| |
| |||||||
Log-Analyse und Auswertung: Win32.agent.fbx(trojaner anzeige),Tradedoubler, MediaPlex-Nicht löschbar.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
05.10.2011, 05:58
| #1 | |
| |  Win32.agent.fbx(trojaner anzeige),Tradedoubler, MediaPlex-Nicht löschbar. Hallo, also ich habe folgendes Problem; Mir schmiert seit einer ewigkeit öfters mal meine Inet Verbindung ab, gerade wenn ich mich im Teamspeak aufhalte. Und das ist natürlich ärgerlich. Das nahm ich zum Grund um den Spyware Terminator vom PC zu schmeißen, mir den Avira wieder zu loaden + den SpywareBot . Weder der Avira noch der Spyware Terminator haben mir vorher jemals folgende meldung bzw folgende Objekte(Funde) nach einem Scan angezeigt Zitat:
Ich habe mir die OTL.exe gezogen und alles wie angefordert gemacht,Inetverbinung gekappt,Scanner aus und das Programm laufen lassen wobei dieser Log entstand. ( Da ich es iwie nicht hinbekomme diesen als anhang zu packen muss ich den leider so Posten -.- Ich hoffe es kann mir trotzdem jemand helfen, ich bin halt mehr ein Laie in sowas und bin absolut verzweifelt grad  OTL Logfile: Code:
ATTFilter OTL logfile created on: 04.10.2011 20:10:37 - Run 2 OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\XXX\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,75 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 62,70% Memory free 3,74 Gb Paging File | 2,85 Gb Available in Paging File | 76,24% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,37 Gb Total Space | 21,12 Gb Free Space | 28,40% Space Free | Partition Type: NTFS Drive E: | 73,21 Gb Total Space | 67,95 Gb Free Space | 92,81% Space Free | Partition Type: NTFS Computer Name: XXX-PC | User Name: XXX | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\XXX\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\ProgramData\DatacardService\DCService.exe () PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.) PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Programme\Toshiba TEMPRO\TempoSVC.exe (Toshiba Europe GmbH) PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - c:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) PRC - c:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation) PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) PRC - C:\Windows\tsnp2std.exe () PRC - C:\Windows\vsnp2std.exe (Sonix) PRC - C:\Windows\FixCamera.exe () PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\System32\atitmmxx.dll () MOD - C:\Windows\tsnp2std.exe () MOD - C:\Windows\FixCamera.exe () ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (DCService.exe) -- C:\ProgramData\DatacardService\DCService.exe () SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (TempoMonitoringService) -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe (Toshiba Europe GmbH) SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (TNaviSrv) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (TosCoSrv) -- c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (TOSHIBA SMART Log Service) -- c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation) SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (SPC530) -- C:\Windows\System32\drivers\SPC530.sys ( ) DRV - (SPC530m) -- C:\Windows\System32\drivers\SPC530m.sys ( ) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation) DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.) DRV - (RTL8187B) -- C:\Windows\System32\drivers\rtl8187B.sys (Realtek Semiconductor Corporation ) DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab) DRV - (SNP2STD) USB2.0 PC Camera (SNP2STD) -- C:\Windows\System32\drivers\snp2sxp.sys () DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows (R) Codename Longhorn DDK provider) DRV - (MRV6X32U) -- C:\Windows\System32\drivers\MRVW23B.sys (Bluemedia) DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation) DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.) DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI) DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI) DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Search" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.jappy.de/" FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.6.0 FF - prefs.js..extensions.enabledItems: {9d1f059c-cada-4111-9696-41a62d64e3ba}:0.7.1 FF - prefs.js..extensions.enabledItems: {7E77F5DF-8022-40e3-9122-F03DEBEFC43B}:1.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.2.0 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "ICQ Search" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "ICQ Search" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\XXX\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\XXX\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\XXX\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.08 02:34:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.21 02:11:34 | 000,000,000 | ---D | M] [2009.01.15 17:30:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions [2011.09.25 20:05:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\aggjj9u6.default\extensions [2010.04.27 09:46:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\aggjj9u6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.09.06 20:53:08 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\aggjj9u6.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2010.04.04 19:37:56 | 000,000,000 | ---D | M] ("PsicoTSI") -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\aggjj9u6.default\extensions\{7E77F5DF-8022-40e3-9122-F03DEBEFC43B} [2011.06.09 04:46:26 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\aggjj9u6.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.06.09 04:46:28 | 000,000,000 | ---D | M] (FoxTrick) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\aggjj9u6.default\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba} [2010.09.22 14:19:39 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\aggjj9u6.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.02.01 00:22:29 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\aggjj9u6.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2011.06.09 04:46:29 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\aggjj9u6.default\extensions\engine@conduit.com [2011.09.29 20:22:39 | 000,000,828 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\aggjj9u6.default\searchplugins\icqplugin-10.xml [2011.09.29 20:22:39 | 000,000,828 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\aggjj9u6.default\searchplugins\icqplugin-11.xml [2011.09.29 20:22:39 | 000,000,828 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\aggjj9u6.default\searchplugins\icqplugin-12.xml [2011.09.29 20:22:39 | 000,000,828 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\aggjj9u6.default\searchplugins\icqplugin-2.xml [2011.09.29 20:22:39 | 000,000,828 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\aggjj9u6.default\searchplugins\icqplugin-3.xml [2011.09.29 20:22:39 | 000,000,828 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\aggjj9u6.default\searchplugins\icqplugin-4.xml [2011.09.29 20:22:39 | 000,000,828 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\aggjj9u6.default\searchplugins\icqplugin-5.xml [2011.09.29 20:22:39 | 000,000,828 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\aggjj9u6.default\searchplugins\icqplugin-6.xml [2011.09.29 20:22:39 | 000,000,828 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\aggjj9u6.default\searchplugins\icqplugin-7.xml [2011.09.29 20:22:39 | 000,000,828 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\aggjj9u6.default\searchplugins\icqplugin-8.xml [2011.09.29 20:22:39 | 000,000,828 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\aggjj9u6.default\searchplugins\icqplugin-9.xml [2011.09.29 20:22:39 | 000,000,822 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\aggjj9u6.default\searchplugins\icqplugin.xml [2011.09.25 20:05:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.01.15 18:58:16 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.05.05 11:19:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.06 15:21:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011.03.16 19:30:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.01.12 11:19:40 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Programme\Mozilla Firefox\extensions\quickstores@quickstores.de [2009.01.26 10:29:57 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2009.03.25 13:59:49 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009.09.10 17:51:39 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009.11.23 09:15:19 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010.04.01 12:11:36 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [2010.05.05 11:19:57 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.06 15:21:27 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011.03.16 19:30:05 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.01.12 11:19:40 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\QUICKSTORES@QUICKSTORES.DE [2008.09.04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll [2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.09.29 20:22:39 | 000,001,400 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.29 20:22:39 | 000,002,352 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.09.29 20:22:39 | 000,006,818 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.06.20 01:46:01 | 000,001,272 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.29 20:22:39 | 000,000,903 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\TimoF1\AppData\Local\Google\Chrome\Application\14.0.835.187\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\XXX\AppData\Local\Google\Chrome\Application\14.0.835.187\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\TimoF1\AppData\Local\Google\Chrome\Application\14.0.835.187\pdf.dll CHR - plugin: BitTorrent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa2.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\XXX\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Google Update (Enabled) = C:\Users\XXX\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Star Gazer = C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\mblmlcbknbnfebdfjnolmcapmdofhmme\1.1_0\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found. O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [FixCamera] C:\Windows\FixCamera.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [snp2std] C:\Windows\vsnp2std.exe (Sonix) O4 - HKLM..\Run: [tsnp2std] C:\Windows\tsnp2std.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Facebook Update] C:\Users\TimoF1\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube Download - C:\Users\XXX\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\XXX\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - eBay - eine der größten deutschen Shopping-Websites File not found O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - Amazon.de: Günstige Preise bei Elektronik & Foto, DVD, Musik, Bücher, Games, Spielzeug & mehr File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: CabBuilder hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DACC1AB2-63AB-4A89-9607-B17496CE76C4}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1A14B54-FDEA-4D36-B4BF-5CCBA037D3B7}: DhcpNameServer = 193.189.244.225 193.189.244.206 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{1478f9f4-aa73-11e0-b8cb-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{1478f9f4-aa73-11e0-b8cb-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{6de362c8-f728-11de-a230-cf40e21dd416}\Shell - "" = AutoRun O33 - MountPoints2\{6de362c8-f728-11de-a230-cf40e21dd416}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{6de362ca-f728-11de-a230-97ebfdbb4c5c}\Shell - "" = AutoRun O33 - MountPoints2\{6de362ca-f728-11de-a230-97ebfdbb4c5c}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{6de362cb-f728-11de-a230-c21f936b4dc8}\Shell - "" = AutoRun O33 - MountPoints2\{6de362cb-f728-11de-a230-c21f936b4dc8}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{7c434e32-7ad9-11e0-9612-d12759e963c7}\Shell - "" = AutoRun O33 - MountPoints2\{7c434e32-7ad9-11e0-9612-d12759e963c7}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{7c434e63-7ad9-11e0-9612-f6306ce76e31}\Shell - "" = AutoRun O33 - MountPoints2\{7c434e63-7ad9-11e0-9612-f6306ce76e31}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{c5bfab1c-62b0-11de-97ef-8c5b947565c5}\Shell - "" = AutoRun O33 - MountPoints2\{c5bfab1c-62b0-11de-97ef-8c5b947565c5}\Shell\AutoRun\command - "" = G:\LaunchU3.exe O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^Users^XXX^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TRDCReminder.lnk - C:\Programme\TOSHIBA\TRDCReminder\TRDCReminder.exe - (TOSHIBA Europe) MsConfig - StartUpReg: 00TCrdMain - hkey= - key= - File not found MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: avgnt - hkey= - key= - File not found MsConfig - StartUpReg: AVP - hkey= - key= - File not found MsConfig - StartUpReg: cfFncEnabler.exe - hkey= - key= - File not found MsConfig - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation) MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) MsConfig - StartUpReg: mcagent_exe - hkey= - key= - File not found MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig - StartUpReg: NDSTray.exe - hkey= - key= - File not found MsConfig - StartUpReg: Ocs_SM - hkey= - key= - C:\Users\XXX\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) MsConfig - StartUpReg: SmoothView - hkey= - key= - File not found MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) MsConfig - StartUpReg: swg - hkey= - key= - File not found MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) MsConfig - StartUpReg: TkBellExe - hkey= - key= - File not found MsConfig - StartUpReg: topi - hkey= - key= - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) MsConfig - StartUpReg: Toshiba Registration - hkey= - key= - C:\Programme\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba) MsConfig - StartUpReg: Toshiba TEMPO - hkey= - key= - C:\Programme\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH) MsConfig - StartUpReg: TPwrMain - hkey= - key= - File not found MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.10.04 15:14:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2011.10.04 15:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.10.04 15:14:43 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2011.10.04 03:01:09 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Avira [2011.10.03 02:25:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.6 [2011.10.03 02:24:06 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.6 [2011.09.29 21:00:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.09.29 20:59:34 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2011.09.29 20:59:20 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.09.29 20:59:20 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.09.29 20:59:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.09.29 20:59:12 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2011.09.29 20:22:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\IO [2011.09.10 11:26:38 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\DVDVideoSoft [2011.09.10 11:03:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simfy [2011.09.10 11:03:16 | 000,000,000 | ---D | C] -- C:\Program Files\simfy [2011.09.05 06:57:55 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Facebook [2009.12.25 02:39:10 | 000,151,552 | ---- | C] ( ) -- C:\Windows\System32\rsnp2std.dll [2009.12.25 02:39:10 | 000,077,824 | ---- | C] ( ) -- C:\Windows\System32\csnp2std.dll [2009.11.07 11:54:23 | 000,007,680 | ---- | C] ( ) -- C:\Windows\System32\drivers\SPC530m.sys [2009.11.07 11:54:22 | 000,486,912 | ---- | C] ( ) -- C:\Windows\System32\drivers\SPC530.sys [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.10.04 20:15:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-279534257-4243095250-1252865368-1000UA.job [2011.10.04 20:10:00 | 000,001,194 | ---- | M] () -- C:\Users\XXX\Desktop\OTL - Verknüpfung.lnk [2011.10.04 20:02:22 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.10.04 20:02:22 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.10.04 20:01:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.10.04 20:01:18 | 1876,783,104 | -HS- | M] () -- C:\hiberfil.sys [2011.10.04 19:51:08 | 000,000,000 | ---- | M] () -- C:\Users\XXX\defogger_reenable [2011.10.04 19:50:27 | 000,000,548 | ---- | M] () -- C:\Users\XXX\Desktop\Defogger.exe - Verknüpfung.lnk [2011.10.04 19:03:14 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-279534257-4243095250-1252865368-1000UA.job [2011.10.04 15:14:53 | 000,001,060 | ---- | M] () -- C:\Users\XXX\Desktop\Spybot - Search & Destroy.lnk [2011.10.04 00:15:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-279534257-4243095250-1252865368-1000Core.job [2011.10.03 07:03:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-279534257-4243095250-1252865368-1000Core.job [2011.10.03 02:25:05 | 000,001,614 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.6.lnk [2011.10.02 04:12:13 | 000,002,052 | ---- | M] () -- C:\Users\XXX\Desktop\Google Chrome.lnk [2011.09.30 04:17:06 | 000,000,736 | ---- | M] () -- C:\Users\XXX\Documents\cc_20110930_041654.reg [2011.09.30 04:16:14 | 000,000,082 | ---- | M] () -- C:\Users\XXX\Documents\cc_20110930_041611.reg [2011.09.29 21:00:07 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.09.21 02:11:39 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk [2011.09.13 10:33:31 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.09.13 10:33:31 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.09.13 10:33:31 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.09.13 10:33:31 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.09.10 11:27:58 | 000,001,037 | ---- | M] () -- C:\Users\XXX\Desktop\DVDVideoSoft Free Studio.lnk [2011.09.10 11:03:17 | 000,000,719 | ---- | M] () -- C:\Users\Public\Desktop\simfy.lnk [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.10.04 20:09:57 | 000,001,194 | ---- | C] () -- C:\Users\XXX\Desktop\OTL - Verknüpfung.lnk [2011.10.04 19:51:08 | 000,000,000 | ---- | C] () -- C:\Users\XXX\defogger_reenable [2011.10.04 19:50:05 | 000,000,548 | ---- | C] () -- C:\Users\XXX\Desktop\Defogger.exe - Verknüpfung.lnk [2011.10.04 15:14:53 | 000,001,060 | ---- | C] () -- C:\Users\XXX\Desktop\Spybot - Search & Destroy.lnk [2011.10.03 02:25:05 | 000,001,614 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.6.lnk [2011.09.30 04:17:01 | 000,000,736 | ---- | C] () -- C:\Users\XXX\Documents\cc_20110930_041654.reg [2011.09.30 04:16:14 | 000,000,082 | ---- | C] () -- C:\Users\XXX\Documents\cc_20110930_041611.reg [2011.09.29 21:00:07 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.09.05 06:58:20 | 000,000,932 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-279534257-4243095250-1252865368-1000UA.job [2011.09.05 06:58:13 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-279534257-4243095250-1252865368-1000Core.job [2010.08.26 23:28:22 | 000,000,208 | ---- | C] () -- C:\Windows\ACROREAD.INI [2010.08.26 23:26:50 | 000,088,576 | ---- | C] () -- C:\Windows\RAUNINST.EXE [2010.07.27 20:27:36 | 000,000,000 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\wklnhst.dat [2010.06.29 05:08:23 | 000,214,720 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2009.12.28 08:54:37 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE [2009.12.25 02:39:19 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe [2009.12.25 02:39:16 | 000,270,336 | ---- | C] () -- C:\Windows\tsnp2std.exe [2009.12.25 02:39:16 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini [2009.12.25 02:39:15 | 000,025,472 | ---- | C] () -- C:\Windows\System32\drivers\sncamd.sys [2009.12.25 02:39:12 | 012,179,584 | ---- | C] () -- C:\Windows\System32\drivers\snp2sxp.sys [2009.12.10 04:26:13 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.10.21 08:31:51 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.10.21 08:31:50 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.07.17 02:30:51 | 000,339,968 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll [2009.07.17 02:30:51 | 000,114,688 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll [2009.07.12 19:27:13 | 000,367,957 | ---- | C] () -- C:\Users\XXX\AppData\Local\ciqkg_nav.dat [2009.07.12 19:26:42 | 000,001,460 | ---- | C] () -- C:\Users\XXX\AppData\Local\ciqkg_navps.dat [2009.07.12 19:26:42 | 000,000,089 | ---- | C] () -- C:\Users\XXX\AppData\Local\ciqkg.bat [2009.07.12 19:26:41 | 000,003,589 | ---- | C] () -- C:\Users\XXX\AppData\Local\ciqkg.dat [2009.05.25 05:49:29 | 000,000,680 | ---- | C] () -- C:\Users\XXX\AppData\Local\d3d9caps.dat [2009.03.27 17:42:15 | 000,024,206 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\UserTile.png [2009.01.19 00:56:09 | 000,055,808 | ---- | C] () -- C:\Users\XXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.01.15 17:30:27 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.01.15 16:38:55 | 000,131,072 | ---- | C] () -- C:\Windows\System32\EnumDevLib.dll [2009.01.15 16:36:43 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini [2009.01.15 16:36:43 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll [2009.01.15 16:36:43 | 000,009,480 | ---- | C] () -- C:\Windows\System32\tosmreg.ini [2009.01.15 16:36:43 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini [2008.10.07 17:02:35 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2008.10.07 17:02:35 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2008.10.07 17:02:35 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2008.10.07 17:02:35 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2008.10.07 17:02:35 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2008.10.07 17:02:35 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2008.10.07 16:54:03 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2008.10.07 16:43:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2008.10.07 15:54:49 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.10.07 15:40:10 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.10.07 15:38:21 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2008.10.07 15:38:21 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008.10.07 15:38:20 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2008.10.07 15:38:20 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe [2008.01.21 09:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,321,376 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2010.07.11 14:28:55 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\BitTorrent [2011.09.10 11:46:59 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DVDVideoSoft [2011.09.10 11:29:03 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DVDVideoSoftIEHelpers [2009.07.12 19:27:42 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\FunkyEmoticons [2011.03.13 00:00:12 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Hansenet [2011.02.24 03:15:57 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\icPlus [2011.10.04 01:13:58 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\ICQ [2010.05.03 23:58:46 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\inkscape [2009.10.29 03:36:44 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\LimeWire [2010.12.18 05:54:52 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\myphotobook [2011.01.09 20:00:58 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\OCS [2011.01.09 20:01:24 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Opera [2009.03.27 17:42:14 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\PeerNetworking [2011.05.11 23:21:43 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\PhotoScape [2011.08.17 21:01:14 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Simfy [2010.11.27 02:58:29 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\temp [2010.07.27 20:27:42 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Template [2009.01.19 02:56:34 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Toshiba [2011.05.22 03:21:03 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\TS3Client [2009.05.24 22:35:04 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\TuneUp Software [2011.10.03 07:03:00 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-279534257-4243095250-1252865368-1000Core.job [2011.10.04 19:03:14 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-279534257-4243095250-1252865368-1000UA.job [2011.10.04 20:00:10 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2009.01.15 16:39:36 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2010.08.26 23:28:17 | 000,000,000 | ---D | M] -- C:\Acrobat3 [2011.01.19 08:52:08 | 000,000,000 | -HSD | M] -- C:\Boot [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.01.15 16:26:36 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.03.22 14:37:26 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft [2008.10.08 10:01:03 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.06.14 22:08:26 | 000,000,000 | ---D | M] -- C:\My Downloads [2008.01.21 04:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.10.04 15:14:43 | 000,000,000 | R--D | M] -- C:\Program Files [2011.10.04 15:14:43 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009.01.15 16:26:36 | 000,000,000 | -HSD | M] -- C:\Programme [2011.10.04 20:15:18 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2009.01.15 16:40:03 | 000,000,000 | ---D | M] -- C:\Toshiba [2009.01.15 16:30:36 | 000,000,000 | R--D | M] -- C:\Users [2010.08.26 23:27:43 | 000,000,000 | ---D | M] -- C:\WESTWOOD [2011.09.30 04:12:40 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: REGEDIT.EXE > [2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe [2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-10-04 09:33:03 < > < End of report > Nach diesem Log habe ich auch den defogger laufen lassen, alles neugestartet. Der SpyBot zeigte es nach einem erneuten Scan(ohne bestehende Inet verbindung) weiterhin wie vorher an. Ich wäre um eine antowort/hilfe echt mehr als froh,sonst bleibt mir nichts anderes ausser alles platt zu machen Liebe grüße Geändert von Pukki (05.10.2011 um 06:08 Uhr) Grund: *Zitat nachbearbeitet |
| Themen zu Win32.agent.fbx(trojaner anzeige),Tradedoubler, MediaPlex-Nicht löschbar. |
| antivir, avira, avp, bho, c:\windows\system32\rundll32.exe, converter, desktop, device driver, email, error, excel.exe, firefox, home, intranet, kaspersky, limited.com/facebook, logfile, mp3, object, plug-in, problem, programm, realtek, registry, safer networking, scan, sched.exe, senden, software, spyware, studio, teamspeak, trojaner, vista, win32.agent.fbx |
Baum-Darstellung