Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
win32:adware.gen hier das HiJackThis Log. - Bitte hilfe

win32:adware.gen hier das HiJackThis Log. - Bitte hilfe


Log-Analyse und Auswertung: win32:adware.gen hier das HiJackThis Log. - Bitte hilfe

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 30.11.2010, 11:33   #1
bertl.
 
win32:adware.gen hier das HiJackThis Log. - Bitte hilfe - Standard

win32:adware.gen hier das HiJackThis Log. - Bitte hilfe


Hallo an alle,

Habe irgendwie einen win32:adware.gen an laptop hier das HijackThis Log. - Kann mir vieleicht jemand helfen. Bin Anfänger was PC-Krankheiten bzw. heilen angeht - vielen dank


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:02:03, on 30.11.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\MacroData Inc\NetDrive\netdrive.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Delzo & Lara.Patricia-PC\Downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_AT&c=74&bd=smb&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_AT&c=74&bd=smb&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ParentalControl Bar - {A057A204-BACC-4D26-908B-27FCD4A32E85} - C:\PROGRA~1\PARENT~1\PARENT~1.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ParentalControl Bar - {A057A204-BACC-4D26-908B-27FCD4A32E85} - C:\PROGRA~1\PARENT~1\PARENT~1.DLL
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Thunderbird] "C:\Program Files\Mozilla Thunderbird\thunderbird.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Netdrive] C:\Program Files\MacroData Inc\NetDrive\netdrive.exe -tray
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Cacheman Service (CachemanService) - Unknown owner - C:\Program Files\Cacheman\CachemanServ.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: HP ProtectTools Gerätesperre/Überwachung (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NetDrive Service (ndsvc) - MacroData Inc. - C:\Program Files\MacroData Inc\NetDrive\ndsvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7783 bytes

Alt 30.11.2010, 17:35   #2
nochdigger
 
win32:adware.gen hier das HiJackThis Log. - Bitte hilfe - Standard

win32:adware.gen hier das HiJackThis Log. - Bitte hilfe


Hallo und

Zitat:
Habe irgendwie einen win32:adware.gen an laptop...
welches Programm hat was wo gefunden (Pfad\Dateiname)?

Lass bitte Malwarebytes dein System prüfen und erstelle anschließend ein Log mit OTL, poste entstandenen Logfiles hierher, dann sehen wir weiter.

MFG
__________________

__________________
Alt 30.11.2010, 18:59   #3
bertl.
 
win32:adware.gen hier das HiJackThis Log. - Bitte hilfe - Standard

win32:adware.gen hier das HiJackThis Log. - Bitte hilfe


Hallo NochDigger,


Danke für deinen bemühungen, mein Antivirus programm ist folgendes:

avast! Free Antivirus 5.0.677

dieses findet auch den Virus/Trojaner oder so..

welches programm genau infisziert ist weis ich nicht genau:

aber er schreibt was von svchost.exe im win32 ordner bzw. ist es manchmal eine Datei die er blockt bzw. eine Webseite.

Malwarebyte LOG File:

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Datenbank Version: 5220

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18943

30.11.2010 19:40:55
mbam-log-2010-11-30 (19-40-54).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 135564
Laufzeit: 6 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 3
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Direct Player (Adware.FLVPlayer) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\Zango 10.3.74.0 (Adware.Zango) -> Value: Zango 10.3.74.0 -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\program files\flv direct player (Adware.BHO.FL) -> Delete on reboot.
c:\program files\free registry cleaner for vista (Rogue.FreeRegistryCleanerForVista) -> Delete on reboot.
c:\programdata\microsoft\Windows\start menu\Programs\flv direct player (Adware.FLVPlayer) -> Delete on reboot.

Infizierte Dateien:
c:\program files\flv direct player\flvplayer.exe (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\uninstall.exe (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\free registry cleaner for vista\backuphkcu.reg (Rogue.FreeRegistryCleanerForVista) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\flv direct player\flv direct player.lnk (Adware.FLVPlayer) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\flv direct player\uninstall flv direct player.lnk (Adware.FLVPlayer) -> Quarantined and deleted successfully.


Danke nochmal

bertl
__________________
Geändert von bertl. (30.11.2010 um 19:44 Uhr)

Alt 30.11.2010, 19:47   #4
nochdigger
 
win32:adware.gen hier das HiJackThis Log. - Bitte hilfe - Standard

win32:adware.gen hier das HiJackThis Log. - Bitte hilfe


Hallo

wenn du Avast startest, solltest du unter -> Verwaltung -> Virus Container unter Ursprünglicher Ort die Datei sowie den Pfad finden.

MFG
__________________
Kein Support per PN - Bitte im Forum posten.

Alt 30.11.2010, 20:04   #5
bertl.
 
win32:adware.gen hier das HiJackThis Log. - Bitte hilfe - Standard

win32:adware.gen hier das HiJackThis Log. - Bitte hilfe


Zitat:
Zitat von nochdigger Beitrag anzeigen
Hallo

wenn du Avast startest, solltest du unter -> Verwaltung -> Virus Container unter Ursprünglicher Ort die Datei sowie den Pfad finden.

MFG
Dort ist leider alles lehr !!! Kein Eintrag


Alt 30.11.2010, 20:11   #6
nochdigger
 
win32:adware.gen hier das HiJackThis Log. - Bitte hilfe - Standard

win32:adware.gen hier das HiJackThis Log. - Bitte hilfe


Hallo

Zitat:
Zitat von bertl. Beitrag anzeigen
Dort ist leider alles lehr !!! Kein Eintrag
schade, nun gut dann weiter im Text
Zitat:
Art des Suchlaufs: Quick-Scan
Führe bitte unbedingt noch ein Komplettscan durch, anschließend wieder Log posten.


MFG
__________________
--> win32:adware.gen hier das HiJackThis Log. - Bitte hilfe

Alt 30.11.2010, 20:28   #7
bertl.
 
win32:adware.gen hier das HiJackThis Log. - Bitte hilfe - Standard

win32:adware.gen hier das HiJackThis Log. - Bitte hilfe


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 30.11.2010 20:16:45 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\************\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1.015,00 Mb Total Physical Memory | 178,00 Mb Available Physical Memory | 18,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 48,00% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 65,17 Gb Total Space | 20,06 Gb Free Space | 30,79% Space Free | Partition Type: NTFS
Drive D: | 283,73 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 1,55 Gb Total Space | 1,24 Gb Free Space | 79,78% Space Free | Partition Type: NTFS
Drive F: | 7,80 Gb Total Space | 0,73 Gb Free Space | 9,38% Space Free | Partition Type: NTFS
Drive Z: | 512,00 Gb Total Space | 512,00 Gb Free Space | 100,00% Space Free | Partition Type: NDFS
 
Computer Name: PATRICIA-PC | User Name: ******* | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Delzo & Lara.Patricia-PC\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\MacroData Inc\NetDrive\ndsvc.exe (MacroData Inc.)
PRC - C:\Program Files\MacroData Inc\NetDrive\netdrive.exe (MacroData Inc.)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Windows\System32\inetsrv\w3wp.exe (Microsoft Corporation)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Delzo & Lara.Patricia-PC\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (CachemanService) -- C:\Program Files\Cacheman\CachemanServ.exe File not found
SRV - (ndsvc) -- C:\Program Files\MacroData Inc\NetDrive\ndsvc.exe (MacroData Inc.)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (FLCDLOCK) -- C:\Windows\System32\flcdlock.exe (Hewlett-Packard Ltd)
SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SNP325) USB PC Camera (SNPSTD325) -- C:\Windows\System32\DRIVERS\snp325.sys File not found
DRV - (pfc) -- C:\Windows\System32\drivers\pfc.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (ndfs) -- C:\Program Files\MacroData Inc\NetDrive\NDFS.sys (MacroData Inc.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (phmburnr) -- C:\Windows\system32\DRIVERS\phmburnr.sys (Phantombility, Inc)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (GemCCID) -- C:\Windows\System32\drivers\GemCCID.sys (Gemalto)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (ADIHdAudAddService) -- C:\Windows\System32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corp.)
DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corp.)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (USBCCID) -- C:\Windows\System32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (s117obex) -- C:\Windows\System32\drivers\s117obex.sys (MCCI Corporation)
DRV - (s117mdm) -- C:\Windows\System32\drivers\s117mdm.sys (MCCI Corporation)
DRV - (s117mgmt) Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s117mgmt.sys (MCCI Corporation)
DRV - (s117unic) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM) -- C:\Windows\System32\drivers\s117unic.sys (MCCI Corporation)
DRV - (s117nd5) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS) -- C:\Windows\System32\drivers\s117nd5.sys (MCCI Corporation)
DRV - (s117mdfl) -- C:\Windows\System32\drivers\s117mdfl.sys (MCCI Corporation)
DRV - (s117bus) Sony Ericsson Device 117 driver (WDM) -- C:\Windows\System32\drivers\s117bus.sys (MCCI Corporation)
DRV - (DAMDrv) -- C:\Windows\System32\drivers\DAMDrv.sys (Hewlett-Packard Development Company L.P.)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (eabfiltr) -- C:\Windows\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (k750mdm) -- C:\Windows\System32\drivers\k750mdm.sys (MCCI)
DRV - (k750mdfl) -- C:\Windows\System32\drivers\k750mdfl.sys (MCCI)
DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- C:\Windows\System32\drivers\k750bus.sys (MCCI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_AT&c=74&bd=smb&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_AT&c=74&bd=smb&pf=laptop
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {30f6ffb8-5a42-d7ba-d1d4-328278d32fd3}:4.6.6.8
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.2
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.9.1
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2008.02.02 23:49:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.09.14 10:50:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.09.14 18:06:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.11.22 08:55:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.21 08:55:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.11.26 10:31:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.10.12 10:12:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.09.14 10:50:23 | 000,000,000 | ---D | M]
 
[2010.08.27 00:17:39 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\mozilla\Extensions
[2010.06.02 16:59:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.08.27 00:17:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\mozilla\Extensions\{ee53ece0-255c-4cc6-8a7e-81a8b6e5ba2c}
[2010.05.30 10:56:07 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\mozilla\Extensions\prism@developer.mozilla.org
[2010.11.30 18:53:38 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\mozilla\Firefox\Profiles\r6auzm2f.default\extensions
[2010.11.20 02:49:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\mozilla\Firefox\Profiles\r6auzm2f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.11.22 16:26:32 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\mozilla\Firefox\Profiles\r6auzm2f.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010.11.22 16:26:32 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\mozilla\Firefox\Profiles\r6auzm2f.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.11.20 02:49:49 | 000,000,000 | ---D | M] () -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\mozilla\Firefox\Profiles\r6auzm2f.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
[2010.11.20 02:49:48 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\mozilla\Firefox\Profiles\r6auzm2f.default\extensions\foxmarks@kei.com
[2010.11.20 02:49:49 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\mozilla\Firefox\Profiles\r6auzm2f.default\extensions\moveplayer@movenetworks.com
[2010.11.20 02:49:49 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\mozilla\Firefox\Profiles\r6auzm2f.default\extensions\youtube2mp3@mondayx.de
[2010.11.30 18:53:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.05.11 11:10:30 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{30f6ffb8-5a42-d7ba-d1d4-328278d32fd3}
[2008.02.02 23:50:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\google-cjk@partners.mozilla.com
[2008.08.27 13:55:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2010.02.21 11:22:32 | 000,712,704 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2007.03.10 00:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2010.11.21 08:55:32 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.11.21 08:55:32 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.11.21 08:55:32 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.11.21 08:55:32 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.11.21 08:55:32 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.11.22 07:44:25 | 000,425,799 | R--- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 14672 more lines...
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ParentalControl Bar) - {A057A204-BACC-4D26-908B-27FCD4A32E85} - C:\Program Files\parentalcontrol\parentalcontrol.dll ( )
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: () - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (ParentalControl Bar) - {A057A204-BACC-4D26-908B-27FCD4A32E85} - C:\Program Files\parentalcontrol\parentalcontrol.dll ( )
O3 - HKLM\..\Toolbar: () - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (ParentalControl Bar) - {A057A204-BACC-4D26-908B-27FCD4A32E85} - C:\Program Files\parentalcontrol\parentalcontrol.dll ( )
O3 - HKCU\..\Toolbar\WebBrowser: () - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Netdrive] C:\Program Files\MacroData Inc\NetDrive\netdrive.exe (MacroData Inc.)
O4 - HKLM..\Run: [Thunderbird] C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - DeviceNP.dll - C:\Windows\System32\DeviceNP.dll (Hewlett-Packard Limited)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001.02.27 19:09:05 | 000,000,193 | RH-- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2004.04.30 17:01:00 | 000,000,053 | -HS- | M] () - F:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{590a2852-d115-11dc-9d96-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{590a2852-d115-11dc-9d96-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe -- [2001.02.28 22:15:51 | 000,488,864 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{590a2852-d115-11dc-9d96-806e6f6e6963}\Shell\configure\command - "" = D:\SETUP.EXE -- [2001.02.28 22:15:51 | 000,488,864 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{590a2852-d115-11dc-9d96-806e6f6e6963}\Shell\install\command - "" = D:\SETUP.EXE -- [2001.02.28 22:15:51 | 000,488,864 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.11.30 19:16:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.11.30 19:16:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.11.30 11:41:43 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.11.30 11:41:43 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.11.30 11:41:43 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.11.30 11:41:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.11.30 11:40:53 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010.11.30 11:12:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.11.30 11:10:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.11.24 14:04:25 | 000,000,000 | ---D | C] -- C:\Users\Delzo & Lara.Patricia-PC\Desktop\anderer user
[2010.11.24 13:49:20 | 000,000,000 | ---D | C] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\FreeCommander
[2010.11.24 13:49:19 | 000,000,000 | ---D | C] -- C:\Program Files\FreeCommander
[2010.11.23 03:10:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010.11.23 03:10:17 | 000,000,000 | ---D | C] -- C:\6444ec2b9afe92ec54790833da
[2010.11.23 03:04:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows OneCare Live
[2010.11.22 16:22:32 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2010.11.22 16:22:19 | 000,000,000 | ---D | C] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\vlc
[2010.11.22 16:21:52 | 000,000,000 | ---D | C] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Local\Paint.NET
[2010.11.22 07:32:21 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2010.11.21 00:44:03 | 000,000,000 | ---D | C] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Local\Zattoo
[2010.11.21 00:41:15 | 000,000,000 | ---D | C] -- C:\Program Files\Zattoo4
[2010.11.20 23:39:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.11.20 23:39:34 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010.11.20 23:13:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.11.20 12:11:57 | 000,000,000 | ---D | C] -- C:\Users\Delzo & Lara.Patricia-PC\Desktop\Delzo & Lara
[2010.11.20 07:45:37 | 000,000,000 | ---D | C] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\Auslogics
[2010.11.20 07:45:27 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2010.11.19 19:58:22 | 000,000,000 | ---D | C] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\TweakNow PowerPack Professional
[2010.11.19 18:38:39 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Delzo & Lara.Patricia-PC\Desktop\OTL.exe
[2010.11.19 17:11:22 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010.11.09 17:44:51 | 000,000,000 | ---D | C] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\Malwarebytes
[2010.11.09 17:43:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.11.09 17:43:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.11.02 20:34:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2008.04.15 18:12:20 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp325.dll
[2 C:\Users\Delzo & Lara.Patricia-PC\Desktop\*.tmp files -> C:\Users\Delzo & Lara.Patricia-PC\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.11.30 20:20:00 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7C547F25-2394-4FB2-B48C-8A20756D0333}.job
[2010.11.30 20:20:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{76DF0194-9A6F-4853-800C-2A621ACFB0A9}.job
[2010.11.30 20:11:12 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.11.30 20:00:13 | 002,846,052 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.11.30 20:00:12 | 007,803,212 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.11.30 20:00:12 | 002,433,000 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.11.30 20:00:12 | 002,217,018 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.11.30 19:55:44 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.11.30 19:55:39 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\RegistryDoktor.job
[2010.11.30 19:55:03 | 000,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010.11.30 19:54:33 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.30 19:54:33 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.30 19:54:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.30 19:54:14 | 1064,624,128 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.30 19:51:07 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.11.30 19:24:50 | 000,000,884 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.30 08:44:02 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{878EE288-3815-4EAA-8E43-CB257DA751E8}.job
[2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.11.29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.11.24 13:50:42 | 000,000,770 | ---- | M] () -- C:\Users\Delzo & Lara.Patricia-PC\Desktop\FreeCommander.lnk
[2010.11.22 07:44:25 | 000,425,799 | R--- | M] () -- C:\Windows\System32\drivers\etc\HOSTS
[2010.11.21 08:34:09 | 000,331,316 | ---- | M] () -- C:\Users\Delzo & Lara.Patricia-PC\Documents\cc_20101121_083335.reg
[2010.11.21 08:28:29 | 000,000,764 | ---- | M] () -- C:\Users\Delzo & Lara.Patricia-PC\Desktop\CCleaner.lnk
[2010.11.21 02:22:22 | 000,425,799 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101122-074425.backup
[2010.11.21 02:20:56 | 000,425,799 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101121-022222.backup
[2010.11.21 00:45:01 | 000,017,408 | ---- | M] () -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Local\WebpageIcons.db
[2010.11.20 23:41:09 | 000,001,031 | ---- | M] () -- C:\Users\Delzo & Lara.Patricia-PC\Desktop\Spybot - Search & Destroy.lnk
[2010.11.20 17:37:39 | 000,000,376 | ---- | M] () -- C:\Users\Delzo & Lara.Patricia-PC\Desktop\Downloads - Verknüpfung.lnk
[2010.11.20 12:17:37 | 000,012,800 | ---- | M] () -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.20 10:47:43 | 000,084,353 | ---- | M] () -- C:\Users\Delzo & Lara.Patricia-PC\Desktop\ESTA Application.pdf
[2010.11.20 10:45:08 | 000,092,815 | ---- | M] () -- C:\Users\Delzo & Lara.Patricia-PC\Desktop\ESTA-Antrag.pdf
[2010.11.19 19:16:10 | 000,509,552 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.11.19 18:38:43 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Delzo & Lara.Patricia-PC\Desktop\OTL.exe
[2010.11.19 17:39:34 | 000,000,020 | ---- | M] () -- C:\Users\Delzo & Lara.Patricia-PC\defogger_reenable
[2010.11.19 16:58:18 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010.11.18 08:48:24 | 000,089,190 | ---- | M] () -- C:\Users\Delzo & Lara.Patricia-PC\Desktop\XXXXXXXXXXXXXXXXXXXX.pdf
[2010.11.17 08:56:39 | 000,007,386 | ---- | M] () -- C:\Users\Delzo & Lara.Patricia-PC\.recently-used.xbel
[2010.11.09 17:30:48 | 000,000,036 | ---- | M] () -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Local\housecall.guid.cache
[2010.11.08 10:06:20 | 000,000,162 | -H-- | M] () -- C:\Users\Delzo & Lara.Patricia-PC\Desktop\~$itish Bespoke Weeks.doc
[2010.11.08 01:20:24 | 000,089,088 | ---- | M] () -- C:\Windows\MBR.exe
[2010.11.05 11:55:42 | 000,000,162 | -H-- | M] () -- C:\Users\Delzo & Lara.Patricia-PC\Desktop\~$stenvoranschlag Smoking - Goldwein.doc
[2010.11.01 20:06:06 | 000,000,162 | -H-- | M] () -- C:\Users\Delzo & Lara.Patricia-PC\Desktop\~$hr geehrte Damen und Herren.htm
[2 C:\Users\Delzo & Lara.Patricia-PC\Desktop\*.tmp files -> C:\Users\Delzo & Lara.Patricia-PC\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.11.30 19:18:08 | 000,000,884 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.30 11:41:43 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.11.30 11:41:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.11.30 11:41:43 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010.11.30 11:41:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.11.30 11:41:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.11.24 13:50:42 | 000,000,770 | ---- | C] () -- C:\Users\Delzo & Lara.Patricia-PC\Desktop\FreeCommander.lnk
[2010.11.21 08:33:44 | 000,331,316 | ---- | C] () -- C:\Users\Delzo & Lara.Patricia-PC\Documents\cc_20101121_083335.reg
[2010.11.21 08:28:29 | 000,000,764 | ---- | C] () -- C:\Users\Delzo & Lara.Patricia-PC\Desktop\CCleaner.lnk
[2010.11.21 00:44:03 | 000,017,408 | ---- | C] () -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Local\WebpageIcons.db
[2010.11.20 23:41:09 | 000,001,031 | ---- | C] () -- C:\Users\Delzo & Lara.Patricia-PC\Desktop\Spybot - Search & Destroy.lnk
[2010.11.20 17:37:39 | 000,000,376 | ---- | C] () -- C:\Users\Delzo & Lara.Patricia-PC\Desktop\Downloads - Verknüpfung.lnk
[2010.11.20 10:47:51 | 000,084,353 | ---- | C] () -- C:\Users\Delzo & Lara.Patricia-PC\Desktop\ESTA Application.pdf
[2010.11.20 10:37:56 | 000,092,815 | ---- | C] () -- C:\Users\Delzo & Lara.Patricia-PC\Desktop\ESTA-Antrag.pdf
[2010.11.19 17:39:14 | 000,000,020 | ---- | C] () -- C:\Users\Delzo & Lara.Patricia-PC\defogger_reenable
[2010.11.18 08:48:41 | 000,089,190 | ---- | C] () -- C:\Users\Delzo & Lara.Patricia-PC\Desktop\XXXXXXXXXXXXXXXXXXXX.pdf
[2010.11.17 08:56:39 | 000,007,386 | ---- | C] () -- C:\Users\Delzo & Lara.Patricia-PC\.recently-used.xbel
[2010.11.09 17:30:48 | 000,000,036 | ---- | C] () -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Local\housecall.guid.cache
[2010.11.08 10:06:20 | 000,000,162 | -H-- | C] () -- C:\Users\Delzo & Lara.Patricia-PC\Desktop\~$itish Bespoke Weeks.doc
[2010.11.05 11:55:42 | 000,000,162 | -H-- | C] () -- C:\Users\Delzo & Lara.Patricia-PC\Desktop\~$stenvoranschlag Smoking - Goldwein.doc
[2010.11.01 20:06:06 | 000,000,162 | -H-- | C] () -- C:\Users\Delzo & Lara.Patricia-PC\Desktop\~$hr geehrte Damen und Herren.htm
[2010.06.16 15:57:36 | 000,000,680 | ---- | C] () -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Local\d3d9caps.dat
[2010.03.17 19:55:30 | 000,012,800 | ---- | C] () -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.21 08:58:47 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010.01.12 11:22:05 | 000,000,000 | ---- | C] () -- C:\Windows\KeyScript.ini
[2010.01.08 20:15:10 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.02.15 14:11:36 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.01.12 21:17:03 | 000,000,748 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.01.12 16:06:37 | 000,000,724 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009.01.05 15:24:26 | 000,000,162 | ---- | C] () -- C:\Windows\SecurityandPrivacy3.ini
[2008.11.07 09:51:21 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2008.10.30 11:31:01 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2008.10.30 11:29:54 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.09.24 07:53:33 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2008.09.19 22:57:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.07.01 10:09:16 | 000,404,480 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2008.07.01 10:09:16 | 000,200,704 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2008.07.01 10:09:16 | 000,114,688 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2008.07.01 10:09:15 | 003,049,984 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2008.03.28 18:54:31 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008.02.21 21:39:25 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.02.21 21:39:25 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007.08.24 13:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2007.08.24 13:38:54 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007.08.24 13:38:54 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007.08.24 13:28:04 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007.06.08 09:05:38 | 000,274,432 | ---- | C] () -- C:\Windows\System32\flcdlmsg.dll
[2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.03.09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2004.10.26 23:39:05 | 003,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll
 
========== LOP Check ==========
 
[2010.10.26 09:01:40 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\8C060AFB33B665B53E1FCDE57F8A63DF
[2010.11.20 07:45:37 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\Auslogics
[2010.06.15 20:11:15 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\Canneverbe_Limited
[2010.08.27 00:39:44 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\Claws-mail
[2010.09.03 02:01:57 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\FileZilla
[2010.11.25 08:16:53 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\FreeCommander
[2010.08.27 00:41:07 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\gnupg
[2010.11.20 02:49:45 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\gtk-2.0
[2010.11.20 02:49:45 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\KDE
[2010.05.22 07:35:38 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\MAGIX
[2010.11.20 02:49:49 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\NetDrive
[2010.06.16 16:45:46 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\Nokia
[2010.06.16 16:03:21 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\Nokia Ovi Suite
[2010.03.17 21:41:09 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\OpenOffice.org
[2010.03.23 11:16:11 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\Orbit
[2010.03.17 12:27:53 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\Parental Control FF
[2010.06.16 16:00:57 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\PC Suite
[2010.09.13 09:17:37 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\SampleView
[2010.11.20 02:49:51 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\Spicebird
[2010.11.20 02:49:52 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\Thunderbird
[2010.06.15 17:11:48 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\TweakNow PowerPack 2010
[2010.11.19 19:58:22 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\TweakNow PowerPack Professional
[2010.11.30 19:55:39 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\RegistryDoktor.job
[2010.11.30 18:51:57 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2008.06.09 16:00:48 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\TuneUp DiskDoctor.job
[2010.11.30 20:20:00 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{76DF0194-9A6F-4853-800C-2A621ACFB0A9}.job
[2010.11.30 20:20:00 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7C547F25-2394-4FB2-B48C-8A20756D0333}.job
[2010.11.30 08:44:02 | 000,000,432 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{878EE288-3815-4EAA-8E43-CB257DA751E8}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0
@Alternate Data Stream - 14 bytes -> C:\Windows\system.ini:c1_encryption_d
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:0F8F5844

< End of report >
--- --- ---
Antwort

Themen zu win32:adware.gen hier das HiJackThis Log. - Bitte hilfe
adobe, antivirus, avast, avast!, bho, cdburnerxp, excel, explorer, firefox, google, hijack, hijackthis, internet, internet explorer, micro, microsoft, mozilla, mozilla thunderbird, pdf, plug-in, rundll, safer networking, security, server, software, system, vista, windows, winlogon


« Extreme Pingeinbrüche in 20 Minutenabständen! | Hijackthis logfile nach virenbedingter Systemwiederherstellung »


Ähnliche Themen: win32:adware.gen hier das HiJackThis Log. - Bitte hilfe


  1. habe einen Worm.Win32.fujack.n, bitte um hilfe (inkl. hijackthis logdatei)
    Log-Analyse und Auswertung - 22.09.2009 (14)
  2. Bitte um Hilfe! Win32 Adware.Virtumnote etc.
    Log-Analyse und Auswertung - 22.09.2008 (0)
  3. Win32/Adware.Virtumonde - Win32/PrivacyRemover.M64 - TR/Zlob.KA.2 - Hilfe benötigt!
    Log-Analyse und Auswertung - 29.08.2008 (9)
  4. Hilfe, mein Computer zeigtan: WIN32/Adware.Virtumonde&Win32/PrivacyRemover.M64
    Log-Analyse und Auswertung - 25.08.2008 (2)
  5. TR/Dropper hier mein Log, bitte um Hilfe
    Mülltonne - 07.08.2008 (1)
  6. Viren??Würmer..HILFE! Bitte um Hilfe bei der Auswertung meines hijackthis-log
    Mülltonne - 14.11.2007 (0)
  7. Habe Problem mit svchost.exe (Win32.WormP2P.Puce.G)hier mein Logfile bitte um Prüfung
    Mülltonne - 12.11.2007 (2)
  8. Problem: win32.delf.uc / Bitte um HiJackThis log Püfung
    Log-Analyse und Auswertung - 07.09.2007 (15)
  9. Internet funktioniert nicht mehr. Hier mein HiJackThis-Log.Bitte Um Ratschläge
    Log-Analyse und Auswertung - 05.07.2007 (6)
  10. Ich habe hier ein oder mehrere Porbleme, bitte um Hilfe
    Log-Analyse und Auswertung - 19.11.2006 (4)
  11. Hilfe 1 Adware Eingefangen Schnelle Hilfe Bitte!!
    Mülltonne - 08.10.2006 (1)
  12. Bitte um Hilfe - Hier mein Log
    Log-Analyse und Auswertung - 28.04.2005 (1)
  13. SOS Antivir versagt hier der Logfile bitte um Hilfe
    Log-Analyse und Auswertung - 23.03.2005 (1)
  14. SOS Antivir versagt hier der Logfile bitte um Hilfe
    Log-Analyse und Auswertung - 23.03.2005 (3)
  15. Bin neu hier und bitte um Hilfe
    Log-Analyse und Auswertung - 12.02.2005 (13)
  16. Hier Mein Logfile! Bitte Um Hilfe!
    Log-Analyse und Auswertung - 17.11.2004 (1)
  17. windnsd.exe und lol.exe ---> Hier mein Logfile mit Bitte um Hilfe
    Log-Analyse und Auswertung - 04.11.2004 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema win32:adware.gen hier das HiJackThis Log. - Bitte hilfe - Hallo an alle, Habe irgendwie einen win32:adware.gen an laptop hier das HijackThis Log. - Kann mir vieleicht jemand helfen. Bin Anfänger was PC-Krankheiten bzw. heilen angeht - vielen dank Logfile - win32:adware.gen hier das HiJackThis Log. - Bitte hilfe...
Archiv
Du betrachtest: win32:adware.gen hier das HiJackThis Log. - Bitte hilfe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22