Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: funmoods & DR/FakePic.Gen tmp.edb

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 12.03.2012, 13:11   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
funmoods & DR/FakePic.Gen  tmp.edb - Standard

funmoods & DR/FakePic.Gen tmp.edb



Zitat:
Scan Mode: Current user
Du hast den Haken bei "Scanne alle Benutzer" auch vergessen
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.03.2012, 15:14   #17
disteffensso
 
funmoods & DR/FakePic.Gen  tmp.edb - Standard

funmoods & DR/FakePic.Gen tmp.edb



Entschuldige mich für die Nachlässigkeit. Im Ernst.
Habe den Suchlauf 5 x versucht. Alles richtig eingestellt und eingefügt.
Der Suchlauf bleibt nach ca. 10 sek. bei "scanne Modules" hängen.
Auch nach Neustart.

Gruß

Stefan
__________________


Alt 12.03.2012, 15:36   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
funmoods & DR/FakePic.Gen  tmp.edb - Standard

funmoods & DR/FakePic.Gen tmp.edb



Was heißt das genau? Wenn du alle Benutzer scannen willst hänger OTL sich auf?
__________________
__________________

Alt 12.03.2012, 15:50   #19
disteffensso
 
funmoods & DR/FakePic.Gen  tmp.edb - Standard

funmoods & DR/FakePic.Gen tmp.edb



Nach dem 6. mal ging es. Meine Firewall ist bei jedem Neustart aus. Das macht der Virus, oder? Allerdings ist die Windows- und die Avirafirewall an. War früher kein Problem.
Im Anschluß der Log.

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 12.03.2012 15:15:35 - Run 7
OTL by OldTimer - Version 3.2.35.1     Folder = C:\Users\stefan\Desktop\Trojanerjäger
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 54,08% Memory free
3,98 Gb Paging File | 2,86 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,21 Gb Total Space | 20,20 Gb Free Space | 17,38% Space Free | Partition Type: NTFS
Drive E: | 115,21 Gb Total Space | 55,26 Gb Free Space | 47,96% Space Free | Partition Type: NTFS
Drive G: | 465,65 Gb Total Space | 179,61 Gb Free Space | 38,57% Space Free | Partition Type: FAT32
 
Computer Name: STEFANS-PC | User Name: stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\stefan\Desktop\Trojanerjäger\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Freemake)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
PRC - C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica I+D)
PRC - C:\Program Files\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()
PRC - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
PRC - C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6310a2050033b0b567428ca55bda4a1b\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d0cf808e33a5123b33010b933d3b1597\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\3951e0a359c004cd6ba268ff78ac62aa\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1e258a951222c818540b33880ca45f2e\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()
MOD - C:\Program Files\TUGZip\Plugins\TzArchive10.tgp ()
MOD - C:\Windows\System32\ztvunrar36.dll ()
MOD - C:\Program Files\TUGZip\Plugins\TzImage10.tgp ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Freemake Improver) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Freemake)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirFirewallService) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Browser Defender Update Service) -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (TGCM_ImportWiFiSvc) -- C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica I+D)
SRV - (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (SmartFaceVWatchSrv) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
SRV - (TNaviSrv) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) --  File not found
DRV - (NwlnkFlt) --  File not found
DRV - (IpInIp) --  File not found
DRV - (esgiguard) --  File not found
DRV - (catchme) --  File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (avfwot) -- C:\Windows\System32\drivers\avfwot.sys (Avira GmbH)
DRV - (avfwim) -- C:\Windows\System32\drivers\avfwim.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (massfilter_hs) -- C:\Windows\System32\drivers\massfilter_hs.sys (ZTE Incorporated)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation                           )
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{9A284460-6B83-4FC5-9B1D-B3C625C48887}: "URL" = hxxp://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA;
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2415907942-3743196634-3517938245-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
IE - HKU\S-1-5-21-2415907942-3743196634-3517938245-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2415907942-3743196634-3517938245-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2415907942-3743196634-3517938245-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-21-2415907942-3743196634-3517938245-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2415907942-3743196634-3517938245-1000\..\SearchScopes,DefaultScope = {BA778FA4-2DDB-4814-9662-D91BA0D516E1}
IE - HKU\S-1-5-21-2415907942-3743196634-3517938245-1000\..\SearchScopes\{9A284460-6B83-4FC5-9B1D-B3C625C48887}: "URL" = hxxp://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7GPEA_de
IE - HKU\S-1-5-21-2415907942-3743196634-3517938245-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
IE - HKU\S-1-5-21-2415907942-3743196634-3517938245-1000\..\SearchScopes\{BA778FA4-2DDB-4814-9662-D91BA0D516E1}: "URL" = hxxp://start.funmoods.com/results.php?f=4&a=make&q={searchTerms}
IE - HKU\S-1-5-21-2415907942-3743196634-3517938245-1000\..\SearchScopes\{C64A81FB-0C89-4787-BA3B-CF8909B4FAF7}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-2415907942-3743196634-3517938245-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={searchTerms}
IE - HKU\S-1-5-21-2415907942-3743196634-3517938245-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2415907942-3743196634-3517938245-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.11.2
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.2b
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\stefan\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.04.30 23:40:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\Firefox\ [2011.07.08 23:14:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012.03.09 12:46:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.14 22:58:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012.02.02 17:23:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.17 17:52:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.07 19:35:48 | 000,000,000 | ---D | M]
 
[2009.08.04 20:29:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\stefan\AppData\Roaming\mozilla\Extensions
[2012.03.06 15:50:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\stefan\AppData\Roaming\mozilla\Firefox\Profiles\afsd7hfq.default\extensions
[2012.02.11 19:04:02 | 000,000,000 | ---D | M] ("Winamp Toolbar") -- C:\Users\stefan\AppData\Roaming\mozilla\Firefox\Profiles\afsd7hfq.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2012.02.14 11:59:13 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\stefan\AppData\Roaming\mozilla\Firefox\Profiles\afsd7hfq.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011.04.30 23:40:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\stefan\AppData\Roaming\mozilla\Firefox\Profiles\afsd7hfq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.08 10:29:10 | 000,000,927 | ---- | M] () -- C:\Users\stefan\AppData\Roaming\Mozilla\Firefox\Profiles\afsd7hfq.default\searchplugins\conduit.xml
[2012.02.02 17:24:05 | 000,001,798 | ---- | M] () -- C:\Users\stefan\AppData\Roaming\Mozilla\Firefox\Profiles\afsd7hfq.default\searchplugins\funmoods.xml
[2010.09.16 14:21:14 | 000,002,689 | ---- | M] () -- C:\Users\stefan\AppData\Roaming\Mozilla\Firefox\Profiles\afsd7hfq.default\searchplugins\search-defender.xml
[2009.12.14 05:19:41 | 000,001,246 | ---- | M] () -- C:\Users\stefan\AppData\Roaming\Mozilla\Firefox\Profiles\afsd7hfq.default\searchplugins\winamp-search.xml
[2012.01.25 18:17:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.02.02 17:23:38 | 000,000,000 | ---D | M] (Freemake Video Converter Plugin) -- C:\PROGRAM FILES\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX
() (No name found) -- C:\USERS\STEFAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFSD7HFQ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\STEFAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFSD7HFQ.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI
() (No name found) -- C:\USERS\STEFAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFSD7HFQ.DEFAULT\EXTENSIONS\CANITBECHEAPER@TRAFFICBROKER.CO.UK.XPI
() (No name found) -- C:\USERS\STEFAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFSD7HFQ.DEFAULT\EXTENSIONS\ISREADITLATER@IDEASHOWER.COM.XPI
[2012.02.17 17:52:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.19 19:03:23 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.19 19:03:23 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.19 19:03:23 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.19 19:03:23 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.27 19:40:39 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2011.10.19 19:03:23 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.19 19:03:23 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Search (Enabled)
CHR - default_search_provider: search_url = hxxp://start.funmoods.com/results.php?f=4&a=make&q={searchTerms}
CHR - default_search_provider: suggest_url = 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.78\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Microsoft Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.78\pdf.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.78\ppGoogleNaClPluginChrome.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.78\gears.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\stefan\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: SiteAdvisor = C:\Users\stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.122.1_0\
CHR - Extension: SiteAdvisor = C:\Users\stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
CHR - Extension: Freemake Video Converter = C:\Users\stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.1_0\
CHR - Extension: Mehr Leistung und Videoformate fr dein HTML5 video = C:\Users\stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-21-2415907942-3743196634-3517938245-1000\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2415907942-3743196634-3517938245-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2415907942-3743196634-3517938245-1000..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2415907942-3743196634-3517938245-1000..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2415907942-3743196634-3517938245-1000\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 110.164.252.222 110.164.252.223
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{162DD6C4-76E2-4D27-BAE8-43FB03178D96}: DhcpNameServer = 110.164.252.222 110.164.252.223
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D479C68-92B0-4157-B684-8C5176B9A625}: DhcpNameServer = 192.168.8.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FC486A3-58D8-41E1-AD9B-EBBD52601BB9}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9432ACA8-31E7-41F3-A91F-B334FC66FF5C}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\stefan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\stefan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Users^stefan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PMB Medien-Prüfung.lnk - C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe - (Sony Corporation)
MsConfig - StartUpReg: 00TCrdMain - hkey= - key= -  File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig - StartUpReg: Google EULA Launcher - hkey= - key= - c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
MsConfig - StartUpReg: HSON - hkey= - key= -  File not found
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
MsConfig - StartUpReg: Skytel - hkey= - key= - C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: SmoothView - hkey= - key= -  File not found
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: Toshiba Registration - hkey= - key= - C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
MsConfig - StartUpReg: TPwrMain - hkey= - key= -  File not found
MsConfig - StartUpReg: WinampAgent - hkey= - key= -  File not found
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger -  File not found
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.divxa32 - C:\Windows\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.09 17:00:03 | 000,000,000 | R--D | C] -- C:\Users\stefan\Desktop\Trojanerjäger
[2012.03.09 15:43:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File-Upload.net
[2012.03.09 15:43:36 | 000,000,000 | ---D | C] -- C:\Users\stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File-Upload.net
[2012.03.09 15:43:36 | 000,000,000 | ---D | C] -- C:\Program Files\File-Upload.net
[2012.03.09 04:04:47 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.03.08 15:07:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.08 15:07:07 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.08 15:07:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.08 14:34:11 | 000,000,000 | ---D | C] -- C:\Users\stefan\Desktop\Filmää
[2012.03.08 13:43:30 | 000,000,000 | ---D | C] -- C:\Users\stefan\AppData\Roaming\dvdcss
[2012.03.08 08:29:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.03.08 08:29:56 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.03.08 07:45:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.03.07 15:24:10 | 000,000,000 | ---D | C] -- C:\Users\stefan\Desktop\iTunes Freemake redsn0w
[2012.03.07 12:31:39 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012.03.07 12:31:39 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012.02.15 17:33:34 | 000,000,000 | ---D | C] -- C:\Users\stefan\AppData\Roaming\redsn0w
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.12 15:05:00 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.12 15:05:00 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.12 15:05:00 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.12 15:05:00 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.12 15:01:41 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.12 14:59:59 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.12 14:59:59 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.12 14:59:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.12 14:49:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.11 15:40:07 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.03.10 19:04:40 | 000,057,866 | ---- | M] () -- C:\Users\stefan\Desktop\1966-pontiac-grand-prix.jpg
[2012.03.10 17:52:50 | 000,002,565 | ---- | M] () -- C:\Users\stefan\Desktop\Microsoft Word.lnk
[2012.03.08 13:42:20 | 000,076,288 | ---- | M] () -- C:\Users\stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.08 08:17:54 | 000,000,000 | ---- | M] () -- C:\Users\stefan\defogger_reenable
[2012.03.07 15:27:37 | 000,001,194 | ---- | M] () -- C:\Users\stefan\Desktop\stefan - Verknüpfung.lnk
[2012.02.24 18:58:09 | 000,000,680 | ---- | M] () -- C:\Users\stefan\AppData\Local\d3d9caps.dat
[2012.02.18 03:31:26 | 000,371,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.02.17 03:01:33 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.02.14 12:23:53 | 002,988,767 | ---- | M] () -- C:\Users\stefan\Muddy2.mp3
[2012.02.14 12:19:17 | 003,367,403 | ---- | M] () -- C:\Users\stefan\Muddy1.mp3
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.10 19:04:36 | 000,057,866 | ---- | C] () -- C:\Users\stefan\Desktop\1966-pontiac-grand-prix.jpg
[2012.03.08 08:17:54 | 000,000,000 | ---- | C] () -- C:\Users\stefan\defogger_reenable
[2012.02.14 12:23:52 | 002,988,767 | ---- | C] () -- C:\Users\stefan\Muddy2.mp3
[2012.02.14 12:19:13 | 003,367,403 | ---- | C] () -- C:\Users\stefan\Muddy1.mp3
[2011.07.08 23:14:21 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2011.06.26 21:29:43 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2011.05.08 00:51:39 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.05.08 00:51:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.05.08 00:51:39 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.05.08 00:51:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.05.08 00:51:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.11.01 12:26:47 | 000,000,680 | ---- | C] () -- C:\Users\stefan\AppData\Local\d3d9caps.dat
 
========== LOP Check ==========
 
[2011.11.13 20:40:57 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Telefónica
[2010.09.16 09:20:27 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Vodafone
[2011.05.06 07:31:11 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Desktopicon
[2011.04.30 23:40:43 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Facebook
[2011.04.30 23:40:43 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\gtk-2.0
[2011.08.09 22:16:09 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Image Zone Express
[2011.05.09 22:12:03 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Modpad
[2011.04.26 21:38:31 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\PeerNetworking
[2009.08.14 15:47:54 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Printer Info Cache
[2012.02.15 17:53:59 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\redsn0w
[2011.05.12 16:03:26 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\SumatraPDF
[2011.09.01 18:46:14 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Telefónica
[2009.10.01 06:47:06 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Toshiba
[2011.04.26 21:47:03 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\TuneUp Software
[2010.11.14 19:39:02 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Uniblue
[2009.12.08 12:21:46 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Vodafone
[2009.09.02 12:50:46 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\WinBatch
[2012.03.12 14:58:13 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.12.21 23:24:22 | 000,000,434 | ---- | M] () -- C:\Windows\Tasks\SLOW-PCfighter.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.06.03 22:18:55 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Adobe
[2011.06.26 21:29:45 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\AOL
[2012.01.26 11:09:36 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Apple Computer
[2011.11.13 20:03:44 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Avira
[2011.05.06 07:31:11 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Desktopicon
[2011.05.04 00:13:36 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\DivX
[2012.03.08 13:43:30 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\dvdcss
[2011.04.30 23:40:43 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Facebook
[2009.08.04 12:14:21 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Google
[2011.12.29 06:26:29 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\GRETECH
[2011.04.30 23:40:43 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\gtk-2.0
[2009.08.14 15:31:06 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\HP
[2009.10.13 09:53:09 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\HpUpdate
[2009.08.04 00:35:28 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Identities
[2011.08.09 22:16:09 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Image Zone Express
[2009.08.04 00:33:08 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\InstallShield
[2009.08.04 21:07:07 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Macromedia
[2011.05.04 00:00:21 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Malwarebytes
[2011.06.03 22:18:55 | 000,000,000 | --SD | M] -- C:\Users\stefan\AppData\Roaming\Microsoft
[2009.08.04 01:56:05 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Microsoft Web Folders
[2011.05.09 22:12:03 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Modpad
[2009.08.04 22:44:43 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Mozilla
[2011.04.26 21:38:31 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\PeerNetworking
[2009.08.14 15:47:54 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Printer Info Cache
[2010.03.12 12:09:31 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Real
[2012.02.15 17:53:59 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\redsn0w
[2010.02.15 11:39:51 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Sony Corporation
[2011.05.12 16:03:26 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\SumatraPDF
[2011.09.01 18:46:14 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Telefónica
[2009.10.01 06:47:06 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Toshiba
[2011.04.26 21:47:03 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\TuneUp Software
[2010.11.14 19:39:02 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Uniblue
[2011.12.26 15:44:59 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\vlc
[2009.12.08 12:21:46 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Vodafone
[2009.09.02 12:50:46 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\WinBatch
[2010.05.01 23:28:14 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.06.21 04:38:34 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Users\stefan\AppData\Roaming\Facebook\uninstall.exe
[2007.03.22 11:46:40 | 000,126,976 | ---- | M] () -- C:\Users\stefan\AppData\Roaming\GRETECH\GomPlayer\GrLauncher.exe
[2010.02.15 10:11:04 | 000,010,134 | R--- | M] () -- C:\Users\stefan\AppData\Roaming\Microsoft\Installer\{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}\ARPPRODUCTICON.exe
[2010.03.11 22:44:21 | 000,443,912 | ---- | M] (RealNetworks, Inc.) -- C:\Users\stefan\AppData\Roaming\Real\Update\setup3.10\setup.exe
[2010.03.11 13:12:41 | 000,079,368 | ---- | M] (RealNetworks, Inc.) -- C:\Users\stefan\AppData\Roaming\Real\Update\setup3.10\RUP\vista.exe
[2010.05.25 10:52:20 | 000,443,912 | ---- | M] (RealNetworks, Inc.) -- C:\Users\stefan\AppData\Roaming\Real\Update\setup3.11\setup.exe
[2011.11.14 10:05:27 | 000,317,048 | ---- | M] (RealNetworks, Inc.) -- C:\Users\stefan\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\rnupgagent.exe
[2011.11.14 13:07:54 | 026,533,840 | ---- | M] (RealNetworks, Inc.) -- C:\Users\stefan\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\stub_data\RealPlayer_de.exe
[2011.11.14 13:05:42 | 000,676,624 | ---- | M] (RealNetworks, Inc.) -- C:\Users\stefan\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\stub_exe\RealPlayer_de.exe
[2010.10.21 00:16:36 | 005,401,680 | ---- | M] (Uniblue Systems Ltd                                         ) -- C:\Users\stefan\AppData\Roaming\Uniblue\DriverScanner\_temp\driverscanner.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2008.03.25 04:22:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=2D77788D0B7FE269044F58C86AE099CE -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_3e1ecd89\AGP440.sys
[2008.03.25 04:22:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=2D77788D0B7FE269044F58C86AE099CE -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.22142_none_ba734aead7ed1bb6\AGP440.sys
[2008.03.26 04:38:23 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=ED91751834103DB2A74470CD763A49FE -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_e4087235\AGP440.sys
[2008.03.26 04:38:23 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=ED91751834103DB2A74470CD763A49FE -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20800_none_b8b64d46daa7e57a\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.03.12 07:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.03.12 07:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.03.12 07:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2008.04.15 16:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008.04.15 16:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008.04.15 16:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\drivers\iaStor.sys
[2008.04.15 16:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_77c04a30\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:31 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:25:18 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 03:24:47 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:24:09 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:24:09 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:25:17 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:25:11 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:25:11 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:20:25 | 017,223,680 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:20:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:20:25 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
         
--- --- ---
[CustomScan mit OTL]

Gruß
vonStefan.

Alt 12.03.2012, 15:58   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
funmoods & DR/FakePic.Gen  tmp.edb - Standard

funmoods & DR/FakePic.Gen tmp.edb



Zitat:
Allerdings ist die Windows- und die Avirafirewall an.
Was soll sowas?! Zwei PFWs sind Unsinn hoch drei!
Schmeiß die Avira-Firewall runter!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.03.2012, 16:06   #21
disteffensso
 
funmoods & DR/FakePic.Gen  tmp.edb - Standard

funmoods & DR/FakePic.Gen tmp.edb



Ist da Microsoft echt besser? Schau an.
Nebenbei: Was für ein Antivirenprogramm hast Du drauf?

Gruß
von Stefan

Alt 12.03.2012, 16:20   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
funmoods & DR/FakePic.Gen  tmp.edb - Standard

funmoods & DR/FakePic.Gen tmp.edb



Zitat:
Nebenbei: Was für ein Antivirenprogramm hast Du drauf?
Unter Windows zu Hause nutze ich nur Malwarebytes.

Zitat:
O2 - BHO: (DivX Plus Web Player HTML5 <video>)
Gehörst du auch zur der Fraktion, die sich Serien und Kinofilme über dubiose Portale anschaut?
Wenn ja: in Zukunft Finger weg, diese illegalen Portale verbreiten Malware und wenn du in Zukunft malwarefrei sein wilst, musst du auf legale Alternativen ausweichen und auf solche riskanten Streamingseiten verzichten!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.03.2012, 16:31   #23
disteffensso
 
funmoods & DR/FakePic.Gen  tmp.edb - Standard

funmoods & DR/FakePic.Gen tmp.edb



Hab´ ich einmal versucht. Kino.to. Hat mir die Avira gesperrt. In Deutschland geh´ ich höchstens mal zur Videothek. Bin, wie gesagt, schon wat älter und überwintere in Thailand. Da zwickts nicht ganz so wie in der Kälte daheim. Mein Nachbar hat mir seine Festplatte zum Kopieren gegeben. Bin hier um Ablenkung froh, weil ich mit den Thaifrauen nix anfangen kann. Auf die Idee, daß ich da einen Virus... Sonst paß´ ich auf wie ein Haftlmacher (bin Münchner). Tja und jetzt? Habe ich einen Zombie?

Gruß

von Stefan.

Alt 12.03.2012, 16:36   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
funmoods & DR/FakePic.Gen  tmp.edb - Standard

funmoods & DR/FakePic.Gen tmp.edb



Wie gesagt: schmeiß die Avira-Firewall runter. Und diesen DivX-Kram am besten auch gleich.
Mach danach wieder ein neues OTL-Log
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.03.2012, 17:01   #25
disteffensso
 
funmoods & DR/FakePic.Gen  tmp.edb - Standard

funmoods & DR/FakePic.Gen tmp.edb



Die Avira FW schaltet sich beim Neustart wieder an, die Windows FW aus. Habe jetzt manuell umgeschaltet. Alle 4 Komponenten von DivX Player deinstalliert. OTL scan mit eingefügtem Text ausführen, also wie vorher?

Gruß
vonStefan

Alt 12.03.2012, 17:16   #26
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
funmoods & DR/FakePic.Gen  tmp.edb - Standard

funmoods & DR/FakePic.Gen tmp.edb



Ja genauso wie vorher
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.03.2012, 17:46   #27
disteffensso
 
funmoods & DR/FakePic.Gen  tmp.edb - Standard

funmoods & DR/FakePic.Gen tmp.edb



War eine überflüssige Frage.

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 12.03.2012 17:16:28 - Run 8
OTL by OldTimer - Version 3.2.35.1     Folder = C:\Users\stefan\Desktop\Trojanerjäger
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 54,04% Memory free
3,98 Gb Paging File | 2,86 Gb Available in Paging File | 71,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,21 Gb Total Space | 20,68 Gb Free Space | 17,79% Space Free | Partition Type: NTFS
Drive E: | 115,21 Gb Total Space | 55,26 Gb Free Space | 47,96% Space Free | Partition Type: NTFS
Drive G: | 465,65 Gb Total Space | 179,61 Gb Free Space | 38,57% Space Free | Partition Type: FAT32
 
Computer Name: STEFANS-PC | User Name: stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\stefan\Desktop\Trojanerjäger\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Freemake)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
PRC - C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica I+D)
PRC - C:\Program Files\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()
PRC - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
PRC - C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6310a2050033b0b567428ca55bda4a1b\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d0cf808e33a5123b33010b933d3b1597\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\3951e0a359c004cd6ba268ff78ac62aa\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1e258a951222c818540b33880ca45f2e\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()
MOD - C:\Program Files\TUGZip\Plugins\TzArchive10.tgp ()
MOD - C:\Windows\System32\ztvunrar36.dll ()
MOD - C:\Program Files\TUGZip\Plugins\TzImage10.tgp ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Freemake Improver) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Freemake)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirFirewallService) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Browser Defender Update Service) -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (TGCM_ImportWiFiSvc) -- C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica I+D)
SRV - (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (SmartFaceVWatchSrv) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe (Toshiba)
SRV - (TNaviSrv) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) --  File not found
DRV - (NwlnkFlt) --  File not found
DRV - (IpInIp) --  File not found
DRV - (esgiguard) --  File not found
DRV - (catchme) --  File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (avfwot) -- C:\Windows\System32\drivers\avfwot.sys (Avira GmbH)
DRV - (avfwim) -- C:\Windows\System32\drivers\avfwim.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (massfilter_hs) -- C:\Windows\System32\drivers\massfilter_hs.sys (ZTE Incorporated)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation                           )
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{9A284460-6B83-4FC5-9B1D-B3C625C48887}: "URL" = hxxp://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA;
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2415907942-3743196634-3517938245-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
IE - HKU\S-1-5-21-2415907942-3743196634-3517938245-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2415907942-3743196634-3517938245-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2415907942-3743196634-3517938245-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-21-2415907942-3743196634-3517938245-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2415907942-3743196634-3517938245-1000\..\SearchScopes,DefaultScope = {BA778FA4-2DDB-4814-9662-D91BA0D516E1}
IE - HKU\S-1-5-21-2415907942-3743196634-3517938245-1000\..\SearchScopes\{9A284460-6B83-4FC5-9B1D-B3C625C48887}: "URL" = hxxp://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7GPEA_de
IE - HKU\S-1-5-21-2415907942-3743196634-3517938245-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
IE - HKU\S-1-5-21-2415907942-3743196634-3517938245-1000\..\SearchScopes\{BA778FA4-2DDB-4814-9662-D91BA0D516E1}: "URL" = hxxp://start.funmoods.com/results.php?f=4&a=make&q={searchTerms}
IE - HKU\S-1-5-21-2415907942-3743196634-3517938245-1000\..\SearchScopes\{C64A81FB-0C89-4787-BA3B-CF8909B4FAF7}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-2415907942-3743196634-3517938245-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={searchTerms}
IE - HKU\S-1-5-21-2415907942-3743196634-3517938245-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2415907942-3743196634-3517938245-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.11.2
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.2b
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\stefan\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.04.30 23:40:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\Firefox\ [2011.07.08 23:14:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012.03.09 12:46:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012.02.02 17:23:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.17 17:52:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.07 19:35:48 | 000,000,000 | ---D | M]
 
[2009.08.04 20:29:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\stefan\AppData\Roaming\mozilla\Extensions
[2012.03.06 15:50:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\stefan\AppData\Roaming\mozilla\Firefox\Profiles\afsd7hfq.default\extensions
[2012.02.11 19:04:02 | 000,000,000 | ---D | M] ("Winamp Toolbar") -- C:\Users\stefan\AppData\Roaming\mozilla\Firefox\Profiles\afsd7hfq.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2012.02.14 11:59:13 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\stefan\AppData\Roaming\mozilla\Firefox\Profiles\afsd7hfq.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011.04.30 23:40:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\stefan\AppData\Roaming\mozilla\Firefox\Profiles\afsd7hfq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.08 10:29:10 | 000,000,927 | ---- | M] () -- C:\Users\stefan\AppData\Roaming\Mozilla\Firefox\Profiles\afsd7hfq.default\searchplugins\conduit.xml
[2012.02.02 17:24:05 | 000,001,798 | ---- | M] () -- C:\Users\stefan\AppData\Roaming\Mozilla\Firefox\Profiles\afsd7hfq.default\searchplugins\funmoods.xml
[2010.09.16 14:21:14 | 000,002,689 | ---- | M] () -- C:\Users\stefan\AppData\Roaming\Mozilla\Firefox\Profiles\afsd7hfq.default\searchplugins\search-defender.xml
[2009.12.14 05:19:41 | 000,001,246 | ---- | M] () -- C:\Users\stefan\AppData\Roaming\Mozilla\Firefox\Profiles\afsd7hfq.default\searchplugins\winamp-search.xml
[2012.01.25 18:17:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.02.02 17:23:38 | 000,000,000 | ---D | M] (Freemake Video Converter Plugin) -- C:\PROGRAM FILES\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX
() (No name found) -- C:\USERS\STEFAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFSD7HFQ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\STEFAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFSD7HFQ.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI
() (No name found) -- C:\USERS\STEFAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFSD7HFQ.DEFAULT\EXTENSIONS\CANITBECHEAPER@TRAFFICBROKER.CO.UK.XPI
() (No name found) -- C:\USERS\STEFAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AFSD7HFQ.DEFAULT\EXTENSIONS\ISREADITLATER@IDEASHOWER.COM.XPI
[2012.02.17 17:52:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.19 19:03:23 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.19 19:03:23 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.19 19:03:23 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.19 19:03:23 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.27 19:40:39 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2011.10.19 19:03:23 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.19 19:03:23 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Search (Enabled)
CHR - default_search_provider: search_url = hxxp://start.funmoods.com/results.php?f=4&a=make&q={searchTerms}
CHR - default_search_provider: suggest_url = 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.78\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Microsoft Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.78\pdf.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.78\ppGoogleNaClPluginChrome.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.78\gears.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\stefan\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: SiteAdvisor = C:\Users\stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
CHR - Extension: Freemake Video Converter = C:\Users\stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.1_0\
CHR - Extension: Google Mail = C:\Users\stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-21-2415907942-3743196634-3517938245-1000\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2415907942-3743196634-3517938245-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2415907942-3743196634-3517938245-1000..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2415907942-3743196634-3517938245-1000..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2415907942-3743196634-3517938245-1000\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 110.164.252.222 110.164.252.223
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{162DD6C4-76E2-4D27-BAE8-43FB03178D96}: DhcpNameServer = 110.164.252.222 110.164.252.223
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D479C68-92B0-4157-B684-8C5176B9A625}: DhcpNameServer = 192.168.8.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FC486A3-58D8-41E1-AD9B-EBBD52601BB9}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9432ACA8-31E7-41F3-A91F-B334FC66FF5C}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\stefan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\stefan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Users^stefan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PMB Medien-Prüfung.lnk - C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe - (Sony Corporation)
MsConfig - StartUpReg: 00TCrdMain - hkey= - key= -  File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig - StartUpReg: Google EULA Launcher - hkey= - key= - c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
MsConfig - StartUpReg: HSON - hkey= - key= -  File not found
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
MsConfig - StartUpReg: Skytel - hkey= - key= - C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: SmoothView - hkey= - key= -  File not found
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: Toshiba Registration - hkey= - key= - C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
MsConfig - StartUpReg: TPwrMain - hkey= - key= -  File not found
MsConfig - StartUpReg: WinampAgent - hkey= - key= -  File not found
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger -  File not found
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.divxa32 - C:\Windows\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.09 17:00:03 | 000,000,000 | R--D | C] -- C:\Users\stefan\Desktop\Trojanerjäger
[2012.03.09 15:43:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File-Upload.net
[2012.03.09 15:43:36 | 000,000,000 | ---D | C] -- C:\Users\stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File-Upload.net
[2012.03.09 15:43:36 | 000,000,000 | ---D | C] -- C:\Program Files\File-Upload.net
[2012.03.09 04:04:47 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.03.08 15:07:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.08 15:07:07 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.08 15:07:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.08 14:34:11 | 000,000,000 | ---D | C] -- C:\Users\stefan\Desktop\Filmää
[2012.03.08 13:43:30 | 000,000,000 | ---D | C] -- C:\Users\stefan\AppData\Roaming\dvdcss
[2012.03.08 08:29:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.03.08 08:29:56 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.03.08 07:45:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.03.07 15:24:10 | 000,000,000 | ---D | C] -- C:\Users\stefan\Desktop\iTunes Freemake redsn0w
[2012.03.07 12:31:39 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012.03.07 12:31:39 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012.02.15 17:33:34 | 000,000,000 | ---D | C] -- C:\Users\stefan\AppData\Roaming\redsn0w
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.12 16:49:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.12 16:48:13 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.12 16:48:13 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.12 16:48:13 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.12 16:48:13 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.12 16:45:33 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.12 16:43:52 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.12 16:43:52 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.12 16:43:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.12 16:07:16 | 000,479,190 | ---- | M] () -- C:\Users\stefan\Desktop\Foto.JPG
[2012.03.11 15:40:07 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.03.10 19:04:40 | 000,057,866 | ---- | M] () -- C:\Users\stefan\Desktop\1966-pontiac-grand-prix.jpg
[2012.03.10 17:52:50 | 000,002,565 | ---- | M] () -- C:\Users\stefan\Desktop\Microsoft Word.lnk
[2012.03.08 13:42:20 | 000,076,288 | ---- | M] () -- C:\Users\stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.08 08:17:54 | 000,000,000 | ---- | M] () -- C:\Users\stefan\defogger_reenable
[2012.03.07 15:27:37 | 000,001,194 | ---- | M] () -- C:\Users\stefan\Desktop\stefan - Verknüpfung.lnk
[2012.02.24 18:58:09 | 000,000,680 | ---- | M] () -- C:\Users\stefan\AppData\Local\d3d9caps.dat
[2012.02.18 03:31:26 | 000,371,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.02.17 03:01:33 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.02.14 12:23:53 | 002,988,767 | ---- | M] () -- C:\Users\stefan\Muddy2.mp3
[2012.02.14 12:19:17 | 003,367,403 | ---- | M] () -- C:\Users\stefan\Muddy1.mp3
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.12 16:07:13 | 000,479,190 | ---- | C] () -- C:\Users\stefan\Desktop\Foto.JPG
[2012.03.10 19:04:36 | 000,057,866 | ---- | C] () -- C:\Users\stefan\Desktop\1966-pontiac-grand-prix.jpg
[2012.03.08 08:17:54 | 000,000,000 | ---- | C] () -- C:\Users\stefan\defogger_reenable
[2012.02.14 12:23:52 | 002,988,767 | ---- | C] () -- C:\Users\stefan\Muddy2.mp3
[2012.02.14 12:19:13 | 003,367,403 | ---- | C] () -- C:\Users\stefan\Muddy1.mp3
[2011.07.08 23:14:21 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2011.06.26 21:29:43 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2011.05.08 00:51:39 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.05.08 00:51:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.05.08 00:51:39 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.05.08 00:51:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.05.08 00:51:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.11.01 12:26:47 | 000,000,680 | ---- | C] () -- C:\Users\stefan\AppData\Local\d3d9caps.dat
 
========== LOP Check ==========
 
[2011.11.13 20:40:57 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Telefónica
[2010.09.16 09:20:27 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Vodafone
[2011.05.06 07:31:11 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Desktopicon
[2011.04.30 23:40:43 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Facebook
[2011.04.30 23:40:43 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\gtk-2.0
[2011.08.09 22:16:09 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Image Zone Express
[2011.05.09 22:12:03 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Modpad
[2011.04.26 21:38:31 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\PeerNetworking
[2009.08.14 15:47:54 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Printer Info Cache
[2012.02.15 17:53:59 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\redsn0w
[2011.05.12 16:03:26 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\SumatraPDF
[2011.09.01 18:46:14 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Telefónica
[2009.10.01 06:47:06 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Toshiba
[2011.04.26 21:47:03 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\TuneUp Software
[2010.11.14 19:39:02 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Uniblue
[2009.12.08 12:21:46 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Vodafone
[2009.09.02 12:50:46 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\WinBatch
[2012.03.12 16:42:01 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.12.21 23:24:22 | 000,000,434 | ---- | M] () -- C:\Windows\Tasks\SLOW-PCfighter.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.06.03 22:18:55 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Adobe
[2011.06.26 21:29:45 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\AOL
[2012.01.26 11:09:36 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Apple Computer
[2011.11.13 20:03:44 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Avira
[2011.05.06 07:31:11 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Desktopicon
[2011.05.04 00:13:36 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\DivX
[2012.03.08 13:43:30 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\dvdcss
[2011.04.30 23:40:43 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Facebook
[2009.08.04 12:14:21 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Google
[2011.12.29 06:26:29 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\GRETECH
[2011.04.30 23:40:43 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\gtk-2.0
[2009.08.14 15:31:06 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\HP
[2009.10.13 09:53:09 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\HpUpdate
[2009.08.04 00:35:28 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Identities
[2011.08.09 22:16:09 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Image Zone Express
[2009.08.04 00:33:08 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\InstallShield
[2009.08.04 21:07:07 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Macromedia
[2011.05.04 00:00:21 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Malwarebytes
[2011.06.03 22:18:55 | 000,000,000 | --SD | M] -- C:\Users\stefan\AppData\Roaming\Microsoft
[2009.08.04 01:56:05 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Microsoft Web Folders
[2011.05.09 22:12:03 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Modpad
[2009.08.04 22:44:43 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Mozilla
[2011.04.26 21:38:31 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\PeerNetworking
[2009.08.14 15:47:54 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Printer Info Cache
[2010.03.12 12:09:31 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Real
[2012.02.15 17:53:59 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\redsn0w
[2010.02.15 11:39:51 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Sony Corporation
[2011.05.12 16:03:26 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\SumatraPDF
[2011.09.01 18:46:14 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Telefónica
[2009.10.01 06:47:06 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Toshiba
[2011.04.26 21:47:03 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\TuneUp Software
[2010.11.14 19:39:02 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Uniblue
[2011.12.26 15:44:59 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\vlc
[2009.12.08 12:21:46 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\Vodafone
[2009.09.02 12:50:46 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\WinBatch
[2010.05.01 23:28:14 | 000,000,000 | ---D | M] -- C:\Users\stefan\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.06.21 04:38:34 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Users\stefan\AppData\Roaming\Facebook\uninstall.exe
[2007.03.22 11:46:40 | 000,126,976 | ---- | M] () -- C:\Users\stefan\AppData\Roaming\GRETECH\GomPlayer\GrLauncher.exe
[2010.02.15 10:11:04 | 000,010,134 | R--- | M] () -- C:\Users\stefan\AppData\Roaming\Microsoft\Installer\{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}\ARPPRODUCTICON.exe
[2010.03.11 22:44:21 | 000,443,912 | ---- | M] (RealNetworks, Inc.) -- C:\Users\stefan\AppData\Roaming\Real\Update\setup3.10\setup.exe
[2010.03.11 13:12:41 | 000,079,368 | ---- | M] (RealNetworks, Inc.) -- C:\Users\stefan\AppData\Roaming\Real\Update\setup3.10\RUP\vista.exe
[2010.05.25 10:52:20 | 000,443,912 | ---- | M] (RealNetworks, Inc.) -- C:\Users\stefan\AppData\Roaming\Real\Update\setup3.11\setup.exe
[2011.11.14 10:05:27 | 000,317,048 | ---- | M] (RealNetworks, Inc.) -- C:\Users\stefan\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\rnupgagent.exe
[2011.11.14 13:07:54 | 026,533,840 | ---- | M] (RealNetworks, Inc.) -- C:\Users\stefan\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\stub_data\RealPlayer_de.exe
[2011.11.14 13:05:42 | 000,676,624 | ---- | M] (RealNetworks, Inc.) -- C:\Users\stefan\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\stub_exe\RealPlayer_de.exe
[2010.10.21 00:16:36 | 005,401,680 | ---- | M] (Uniblue Systems Ltd                                         ) -- C:\Users\stefan\AppData\Roaming\Uniblue\DriverScanner\_temp\driverscanner.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2008.03.25 04:22:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=2D77788D0B7FE269044F58C86AE099CE -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_3e1ecd89\AGP440.sys
[2008.03.25 04:22:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=2D77788D0B7FE269044F58C86AE099CE -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.22142_none_ba734aead7ed1bb6\AGP440.sys
[2008.03.26 04:38:23 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=ED91751834103DB2A74470CD763A49FE -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_e4087235\AGP440.sys
[2008.03.26 04:38:23 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=ED91751834103DB2A74470CD763A49FE -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20800_none_b8b64d46daa7e57a\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.03.12 07:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.03.12 07:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.03.12 07:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2008.04.15 16:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008.04.15 16:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008.04.15 16:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\drivers\iaStor.sys
[2008.04.15 16:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_77c04a30\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:47 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:31 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:25:18 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 03:24:47 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:24:09 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:24:09 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:25:17 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:25:11 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:25:11 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:20:25 | 017,223,680 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:20:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:20:25 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
         
--- --- ---
[CustomScan mit OTL]

Gruß

vonStefan.

Alt 12.03.2012, 19:08   #28
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
funmoods & DR/FakePic.Gen  tmp.edb - Standard

funmoods & DR/FakePic.Gen tmp.edb



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{9A284460-6B83-4FC5-9B1D-B3C625C48887}: "URL" = http://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA;
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
IE - HKU\S-1-5-21-2415907942-3743196634-3517938245-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
IE - HKU\S-1-5-21-2415907942-3743196634-3517938245-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2415907942-3743196634-3517938245-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2415907942-3743196634-3517938245-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-21-2415907942-3743196634-3517938245-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2415907942-3743196634-3517938245-1000\..\SearchScopes,DefaultScope = {BA778FA4-2DDB-4814-9662-D91BA0D516E1}
IE - HKU\S-1-5-21-2415907942-3743196634-3517938245-1000\..\SearchScopes\{9A284460-6B83-4FC5-9B1D-B3C625C48887}: "URL" = http://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7GPEA_de
IE - HKU\S-1-5-21-2415907942-3743196634-3517938245-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
IE - HKU\S-1-5-21-2415907942-3743196634-3517938245-1000\..\SearchScopes\{BA778FA4-2DDB-4814-9662-D91BA0D516E1}: "URL" = http://start.funmoods.com/results.php?f=4&a=make&q={searchTerms}
IE - HKU\S-1-5-21-2415907942-3743196634-3517938245-1000\..\SearchScopes\{C64A81FB-0C89-4787-BA3B-CF8909B4FAF7}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-2415907942-3743196634-3517938245-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://de.search.yahoo.com/search?fr=mcafee&p={searchTerms}
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
[2012.02.11 19:04:02 | 000,000,000 | ---D | M] ("Winamp Toolbar") -- C:\Users\stefan\AppData\Roaming\mozilla\Firefox\Profiles\afsd7hfq.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2011.04.30 23:40:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\stefan\AppData\Roaming\mozilla\Firefox\Profiles\afsd7hfq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.08 10:29:10 | 000,000,927 | ---- | M] () -- C:\Users\stefan\AppData\Roaming\Mozilla\Firefox\Profiles\afsd7hfq.default\searchplugins\conduit.xml
[2012.02.02 17:24:05 | 000,001,798 | ---- | M] () -- C:\Users\stefan\AppData\Roaming\Mozilla\Firefox\Profiles\afsd7hfq.default\searchplugins\funmoods.xml
[2010.09.16 14:21:14 | 000,002,689 | ---- | M] () -- C:\Users\stefan\AppData\Roaming\Mozilla\Firefox\Profiles\afsd7hfq.default\searchplugins\search-defender.xml
[2009.12.14 05:19:41 | 000,001,246 | ---- | M] () -- C:\Users\stefan\AppData\Roaming\Mozilla\Firefox\Profiles\afsd7hfq.default\searchplugins\winamp-search.xml
CHR - default_search_provider: search_url = http://start.funmoods.com/results.php?f=4&a=make&q={searchTerms}
[2011.10.19 19:03:23 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.27 19:40:39 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-21-2415907942-3743196634-3517938245-1000\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2415907942-3743196634-3517938245-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:DFC5A2B2
:Files
C:\Program Files\softonic*
C:\Program Files\AOL\AOL Toolbar 4.0
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.03.2012, 19:56   #29
disteffensso
 
funmoods & DR/FakePic.Gen  tmp.edb - Standard

funmoods & DR/FakePic.Gen tmp.edb



Hatte während der Prozedur die Wlan- Verbindung unterbrochen. G war immer dran.
Nach Windowsmeldung: "OTL funktioniert nicht mehr" das Programm geschlossen. Rechner per Ausschalter `runter gefahren. Nach problemlosem manuellen Neustart erschien dieses Log:

[code]
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
C:\Program Files\softonic-de3\tbsoft.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9A284460-6B83-4FC5-9B1D-B3C625C48887}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9A284460-6B83-4FC5-9B1D-B3C625C48887}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\S-1-5-21-2415907942-3743196634-3517938245-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-2415907942-3743196634-3517938245-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-2415907942-3743196634-3517938245-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2415907942-3743196634-3517938245-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ deleted successfully.
C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-2415907942-3743196634-3517938245-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Program Files\softonic-de3\tbsoft.dll not found.
HKEY_USERS\S-1-5-21-2415907942-3743196634-3517938245-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2415907942-3743196634-3517938245-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9A284460-6B83-4FC5-9B1D-B3C625C48887}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9A284460-6B83-4FC5-9B1D-B3C625C48887}\ not found.
Registry key HKEY_USERS\S-1-5-21-2415907942-3743196634-3517938245-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-2415907942-3743196634-3517938245-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BA778FA4-2DDB-4814-9662-D91BA0D516E1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA778FA4-2DDB-4814-9662-D91BA0D516E1}\ not found.
Registry key HKEY_USERS\S-1-5-21-2415907942-3743196634-3517938245-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C64A81FB-0C89-4787-BA3B-CF8909B4FAF7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C64A81FB-0C89-4787-BA3B-CF8909B4FAF7}\ not found.
Registry key HKEY_USERS\S-1-5-21-2415907942-3743196634-3517938245-1000\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DECA3892-BA8F-44b8-A993-A466AD694AE4}\ not found.
Prefs.js: "softonic-de3 Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
C:\Users\stefan\AppData\Roaming\mozilla\Firefox\Profiles\afsd7hfq.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\META-INF folder moved successfully.
C:\Users\stefan\AppData\Roaming\mozilla\Firefox\Profiles\afsd7hfq.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\gecko6 folder moved successfully.
C:\Users\stefan\AppData\Roaming\mozilla\Firefox\Profiles\afsd7hfq.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components folder moved successfully.
C:\Users\stefan\AppData\Roaming\mozilla\Firefox\Profiles\afsd7hfq.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\chrome folder moved successfully.
C:\Users\stefan\AppData\Roaming\mozilla\Firefox\Profiles\afsd7hfq.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} folder moved successfully.
C:\Users\stefan\AppData\Roaming\mozilla\Firefox\Profiles\afsd7hfq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.
C:\Users\stefan\AppData\Roaming\mozilla\Firefox\Profiles\afsd7hfq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.
C:\Users\stefan\AppData\Roaming\mozilla\Firefox\Profiles\afsd7hfq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.
C:\Users\stefan\AppData\Roaming\mozilla\Firefox\Profiles\afsd7hfq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.
C:\Users\stefan\AppData\Roaming\Mozilla\Firefox\Profiles\afsd7hfq.default\searchplugins\conduit.xml moved successfully.
C:\Users\stefan\AppData\Roaming\Mozilla\Firefox\Profiles\afsd7hfq.default\searchplugins\funmoods.xml moved successfully.
C:\Users\stefan\AppData\Roaming\Mozilla\Firefox\Profiles\afsd7hfq.default\searchplugins\search-defender.xml moved successfully.
C:\Users\stefan\AppData\Roaming\Mozilla\Firefox\Profiles\afsd7hfq.default\searchplugins\winamp-search.xml moved successfully.
Unable to fix default_search_provider items.
C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}\ deleted successfully.
File C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA}\ deleted successfully.
C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\ deleted successfully.
C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ deleted successfully.
c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Program Files\softonic-de3\tbsoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ deleted successfully.
File c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
File C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File de3\tbsoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DE9C389F-3316-41A7-809B-AA305ED9D922} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}\ deleted successfully.
File C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll not found.
Registry value HKEY_USERS\S-1-5-21-2415907942-3743196634-3517938245-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.
File de3\tbsoft.dll not found.
Registry value HKEY_USERS\S-1-5-21-2415907942-3743196634-3517938245-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}\ not found.
File C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll not found.
ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.
ADS C:\ProgramData\TEMPFC5A2B2 deleted successfully.
========== FILES ==========
C:\Program Files\softonic-de3 folder moved successfully.
C:\Program Files\AOL\AOL Toolbar 4.0\resources\de-DE\ui folder moved successfully.
C:\Program Files\AOL\AOL Toolbar 4.0\resources\de-DE\rss folder moved successfully.
C:\Program Files\AOL\AOL Toolbar 4.0\resources\de-DE\local folder moved successfully.
C:\Program Files\AOL\AOL Toolbar 4.0\resources\de-DE\buttons folder moved successfully.
C:\Program Files\AOL\AOL Toolbar 4.0\resources\de-DE\ba folder moved successfully.
C:\Program Files\AOL\AOL Toolbar 4.0\resources\de-DE\aimPages folder moved successfully.
C:\Program Files\AOL\AOL Toolbar 4.0\resources\de-DE folder moved successfully.
C:\Program Files\AOL\AOL Toolbar 4.0\resources folder moved successfully.
C:\Program Files\AOL\AOL Toolbar 4.0 folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users
-> No Temporary Internet Files cache folder defined!

User: Default
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!

User: Default User
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!

User: Gast
->Temp folder emptied: 54668 bytes
-> No Temporary Internet Files cache folder defined!
->Java cache emptied: 2002 bytes
->FireFox cache emptied: 26620681 bytes
->Flash cache emptied: 766 bytes

User: Public
-> No Temporary Internet Files cache folder defined!

User: stefan
->Temp folder emptied: 93371558 bytes
-> No Temporary Internet Files cache folder defined!
->Java cache emptied: 17360 bytes
->FireFox cache emptied: 772154833 bytes
->Google Chrome cache emptied: 89317835 bytes
->Apple Safari cache emptied: 101837824 bytes
->Flash cache emptied: 36773 bytes

User: TEMP
-> No Temporary Internet Files cache folder defined!

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1279590 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 312576111 bytes
RecycleBin emptied: 3789267158 bytes

Total Files Cleaned = 4.946,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.35.1 log created on 03122012_193048

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
[CustomScan mit OTL]

Alt 12.03.2012, 19:57   #30
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
funmoods & DR/FakePic.Gen  tmp.edb - Standard

funmoods & DR/FakePic.Gen tmp.edb



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu funmoods & DR/FakePic.Gen tmp.edb
alternate, autorun, avira, bho, bonjour, browser, conduit, converter, downloader, enigma, error, firefox, flash player, format, funmoods, google, google chrome, hijack, hijackthis, iexplore.exe, install.exe, logfile, mozilla, ntdll.dll, officejet, picasa, plug-in, realtek, registry, rundll, scan, searchscopes, security, sehr geholfen, software, svchost.exe, usb, usb 2.0, version=1.0, video converter, vodafone




Ähnliche Themen: funmoods & DR/FakePic.Gen tmp.edb


  1. Avira Fund: DR/FakePic.Gen
    Plagegeister aller Art und deren Bekämpfung - 09.09.2015 (16)
  2. DR/FakePic.Gen löscht Eigene Dateien
    Plagegeister aller Art und deren Bekämpfung - 04.03.2015 (1)
  3. PUP.crossfire.SA, PUP.funmoods
    Plagegeister aller Art und deren Bekämpfung - 21.07.2013 (12)
  4. Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen
    Log-Analyse und Auswertung - 11.04.2013 (34)
  5. Incredibar, Browser Companion, BabyloonToolbar und FunMoods entfernen
    Log-Analyse und Auswertung - 14.03.2013 (9)
  6. funmoods - PC plötzlich langsam -
    Log-Analyse und Auswertung - 14.01.2013 (19)
  7. PC langsam und PUP.Funmoods gefunden
    Log-Analyse und Auswertung - 06.10.2012 (26)
  8. Virus durch Funmoods ?
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (2)
  9. funmoods-Startseite bei Mozilla Firefox
    Log-Analyse und Auswertung - 06.07.2012 (23)
  10. Malwarebytes findet PUP.funmoods in Registry
    Plagegeister aller Art und deren Bekämpfung - 01.05.2012 (31)
  11. Antivir meldet Fund: DR/Fakepic.Gen
    Plagegeister aller Art und deren Bekämpfung - 09.08.2011 (1)
  12. DR/FakePic.Gen
    Plagegeister aller Art und deren Bekämpfung - 24.07.2011 (1)
  13. DR/FakePic.Gen - Wie werde ich den los?
    Plagegeister aller Art und deren Bekämpfung - 16.05.2011 (10)
  14. DR/FakePic.gen Malware, Bilder verschwunden
    Plagegeister aller Art und deren Bekämpfung - 31.12.2010 (29)
  15. DR/FakePic.gen - Alles abgarbeitet hier jetzt das "defogger_disable" wie gehts weiter?
    Plagegeister aller Art und deren Bekämpfung - 17.12.2010 (6)
  16. 'DR/FakePic.Gen' [dropper].Die Quelldatei konnte nicht gefunden werden.
    Plagegeister aller Art und deren Bekämpfung - 12.12.2009 (8)
  17. DR/FakePic.Gen
    Plagegeister aller Art und deren Bekämpfung - 13.06.2009 (5)

Zum Thema funmoods & DR/FakePic.Gen tmp.edb - Zitat: Scan Mode: Current user Du hast den Haken bei "Scanne alle Benutzer" auch vergessen - funmoods & DR/FakePic.Gen tmp.edb...
Archiv
Du betrachtest: funmoods & DR/FakePic.Gen tmp.edb auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.