,096 | RHS- | C] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\drvshp32.exe
[2010.05.25 18:28:30 | 000,516,096 | RHS- | C] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\ctlkrnl32.exe
[2010.05.25 18:25:31 | 000,516,096 | RHS- | C] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\csrwua.exe
[2010.05.25 18:25:05 | 000,516,096 | RHS- | C] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\krnlsvr32.exe
[2010.05.25 18:25:04 | 000,516,096 | RHS- | C] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\winmgr.exe
[2010.05.25 18:03:01 | 000,516,096 | RHS- | C] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\wuacsr32.exe
[2010.05.25 18:03:01 | 000,516,096 | RHS- | C] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\wuacsr.exe
[2010.05.25 18:03:01 | 000,516,096 | RHS- | C] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\taskctl.exe
[2010.05.25 18:03:01 | 000,516,096 | RHS- | C] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\svccsr.exe
[2010.05.25 18:03:01 | 000,516,096 | RHS- | C] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\mgrwua.exe
[2010.05.25 18:03:01 | 000,516,096 | RHS- | C] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\csrhost.exe
[2010.05.25 18:03:00 | 000,516,096 | RHS- | C] (Microsoft Corporation) -- C:\Users\Frank\AppData\Roaming\mgrlsa32.exe
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann auf den Button Run Fixes!
Das Logfile nach dem Fixen müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl wird der Rechner neu gestartet.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 29.05.2010, 10:12   #5
SpeeedY
 
Ständiges öffnen des internet exploreres - Standard

Ständiges öffnen des internet exploreres



All processes killed
========== OTL ==========
No active process named winnsvc.exe was found!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Windows System Manager deleted successfully.
C:\Users\Public\winnsvc.exe moved successfully.
C:\Users\Frank\AppData\Roaming\svckrnl.exe moved successfully.
C:\Users\Frank\AppData\Roaming\comtask.exe moved successfully.
C:\Users\Frank\AppData\Roaming\csrspec.exe moved successfully.
C:\Users\Frank\AppData\Roaming\spoolwin.exe moved successfully.
C:\Users\Frank\AppData\Roaming\wuashp.exe moved successfully.
C:\Users\Frank\AppData\Roaming\wuasvr.exe moved successfully.
C:\Users\Frank\AppData\Roaming\wuamgr.exe moved successfully.
C:\Users\Frank\AppData\Roaming\wuakrnl32.exe moved successfully.
C:\Users\Frank\AppData\Roaming\shptask.exe moved successfully.
C:\Users\Frank\AppData\Roaming\csrtask.exe moved successfully.
C:\Users\Frank\AppData\Roaming\drvhost.exe moved successfully.
C:\Users\Frank\AppData\Roaming\ctlcsr32.exe moved successfully.
C:\Users\Frank\AppData\Roaming\drvsvc.exe moved successfully.
C:\Users\Frank\AppData\Roaming\drvshp32.exe moved successfully.
C:\Users\Frank\AppData\Roaming\ctlkrnl32.exe moved successfully.
C:\Users\Frank\AppData\Roaming\csrwua.exe moved successfully.
C:\Users\Frank\AppData\Roaming\krnlsvr32.exe moved successfully.
C:\Users\Frank\AppData\Roaming\winmgr.exe moved successfully.
C:\Users\Frank\AppData\Roaming\wuacsr32.exe moved successfully.
C:\Users\Frank\AppData\Roaming\wuacsr.exe moved successfully.
C:\Users\Frank\AppData\Roaming\taskctl.exe moved successfully.
C:\Users\Frank\AppData\Roaming\svccsr.exe moved successfully.
C:\Users\Frank\AppData\Roaming\mgrwua.exe moved successfully.
C:\Users\Frank\AppData\Roaming\csrhost.exe moved successfully.
C:\Users\Frank\AppData\Roaming\mgrlsa32.exe moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Frank
->Temp folder emptied: 88338938 bytes
->Temporary Internet Files folder emptied: 89430444 bytes
->Java cache emptied: 715854 bytes
->Flash cache emptied: 26787 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10630948 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes
RecycleBin emptied: 264792756 bytes

Total Files Cleaned = 433,00 mb


OTL by OldTimer - Version 3.2.5.0 log created on 05292010_094340

Files\Folders moved on Reboot...
C:\Users\Frank\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...


Alt 30.05.2010, 16:17   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ständiges öffnen des internet exploreres - Standard

Ständiges öffnen des internet exploreres



Ok. Da Du ein 64-Bit-Windows hast, können wir keine weiteren Spezialtools ausführen...
Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
--> Ständiges öffnen des internet exploreres

Antwort

Themen zu Ständiges öffnen des internet exploreres
auswertung, durchgehend, ebenfalls, explorere, gefunde, gen, google, guten, hijack, hijackthis, inter, interne, internet, internet-explorer, konnte, local\temp, neu, nichts, ordnung, programm, speed, ständiges, suche, syswow64, werbungen, windows system, öffnen



Ähnliche Themen: Ständiges öffnen des internet exploreres


  1. Ständiges öffnen von Werbung im Internet-Browser
    Plagegeister aller Art und deren Bekämpfung - 13.07.2015 (3)
  2. langsam und ständiges öffnen von komischen Internetseiten
    Plagegeister aller Art und deren Bekämpfung - 15.06.2015 (29)
  3. schwerwiegender Virus: ständiges Öffnen von pop-up fenstern und fließtexte verlinkt
    Plagegeister aller Art und deren Bekämpfung - 27.05.2014 (18)
  4. Werbeflut auf Internetseiten und ständiges öffnen unerwünschter Seiten
    Log-Analyse und Auswertung - 31.03.2014 (1)
  5. Ständiges Öffnen von PopUps bei Firefox und Chrome
    Log-Analyse und Auswertung - 05.03.2014 (7)
  6. Ständiges öffnen von Pop-Ups beim Internet Explorer
    Log-Analyse und Auswertung - 15.02.2014 (15)
  7. Windows 7: Ständiges öffnen von Werbung in neuem Fenster
    Log-Analyse und Auswertung - 13.02.2014 (7)
  8. Ständiges Öffnen von iexplore - Virus?
    Log-Analyse und Auswertung - 10.12.2010 (1)
  9. Ständiges Einfrieren
    Plagegeister aller Art und deren Bekämpfung - 22.02.2010 (0)
  10. Ständiges Abbrechen der Internetverbindung
    Log-Analyse und Auswertung - 26.01.2010 (0)
  11. Ständiges öffnen von Werbung
    Plagegeister aller Art und deren Bekämpfung - 20.09.2008 (3)
  12. Ständiges Öffnen neuer Fenster mit Werbung etc.
    Log-Analyse und Auswertung - 22.07.2008 (2)
  13. Ständiges öffnen von Werbungen und Warnungen
    Log-Analyse und Auswertung - 22.07.2008 (6)
  14. ständiges öffnen von Werbung in neuen Fenstern
    Log-Analyse und Auswertung - 21.07.2008 (14)
  15. Ständiges öffnen von PopUps
    Plagegeister aller Art und deren Bekämpfung - 29.02.2008 (2)
  16. Ständiges Öffnen von IE Fenstern - Virus?
    Log-Analyse und Auswertung - 15.09.2006 (5)
  17. Ständiges Neustarten
    Log-Analyse und Auswertung - 06.09.2005 (1)

Zum Thema Ständiges öffnen des internet exploreres - Guten Tag Ich bin vollkommen neu hier und bin nur hier, weil ich durch die Suche in Google auf euch gestoßen bin. Es geht darum, dass seit vorgestern mir durchgehend - Ständiges öffnen des internet exploreres...
Archiv
Du betrachtest: Ständiges öffnen des internet exploreres auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.