Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: 'ADSPY/AdSpy.Gen2' [adware].

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.04.2011, 22:35   #1
Marci96
 
'ADSPY/AdSpy.Gen2' [adware]. - Ausrufezeichen

'ADSPY/AdSpy.Gen2' [adware].



Hallo ich habe folgendes Problem:

Die Datei 'C:\Users\Fabian\Downloads\XvidSetup.exe'
enthielt einen Virus oder unerwünschtes Programm 'ADSPY/AdSpy.Gen2' [adware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4b4eda34.qua' verschoben!

Kann man mir bitte helfen

Alt 28.04.2011, 20:02   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
'ADSPY/AdSpy.Gen2' [adware]. - Standard

'ADSPY/AdSpy.Gen2' [adware].



Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 28.04.2011, 21:58   #3
Marci96
 
'ADSPY/AdSpy.Gen2' [adware]. - Standard

'ADSPY/AdSpy.Gen2' [adware].



Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6467

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

28.04.2011 22:56:59
mbam-log-2011-04-28 (22-56-59).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 436122
Laufzeit: 36 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)



------------------------------------------------------------------------------------
komisch garnix gefunden?
__________________

Alt 28.04.2011, 22:10   #4
Marci96
 
'ADSPY/AdSpy.Gen2' [adware]. - Standard

'ADSPY/AdSpy.Gen2' [adware].



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 4/28/2011 11:05:47 PM - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Fabian\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 59.00% Memory free
12.00 Gb Paging File | 9.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 834.98 Gb Free Space | 89.64% Space Free | Partition Type: NTFS
Drive D: | 835.97 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: FABIAN-PC | User Name: Fabian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Fabian\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe (ASUSTeK Computer Inc.)
PRC - C:\Windows\SysWOW64\AsHookDevice.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\SEC\MT2.5_RAFF\GammaTray.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Fabian\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Device Handle Service) -- C:\Windows\SysWOW64\AsHookDevice.exe (ASUSTeK Computer Inc.)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (ASInsHelp) -- C:\Windows\SysWOW64\drivers\AsInsHelp64.sys ()
DRV - (MagicTune) -- C:\Windows\system32\drivers\MTictwl.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=3ce0fd1700000000000020cf30e790f3&tlver=1.4.19.19&ss=1&affID=17395
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files (x86)\BrotherSoft_Extreme\tbBrot.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Asus | MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files (x86)\BrotherSoft_Extreme\tbBrot.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "BrotherSoft Extreme Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/\r"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {51a86bb3-6602-4c85-92a5-130ee4864f13}:3.3.3.2
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=3ce0fd1700000000000020cf30e790f3&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17395&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/01/14 16:23:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/01/14 16:24:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/03/24 13:12:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/24 13:12:37 | 000,000,000 | ---D | M]
 
[2011/01/10 18:03:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\mozilla\Extensions
[2011/04/28 14:06:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\l2j1jxfz.default\extensions
[2011/03/29 12:18:11 | 000,000,000 | ---D | M] (BrotherSoft Extreme Community Toolbar) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\l2j1jxfz.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}
[2011/01/10 19:36:35 | 000,000,000 | ---D | M] (XfireXO) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\l2j1jxfz.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2011/03/10 19:28:42 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\l2j1jxfz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011/03/29 12:18:12 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\l2j1jxfz.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011/02/17 17:27:09 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\l2j1jxfz.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/03/29 12:18:12 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\l2j1jxfz.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011/03/29 12:18:11 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\l2j1jxfz.default\extensions\engine@conduit.com
[2011/04/23 00:48:20 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\l2j1jxfz.default\extensions\ffxtlbr@babylon.com
[2010/12/22 17:23:04 | 000,000,941 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\l2j1jxfz.default\searchplugins\conduit.xml
[2011/04/24 22:04:31 | 000,000,950 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\l2j1jxfz.default\searchplugins\icqplugin-1.xml
[2011/03/24 13:12:45 | 000,000,950 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\l2j1jxfz.default\searchplugins\icqplugin-2.xml
[2011/04/23 09:57:44 | 000,000,950 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\l2j1jxfz.default\searchplugins\icqplugin-3.xml
[2011/03/01 20:51:18 | 000,001,056 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\l2j1jxfz.default\searchplugins\icqplugin.xml
[2011/04/28 14:06:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011/01/22 22:48:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/01/22 22:48:14 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/05 22:40:27 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/04/23 00:48:20 | 000,002,428 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011/03/05 22:40:27 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010/10/26 17:57:38 | 000,002,036 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchppcb.xml
[2011/03/05 22:40:27 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/03/05 22:40:27 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/03/05 22:40:27 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (BrotherSoft Extreme Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files (x86)\BrotherSoft_Extreme\tbBrot.dll (Conduit Ltd.)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BrotherSoft Extreme Toolbar) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files (x86)\BrotherSoft_Extreme\tbBrot.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (BrotherSoft Extreme Toolbar) - {51A86BB3-6602-4C85-92A5-130EE4864F13} - C:\Program Files (x86)\BrotherSoft_Extreme\tbBrot.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ASUS VIBE] C:\Program Files (x86)\ASUS\ASUS VIBE\ASUS VIBE.exe (ecm)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe (ASUSTeK Computer Inc.)
O4 - HKCU..\Run: [EA Core]  File not found
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Product Registration.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Fabian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Fabian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/19 00:42:42 | 000,000,000 | ---D | M] - D:\autorun -- [ CDFS ]
O32 - AutoRun File - [2010/10/11 23:44:16 | 000,000,047 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{addc1cbd-1cfa-11e0-ac3b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{addc1cbd-1cfa-11e0-ac3b-806e6f6e6963}\Shell\AutoRun\command - "" = D:\cdstart.exe -- [2010/10/11 23:08:28 | 001,419,984 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/04/28 22:19:08 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\Malwarebytes
[2011/04/28 22:19:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/04/28 22:19:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/28 22:19:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/28 22:19:03 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/04/28 22:19:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/04/28 09:37:10 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\GIANTS Editor 4.1.7
[2011/04/28 09:36:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIANTS Software
[2011/04/28 09:36:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIANTS Software
[2011/04/28 01:11:05 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
[2011/04/28 01:11:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2011/04/28 01:11:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64
[2011/04/28 01:11:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Scan
[2011/04/28 01:11:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/04/28 01:11:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64\0207060.00D
[2011/04/28 01:11:04 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/04/28 01:11:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2011/04/28 00:03:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Landwirtschafts Simulator 2011
[2011/04/28 00:02:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Landwirtschafts Simulator 2011
[2011/04/27 22:12:16 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\DivX
[2011/04/27 22:12:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2011/04/27 22:12:01 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011/04/27 22:10:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2011/04/27 13:50:00 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/04/27 13:50:00 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2011/04/27 13:49:55 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/04/27 13:49:55 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/04/27 13:49:26 | 002,566,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2011/04/27 13:49:26 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2011/04/27 13:49:26 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2011/04/27 13:49:25 | 000,187,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2011/04/27 13:49:25 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2011/04/27 13:49:25 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2011/04/27 13:49:25 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2011/04/27 13:49:16 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2011/04/27 13:49:16 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2011/04/25 20:02:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\sixteen tons entertainment
[2011/04/25 19:57:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\sixteen tons entertainment
[2011/04/25 15:36:39 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011/04/23 10:14:28 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\GIANTS Editor 4.1.2
[2011/04/23 10:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Landwirtschafts-Simulator 2009
[2011/04/23 10:12:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Landwirtschafts-Simulator 2009
[2011/04/23 00:48:34 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\FreeScreenToVideo
[2011/04/22 21:58:01 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\Server 1.5_01
[2011/04/16 12:42:56 | 540,815,728 | ---- | C] (Z8Games.com                                                 ) -- C:\Users\Fabian\CrossFire_Setup_v10652.exe
[2011/04/14 13:12:27 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Geile Fotos
[2011/04/14 09:47:32 | 000,086,016 | ---- | C] (Beepa P/L) -- C:\Windows\SysWow64\frapsvid.dll
[2011/04/14 09:47:30 | 000,084,992 | ---- | C] (Beepa P/L) -- C:\Windows\SysNative\frapsv64.dll
[2011/04/13 22:21:12 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/04/13 22:21:12 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/04/13 22:21:11 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/04/13 22:21:11 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/04/13 22:21:11 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/04/13 22:21:09 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2011/04/13 22:21:09 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2011/04/13 22:21:08 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2011/04/13 22:21:08 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2011/04/13 22:21:06 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011/04/13 22:21:06 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011/04/13 22:21:05 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011/04/13 22:21:05 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011/04/13 22:20:58 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/04/13 22:20:58 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/04/13 22:20:58 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/04/13 22:20:58 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/04/13 22:20:58 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/04/13 22:20:58 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/04/13 22:20:58 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/04/13 22:20:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/04/13 22:20:58 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/04/13 22:20:58 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/04/13 22:20:58 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/04/13 22:20:58 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/04/13 22:20:58 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/04/13 22:20:58 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/04/13 22:20:48 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2011/04/13 22:20:47 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2011/04/13 22:20:47 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2011/04/13 22:20:45 | 000,640,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2011/04/13 22:20:45 | 000,603,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2011/04/13 22:20:45 | 000,556,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2011/04/13 22:20:45 | 000,518,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2011/04/13 22:20:45 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2011/04/13 22:20:45 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2011/04/13 22:20:45 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2011/04/13 22:20:44 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2011/04/01 19:24:42 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Engstlatt
[2011/03/31 14:28:54 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\Yenka
[2011/03/31 14:28:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yenka
[2011/03/31 14:28:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yenka
[2011/03/31 14:19:15 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\Software Informer
[2011/03/31 12:46:17 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys
[2011/03/31 12:46:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/04/28 22:39:12 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/28 22:19:06 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/28 19:39:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/28 17:41:00 | 000,000,500 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Fabian.job
[2011/04/28 12:09:53 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/28 12:09:53 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/28 12:08:29 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/04/28 12:08:29 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011/04/28 12:08:29 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/04/28 12:08:29 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011/04/28 12:08:29 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/04/28 12:02:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/28 12:02:29 | 479,502,335 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/28 09:36:56 | 000,001,164 | ---- | M] () -- C:\Users\Fabian\Desktop\GIANTS Editor.lnk
[2011/04/28 01:11:07 | 000,001,352 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
[2011/04/28 01:11:05 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NSSx64\0207060.00D\isolate.ini
[2011/04/28 00:03:55 | 000,001,287 | ---- | M] () -- C:\Users\Fabian\Desktop\Landwirtschafts Simulator 2011 .lnk
[2011/04/25 15:37:37 | 000,053,248 | ---- | M] () -- C:\Windows\SysNative\FXSCOM32.dll
[2011/04/16 12:46:20 | 540,815,728 | ---- | M] (Z8Games.com                                                 ) -- C:\Users\Fabian\CrossFire_Setup_v10652.exe
[2011/04/14 12:59:55 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/04/14 09:47:32 | 000,086,016 | ---- | M] (Beepa P/L) -- C:\Windows\SysWow64\frapsvid.dll
[2011/04/14 09:47:30 | 000,084,992 | ---- | M] (Beepa P/L) -- C:\Windows\SysNative\frapsv64.dll
[2011/04/11 18:06:39 | 000,002,743 | ---- | M] () -- C:\Users\Fabian\.recently-used.xbel
[2011/03/31 14:28:24 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\Yenka.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/04/28 22:19:06 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/28 09:36:56 | 000,001,164 | ---- | C] () -- C:\Users\Fabian\Desktop\GIANTS Editor.lnk
[2011/04/28 01:11:07 | 000,001,352 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk
[2011/04/28 01:11:07 | 000,000,500 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for Fabian.job
[2011/04/28 01:11:05 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSSx64\0207060.00D\isolate.ini
[2011/04/28 00:03:55 | 000,001,287 | ---- | C] () -- C:\Users\Fabian\Desktop\Landwirtschafts Simulator 2011 .lnk
[2011/04/25 15:37:37 | 000,053,248 | ---- | C] () -- C:\Windows\SysNative\FXSCOM32.dll
[2011/04/11 18:06:39 | 000,002,743 | ---- | C] () -- C:\Users\Fabian\.recently-used.xbel
[2011/03/31 14:28:24 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\Yenka.lnk
[2011/03/01 19:21:58 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/03 21:45:52 | 002,648,064 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll
[2011/01/28 14:03:44 | 049,499,345 | ---- | C] () -- C:\Program Files (x86)\minecraft Beta 1.2.rar
[2011/01/13 14:08:18 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011/01/12 20:13:29 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2011/01/10 23:01:30 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\drivers\ServiceHelp.dll
[2011/01/10 22:59:41 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011/01/10 22:59:41 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011/01/10 22:59:37 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011/01/10 22:59:37 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011/01/10 22:50:53 | 000,022,258 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011/01/10 22:50:40 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/01/10 22:50:37 | 000,016,830 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/01/10 19:05:41 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/01/10 19:00:55 | 000,013,396 | ---- | C] () -- C:\Windows\SysWow64\drivers\MTictwl.sys
[2011/01/10 17:07:05 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2010/10/14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/13 23:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 23:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 23:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/06 12:48:34 | 000,013,368 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/04 14:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2008/03/05 11:27:42 | 000,001,181 | ---- | C] () -- C:\Windows\SysWow64\PLCLIB32.INI
[2008/03/05 11:27:42 | 000,001,181 | ---- | C] () -- C:\Windows\SysWow64\drivers\PLCLIB32.INI

< End of report >
         
--- --- ---

--------------------------------------------------------------
ist das der richtige Scan ich fand nirgens run Scan und nam einfach scan

oder solte ich Quick Scan nehmen?

Alt 29.04.2011, 10:14   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
'ADSPY/AdSpy.Gen2' [adware]. - Standard

'ADSPY/AdSpy.Gen2' [adware].



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu 'ADSPY/AdSpy.Gen2' [adware].
adspy/adspy.gen2, adware, aktion, datei, downloads, folge, folgendes, namen, problem, programm, unerwünschtes, unerwünschtes programm, users, verschoben, virus




Ähnliche Themen: 'ADSPY/AdSpy.Gen2' [adware].


  1. adspy/adspy.gen2
    Plagegeister aller Art und deren Bekämpfung - 15.10.2015 (7)
  2. Malware Meldung "Adspy/adspy.gen2" gefunden!
    Plagegeister aller Art und deren Bekämpfung - 08.05.2015 (51)
  3. ADSPY/AdSpy.Gen2 - \Intel\Intel(R) Management Engine Components\UNS\UNS.exe' .lapi total am hängen
    Log-Analyse und Auswertung - 12.06.2013 (25)
  4. Trojaner ADSPY/AdSpy.Gen2
    Plagegeister aller Art und deren Bekämpfung - 23.07.2012 (1)
  5. Antivir findet ADSPY/AdSpy.Gen2 (Problem mit Downloads; zuvor Probleme mit Antivir)
    Plagegeister aller Art und deren Bekämpfung - 16.02.2012 (5)
  6. Mailware ADSPY/AdSpy.Gen2
    Log-Analyse und Auswertung - 11.01.2012 (1)
  7. Virus ADSPY/AdSpy.Gen2 und mediashifting.com/?search=.....
    Log-Analyse und Auswertung - 31.12.2011 (2)
  8. ADSPY/AdSpy.Gen2 entdeckt
    Plagegeister aller Art und deren Bekämpfung - 02.11.2011 (7)
  9. ADSPY/AdSpy.Gen2
    Log-Analyse und Auswertung - 04.09.2011 (1)
  10. ADSPY/AdSpy.Gen2, TR/Crypt.XPACK.Gen2 u.a. , lassen sich nicht entfernen
    Log-Analyse und Auswertung - 06.05.2011 (9)
  11. ADSPY/AdSpy.Gen2 und JAVA/OpenConnect.CF
    Plagegeister aller Art und deren Bekämpfung - 28.01.2011 (5)
  12. StudiVZ-Account geknackt:AVIRA: TR/Trash.Gen' [trojan] , vor kurzem ADSPY/AdSpy.Gen2 in selber Datei
    Plagegeister aller Art und deren Bekämpfung - 27.01.2011 (5)
  13. ADSPY/AdSpy.Gen2
    Log-Analyse und Auswertung - 05.12.2010 (7)
  14. Mehrere Virenfunde bei Antivir (ADSPY/SaveNow.CO ADSPY/AdSpy.Gen ADWARE/Stud.D ADSPY/Agent.23040)
    Plagegeister aller Art und deren Bekämpfung - 12.11.2010 (3)
  15. ADSPY/Adspy.Gen2 gefunden
    Plagegeister aller Art und deren Bekämpfung - 09.11.2010 (20)
  16. AntiVir hat "ADSPY/AdSpy.Gen2" gefunden
    Plagegeister aller Art und deren Bekämpfung - 24.09.2010 (1)
  17. ADSPY/AdSpy.Gen, TR/Trash.Gen, ADSPY/SaveNow.CG und weitere
    Log-Analyse und Auswertung - 30.07.2010 (18)

Zum Thema 'ADSPY/AdSpy.Gen2' [adware]. - Hallo ich habe folgendes Problem: Die Datei ' C:\Users\Fabian\Downloads\XvidSetup.exe' enthielt einen Virus oder unerwünschtes Programm 'ADSPY/AdSpy.Gen2' [adware]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4b4eda34.qua' verschoben! Kann - 'ADSPY/AdSpy.Gen2' [adware]....
Archiv
Du betrachtest: 'ADSPY/AdSpy.Gen2' [adware]. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.