Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Email/I-Banking meldet Gozi und werde öfters auf andere Seiten verlinkt (Firefox)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 17.11.2010, 23:11   #1
Blackcollar
 
Email/I-Banking meldet Gozi und werde öfters auf andere Seiten verlinkt (Firefox) - Standard

Email/I-Banking meldet Gozi und werde öfters auf andere Seiten verlinkt (Firefox)



Hallo Leute,
bin ganz neu am Forum also hoffe ich ich mach nichts falsch.
Habe seit neustem das Problem, das ich auf andere Seiten verlinkt werde. Besonders nachdem ich was bei Google gesucht habe und anschließend auf Suchergebnisse klicke.
Ebenfalls hat Web.de und Ibanking gemeldet, dass ich mir Gozi eingesammelt habe.
Hab hier den HiJack Log:
HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:32:56, on 17.11.2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\SpeedFan\speedfan.exe
C:\Program Files (x86)\CD Art Display\CAD.exe
C:\Program Files (x86)\Razer\Tarantula\razerhid.exe
C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Razer\Tarantula\razertra.exe
C:\Program Files (x86)\ROCCAT\Kone Mouse\osd.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\***\Downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: hxxp://rapidshare.com/files/372186053/values.dbhxxp://rapidshare.com/files/372186053/values.db# Copyright (c) 1993-2009 Microsoft Corp.
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QipLI - {6B5863A0-C43F-4C0A-982B-CC0E9125783F} - C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [Tarantula] C:\Program Files (x86)\Razer\Tarantula\razerhid.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [Kone] "C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [speedfan] C:\Program Files (x86)\SpeedFan\speedfan.exe
O4 - HKCU\..\Run: [CAD] C:\Program Files (x86)\CD Art Display\CAD.exe
O4 - HKCU\..\Run: [Infium] "C:\Program Files (x86)\QIP 2010\qip.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file:///C:/Users/***/Videos/Plastic_Mdfsan_-_02/components/hidinputmonitorx.ocx
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///C:/Users/***/Videos/Plastic_Mdfsan_-_02/components/A9.ocx
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file:///C:/Users/***/Videos/Plastic_Mdfsan_-_02/components/wmvhdrating.ocx
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: kroover - Unknown owner - C:\Windows\system32\drivers\kroover.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10160 bytes
         
--- --- ---


Hier die von Gmer:GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2010-11-17 22:56:49
Windows 6.1.7600  
Running: hyx7g4t2.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                    771343423
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                    285507792
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                    2
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                      
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                   0
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                0x0B 0xCD 0xB1 0x25 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                   C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001                             
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                          0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                       0xAC 0x1D 0xCF 0x64 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40                      
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                0xE2 0xAA 0xA2 0x5D ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41                      
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew                0x61 0x4A 0x9D 0xEF ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                      
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                   C:\Program Files (x86)\DAEMON Tools Lite\
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                   0x00 0x00 0x00 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                   1
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                0xD8 0x2A 0x3E 0xDD ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                             
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                          0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                       0xC0 0x21 0x91 0x81 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                        
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                  0x6E 0x61 0x6E 0x02 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                  
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                       0
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                    0x0B 0xCD 0xB1 0x25 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                       C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)         
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                              0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                           0xAC 0x1D 0xCF 0x64 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                    0xE2 0xAA 0xA2 0x5D ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew                    0x61 0x4A 0x9D 0xEF ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                  
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                       C:\Program Files (x86)\DAEMON Tools Lite\
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                       0x00 0x00 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                       1
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                    0xD8 0x2A 0x3E 0xDD ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)         
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                              0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                           0xC0 0x21 0x91 0x81 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)    
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                      0x6E 0x61 0x6E 0x02 ...

---- EOF - GMER 1.0.15 ----
         
--- --- ---

Und einmal von OTL


PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe ()
PRC - C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE (ROCCAT)
PRC - C:\Program Files (x86)\CD Art Display\CAD.exe (CD Art Display)
PRC - C:\Program Files (x86)\ROCCAT\Kone Mouse\OSD.exe (ROCCAT)
PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe ()
PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
PRC - C:\Program Files (x86)\Razer\Tarantula\razerhid.exe (Razer USA Ltd.)
PRC - C:\Program Files (x86)\Razer\Tarantula\razertra.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\imagehlp.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\normaliz.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\RocketDock\RocketDock.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found
SRV:64bit: - (kroover) -- C:\Windows\SysNative\drivers\kroover.exe File not found
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (TuneUp.Defrag) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)


========== Driver Services (SafeList) ==========

DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (KoneFltr) -- C:\Windows\SysNative\drivers\Kone.sys (ROCCAT Ltd)
DRV:64bit: - (ENTECH64) -- C:\Windows\SysNative\drivers\Entech64.sys (EnTech Taiwan)
DRV:64bit: - (s0016mdm) -- C:\Windows\SysNative\drivers\s0016mdm.sys (MCCI Corporation)
DRV:64bit: - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\SysNative\drivers\s0016unic.sys (MCCI Corporation)
DRV:64bit: - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s0016mgmt.sys (MCCI Corporation)
DRV:64bit: - (s0016obex) -- C:\Windows\SysNative\drivers\s0016obex.sys (MCCI Corporation)
DRV:64bit: - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\SysNative\drivers\s0016nd5.sys (MCCI Corporation)
DRV:64bit: - (s0016mdfl) -- C:\Windows\SysNative\drivers\s0016mdfl.sys (MCCI Corporation)
DRV:64bit: - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\SysNative\drivers\s0016bus.sys (MCCI Corporation)
DRV:64bit: - (TarFltr) -- C:\Windows\SysNative\drivers\UsbFltr.sys (Razer USA Ltd.)
DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-942117130-2719283232-3601713883-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-942117130-2719283232-3601713883-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-942117130-2719283232-3601713883-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FA 77 50 52 FB 80 CB 01 [binary data]
IE - HKU\S-1-5-21-942117130-2719283232-3601713883-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-942117130-2719283232-3601713883-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.6
FF - prefs.js..extensions.enabledItems: QipCounter@qip.ru:1.0
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.3
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.03.14 14:20:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.10.21 15:22:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.11.15 23:28:01 | 000,000,000 | ---D | M]

[2010.01.16 15:18:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.10.27 15:48:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fhg1bm7b.default\extensions
[2010.10.26 16:43:04 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fhg1bm7b.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010.08.31 20:17:13 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fhg1bm7b.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2010.07.07 17:45:13 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fhg1bm7b.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010.10.03 16:50:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fhg1bm7b.default\extensions\firefox@tvunetworks.com
[2010.09.13 22:34:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fhg1bm7b.default\extensions\personas@christopher.beard
[2010.05.20 18:31:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fhg1bm7b.default\extensions\QipCounter@qip.ru
[2010.10.27 15:48:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.06.29 05:01:22 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
[2010.09.10 20:16:20 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.10 20:16:20 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.10 20:16:20 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.10 20:16:20 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.10 20:16:20 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.11.17 16:44:33 | 000,001,338 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: hxxp://rapidshare.com/files/372186053/values.dbhxxp://rapidshare.com/files/372186053/values.db# Copyright (c) 1993-2009 Microsoft Corp.
O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 www.alcohol-soft.com
O1 - Hosts: 127.0.0.1 images.alcohol-soft.com
O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 alcohol-soft.com
O1 - Hosts: 127.0.0.1 static3.cdn.ubi.com
O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com
O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com
O1 - Hosts: 127.0.0.1 orbitservice.ubi.com
O1 - Hosts: 127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com
O1 - Hosts: 127.0.0.1 gs.apple.com
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (QipLI Class) - {6B5863A0-C43F-4C0A-982B-CC0E9125783F} - C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll (TODO: <Company name>)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Kone] C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE (ROCCAT)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Tarantula] C:\Program Files (x86)\Razer\Tarantula\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-942117130-2719283232-3601713883-1000..\Run: [CAD] C:\Program Files (x86)\CD Art Display\CAD.exe (CD Art Display)
O4 - HKU\S-1-5-21-942117130-2719283232-3601713883-1000..\Run: [Infium] C:\Program Files (x86)\QIP 2010\qip.exe (QIP)
O4 - HKU\S-1-5-21-942117130-2719283232-3601713883-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-942117130-2719283232-3601713883-1000..\Run: [speedfan] C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 [2010.11.17 18:43:24 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 [2010.11.17 19:11:58 | 000,000,000 | ---D | M]
O7 - HKU\S-1-5-21-942117130-2719283232-3601713883-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-942117130-2719283232-3601713883-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-942117130-2719283232-3601713883-1000\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-942117130-2719283232-3601713883-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v911/Navigram.cab (Reg Error: Key error.)
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///C:/Users/***/Videos/Plastic_Mdfsan_-_02/components/hidinputmonitorx.ocx (HidInputMonitorX Control)
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///C:/Users/***/Videos/Plastic_Mdfsan_-_02/components/A9.ocx (A9Helper.A9)
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///C:/Users/J***/Videos/Plastic_Mdfsan_-_02/components/wmvhdrating.ocx (WMVHDRatingCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{545d2210-0e6a-11df-9b34-90e6ba2ed40e}\Shell - "" = AutoRun
O33 - MountPoints2\{545d2210-0e6a-11df-9b34-90e6ba2ed40e}\Shell\AutoRun\command - "" = E:\launcher.exe -- File not found
O33 - MountPoints2\{7a8e5ad0-05d8-11df-8b4f-90e6ba2ed40e}\Shell - "" = AutoRun
O33 - MountPoints2\{7a8e5ad0-05d8-11df-8b4f-90e6ba2ed40e}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\{be9725dc-f03d-11df-88fb-90e6ba2ed40e}\Shell - "" = AutoRun
O33 - MountPoints2\{be9725dc-f03d-11df-88fb-90e6ba2ed40e}\Shell\AutoRun\command - "" = F:\launcher.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: bitsexec - (C:\Windows\system32\msinnced.dll) - C:\Windows\SysWow64\msinnced.dll File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.11.17 21:32:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.11.17 21:32:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.11.17 21:32:34 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.11.17 21:32:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.11.17 21:32:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.11.17 17:28:00 | 000,121,936 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010.11.17 17:28:00 | 000,020,048 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010.11.17 17:27:58 | 000,028,752 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010.11.17 17:27:56 | 000,051,280 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010.11.17 17:27:55 | 000,061,008 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010.11.17 17:27:41 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010.11.17 17:27:41 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010.11.17 17:05:34 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\LucasArts
[2010.11.17 16:45:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LucasArts
[2010.11.17 00:01:38 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.11.16 17:55:26 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010.11.15 23:35:47 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DESIGNER
[2010.11.15 23:35:32 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Synchronization Services
[2010.11.15 23:35:22 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010.11.15 23:35:22 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft SQL Server Compact Edition
[2010.11.15 23:34:01 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Analysis Services
[2010.11.15 23:34:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2010.11.15 23:33:10 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office
[2010.11.15 23:32:53 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010.11.14 23:20:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2010.11.14 23:19:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2010.11.14 23:19:51 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010.11.14 23:05:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\LucasArts
[2010.11.13 12:16:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Logs
[2010.11.11 00:52:49 | 000,000,000 | ---D | C] -- C:\ab1b482a6a1a89647700c288
[2010.11.10 18:29:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stunlock Studios
[2010.11.10 18:28:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
[2010.11.07 21:34:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Flo & Seb Engineering
[2010.11.07 21:34:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Flo & Seb Engineering
[2010.10.27 13:33:42 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010.10.27 13:33:42 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010.10.27 13:33:42 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010.10.27 13:33:42 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010.10.27 13:33:42 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010.10.27 13:33:42 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010.10.27 13:33:42 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010.10.27 13:32:00 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2010.10.23 02:28:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Cyberlink
[2010.10.23 02:28:53 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\CyberLink
[2010.10.23 02:28:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\CyberLink
[2010.10.23 02:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2010.10.23 02:28:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\CyberLink
[2010.10.23 02:26:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.11.17 21:32:37 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.17 19:41:43 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.17 19:41:43 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.17 19:38:54 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.11.17 19:38:54 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.11.17 19:38:54 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.11.17 19:38:54 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.11.17 19:38:54 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.11.17 19:33:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.17 17:28:02 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010.11.17 17:27:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010.11.17 08:03:52 | 000,000,000 | ---- | M] () -- C:\Users\***\AppData\Local\prvlcl.dat
[2010.11.17 00:01:39 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010.11.16 07:18:05 | 000,424,416 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.11.14 23:20:33 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010.11.13 12:16:03 | 000,000,061 | ---- | M] () -- C:\Windows\SysWow64\IgnoreList.xml
[2010.11.10 18:30:08 | 000,002,487 | ---- | M] () -- C:\Users\***\Desktop\Bloodline Champions.lnk
[2010.11.09 22:24:18 | 000,373,185 | ---- | M] () -- C:\Users\J***\Desktop\Ozon.pptx
[2010.11.09 22:04:23 | 000,022,196 | ---- | M] () -- C:\Users\***\advanced_search
[2010.10.27 16:52:58 | 000,034,816 | ---- | M] () -- C:\Users\***\Desktop\SWTFU2.mdf
[2010.10.27 16:38:34 | 000,032,906 | ---- | M] () -- C:\Users\***\Desktop\SWTFU2.mds
[2010.10.23 02:26:35 | 000,505,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp71.dll
[2010.10.23 02:26:35 | 000,353,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr71.dll
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.11.17 21:32:37 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.17 17:28:02 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010.11.17 00:01:39 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010.11.16 17:36:23 | 000,034,816 | ---- | C] () -- C:\Users\***\Desktop\SWTFU2.mdf
[2010.11.16 17:36:23 | 000,032,906 | ---- | C] () -- C:\Users\***\Desktop\SWTFU2.mds
[2010.11.13 12:16:03 | 000,000,061 | ---- | C] () -- C:\Windows\SysWow64\IgnoreList.xml
[2010.11.10 18:30:08 | 000,002,487 | ---- | C] () -- C:\Users\J***\Desktop\Bloodline Champions.lnk
[2010.11.09 22:24:18 | 000,373,185 | ---- | C] () -- C:\Users\***s\Desktop\Ozon.pptx
[2010.11.09 22:04:22 | 000,022,196 | ---- | C] () -- C:\Users\***\advanced_search
[2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.08.19 21:52:33 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.08.08 18:48:38 | 000,000,135 | ---- | C] () -- C:\Users\***\AppData\Roaming\default.rss
[2010.07.28 22:01:19 | 000,000,000 | ---- | C] () -- C:\Users\***s\AppData\Local\prvlcl.dat
[2010.05.31 16:27:24 | 000,005,632 | ---- | C] () -- C:\Users\***s\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.30 15:36:14 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2010.05.28 14:41:58 | 000,000,000 | ---- | C] () -- C:\Users\J***\AppData\Roaming\downloads.m3u
[2010.05.26 19:11:30 | 000,000,133 | ---- | C] () -- C:\Windows\VobEdit.INI
[2010.03.22 22:51:03 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Local\PUTTY.RND
[2010.03.22 22:21:57 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Roaming\winscp.rnd
[2010.02.21 17:24:11 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.02.01 22:12:09 | 000,021,684 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010.01.25 22:51:53 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2010.01.24 12:25:12 | 000,000,084 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.01.18 22:05:50 | 000,007,604 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2010.01.16 01:27:08 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010.01.16 01:27:08 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010.01.16 01:24:19 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010.01.16 01:24:11 | 000,028,197 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009.10.20 19:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009.10.12 04:04:34 | 003,190,784 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll
[2009.10.12 04:04:34 | 000,741,376 | ---- | C] () -- C:\Windows\SysWow64\audxlib.dll
[2009.10.12 04:04:34 | 000,405,504 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll
[2009.10.12 04:04:34 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2009.10.12 04:04:34 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\ff_theora.dll
[2009.10.12 04:04:34 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2009.10.12 04:04:34 | 000,097,280 | ---- | C] () -- C:\Windows\SysWow64\ff_realaac.dll
[2009.10.12 04:04:34 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2009.10.12 04:04:34 | 000,038,400 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2009.10.12 04:04:30 | 000,662,016 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009.10.12 04:04:30 | 000,511,488 | ---- | C] () -- C:\Windows\SysWow64\ff_x264.dll
[2009.10.12 04:04:30 | 000,245,760 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2009.10.12 04:04:30 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\ff_kernelDeint.dll
[2009.10.12 04:04:30 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2009.10.12 04:04:30 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2009.10.12 04:04:30 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2009.10.12 04:04:30 | 000,079,872 | ---- | C] () -- C:\Windows\SysWow64\ff_tremor.dll
[2009.10.12 04:04:30 | 000,026,624 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2009.10.12 04:04:30 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.07.06 03:48:34 | 000,013,368 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2009.04.02 13:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2003.07.22 15:59:06 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\DriverSetupApi.dll
[2002.06.28 10:43:44 | 000,438,272 | ---- | C] () -- C:\Windows\SysWow64\xvid.dll
[2002.05.16 00:38:40 | 000,091,136 | ---- | C] () -- C:\Windows\SysWow64\mp4fil32.dll
[2002.05.04 14:19:00 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\avisynthEx.dll
[2002.04.21 19:30:14 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll
[2002.04.19 15:23:26 | 000,106,137 | ---- | C] () -- C:\Windows\SysWow64\libpostproc.dll
[2002.04.01 23:16:30 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\VorbisEnc.dll
[2002.04.01 23:16:14 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll
[2002.04.01 23:15:40 | 000,011,264 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll
[2002.02.21 17:41:20 | 000,157,184 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2001.06.22 12:06:02 | 000,167,936 | ---- | C] () -- C:\Windows\SysWow64\MPEG2DEC.dll
[2000.07.22 16:49:46 | 000,431,104 | ---- | C] () -- C:\Windows\SysWow64\VFCodec.dll

========== LOP Check ==========

[2010.01.25 16:56:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ROCCAT
[2010.08.05 17:27:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CD Art Display
[2010.07.14 21:23:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Command and Conquer 4
[2010.11.14 23:25:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2010.11.07 21:34:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Flo & Seb Engineering
[2010.07.14 17:31:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2010.05.30 15:44:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2010.05.26 16:40:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mkvtoolnix
[2010.05.26 18:23:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Pegasys Inc
[2010.09.11 15:56:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Rainmeter
[2010.01.15 21:54:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ROCCAT
[2010.07.25 21:10:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt
[2010.01.17 21:24:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2010.04.02 13:04:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft
[2010.11.09 17:51:12 | 000,032,764 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Hätte es vielleicht besser als Datei anhängen sollen, hoffe ich habe alles richtig gepostet ansonsten korrigiert mich bitte.
Muss leider noch viel lernen.

Würd mich freuen wenn ihr mir helfen könnt.

Geändert von Blackcollar (17.11.2010 um 23:18 Uhr)

Alt 18.11.2010, 20:16   #2
markusg
/// Malware-holic
 
Email/I-Banking meldet Gozi und werde öfters auf andere Seiten verlinkt (Firefox) - Standard

Email/I-Banking meldet Gozi und werde öfters auf andere Seiten verlinkt (Firefox)



otl wie folgt ausführen
ootl:
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten
__________________

__________________

Antwort

Themen zu Email/I-Banking meldet Gozi und werde öfters auf andere Seiten verlinkt (Firefox)
administrator, adobe, analysis, antivirus, avast, avast!, bho, bonjour, computer, controlset002, datei anhängen, document, error, explorer, firefox, google, hijack, hijackthis, hängen, internet, internet explorer, intranet, langs, mozilla, oldtimer, otl.exe, plug-in, problem, programdata, programme, realtek, registry, searchplugins, seiten, server, software, sptd.sys, syswow64, unlock, usbaapl64, vdeck.exe, web.de, webcheck, windows



Ähnliche Themen: Email/I-Banking meldet Gozi und werde öfters auf andere Seiten verlinkt (Firefox)


  1. Google verlinkt auf falsche Seiten/unter Firefox 11.0 f. GMX 1.7.2
    Plagegeister aller Art und deren Bekämpfung - 29.03.2012 (13)
  2. Werde bei Google auf andere Seiten geleitet: 95.com oder mediashifting
    Plagegeister aller Art und deren Bekämpfung - 09.01.2012 (21)
  3. Werde auf andere Seiten gelenkt! (Google)
    Plagegeister aller Art und deren Bekämpfung - 30.06.2011 (11)
  4. Google verlinkt mich auch andere Seiten und merkwürdiger Werbesound
    Log-Analyse und Auswertung - 10.05.2011 (33)
  5. Werde bei Googlelinks auf andere Seiten geleitet
    Log-Analyse und Auswertung - 21.04.2011 (1)
  6. Google verlinkt mich auf andere Seiten Windows XP Internet Explorer 8
    Log-Analyse und Auswertung - 30.01.2011 (9)
  7. Firefox/ IExplorer -> Google verlinkt auf andere Seiten - load.exe anweisungen befolgt
    Log-Analyse und Auswertung - 26.01.2011 (5)
  8. Firefox verlinkt beim online banking auf freetalgamez
    Plagegeister aller Art und deren Bekämpfung - 21.01.2011 (34)
  9. Redirect/Jump Virus in Firefox - werde ständig auf andere Seiten weitergeleitet im Web
    Log-Analyse und Auswertung - 02.11.2010 (25)
  10. Google verlinkt auf andere Seiten / Antiviren Programme lassen sich nicht öffnen
    Log-Analyse und Auswertung - 05.01.2010 (1)
  11. Werde immer auf andere Seiten umgeleitet
    Log-Analyse und Auswertung - 11.02.2009 (9)
  12. Google verlinkt auf andere Seiten
    Log-Analyse und Auswertung - 26.01.2009 (3)
  13. werde auf andere Seiten umgeleitet
    Log-Analyse und Auswertung - 23.11.2008 (15)
  14. Werde einfach auf andere seiten umgeleitet
    Log-Analyse und Auswertung - 19.11.2008 (0)
  15. Google verlinkt auf andere Seiten
    Log-Analyse und Auswertung - 01.10.2008 (4)
  16. Beim googlen andere seiten verlinkt
    Mülltonne - 03.08.2007 (0)
  17. Hilfe, ich werde im Internet immer auf andere Seiten umgeleitet!
    Plagegeister aller Art und deren Bekämpfung - 19.05.2007 (1)

Zum Thema Email/I-Banking meldet Gozi und werde öfters auf andere Seiten verlinkt (Firefox) - Hallo Leute, bin ganz neu am Forum also hoffe ich ich mach nichts falsch. Habe seit neustem das Problem, das ich auf andere Seiten verlinkt werde. Besonders nachdem ich was - Email/I-Banking meldet Gozi und werde öfters auf andere Seiten verlinkt (Firefox)...
Archiv
Du betrachtest: Email/I-Banking meldet Gozi und werde öfters auf andere Seiten verlinkt (Firefox) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.