|
Plagegeister aller Art und deren Bekämpfung: Trojaner oder ............????Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
23.10.2012, 15:48 | #1 |
| Trojaner oder ............???? hallo mitteinander bin nun ganz neu bei euch und habe gleich ein problem . da ich ein totaler laie bin redet bitte verständlich , habe keine ahnung von computer sprache . habe gestern ein update von java gemacht und nun habe ich diese probleme . - wenn ich seiten aufmache wird sie nach ca. 5-10s grau und ich kann nichts bedienen . - nun habe ich auch noch unten rechts so ein blödes zeichen drauf wo innen die zahl 1 aufleichtet . bitte helft mir , bin am verzweifeln , da ich über 10.000 fotos und viele daten drauf habe die ich brauche . vielen dan im vorraus mfg manfred |
23.10.2012, 16:08 | #2 |
/// Malware-holic | Trojaner oder ............???? hi
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex netsvcs msconfig %SYSTEMDRIVE%\*. %PROGRAMFILES%\*.exe %LOCALAPPDATA%\*.exe %systemroot%\*. /mp /s C:\Windows\system32\*.tsp /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %USERPROFILE%\*.* %USERPROFILE%\Local Settings\Temp\*.exe %USERPROFILE%\Local Settings\Temp\*.dll %USERPROFILE%\Application Data\*.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs CREATERESTOREPOINT
__________________ |
23.10.2012, 16:17 | #3 |
| Trojaner oder ............???? danke für deine schnelle antwort .
__________________aber leider wenig verstanden -Kopiere nun den Inhalt in die Textbox. -------------was ist das ??????? -Klicke nun bitte auf den Quick Scan Button.------------wo ist das ????????? sorry , aber ich bin wirklich laie . sorry OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.10.2012 23:33:10 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\manfred\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,93 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 49,33% Memory free 5,85 Gb Paging File | 3,84 Gb Available in Paging File | 65,63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 297,99 Gb Total Space | 222,71 Gb Free Space | 74,74% Space Free | Partition Type: NTFS Drive F: | 24,63 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: MANFRED-LAPTOP | User Name: manfred | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\manfred\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\Globe Broadband\Globe Broadband.exe () PRC - C:\Programme\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\Transports\NclToBTSrv.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia) PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\USB Disk Security\USBGuard.exe (Zbshareware Lab) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) PRC - C:\Programme\Toshiba\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) ========== Modules (No Company Name) ========== MOD - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\libcef.dll () MOD - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.WinForms.dll () MOD - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.dll () MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Programme\Globe Broadband\Globe Broadband.exe () MOD - C:\Programme\Nokia\Nokia Suite\ssoengine.dll () MOD - C:\Programme\Nokia\Nokia Suite\securestorage.dll () MOD - C:\Programme\Nokia\Nokia Suite\qjson.dll () MOD - C:\Programme\Nokia\Nokia Suite\QxtCore.dll () MOD - C:\Programme\Nokia\Nokia Suite\QxtWeb.dll () MOD - C:\Programme\Nokia\Nokia Suite\NService.dll () MOD - C:\Windows\System32\IccLibDll.dll () MOD - C:\Programme\Nokia\Nokia Suite\phonon4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtXmlPatterns4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtXml4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtWebKit4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtSql4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtScript4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtOpenGL4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtNetwork4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtMultimediaKit1.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtGui4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtDeclarative4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtCore4.dll () MOD - C:\Programme\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll () MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qjpeg4.dll () MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qico4.dll () MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qgif4.dll () MOD - C:\Programme\Nokia\Nokia Suite\OviShareLib.dll () MOD - C:\Programme\Nokia\Nokia Suite\Maps Service API.dll () MOD - C:\Programme\Nokia\Nokia Suite\CommonUpdateChecker.dll () MOD - C:\Programme\Nokia\Nokia Suite\mediaservice\dsengine.dll () MOD - C:\Programme\Yahoo!\Messenger\yui.dll () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Programme\Globe Broadband\NDISAPI.dll () MOD - C:\Programme\Globe Broadband\DeviceMgrUIPlugin.dll () MOD - C:\Programme\Globe Broadband\DeviceMgrPlugin.dll () MOD - C:\Programme\Globe Broadband\atcomm.dll () MOD - C:\Programme\Globe Broadband\SMSPlugin.dll () MOD - C:\Programme\Globe Broadband\DetectDev.dll () MOD - C:\Programme\Globe Broadband\LocaleMgrPlugin.dll () MOD - C:\Programme\Globe Broadband\FileManager.dll () MOD - C:\Programme\Globe Broadband\DialUpPlugin.dll () MOD - C:\Programme\Globe Broadband\CallPlugin.dll () MOD - C:\Programme\Globe Broadband\XCodec.dll () MOD - C:\Programme\Globe Broadband\DeviceOperate.dll () MOD - C:\Programme\Globe Broadband\ConfigFilePlugin.dll () MOD - C:\Programme\Globe Broadband\NotifyServicePlugin.dll () MOD - C:\Programme\Globe Broadband\isaputrace.dll () MOD - C:\Programme\Globe Broadband\NetInfoPlugin.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3871fc2b96345aa6f3be81d9e3c97160\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\7f457271e765b5d72f081942b829469c\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (YahooAUService) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) ========== Driver Services (SafeList) ========== DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia) DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project) DRV - (L1C) -- C:\Windows\System32\drivers\L1C60x86.sys (Atheros Communications, Inc.) DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.) DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation) DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation) DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation) DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (PGEffect) -- C:\Windows\System32\drivers\PGEffect.sys (TOSHIBA Corporation) DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3B 91 5D E6 D0 EB CC 01 [binary data] IE - HKCU\..\URLSearchHook: {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: {C3949AC2-4B17-43ee-B4F1-D26B9D42404D}:15.0.5 FF - prefs.js..extensions.enabledAddons: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.2.2 FF - prefs.js..extensions.enabledAddons: printedit@DW-dev:8.8 FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.5.1.20121012015120 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\manfred\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\manfred\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\manfred\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.02.19 17:39:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.07.03 15:40:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.07 21:47:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.07 21:47:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.03.14 22:28:06 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.07 21:47:27 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.07 21:47:21 | 000,000,000 | ---D | M] [2012.02.15 17:30:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\Extensions [2012.10.16 00:44:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions [2012.10.11 22:35:48 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2012.08.22 20:10:25 | 000,000,000 | ---D | M] (Avanquest App'-Anwendungsleiste Community Toolbar) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions\{1d8566bd-f06f-4029-a3be-ba80af5a09f3} [2012.10.16 00:44:44 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012.05.20 10:56:27 | 000,009,693 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\java@flyordie.com.xpi [2012.09.26 21:15:19 | 000,027,267 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\map@quickmaps.me.xpi [2012.10.16 00:44:42 | 000,089,559 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\printedit@DW-dev.xpi [2012.07.29 22:14:44 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.02.18 21:03:48 | 000,000,933 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\11-suche.xml [2012.02.18 21:03:49 | 000,002,419 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\englische-ergebnisse.xml [2012.02.18 21:03:48 | 000,010,525 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\gmx-suche.xml [2012.02.18 21:03:49 | 000,002,457 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\lastminute.xml [2012.02.18 21:03:48 | 000,005,508 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\webde-suche.xml [2012.09.07 21:47:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.07.03 15:40:31 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2012.09.07 21:47:27 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.07.03 15:40:07 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2011.07.12 05:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012.08.25 10:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.25 10:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.08.25 10:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.08.25 10:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.08.25 10:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.08.25 10:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: Google CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}, CHR - homepage: Google CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\manfred\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\manfred\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\manfred\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: Facebook Desktop (Enabled) = C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\manfred\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - Extension: Counter Strike (Flash-Version) = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcbegflbljflchoahmigblmabofoinkh\1.0.1_0\ CHR - Extension: avast! WebRep = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1203_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: Plants vs Zombies = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\ O1 HOSTS File: ([2009.06.11 05:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) O2 - BHO: (Avanquest App'-Anwendungsleiste Toolbar) - {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Program Files\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Avanquest App'-Anwendungsleiste Toolbar) - {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Avanquest App'-Anwendungsleiste Toolbar) - {1D8566BD-F06F-4029-A3BE-BA80AF5A09F3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [TaskTray] File not found O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) O4 - HKLM..\Run: [USB Antivirus] C:\Programme\USB Disk Security\USBGuard.exe (Zbshareware Lab) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [Facebook Update] C:\Users\manfred\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Programme\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) O4 - Startup: C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook) O4 - Startup: C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21F0735F-35A1-4812-B527-E0E99412945B}: NameServer = 10.198.220.124 202.126.40.5 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CAE6AB4-F441-49C1-8BC4-17A07A1B4578}: NameServer = 10.68.80.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1F44AEA-9C2D-4102-A3D6-B26516F71AFF}: DhcpNameServer = 124.106.7.2 124.106.5.2 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.06.26 22:57:06 | 000,284,654 | ---- | M] () - C:\auto verkaufsschild.PNG -- [ NTFS ] O32 - AutoRun File - [2009.06.11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009.08.24 10:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2008.06.17 10:13:46 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{751940b0-5bb9-11e1-a9b3-e839df2c34d5}\Shell - "" = AutoRun O33 - MountPoints2\{751940b0-5bb9-11e1-a9b3-e839df2c34d5}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{75466f3a-5add-11e1-a4e4-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{75466f3a-5add-11e1-a4e4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{75466f86-5add-11e1-a4e4-e839df2c34d5}\Shell - "" = AutoRun O33 - MountPoints2\{75466f86-5add-11e1-a4e4-e839df2c34d5}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009.08.24 10:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009.08.24 10:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.23 23:28:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\manfred\Desktop\OTL.exe [2012.10.22 10:52:57 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.10.22 10:52:57 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.10.22 10:52:57 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.10.20 23:01:44 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\Neuer Ordner [2012.10.18 12:52:06 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\Kai-werkzeug [2012.10.18 12:51:10 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\Kai-baja [2012.10.18 12:41:10 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\Kai-honda [2012.10.16 21:00:32 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\FB [2012.10.04 12:25:34 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\tausch [2012.09.27 10:40:52 | 000,000,000 | ---D | C] -- C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook ========== Files - Modified Within 30 Days ========== [2012.10.23 23:45:46 | 000,001,284 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk [2012.10.23 23:28:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\manfred\Desktop\OTL.exe [2012.10.23 23:26:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000UA.job [2012.10.23 23:21:13 | 000,131,064 | ---- | M] () -- C:\Users\manfred\Desktop\2.PNG [2012.10.23 23:20:24 | 000,107,823 | ---- | M] () -- C:\Users\manfred\Desktop\1.PNG [2012.10.23 22:57:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.23 22:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.23 22:39:04 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000UA.job [2012.10.23 22:39:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000Core.job [2012.10.23 22:30:16 | 000,158,675 | ---- | M] () -- C:\Users\manfred\Desktop\sd.PNG [2012.10.23 19:17:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.23 16:15:47 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.23 16:15:47 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.23 16:10:48 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.23 16:10:29 | 2357,612,544 | -HS- | M] () -- C:\hiberfil.sys [2012.10.22 20:18:06 | 000,139,603 | ---- | M] () -- C:\Users\manfred\Desktop\fff.PNG [2012.10.22 14:58:45 | 000,187,929 | ---- | M] () -- C:\Users\manfred\Desktop\Unbenanntcdsx.PNG [2012.10.22 14:57:19 | 000,172,824 | ---- | M] () -- C:\Users\manfred\Desktop\cdfr.PNG [2012.10.22 11:26:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000Core.job [2012.10.20 14:53:33 | 000,012,493 | ---- | M] () -- C:\ght.PNG [2012.10.19 22:33:11 | 000,000,049 | ---- | M] () -- C:\Users\manfred\Desktop\Blue-Book.URL [2012.10.19 18:44:23 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.10.19 18:44:23 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.10.19 18:44:23 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.10.19 18:44:23 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.10.16 15:57:43 | 000,302,642 | ---- | M] () -- C:\Users\manfred\Desktop\Unbenanntse.PNG [2012.10.14 19:14:39 | 000,000,078 | ---- | M] () -- C:\Users\manfred\Desktop\httpwww.germanexpatinthephilippines.b....URL [2012.10.14 12:44:13 | 000,180,864 | ---- | M] () -- C:\Users\manfred\Desktop\fd.PNG [2012.10.12 13:11:30 | 000,000,087 | ---- | M] () -- C:\Users\manfred\Desktop\Antworten auf Fragen von mt6215.URL [2012.10.11 22:42:26 | 000,000,095 | ---- | M] () -- C:\CallYa Sprach- und Smartphone-Tarife.URL [2012.10.11 21:08:48 | 000,000,061 | ---- | M] () -- C:\httpwww.lidl.dedeClassic-Tarif.URL [2012.10.11 21:08:42 | 000,000,063 | ---- | M] () -- C:\httpwww.lidl.dedeInternet-Stick1.URL [2012.10.11 20:55:29 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.10.11 20:55:29 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.10.11 20:27:55 | 000,002,459 | ---- | M] () -- C:\Users\manfred\Desktop\Google Chrome.lnk [2012.10.10 20:39:59 | 000,000,078 | ---- | M] () -- C:\Sternzeichen deutsch - englisch.URL [2012.10.10 19:35:18 | 000,000,076 | ---- | M] () -- C:\Users\manfred\Desktop\Barbie Games - Fun Games for Girls, Free - Dress-Up & Makeover, Arcade, Sports, Puzzle Game.URL [2012.10.10 13:46:58 | 000,000,078 | ---- | M] () -- C:\Users\manfred\Desktop\Dolls of the World - ChinaJeu.URL [2012.10.09 15:56:10 | 000,045,056 | ---- | M] (Northern Codeworks) -- C:\Windows\NCUNINST.EXE [2012.10.03 08:24:35 | 000,278,066 | ---- | M] () -- C:\am,,lk.PNG [2012.10.03 08:20:55 | 000,026,876 | ---- | M] () -- C:\gg.PNG [2012.10.03 08:02:01 | 000,000,145 | ---- | M] () -- C:\Citizen GN-4-S, WR100,Wasserdicht 100m,Verschraubtes Gehäuse. in Altona - Bahrenfeld Accessoires & Schmuck eBay Kleinanzeige.URL [2012.10.02 23:09:54 | 000,054,649 | ---- | M] () -- C:\s1.PNG [2012.10.02 23:02:46 | 000,086,347 | ---- | M] () -- C:\s.PNG [2012.09.24 23:16:36 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.09.24 23:08:27 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.09.24 23:07:57 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe ========== Files Created - No Company Name ========== [2012.10.23 23:21:13 | 000,131,064 | ---- | C] () -- C:\Users\manfred\Desktop\2.PNG [2012.10.23 23:20:24 | 000,107,823 | ---- | C] () -- C:\Users\manfred\Desktop\1.PNG [2012.10.23 22:30:16 | 000,158,675 | ---- | C] () -- C:\Users\manfred\Desktop\sd.PNG [2012.10.22 20:18:06 | 000,139,603 | ---- | C] () -- C:\Users\manfred\Desktop\fff.PNG [2012.10.22 14:58:45 | 000,187,929 | ---- | C] () -- C:\Users\manfred\Desktop\Unbenanntcdsx.PNG [2012.10.22 14:57:18 | 000,172,824 | ---- | C] () -- C:\Users\manfred\Desktop\cdfr.PNG [2012.10.20 14:53:33 | 000,012,493 | ---- | C] () -- C:\ght.PNG [2012.10.19 22:33:11 | 000,000,049 | ---- | C] () -- C:\Users\manfred\Desktop\Blue-Book.URL [2012.10.16 15:57:43 | 000,302,642 | ---- | C] () -- C:\Users\manfred\Desktop\Unbenanntse.PNG [2012.10.14 19:14:39 | 000,000,078 | ---- | C] () -- C:\Users\manfred\Desktop\httpwww.germanexpatinthephilippines.b....URL [2012.10.14 12:44:13 | 000,180,864 | ---- | C] () -- C:\Users\manfred\Desktop\fd.PNG [2012.10.12 13:11:30 | 000,000,087 | ---- | C] () -- C:\Users\manfred\Desktop\Antworten auf Fragen von mt6215.URL [2012.10.11 22:42:26 | 000,000,095 | ---- | C] () -- C:\CallYa Sprach- und Smartphone-Tarife.URL [2012.10.11 21:08:48 | 000,000,061 | ---- | C] () -- C:\httpwww.lidl.dedeClassic-Tarif.URL [2012.10.11 21:08:42 | 000,000,063 | ---- | C] () -- C:\httpwww.lidl.dedeInternet-Stick1.URL [2012.10.10 20:39:59 | 000,000,078 | ---- | C] () -- C:\Sternzeichen deutsch - englisch.URL [2012.10.10 19:35:18 | 000,000,076 | ---- | C] () -- C:\Users\manfred\Desktop\Barbie Games - Fun Games for Girls, Free - Dress-Up & Makeover, Arcade, Sports, Puzzle Game.URL [2012.10.10 13:46:58 | 000,000,078 | ---- | C] () -- C:\Users\manfred\Desktop\Dolls of the World - ChinaJeu.URL [2012.10.03 08:24:35 | 000,278,066 | ---- | C] () -- C:\am,,lk.PNG [2012.10.03 08:20:55 | 000,026,876 | ---- | C] () -- C:\gg.PNG [2012.10.03 08:02:01 | 000,000,145 | ---- | C] () -- C:\Citizen GN-4-S, WR100,Wasserdicht 100m,Verschraubtes Gehäuse. in Altona - Bahrenfeld Accessoires & Schmuck eBay Kleinanzeige.URL [2012.10.02 23:09:54 | 000,054,649 | ---- | C] () -- C:\s1.PNG [2012.10.02 23:02:46 | 000,086,347 | ---- | C] () -- C:\s.PNG [2012.02.19 12:31:33 | 000,021,504 | ---- | C] () -- C:\Users\manfred\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.02.15 18:58:11 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll [2012.02.15 18:58:10 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2012.02.15 18:58:07 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2012.02.15 18:58:07 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2012.02.15 18:58:07 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2012.02.15 18:37:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2012.01.11 05:17:08 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin [2012.01.11 05:17:04 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin [2012.01.11 05:17:02 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin [2012.01.11 04:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll [2012.01.11 04:14:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2012.01.11 04:12:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll ========== ZeroAccess Check ========== [2009.07.14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 09:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 09:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Files - Unicode (All) ========== [2012.07.01 11:32:34 | 000,000,084 | ---- | M] ()(C:\????????/???? ??? ???? - YouTube.URL) -- C:\幸せになりたいね/大島優子 フォト ムービー - YouTube.URL [2012.07.01 11:32:34 | 000,000,084 | ---- | C] ()(C:\????????/???? ??? ???? - YouTube.URL) -- C:\幸せになりたいね/大島優子 フォト ムービー - YouTube.URL [2012.03.28 18:14:06 | 000,000,091 | ---- | M] ()(C:\? What If We Fall in Love ? - YouTube.URL) -- C:\♥ What If We Fall in Love ♥ - YouTube.URL [2012.03.28 18:14:06 | 000,000,091 | ---- | C] ()(C:\? What If We Fall in Love ? - YouTube.URL) -- C:\♥ What If We Fall in Love ♥ - YouTube.URL < End of report > OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.10.2012 23:33:10 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\manfred\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,93 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 49,33% Memory free 5,85 Gb Paging File | 3,84 Gb Available in Paging File | 65,63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 297,99 Gb Total Space | 222,71 Gb Free Space | 74,74% Space Free | Partition Type: NTFS Drive F: | 24,63 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: MANFRED-LAPTOP | User Name: manfred | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\manfred\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\Globe Broadband\Globe Broadband.exe () PRC - C:\Programme\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\Transports\NclToBTSrv.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia) PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\USB Disk Security\USBGuard.exe (Zbshareware Lab) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) PRC - C:\Programme\Toshiba\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) ========== Modules (No Company Name) ========== MOD - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\libcef.dll () MOD - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.WinForms.dll () MOD - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.dll () MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Programme\Globe Broadband\Globe Broadband.exe () MOD - C:\Programme\Nokia\Nokia Suite\ssoengine.dll () MOD - C:\Programme\Nokia\Nokia Suite\securestorage.dll () MOD - C:\Programme\Nokia\Nokia Suite\qjson.dll () MOD - C:\Programme\Nokia\Nokia Suite\QxtCore.dll () MOD - C:\Programme\Nokia\Nokia Suite\QxtWeb.dll () MOD - C:\Programme\Nokia\Nokia Suite\NService.dll () MOD - C:\Windows\System32\IccLibDll.dll () MOD - C:\Programme\Nokia\Nokia Suite\phonon4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtXmlPatterns4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtXml4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtWebKit4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtSql4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtScript4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtOpenGL4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtNetwork4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtMultimediaKit1.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtGui4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtDeclarative4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtCore4.dll () MOD - C:\Programme\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll () MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qjpeg4.dll () MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qico4.dll () MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qgif4.dll () MOD - C:\Programme\Nokia\Nokia Suite\OviShareLib.dll () MOD - C:\Programme\Nokia\Nokia Suite\Maps Service API.dll () MOD - C:\Programme\Nokia\Nokia Suite\CommonUpdateChecker.dll () MOD - C:\Programme\Nokia\Nokia Suite\mediaservice\dsengine.dll () MOD - C:\Programme\Yahoo!\Messenger\yui.dll () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Programme\Globe Broadband\NDISAPI.dll () MOD - C:\Programme\Globe Broadband\DeviceMgrUIPlugin.dll () MOD - C:\Programme\Globe Broadband\DeviceMgrPlugin.dll () MOD - C:\Programme\Globe Broadband\atcomm.dll () MOD - C:\Programme\Globe Broadband\SMSPlugin.dll () MOD - C:\Programme\Globe Broadband\DetectDev.dll () MOD - C:\Programme\Globe Broadband\LocaleMgrPlugin.dll () MOD - C:\Programme\Globe Broadband\FileManager.dll () MOD - C:\Programme\Globe Broadband\DialUpPlugin.dll () MOD - C:\Programme\Globe Broadband\CallPlugin.dll () MOD - C:\Programme\Globe Broadband\XCodec.dll () MOD - C:\Programme\Globe Broadband\DeviceOperate.dll () MOD - C:\Programme\Globe Broadband\ConfigFilePlugin.dll () MOD - C:\Programme\Globe Broadband\NotifyServicePlugin.dll () MOD - C:\Programme\Globe Broadband\isaputrace.dll () MOD - C:\Programme\Globe Broadband\NetInfoPlugin.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3871fc2b96345aa6f3be81d9e3c97160\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\7f457271e765b5d72f081942b829469c\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (YahooAUService) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) ========== Driver Services (SafeList) ========== DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia) DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project) DRV - (L1C) -- C:\Windows\System32\drivers\L1C60x86.sys (Atheros Communications, Inc.) DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.) DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation) DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation) DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation) DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (PGEffect) -- C:\Windows\System32\drivers\PGEffect.sys (TOSHIBA Corporation) DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3B 91 5D E6 D0 EB CC 01 [binary data] IE - HKCU\..\URLSearchHook: {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: {C3949AC2-4B17-43ee-B4F1-D26B9D42404D}:15.0.5 FF - prefs.js..extensions.enabledAddons: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.2.2 FF - prefs.js..extensions.enabledAddons: printedit@DW-dev:8.8 FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.5.1.20121012015120 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\manfred\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\manfred\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\manfred\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.02.19 17:39:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.07.03 15:40:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.07 21:47:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.07 21:47:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.03.14 22:28:06 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.07 21:47:27 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.07 21:47:21 | 000,000,000 | ---D | M] [2012.02.15 17:30:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\Extensions [2012.10.16 00:44:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions [2012.10.11 22:35:48 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2012.08.22 20:10:25 | 000,000,000 | ---D | M] (Avanquest App'-Anwendungsleiste Community Toolbar) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions\{1d8566bd-f06f-4029-a3be-ba80af5a09f3} [2012.10.16 00:44:44 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012.05.20 10:56:27 | 000,009,693 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\java@flyordie.com.xpi [2012.09.26 21:15:19 | 000,027,267 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\map@quickmaps.me.xpi [2012.10.16 00:44:42 | 000,089,559 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\printedit@DW-dev.xpi [2012.07.29 22:14:44 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.02.18 21:03:48 | 000,000,933 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\11-suche.xml [2012.02.18 21:03:49 | 000,002,419 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\englische-ergebnisse.xml [2012.02.18 21:03:48 | 000,010,525 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\gmx-suche.xml [2012.02.18 21:03:49 | 000,002,457 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\lastminute.xml [2012.02.18 21:03:48 | 000,005,508 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\webde-suche.xml [2012.09.07 21:47:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.07.03 15:40:31 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2012.09.07 21:47:27 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.07.03 15:40:07 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2011.07.12 05:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012.08.25 10:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.25 10:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.08.25 10:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.08.25 10:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.08.25 10:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.08.25 10:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: Google CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}, CHR - homepage: Google CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\manfred\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\manfred\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\manfred\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: Facebook Desktop (Enabled) = C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\manfred\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - Extension: Counter Strike (Flash-Version) = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcbegflbljflchoahmigblmabofoinkh\1.0.1_0\ CHR - Extension: avast! WebRep = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1203_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: Plants vs Zombies = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\ O1 HOSTS File: ([2009.06.11 05:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) O2 - BHO: (Avanquest App'-Anwendungsleiste Toolbar) - {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Program Files\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Avanquest App'-Anwendungsleiste Toolbar) - {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Avanquest App'-Anwendungsleiste Toolbar) - {1D8566BD-F06F-4029-A3BE-BA80AF5A09F3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [TaskTray] File not found O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) O4 - HKLM..\Run: [USB Antivirus] C:\Programme\USB Disk Security\USBGuard.exe (Zbshareware Lab) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [Facebook Update] C:\Users\manfred\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Programme\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) O4 - Startup: C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook) O4 - Startup: C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21F0735F-35A1-4812-B527-E0E99412945B}: NameServer = 10.198.220.124 202.126.40.5 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CAE6AB4-F441-49C1-8BC4-17A07A1B4578}: NameServer = 10.68.80.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1F44AEA-9C2D-4102-A3D6-B26516F71AFF}: DhcpNameServer = 124.106.7.2 124.106.5.2 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.06.26 22:57:06 | 000,284,654 | ---- | M] () - C:\auto verkaufsschild.PNG -- [ NTFS ] O32 - AutoRun File - [2009.06.11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009.08.24 10:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2008.06.17 10:13:46 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{751940b0-5bb9-11e1-a9b3-e839df2c34d5}\Shell - "" = AutoRun O33 - MountPoints2\{751940b0-5bb9-11e1-a9b3-e839df2c34d5}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{75466f3a-5add-11e1-a4e4-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{75466f3a-5add-11e1-a4e4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{75466f86-5add-11e1-a4e4-e839df2c34d5}\Shell - "" = AutoRun O33 - MountPoints2\{75466f86-5add-11e1-a4e4-e839df2c34d5}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009.08.24 10:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009.08.24 10:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.23 23:28:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\manfred\Desktop\OTL.exe [2012.10.22 10:52:57 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.10.22 10:52:57 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.10.22 10:52:57 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.10.20 23:01:44 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\Neuer Ordner [2012.10.18 12:52:06 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\Kai-werkzeug [2012.10.18 12:51:10 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\Kai-baja [2012.10.18 12:41:10 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\Kai-honda [2012.10.16 21:00:32 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\FB [2012.10.04 12:25:34 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\tausch [2012.09.27 10:40:52 | 000,000,000 | ---D | C] -- C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook ========== Files - Modified Within 30 Days ========== [2012.10.23 23:45:46 | 000,001,284 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk [2012.10.23 23:28:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\manfred\Desktop\OTL.exe [2012.10.23 23:26:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000UA.job [2012.10.23 23:21:13 | 000,131,064 | ---- | M] () -- C:\Users\manfred\Desktop\2.PNG [2012.10.23 23:20:24 | 000,107,823 | ---- | M] () -- C:\Users\manfred\Desktop\1.PNG [2012.10.23 22:57:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.23 22:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.23 22:39:04 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000UA.job [2012.10.23 22:39:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000Core.job [2012.10.23 22:30:16 | 000,158,675 | ---- | M] () -- C:\Users\manfred\Desktop\sd.PNG [2012.10.23 19:17:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.23 16:15:47 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.23 16:15:47 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.23 16:10:48 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.23 16:10:29 | 2357,612,544 | -HS- | M] () -- C:\hiberfil.sys [2012.10.22 20:18:06 | 000,139,603 | ---- | M] () -- C:\Users\manfred\Desktop\fff.PNG [2012.10.22 14:58:45 | 000,187,929 | ---- | M] () -- C:\Users\manfred\Desktop\Unbenanntcdsx.PNG [2012.10.22 14:57:19 | 000,172,824 | ---- | M] () -- C:\Users\manfred\Desktop\cdfr.PNG [2012.10.22 11:26:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000Core.job [2012.10.20 14:53:33 | 000,012,493 | ---- | M] () -- C:\ght.PNG [2012.10.19 22:33:11 | 000,000,049 | ---- | M] () -- C:\Users\manfred\Desktop\Blue-Book.URL [2012.10.19 18:44:23 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.10.19 18:44:23 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.10.19 18:44:23 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.10.19 18:44:23 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.10.16 15:57:43 | 000,302,642 | ---- | M] () -- C:\Users\manfred\Desktop\Unbenanntse.PNG [2012.10.14 19:14:39 | 000,000,078 | ---- | M] () -- C:\Users\manfred\Desktop\httpwww.germanexpatinthephilippines.b....URL [2012.10.14 12:44:13 | 000,180,864 | ---- | M] () -- C:\Users\manfred\Desktop\fd.PNG [2012.10.12 13:11:30 | 000,000,087 | ---- | M] () -- C:\Users\manfred\Desktop\Antworten auf Fragen von mt6215.URL [2012.10.11 22:42:26 | 000,000,095 | ---- | M] () -- C:\CallYa Sprach- und Smartphone-Tarife.URL [2012.10.11 21:08:48 | 000,000,061 | ---- | M] () -- C:\httpwww.lidl.dedeClassic-Tarif.URL [2012.10.11 21:08:42 | 000,000,063 | ---- | M] () -- C:\httpwww.lidl.dedeInternet-Stick1.URL [2012.10.11 20:55:29 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.10.11 20:55:29 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.10.11 20:27:55 | 000,002,459 | ---- | M] () -- C:\Users\manfred\Desktop\Google Chrome.lnk [2012.10.10 20:39:59 | 000,000,078 | ---- | M] () -- C:\Sternzeichen deutsch - englisch.URL [2012.10.10 19:35:18 | 000,000,076 | ---- | M] () -- C:\Users\manfred\Desktop\Barbie Games - Fun Games for Girls, Free - Dress-Up & Makeover, Arcade, Sports, Puzzle Game.URL [2012.10.10 13:46:58 | 000,000,078 | ---- | M] () -- C:\Users\manfred\Desktop\Dolls of the World - ChinaJeu.URL [2012.10.09 15:56:10 | 000,045,056 | ---- | M] (Northern Codeworks) -- C:\Windows\NCUNINST.EXE [2012.10.03 08:24:35 | 000,278,066 | ---- | M] () -- C:\am,,lk.PNG [2012.10.03 08:20:55 | 000,026,876 | ---- | M] () -- C:\gg.PNG [2012.10.03 08:02:01 | 000,000,145 | ---- | M] () -- C:\Citizen GN-4-S, WR100,Wasserdicht 100m,Verschraubtes Gehäuse. in Altona - Bahrenfeld Accessoires & Schmuck eBay Kleinanzeige.URL [2012.10.02 23:09:54 | 000,054,649 | ---- | M] () -- C:\s1.PNG [2012.10.02 23:02:46 | 000,086,347 | ---- | M] () -- C:\s.PNG [2012.09.24 23:16:36 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.09.24 23:08:27 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.09.24 23:07:57 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe ========== Files Created - No Company Name ========== [2012.10.23 23:21:13 | 000,131,064 | ---- | C] () -- C:\Users\manfred\Desktop\2.PNG [2012.10.23 23:20:24 | 000,107,823 | ---- | C] () -- C:\Users\manfred\Desktop\1.PNG [2012.10.23 22:30:16 | 000,158,675 | ---- | C] () -- C:\Users\manfred\Desktop\sd.PNG [2012.10.22 20:18:06 | 000,139,603 | ---- | C] () -- C:\Users\manfred\Desktop\fff.PNG [2012.10.22 14:58:45 | 000,187,929 | ---- | C] () -- C:\Users\manfred\Desktop\Unbenanntcdsx.PNG [2012.10.22 14:57:18 | 000,172,824 | ---- | C] () -- C:\Users\manfred\Desktop\cdfr.PNG [2012.10.20 14:53:33 | 000,012,493 | ---- | C] () -- C:\ght.PNG [2012.10.19 22:33:11 | 000,000,049 | ---- | C] () -- C:\Users\manfred\Desktop\Blue-Book.URL [2012.10.16 15:57:43 | 000,302,642 | ---- | C] () -- C:\Users\manfred\Desktop\Unbenanntse.PNG [2012.10.14 19:14:39 | 000,000,078 | ---- | C] () -- C:\Users\manfred\Desktop\httpwww.germanexpatinthephilippines.b....URL [2012.10.14 12:44:13 | 000,180,864 | ---- | C] () -- C:\Users\manfred\Desktop\fd.PNG [2012.10.12 13:11:30 | 000,000,087 | ---- | C] () -- C:\Users\manfred\Desktop\Antworten auf Fragen von mt6215.URL [2012.10.11 22:42:26 | 000,000,095 | ---- | C] () -- C:\CallYa Sprach- und Smartphone-Tarife.URL [2012.10.11 21:08:48 | 000,000,061 | ---- | C] () -- C:\httpwww.lidl.dedeClassic-Tarif.URL [2012.10.11 21:08:42 | 000,000,063 | ---- | C] () -- C:\httpwww.lidl.dedeInternet-Stick1.URL [2012.10.10 20:39:59 | 000,000,078 | ---- | C] () -- C:\Sternzeichen deutsch - englisch.URL [2012.10.10 19:35:18 | 000,000,076 | ---- | C] () -- C:\Users\manfred\Desktop\Barbie Games - Fun Games for Girls, Free - Dress-Up & Makeover, Arcade, Sports, Puzzle Game.URL [2012.10.10 13:46:58 | 000,000,078 | ---- | C] () -- C:\Users\manfred\Desktop\Dolls of the World - ChinaJeu.URL [2012.10.03 08:24:35 | 000,278,066 | ---- | C] () -- C:\am,,lk.PNG [2012.10.03 08:20:55 | 000,026,876 | ---- | C] () -- C:\gg.PNG [2012.10.03 08:02:01 | 000,000,145 | ---- | C] () -- C:\Citizen GN-4-S, WR100,Wasserdicht 100m,Verschraubtes Gehäuse. in Altona - Bahrenfeld Accessoires & Schmuck eBay Kleinanzeige.URL [2012.10.02 23:09:54 | 000,054,649 | ---- | C] () -- C:\s1.PNG [2012.10.02 23:02:46 | 000,086,347 | ---- | C] () -- C:\s.PNG [2012.02.19 12:31:33 | 000,021,504 | ---- | C] () -- C:\Users\manfred\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.02.15 18:58:11 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll [2012.02.15 18:58:10 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2012.02.15 18:58:07 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2012.02.15 18:58:07 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2012.02.15 18:58:07 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2012.02.15 18:37:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2012.01.11 05:17:08 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin [2012.01.11 05:17:04 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin [2012.01.11 05:17:02 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin [2012.01.11 04:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll [2012.01.11 04:14:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2012.01.11 04:12:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll ========== ZeroAccess Check ========== [2009.07.14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 09:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 09:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Files - Unicode (All) ========== [2012.07.01 11:32:34 | 000,000,084 | ---- | M] ()(C:\????????/???? ??? ???? - YouTube.URL) -- C:\幸せになりたいね/大島優子 フォト ムービー - YouTube.URL [2012.07.01 11:32:34 | 000,000,084 | ---- | C] ()(C:\????????/???? ??? ???? - YouTube.URL) -- C:\幸せになりたいね/大島優子 フォト ムービー - YouTube.URL [2012.03.28 18:14:06 | 000,000,091 | ---- | M] ()(C:\? What If We Fall in Love ? - YouTube.URL) -- C:\♥ What If We Fall in Love ♥ - YouTube.URL [2012.03.28 18:14:06 | 000,000,091 | ---- | C] ()(C:\? What If We Fall in Love ? - YouTube.URL) -- C:\♥ What If We Fall in Love ♥ - YouTube.URL < End of report > ist das richtig ? ist das was ihr braucht ? ist das richtig ? ist das was ihr braucht ? kann jemand helfen , wer weis was ich habe . |
24.10.2012, 19:39 | #4 |
/// Malware-holic | Trojaner oder ............???? otl hat eine box, dort den text einkopieren, bitte noch mal und dann scannen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
25.10.2012, 18:05 | #5 |
| Trojaner oder ............???? hallo ich finde auf der seite von OTL nichts von einer box . sorry ich habe echt keine ahnung . habe nun auf scan gedrückt und ist nun vertig nun ging eine seite auf wo daten stehen . soll ich nun die daten hier einfügen ? bitte habt etwas verständnis das ich nicht ganz durchsehe . |
26.10.2012, 12:38 | #6 | |
| Trojaner oder ............????Zitat:
das --------- und dann scannen----------- verstehe ich nicht . ich habe nur gescannt und dann kopiert . vieleicht verstehe ich da was falsch , aber ich verstehe es nicht , sorry |
28.10.2012, 11:09 | #7 |
| Trojaner oder ............???? OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 28.10.2012 17:44:09 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\manfred\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,93 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 63,40% Memory free 5,85 Gb Paging File | 4,52 Gb Available in Paging File | 77,22% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 297,99 Gb Total Space | 221,36 Gb Free Space | 74,28% Space Free | Partition Type: NTFS Drive F: | 24,63 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: MANFRED-LAPTOP | User Name: manfred | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{2C1FE3E7-D1DD-4B49-AC3B-54F99DD727FD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2DB60A46-7F39-4117-B730-092A95268100}" = rport=138 | protocol=17 | dir=out | app=system | "{30EDF6BE-E24B-4343-B021-8DEB6BDA6E4C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{31E08B30-1789-480D-8BDE-44B7870E38B7}" = lport=137 | protocol=17 | dir=in | app=system | "{638DE2BB-514E-4FF2-8958-2BADFEF0C149}" = lport=445 | protocol=6 | dir=in | app=system | "{85BACC20-BC31-4946-875F-8020EC4AA4C1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{93479A70-BE2C-454D-8A8F-6574F4E4DCE3}" = rport=137 | protocol=17 | dir=out | app=system | "{A3FBD9BF-4E92-4881-8FF5-0E0743FDD50A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A6808EBE-09F6-4B4C-9002-AE2B579BCE3A}" = lport=139 | protocol=6 | dir=in | app=system | "{B9F825C4-9C14-4284-AABD-2859F9990095}" = lport=138 | protocol=17 | dir=in | app=system | "{BFE05BF0-126F-47B9-A4CA-3D108D436FA5}" = rport=445 | protocol=6 | dir=out | app=system | "{F9B39352-094A-4224-90BD-0AFD3BFABF8B}" = rport=139 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{19E1543E-80B7-4443-A9FF-76D0804919D7}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe | "{25F903B1-D27D-4C46-B419-7E4734106273}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{285C5D39-B54E-42CF-B8BB-E80CDF35CB51}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{3F0AC9F6-0901-4A21-8677-AE1E465813D3}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | "{44DFB270-8F47-4D2B-9CF5-361D73EFA82D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5DB401C8-8C79-4AD7-8C5A-6582D8193FF7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{65516601-ABE0-4902-95EE-C02FA53DF1E0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{6F65A6CF-6751-4592-B64B-0DD831B1833A}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | "{8E0030B5-9B46-4436-A0E9-E8D8678D2018}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | "{A5D50297-759A-43CF-9ABD-0F9BA65677F1}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | "{ACC1DFBC-CA68-4E54-BED9-5AF61BC59F9B}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{AE0C55FA-7046-4F8C-9FC1-A1CCE387C8C5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{B3277B74-F9A5-4F72-A21E-83FBC624557C}" = dir=in | app=c:\users\manfred\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{CBBE68BD-44CD-4B89-A60D-0F4A2AD36D75}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series" = Canon iP2700 series Printer Driver "{17D26CDD-B87C-412B-92F0-2D5DD4313522}" = Facebook Messenger 2.1.4651.0 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22 "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver "{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287 "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{DFD30824-6BD0-34E1-ABE8-308AD3CBB9A0}" = Google Talk Plugin "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86 "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Avanquest_App'-Anwendungsleiste Toolbar" = Avanquest App'-Anwendungsleiste Toolbar "avast" = avast! Free Antivirus "Driver Genius Professional Edition_is1" = Driver Genius Professional Edition "Globe Broadband" = Globe Broadband "GOM Player" = GOM Player "IrfanView" = IrfanView (remove only) "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.8.0 "LingoPad_is1" = LingoPad 2.6 (Build 360) "Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Nokia Suite" = Nokia Suite "Orbit_is1" = Orbit Downloader "RealPlayer 15.0" = RealPlayer "TeamViewer 7" = TeamViewer 7 "USB Disk Security_is1" = USB Disk Security "uTorrent" = µTorrent "VLC media player" = VLC media player 1.1.11 "Winamp" = Winamp "WinRAR archiver" = WinRAR 4.01 (32-bit) "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Messenger" = Yahoo! Messenger "Yahoo! Software Update" = Yahoo! Software Update ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 15.07.2012 01:39:05 | Computer Name = manfred-laptop | Source = Google Update | ID = 20 Description = Error - 15.07.2012 04:39:05 | Computer Name = manfred-laptop | Source = Google Update | ID = 20 Description = Error - 15.07.2012 22:07:13 | Computer Name = manfred-laptop | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: wmplayer.exe, Version: 12.0.7600.16415, Zeitstempel: 0x4a98ae4b Name des fehlerhaften Moduls: hxmedpltfm.dll, Version: 15.0.5.109, Zeitstempel: 0x4fe36f3b Ausnahmecode: 0xc0000005 Fehleroffset: 0x0001ca71 ID des fehlerhaften Prozesses: 0x178 Startzeit der fehlerhaften Anwendung: 0x01cd62f65b2b7b6c Pfad der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmplayer.exe Pfad des fehlerhaften Moduls: c:\program files\real\realplayer\common\hxmedpltfm.dll Berichtskennung: f528b2f9-ceea-11e1-802b-c80aa9f28303 Error - 15.07.2012 22:22:15 | Computer Name = manfred-laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 17.07.2012 01:39:05 | Computer Name = manfred-laptop | Source = Google Update | ID = 20 Description = Error - 17.07.2012 04:39:05 | Computer Name = manfred-laptop | Source = Google Update | ID = 20 Description = Error - 17.07.2012 07:39:05 | Computer Name = manfred-laptop | Source = Google Update | ID = 20 Description = Error - 18.07.2012 01:39:05 | Computer Name = manfred-laptop | Source = Google Update | ID = 20 Description = Error - 18.07.2012 04:39:05 | Computer Name = manfred-laptop | Source = Google Update | ID = 20 Description = Error - 20.07.2012 04:39:05 | Computer Name = manfred-laptop | Source = Google Update | ID = 20 Description = [ System Events ] Error - 28.05.2012 13:00:20 | Computer Name = manfred-laptop | Source = Service Control Manager | ID = 7000 Description = Der Dienst "IPsec-Richtlinien-Agent" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 28.05.2012 13:00:20 | Computer Name = manfred-laptop | Source = Service Control Manager | ID = 7038 Description = Der Dienst "PolicyAgent" konnte sich nicht als "NT Authority\NetworkService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1352 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 28.05.2012 13:00:20 | Computer Name = manfred-laptop | Source = Service Control Manager | ID = 7000 Description = Der Dienst "IPsec-Richtlinien-Agent" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 28.05.2012 13:00:20 | Computer Name = manfred-laptop | Source = Service Control Manager | ID = 7038 Description = Der Dienst "PolicyAgent" konnte sich nicht als "NT Authority\NetworkService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1352 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 28.05.2012 13:00:20 | Computer Name = manfred-laptop | Source = Service Control Manager | ID = 7000 Description = Der Dienst "IPsec-Richtlinien-Agent" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 28.05.2012 13:00:20 | Computer Name = manfred-laptop | Source = Service Control Manager | ID = 7038 Description = Der Dienst "PolicyAgent" konnte sich nicht als "NT Authority\NetworkService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1352 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 28.05.2012 13:00:20 | Computer Name = manfred-laptop | Source = Service Control Manager | ID = 7000 Description = Der Dienst "IPsec-Richtlinien-Agent" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 28.05.2012 13:00:20 | Computer Name = manfred-laptop | Source = Service Control Manager | ID = 7038 Description = Der Dienst "PolicyAgent" konnte sich nicht als "NT Authority\NetworkService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1352 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 28.05.2012 13:00:20 | Computer Name = manfred-laptop | Source = Service Control Manager | ID = 7000 Description = Der Dienst "IPsec-Richtlinien-Agent" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 28.05.2012 13:07:48 | Computer Name = manfred-laptop | Source = BugCheck | ID = 1001 Description = < End of report > OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.10.2012 17:44:09 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\manfred\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,93 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 63,40% Memory free 5,85 Gb Paging File | 4,52 Gb Available in Paging File | 77,22% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 297,99 Gb Total Space | 221,36 Gb Free Space | 74,28% Space Free | Partition Type: NTFS Drive F: | 24,63 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: MANFRED-LAPTOP | User Name: manfred | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days ========== Processes (SafeList) ========== PRC - C:\Users\manfred\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\Globe Broadband\Globe Broadband.exe () PRC - C:\Programme\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\Transports\NclToBTSrv.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia) PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\USB Disk Security\USBGuard.exe (Zbshareware Lab) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) PRC - C:\Programme\Toshiba\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) ========== Modules (No Company Name) ========== MOD - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\libcef.dll () MOD - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.WinForms.dll () MOD - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.dll () MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Programme\Globe Broadband\Globe Broadband.exe () MOD - C:\Programme\Nokia\Nokia Suite\ssoengine.dll () MOD - C:\Programme\Nokia\Nokia Suite\securestorage.dll () MOD - C:\Programme\Nokia\Nokia Suite\qjson.dll () MOD - C:\Programme\Nokia\Nokia Suite\QxtCore.dll () MOD - C:\Programme\Nokia\Nokia Suite\QxtWeb.dll () MOD - C:\Programme\Nokia\Nokia Suite\NService.dll () MOD - C:\Windows\System32\IccLibDll.dll () MOD - C:\Programme\Nokia\Nokia Suite\phonon4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtXmlPatterns4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtXml4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtWebKit4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtSql4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtScript4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtOpenGL4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtNetwork4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtMultimediaKit1.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtGui4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtDeclarative4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtCore4.dll () MOD - C:\Programme\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll () MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qjpeg4.dll () MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qico4.dll () MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qgif4.dll () MOD - C:\Programme\Nokia\Nokia Suite\OviShareLib.dll () MOD - C:\Programme\Nokia\Nokia Suite\Maps Service API.dll () MOD - C:\Programme\Nokia\Nokia Suite\CommonUpdateChecker.dll () MOD - C:\Programme\Nokia\Nokia Suite\mediaservice\dsengine.dll () MOD - C:\Programme\Yahoo!\Messenger\yui.dll () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Programme\Globe Broadband\NDISAPI.dll () MOD - C:\Programme\Globe Broadband\DeviceMgrUIPlugin.dll () MOD - C:\Programme\Globe Broadband\DeviceMgrPlugin.dll () MOD - C:\Programme\Globe Broadband\atcomm.dll () MOD - C:\Programme\Globe Broadband\SMSPlugin.dll () MOD - C:\Programme\Globe Broadband\DetectDev.dll () MOD - C:\Programme\Globe Broadband\LocaleMgrPlugin.dll () MOD - C:\Programme\Globe Broadband\FileManager.dll () MOD - C:\Programme\Globe Broadband\DialUpPlugin.dll () MOD - C:\Programme\Globe Broadband\CallPlugin.dll () MOD - C:\Programme\Globe Broadband\XCodec.dll () MOD - C:\Programme\Globe Broadband\DeviceOperate.dll () MOD - C:\Programme\Globe Broadband\ConfigFilePlugin.dll () MOD - C:\Programme\Globe Broadband\NotifyServicePlugin.dll () MOD - C:\Programme\Globe Broadband\isaputrace.dll () MOD - C:\Programme\Globe Broadband\NetInfoPlugin.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3871fc2b96345aa6f3be81d9e3c97160\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\7f457271e765b5d72f081942b829469c\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (YahooAUService) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) ========== Driver Services (SafeList) ========== DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia) DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project) DRV - (L1C) -- C:\Windows\System32\drivers\L1C60x86.sys (Atheros Communications, Inc.) DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.) DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation) DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation) DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation) DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (PGEffect) -- C:\Windows\System32\drivers\PGEffect.sys (TOSHIBA Corporation) DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3B 91 5D E6 D0 EB CC 01 [binary data] IE - HKCU\..\URLSearchHook: {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: {C3949AC2-4B17-43ee-B4F1-D26B9D42404D}:15.0.5 FF - prefs.js..extensions.enabledAddons: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.2.2 FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.5.1.20121012015120 FF - prefs.js..extensions.enabledAddons: printedit@DW-dev:8.9 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\manfred\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\manfred\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\manfred\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.02.19 17:39:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.07.03 15:40:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 22:32:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 22:32:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.03.14 22:28:06 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 22:32:12 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 22:32:10 | 000,000,000 | ---D | M] [2012.02.15 17:30:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\Extensions [2012.10.28 01:46:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions [2012.10.11 22:35:48 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2012.08.22 20:10:25 | 000,000,000 | ---D | M] (Avanquest App'-Anwendungsleiste Community Toolbar) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions\{1d8566bd-f06f-4029-a3be-ba80af5a09f3} [2012.10.16 00:44:44 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012.05.20 10:56:27 | 000,009,693 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\java@flyordie.com.xpi [2012.09.26 21:15:19 | 000,027,267 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\map@quickmaps.me.xpi [2012.10.28 01:46:01 | 000,091,555 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\printedit@DW-dev.xpi [2012.07.29 22:14:44 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.02.18 21:03:48 | 000,000,933 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\11-suche.xml [2012.02.18 21:03:49 | 000,002,419 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\englische-ergebnisse.xml [2012.02.18 21:03:48 | 000,010,525 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\gmx-suche.xml [2012.02.18 21:03:49 | 000,002,457 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\lastminute.xml [2012.02.18 21:03:48 | 000,005,508 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\webde-suche.xml [2012.10.27 22:32:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.07.03 15:40:31 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2012.10.27 22:32:12 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.07.03 15:40:07 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2011.07.12 05:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012.08.25 10:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.25 10:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.08.25 10:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.08.25 10:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.08.25 10:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.08.25 10:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}, CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\manfred\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\manfred\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\manfred\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: Facebook Desktop (Enabled) = C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\manfred\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - Extension: Counter Strike (Flash-Version) = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcbegflbljflchoahmigblmabofoinkh\1.0.1_0\ CHR - Extension: avast! WebRep = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1203_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: Plants vs Zombies = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\ O1 HOSTS File: ([2009.06.11 05:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) O2 - BHO: (Avanquest App'-Anwendungsleiste Toolbar) - {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Program Files\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Avanquest App'-Anwendungsleiste Toolbar) - {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Avanquest App'-Anwendungsleiste Toolbar) - {1D8566BD-F06F-4029-A3BE-BA80AF5A09F3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [TaskTray] File not found O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) O4 - HKLM..\Run: [USB Antivirus] C:\Programme\USB Disk Security\USBGuard.exe (Zbshareware Lab) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [Facebook Update] C:\Users\manfred\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Programme\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) O4 - Startup: C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook) O4 - Startup: C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21F0735F-35A1-4812-B527-E0E99412945B}: NameServer = 10.198.220.124 202.126.40.5 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CAE6AB4-F441-49C1-8BC4-17A07A1B4578}: NameServer = 10.68.80.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1F44AEA-9C2D-4102-A3D6-B26516F71AFF}: DhcpNameServer = 124.106.7.2 124.106.5.2 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.06.26 22:57:06 | 000,284,654 | ---- | M] () - C:\auto verkaufsschild.PNG -- [ NTFS ] O32 - AutoRun File - [2009.06.11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009.08.24 10:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2008.06.17 10:13:46 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{751940b0-5bb9-11e1-a9b3-e839df2c34d5}\Shell - "" = AutoRun O33 - MountPoints2\{751940b0-5bb9-11e1-a9b3-e839df2c34d5}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{75466f3a-5add-11e1-a4e4-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{75466f3a-5add-11e1-a4e4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{75466f86-5add-11e1-a4e4-e839df2c34d5}\Shell - "" = AutoRun O33 - MountPoints2\{75466f86-5add-11e1-a4e4-e839df2c34d5}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009.08.24 10:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009.08.24 10:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 60 Days ========== [2012.10.27 22:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.10.23 23:28:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\manfred\Desktop\OTL.exe [2012.10.22 10:52:57 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.10.22 10:52:57 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.10.22 10:52:57 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.10.20 23:01:44 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\Neuer Ordner [2012.10.04 12:25:34 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\tausch [2012.09.27 10:40:52 | 000,000,000 | ---D | C] -- C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook [2012.09.18 10:24:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.09.10 17:52:30 | 000,000,000 | ---D | C] -- C:\Global karten [2012.09.06 21:32:07 | 000,000,000 | R--D | C] -- C:\Users\manfred\Desktop\Schulbücher [2012.09.06 20:56:14 | 000,000,000 | ---D | C] -- C:\ebay 2 handys gekauft [2012.09.06 20:51:34 | 000,000,000 | ---D | C] -- C:\Alu Koffer schloss [2012.09.05 23:24:42 | 000,000,000 | ---D | C] -- C:\silke schicken [2012.09.04 18:54:40 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\BDO [2012.09.02 21:47:55 | 000,000,000 | ---D | C] -- C:\elter schicken ========== Files - Modified Within 60 Days ========== [2012.10.28 17:57:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.28 17:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.28 17:26:02 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000UA.job [2012.10.28 16:39:14 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000UA.job [2012.10.28 11:47:06 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.28 11:47:06 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.28 11:40:44 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.28 11:40:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.28 11:40:17 | 2357,612,544 | -HS- | M] () -- C:\hiberfil.sys [2012.10.27 22:39:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000Core.job [2012.10.27 20:00:54 | 000,001,284 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk [2012.10.26 22:01:49 | 000,000,068 | ---- | M] () -- C:\Users\manfred\Desktop\001-Voyager - 725-26 - Endgame Part 1 - YouTube.URL [2012.10.26 20:57:23 | 000,008,943 | ---- | M] () -- C:\Users\manfred\Desktop\11.PNG [2012.10.26 19:27:37 | 000,405,354 | ---- | M] () -- C:\wvb,,mn (2).PNG [2012.10.26 19:27:04 | 000,198,964 | ---- | M] () -- C:\wvb,,mn (1).PNG [2012.10.26 14:55:53 | 000,000,150 | ---- | M] () -- C:\Users\manfred\Desktop\Neues Betriebssystem im Handel Microsoft lockt Windows 8-Kunden zum Start mit Kampfpreis - Computer - FOCUS Online - Nachric.URL [2012.10.26 00:59:31 | 000,097,410 | ---- | M] () -- C:\Users\manfred\Desktop\1...PNG [2012.10.24 11:26:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000Core.job [2012.10.24 10:06:25 | 000,000,075 | ---- | M] () -- C:\Users\manfred\Desktop\Trojaner oder ............ - Trojaner-Board.URL [2012.10.24 00:47:14 | 000,198,915 | ---- | M] () -- C:\Users\manfred\Desktop\cf.PNG [2012.10.23 23:28:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\manfred\Desktop\OTL.exe [2012.10.23 23:21:13 | 000,131,064 | ---- | M] () -- C:\Users\manfred\Desktop\2.PNG [2012.10.23 23:20:24 | 000,107,823 | ---- | M] () -- C:\Users\manfred\Desktop\1.PNG [2012.10.23 22:30:16 | 000,158,675 | ---- | M] () -- C:\sdbgh.PNG [2012.10.22 20:18:06 | 000,139,603 | ---- | M] () -- C:\Users\manfred\Desktop\fff.PNG [2012.10.22 14:58:45 | 000,187,929 | ---- | M] () -- C:\Users\manfred\Desktop\Unbenanntcdsx.PNG [2012.10.22 14:57:19 | 000,172,824 | ---- | M] () -- C:\Users\manfred\Desktop\cdfr.PNG [2012.10.20 14:53:33 | 000,012,493 | ---- | M] () -- C:\ght.PNG [2012.10.19 22:33:11 | 000,000,049 | ---- | M] () -- C:\Users\manfred\Desktop\Blue-Book.URL [2012.10.19 18:44:23 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.10.19 18:44:23 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.10.19 18:44:23 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.10.19 18:44:23 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.10.16 15:57:43 | 000,302,642 | ---- | M] () -- C:\Users\manfred\Desktop\Unbenanntse.PNG [2012.10.12 13:11:30 | 000,000,087 | ---- | M] () -- C:\Users\manfred\Desktop\Antworten auf Fragen von mt6215.URL [2012.10.11 22:42:26 | 000,000,095 | ---- | M] () -- C:\CallYa Sprach- und Smartphone-Tarife.URL [2012.10.11 21:08:48 | 000,000,061 | ---- | M] () -- C:\httpwww.lidl.dedeClassic-Tarif.URL [2012.10.11 21:08:42 | 000,000,063 | ---- | M] () -- C:\httpwww.lidl.dedeInternet-Stick1.URL [2012.10.11 20:55:29 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.10.11 20:55:29 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.10.11 20:27:55 | 000,002,459 | ---- | M] () -- C:\Users\manfred\Desktop\Google Chrome.lnk [2012.10.10 20:39:59 | 000,000,078 | ---- | M] () -- C:\Sternzeichen deutsch - englisch.URL [2012.10.10 19:35:18 | 000,000,076 | ---- | M] () -- C:\Users\manfred\Desktop\Barbie Games - Fun Games for Girls, Free - Dress-Up & Makeover, Arcade, Sports, Puzzle Game.URL [2012.10.09 15:56:10 | 000,045,056 | ---- | M] (Northern Codeworks) -- C:\Windows\NCUNINST.EXE [2012.10.03 08:24:35 | 000,278,066 | ---- | M] () -- C:\am,,lk.PNG [2012.10.03 08:20:55 | 000,026,876 | ---- | M] () -- C:\gg.PNG [2012.10.03 08:02:01 | 000,000,145 | ---- | M] () -- C:\Citizen GN-4-S, WR100,Wasserdicht 100m,Verschraubtes Gehäuse. in Altona - Bahrenfeld Accessoires & Schmuck eBay Kleinanzeige.URL [2012.10.02 23:09:54 | 000,054,649 | ---- | M] () -- C:\s1.PNG [2012.10.02 23:02:46 | 000,086,347 | ---- | M] () -- C:\s.PNG [2012.09.24 23:16:36 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.09.24 23:08:27 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.09.24 23:07:57 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.09.22 16:17:21 | 000,869,154 | ---- | M] () -- C:\12.PNG [2012.09.18 19:57:04 | 174,755,821 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.09.18 15:36:08 | 000,000,055 | ---- | M] () -- C:\Flüge Fluege Philippinen Thailand Asien Australien.URL [2012.09.18 10:24:00 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2012.09.18 10:24:00 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2012.09.16 21:24:58 | 000,021,504 | ---- | M] () -- C:\Users\manfred\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.16 12:28:09 | 000,000,084 | ---- | M] () -- C:\Terra X - Faszination Erde - Philippinen - Inseln zwischen den Weltenwww.youtube.comTerra X - Faszination Erde - Philippinen.URL [2012.09.14 20:14:24 | 000,000,066 | ---- | M] () -- C:\Users\manfred\Desktop\FreeTranslation Translate English English to Spanish Translation.URL [2012.09.13 23:10:16 | 000,000,059 | ---- | M] () -- C:\Users\manfred\Desktop\PROMT - ein kostenloser Text - und Webseiten - Übersetzer - Englisch, Deutsch, Französisch, Spanisch, Portugiesisch (Brasili.URL [2012.09.05 22:35:18 | 000,000,050 | ---- | M] () -- C:\Users\manfred\Desktop\Stadt Heilbronn.URL [2012.08.30 23:20:10 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk ========== Files Created - No Company Name ========== [2012.10.26 22:01:49 | 000,000,068 | ---- | C] () -- C:\Users\manfred\Desktop\001-Voyager - 725-26 - Endgame Part 1 - YouTube.URL [2012.10.26 20:57:22 | 000,008,943 | ---- | C] () -- C:\Users\manfred\Desktop\11.PNG [2012.10.26 19:27:37 | 000,405,354 | ---- | C] () -- C:\wvb,,mn (2).PNG [2012.10.26 19:27:04 | 000,198,964 | ---- | C] () -- C:\wvb,,mn (1).PNG [2012.10.26 14:55:53 | 000,000,150 | ---- | C] () -- C:\Users\manfred\Desktop\Neues Betriebssystem im Handel Microsoft lockt Windows 8-Kunden zum Start mit Kampfpreis - Computer - FOCUS Online - Nachric.URL [2012.10.26 00:59:31 | 000,097,410 | ---- | C] () -- C:\Users\manfred\Desktop\1...PNG [2012.10.24 10:06:25 | 000,000,075 | ---- | C] () -- C:\Users\manfred\Desktop\Trojaner oder ............ - Trojaner-Board.URL [2012.10.24 00:47:14 | 000,198,915 | ---- | C] () -- C:\Users\manfred\Desktop\cf.PNG [2012.10.23 23:21:13 | 000,131,064 | ---- | C] () -- C:\Users\manfred\Desktop\2.PNG [2012.10.23 23:20:24 | 000,107,823 | ---- | C] () -- C:\Users\manfred\Desktop\1.PNG [2012.10.23 22:30:16 | 000,158,675 | ---- | C] () -- C:\sdbgh.PNG [2012.10.22 20:18:06 | 000,139,603 | ---- | C] () -- C:\Users\manfred\Desktop\fff.PNG [2012.10.22 14:58:45 | 000,187,929 | ---- | C] () -- C:\Users\manfred\Desktop\Unbenanntcdsx.PNG [2012.10.22 14:57:18 | 000,172,824 | ---- | C] () -- C:\Users\manfred\Desktop\cdfr.PNG [2012.10.20 14:53:33 | 000,012,493 | ---- | C] () -- C:\ght.PNG [2012.10.19 22:33:11 | 000,000,049 | ---- | C] () -- C:\Users\manfred\Desktop\Blue-Book.URL [2012.10.16 15:57:43 | 000,302,642 | ---- | C] () -- C:\Users\manfred\Desktop\Unbenanntse.PNG [2012.10.12 13:11:30 | 000,000,087 | ---- | C] () -- C:\Users\manfred\Desktop\Antworten auf Fragen von mt6215.URL [2012.10.11 22:42:26 | 000,000,095 | ---- | C] () -- C:\CallYa Sprach- und Smartphone-Tarife.URL [2012.10.11 21:08:48 | 000,000,061 | ---- | C] () -- C:\httpwww.lidl.dedeClassic-Tarif.URL [2012.10.11 21:08:42 | 000,000,063 | ---- | C] () -- C:\httpwww.lidl.dedeInternet-Stick1.URL [2012.10.10 20:39:59 | 000,000,078 | ---- | C] () -- C:\Sternzeichen deutsch - englisch.URL [2012.10.10 19:35:18 | 000,000,076 | ---- | C] () -- C:\Users\manfred\Desktop\Barbie Games - Fun Games for Girls, Free - Dress-Up & Makeover, Arcade, Sports, Puzzle Game.URL [2012.10.03 08:24:35 | 000,278,066 | ---- | C] () -- C:\am,,lk.PNG [2012.10.03 08:20:55 | 000,026,876 | ---- | C] () -- C:\gg.PNG [2012.10.03 08:02:01 | 000,000,145 | ---- | C] () -- C:\Citizen GN-4-S, WR100,Wasserdicht 100m,Verschraubtes Gehäuse. in Altona - Bahrenfeld Accessoires & Schmuck eBay Kleinanzeige.URL [2012.10.02 23:09:54 | 000,054,649 | ---- | C] () -- C:\s1.PNG [2012.10.02 23:02:46 | 000,086,347 | ---- | C] () -- C:\s.PNG [2012.09.22 16:17:21 | 000,869,154 | ---- | C] () -- C:\12.PNG [2012.09.18 15:36:08 | 000,000,055 | ---- | C] () -- C:\Flüge Fluege Philippinen Thailand Asien Australien.URL [2012.09.16 12:28:09 | 000,000,084 | ---- | C] () -- C:\Terra X - Faszination Erde - Philippinen - Inseln zwischen den Weltenwww.youtube.comTerra X - Faszination Erde - Philippinen.URL [2012.09.14 20:14:24 | 000,000,066 | ---- | C] () -- C:\Users\manfred\Desktop\FreeTranslation Translate English English to Spanish Translation.URL [2012.09.13 23:10:16 | 000,000,059 | ---- | C] () -- C:\Users\manfred\Desktop\PROMT - ein kostenloser Text - und Webseiten - Übersetzer - Englisch, Deutsch, Französisch, Spanisch, Portugiesisch (Brasili.URL [2012.09.05 22:35:18 | 000,000,050 | ---- | C] () -- C:\Users\manfred\Desktop\Stadt Heilbronn.URL [2012.09.01 18:28:56 | 000,017,862 | ---- | C] () -- C:\Unbe-adpost.PNG [2012.09.01 18:28:56 | 000,007,443 | ---- | C] () -- C:\Unbenannt olx.PNG [2012.09.01 18:28:27 | 000,083,971 | ---- | C] () -- C:\lichtspiel.jpg [2012.09.01 18:28:13 | 000,026,685 | ---- | C] () -- C:\email = mt.phil62@yahoo.com.PNG [2012.09.01 18:28:07 | 000,069,263 | ---- | C] () -- C:\ddddddddddddddddddd.PNG [2012.09.01 18:28:07 | 000,031,374 | ---- | C] () -- C:\email = gerber_ulrich@yahoo.com.PNG [2012.09.01 18:28:07 | 000,023,064 | ---- | C] () -- C:\ebay dat.PNG [2012.09.01 18:28:07 | 000,021,980 | ---- | C] () -- C:\email=pauloate@yahoo.com.PNG [2012.08.30 23:20:10 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.02.19 12:31:33 | 000,021,504 | ---- | C] () -- C:\Users\manfred\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.02.15 18:58:11 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll [2012.02.15 18:58:10 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2012.02.15 18:58:07 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2012.02.15 18:58:07 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2012.02.15 18:58:07 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2012.02.15 18:37:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2012.01.11 05:17:08 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin [2012.01.11 05:17:04 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin [2012.01.11 05:17:02 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin [2012.01.11 04:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll [2012.01.11 04:14:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2012.01.11 04:12:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll ========== ZeroAccess Check ========== [2009.07.14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 09:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 09:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Files - Unicode (All) ========== [2012.07.01 11:32:34 | 000,000,084 | ---- | M] ()(C:\????????/???? ??? ???? - YouTube.URL) -- C:\幸せになりたいね/大島優子 フォト ムービー - YouTube.URL [2012.07.01 11:32:34 | 000,000,084 | ---- | C] ()(C:\????????/???? ??? ???? - YouTube.URL) -- C:\幸せになりたいね/大島優子 フォト ムービー - YouTube.URL [2012.03.28 18:14:06 | 000,000,091 | ---- | M] ()(C:\? What If We Fall in Love ? - YouTube.URL) -- C:\♥ What If We Fall in Love ♥ - YouTube.URL [2012.03.28 18:14:06 | 000,000,091 | ---- | C] ()(C:\? What If We Fall in Love ? - YouTube.URL) -- C:\♥ What If We Fall in Love ♥ - YouTube.URL < End of report > habe nun nochmal gescant . ist das nun richtig ??? |
29.10.2012, 20:04 | #8 |
/// Malware-holic | Trojaner oder ............???? du sollst im otl programm in das eingabefeld den text aus der codebox reinkopieren und dann auf quick scan klicken
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
29.10.2012, 22:20 | #9 |
| Trojaner oder ............???? OTL Logfile: OTL Logfile: Code:
ATTFilter OTL logfile created on: 30.10.2012 05:02:47 - Run 10 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\manfred\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,93 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 54,22% Memory free 5,85 Gb Paging File | 4,35 Gb Available in Paging File | 74,37% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 297,99 Gb Total Space | 221,27 Gb Free Space | 74,25% Space Free | Partition Type: NTFS Drive F: | 24,63 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: MANFRED-LAPTOP | User Name: manfred | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\manfred\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\Globe Broadband\Globe Broadband.exe () PRC - C:\Programme\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\Transports\NclToBTSrv.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia) PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\USB Disk Security\USBGuard.exe (Zbshareware Lab) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) PRC - C:\Programme\Toshiba\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.) PRC - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) ========== Modules (No Company Name) ========== MOD - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\libcef.dll () MOD - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.WinForms.dll () MOD - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.dll () MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Programme\Globe Broadband\Globe Broadband.exe () MOD - C:\Programme\Nokia\Nokia Suite\ssoengine.dll () MOD - C:\Programme\Nokia\Nokia Suite\securestorage.dll () MOD - C:\Programme\Nokia\Nokia Suite\qjson.dll () MOD - C:\Programme\Nokia\Nokia Suite\QxtCore.dll () MOD - C:\Programme\Nokia\Nokia Suite\QxtWeb.dll () MOD - C:\Programme\Nokia\Nokia Suite\NService.dll () MOD - C:\Windows\System32\IccLibDll.dll () MOD - C:\Programme\Nokia\Nokia Suite\phonon4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtXmlPatterns4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtXml4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtWebKit4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtSql4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtScript4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtOpenGL4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtNetwork4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtMultimediaKit1.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtGui4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtDeclarative4.dll () MOD - C:\Programme\Nokia\Nokia Suite\QtCore4.dll () MOD - C:\Programme\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll () MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qjpeg4.dll () MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qico4.dll () MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qgif4.dll () MOD - C:\Programme\Nokia\Nokia Suite\OviShareLib.dll () MOD - C:\Programme\Nokia\Nokia Suite\Maps Service API.dll () MOD - C:\Programme\Nokia\Nokia Suite\CommonUpdateChecker.dll () MOD - C:\Programme\Nokia\Nokia Suite\mediaservice\dsengine.dll () MOD - C:\Programme\Yahoo!\Messenger\yui.dll () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Programme\Globe Broadband\NDISAPI.dll () MOD - C:\Programme\Globe Broadband\DeviceMgrUIPlugin.dll () MOD - C:\Programme\Globe Broadband\DeviceMgrPlugin.dll () MOD - C:\Programme\Globe Broadband\atcomm.dll () MOD - C:\Programme\Globe Broadband\SMSPlugin.dll () MOD - C:\Programme\Globe Broadband\DetectDev.dll () MOD - C:\Programme\Globe Broadband\LocaleMgrPlugin.dll () MOD - C:\Programme\Globe Broadband\FileManager.dll () MOD - C:\Programme\Globe Broadband\DialUpPlugin.dll () MOD - C:\Programme\Globe Broadband\CallPlugin.dll () MOD - C:\Programme\Globe Broadband\XCodec.dll () MOD - C:\Programme\Globe Broadband\DeviceOperate.dll () MOD - C:\Programme\Globe Broadband\ConfigFilePlugin.dll () MOD - C:\Programme\Globe Broadband\NotifyServicePlugin.dll () MOD - C:\Programme\Globe Broadband\isaputrace.dll () MOD - C:\Programme\Globe Broadband\NetInfoPlugin.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3871fc2b96345aa6f3be81d9e3c97160\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\7f457271e765b5d72f081942b829469c\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (YahooAUService) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) ========== Driver Services (SafeList) ========== DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia) DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project) DRV - (L1C) -- C:\Windows\System32\drivers\L1C60x86.sys (Atheros Communications, Inc.) DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.) DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation) DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation) DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation) DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (PGEffect) -- C:\Windows\System32\drivers\PGEffect.sys (TOSHIBA Corporation) DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3B 91 5D E6 D0 EB CC 01 [binary data] IE - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\..\URLSearchHook: {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.) IE - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: {C3949AC2-4B17-43ee-B4F1-D26B9D42404D}:15.0.5 FF - prefs.js..extensions.enabledAddons: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.2.2 FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.5.1.20121012015120 FF - prefs.js..extensions.enabledAddons: printedit@DW-dev:8.9 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\manfred\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\manfred\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\manfred\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.02.19 17:39:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.07.03 15:40:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 22:32:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 22:32:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.03.14 22:28:06 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 22:32:12 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 22:32:10 | 000,000,000 | ---D | M] [2012.02.15 17:30:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\Extensions [2012.10.28 01:46:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions [2012.10.11 22:35:48 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2012.08.22 20:10:25 | 000,000,000 | ---D | M] (Avanquest App'-Anwendungsleiste Community Toolbar) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions\{1d8566bd-f06f-4029-a3be-ba80af5a09f3} [2012.10.16 00:44:44 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012.05.20 10:56:27 | 000,009,693 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\java@flyordie.com.xpi [2012.09.26 21:15:19 | 000,027,267 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\map@quickmaps.me.xpi [2012.10.28 01:46:01 | 000,091,555 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\printedit@DW-dev.xpi [2012.07.29 22:14:44 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.02.18 21:03:48 | 000,000,933 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\11-suche.xml [2012.02.18 21:03:49 | 000,002,419 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\englische-ergebnisse.xml [2012.02.18 21:03:48 | 000,010,525 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\gmx-suche.xml [2012.02.18 21:03:49 | 000,002,457 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\lastminute.xml [2012.02.18 21:03:48 | 000,005,508 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\webde-suche.xml [2012.10.27 22:32:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.07.03 15:40:31 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2012.10.27 22:32:12 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.07.03 15:40:07 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2011.07.12 05:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012.08.25 10:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.25 10:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.08.25 10:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.08.25 10:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.08.25 10:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.08.25 10:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}, CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\manfred\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\manfred\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\manfred\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: Facebook Desktop (Enabled) = C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\manfred\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - Extension: Counter Strike (Flash-Version) = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcbegflbljflchoahmigblmabofoinkh\1.0.1_0\ CHR - Extension: avast! WebRep = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1203_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: Plants vs Zombies = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\ O1 HOSTS File: ([2009.06.11 05:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) O2 - BHO: (Avanquest App'-Anwendungsleiste Toolbar) - {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Program Files\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Avanquest App'-Anwendungsleiste Toolbar) - {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) O3 - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\..\Toolbar\WebBrowser: (Avanquest App'-Anwendungsleiste Toolbar) - {1D8566BD-F06F-4029-A3BE-BA80AF5A09F3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [TaskTray] File not found O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) O4 - HKLM..\Run: [USB Antivirus] C:\Programme\USB Disk Security\USBGuard.exe (Zbshareware Lab) O4 - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000..\Run: [] File not found O4 - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000..\Run: [Facebook Update] C:\Users\manfred\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000..\Run: [Messenger (Yahoo!)] C:\Programme\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook) O4 - Startup: C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CAE6AB4-F441-49C1-8BC4-17A07A1B4578}: NameServer = 10.68.80.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1F44AEA-9C2D-4102-A3D6-B26516F71AFF}: DhcpNameServer = 124.106.7.2 124.106.5.2 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.06.26 22:57:06 | 000,284,654 | ---- | M] () - C:\auto verkaufsschild.PNG -- [ NTFS ] O32 - AutoRun File - [2009.06.11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009.08.24 10:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2008.06.17 10:13:46 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{751940b0-5bb9-11e1-a9b3-e839df2c34d5}\Shell - "" = AutoRun O33 - MountPoints2\{751940b0-5bb9-11e1-a9b3-e839df2c34d5}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{75466f3a-5add-11e1-a4e4-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{75466f3a-5add-11e1-a4e4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{75466f86-5add-11e1-a4e4-e839df2c34d5}\Shell - "" = AutoRun O33 - MountPoints2\{75466f86-5add-11e1-a4e4-e839df2c34d5}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009.08.24 10:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009.08.24 10:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.27 22:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.10.23 23:28:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\manfred\Desktop\OTL.exe [2012.10.20 23:01:44 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\Neuer Ordner [2012.10.04 12:25:34 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\tausch ========== Files - Modified Within 30 Days ========== [2012.10.30 04:57:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.30 04:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.30 04:39:05 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000UA.job [2012.10.30 04:26:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000UA.job [2012.10.29 22:39:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000Core.job [2012.10.29 19:39:16 | 000,001,284 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk [2012.10.29 14:44:08 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.29 14:44:08 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.29 14:39:11 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.29 14:38:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.29 14:38:52 | 2357,612,544 | -HS- | M] () -- C:\hiberfil.sys [2012.10.26 20:57:23 | 000,008,943 | ---- | M] () -- C:\Users\manfred\Desktop\11.PNG [2012.10.26 19:27:37 | 000,405,354 | ---- | M] () -- C:\wvb,,mn (2).PNG [2012.10.26 19:27:04 | 000,198,964 | ---- | M] () -- C:\wvb,,mn (1).PNG [2012.10.26 14:55:53 | 000,000,150 | ---- | M] () -- C:\Users\manfred\Desktop\Neues Betriebssystem im Handel Microsoft lockt Windows 8-Kunden zum Start mit Kampfpreis - Computer - FOCUS Online - Nachric.URL [2012.10.26 00:59:31 | 000,097,410 | ---- | M] () -- C:\Users\manfred\Desktop\1...PNG [2012.10.24 11:26:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000Core.job [2012.10.24 10:06:25 | 000,000,075 | ---- | M] () -- C:\Users\manfred\Desktop\Trojaner oder ............ - Trojaner-Board.URL [2012.10.23 23:28:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\manfred\Desktop\OTL.exe [2012.10.23 23:21:13 | 000,131,064 | ---- | M] () -- C:\Users\manfred\Desktop\2.PNG [2012.10.23 23:20:24 | 000,107,823 | ---- | M] () -- C:\Users\manfred\Desktop\1.PNG [2012.10.23 22:30:16 | 000,158,675 | ---- | M] () -- C:\sdbgh.PNG [2012.10.22 20:18:06 | 000,139,603 | ---- | M] () -- C:\Users\manfred\Desktop\fff.PNG [2012.10.22 14:58:45 | 000,187,929 | ---- | M] () -- C:\Users\manfred\Desktop\Unbenanntcdsx.PNG [2012.10.22 14:57:19 | 000,172,824 | ---- | M] () -- C:\Users\manfred\Desktop\cdfr.PNG [2012.10.20 14:53:33 | 000,012,493 | ---- | M] () -- C:\ght.PNG [2012.10.19 22:33:11 | 000,000,049 | ---- | M] () -- C:\Users\manfred\Desktop\Blue-Book.URL [2012.10.19 18:44:23 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.10.19 18:44:23 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.10.19 18:44:23 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.10.19 18:44:23 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.10.16 15:57:43 | 000,302,642 | ---- | M] () -- C:\Users\manfred\Desktop\Unbenanntse.PNG [2012.10.12 13:11:30 | 000,000,087 | ---- | M] () -- C:\Users\manfred\Desktop\Antworten auf Fragen von mt6215.URL [2012.10.11 22:42:26 | 000,000,095 | ---- | M] () -- C:\CallYa Sprach- und Smartphone-Tarife.URL [2012.10.11 21:08:48 | 000,000,061 | ---- | M] () -- C:\httpwww.lidl.dedeClassic-Tarif.URL [2012.10.11 21:08:42 | 000,000,063 | ---- | M] () -- C:\httpwww.lidl.dedeInternet-Stick1.URL [2012.10.11 20:27:55 | 000,002,459 | ---- | M] () -- C:\Users\manfred\Desktop\Google Chrome.lnk [2012.10.10 20:39:59 | 000,000,078 | ---- | M] () -- C:\Sternzeichen deutsch - englisch.URL [2012.10.10 19:35:18 | 000,000,076 | ---- | M] () -- C:\Users\manfred\Desktop\Barbie Games - Fun Games for Girls, Free - Dress-Up & Makeover, Arcade, Sports, Puzzle Game.URL [2012.10.09 15:56:10 | 000,045,056 | ---- | M] (Northern Codeworks) -- C:\Windows\NCUNINST.EXE [2012.10.03 08:24:35 | 000,278,066 | ---- | M] () -- C:\am,,lk.PNG [2012.10.03 08:20:55 | 000,026,876 | ---- | M] () -- C:\gg.PNG [2012.10.03 08:02:01 | 000,000,145 | ---- | M] () -- C:\Citizen GN-4-S, WR100,Wasserdicht 100m,Verschraubtes Gehäuse. in Altona - Bahrenfeld Accessoires & Schmuck eBay Kleinanzeige.URL [2012.10.02 23:09:54 | 000,054,649 | ---- | M] () -- C:\s1.PNG [2012.10.02 23:02:46 | 000,086,347 | ---- | M] () -- C:\s.PNG ========== Files Created - No Company Name ========== [2012.10.26 20:57:22 | 000,008,943 | ---- | C] () -- C:\Users\manfred\Desktop\11.PNG [2012.10.26 19:27:37 | 000,405,354 | ---- | C] () -- C:\wvb,,mn (2).PNG [2012.10.26 19:27:04 | 000,198,964 | ---- | C] () -- C:\wvb,,mn (1).PNG [2012.10.26 14:55:53 | 000,000,150 | ---- | C] () -- C:\Users\manfred\Desktop\Neues Betriebssystem im Handel Microsoft lockt Windows 8-Kunden zum Start mit Kampfpreis - Computer - FOCUS Online - Nachric.URL [2012.10.26 00:59:31 | 000,097,410 | ---- | C] () -- C:\Users\manfred\Desktop\1...PNG [2012.10.24 10:06:25 | 000,000,075 | ---- | C] () -- C:\Users\manfred\Desktop\Trojaner oder ............ - Trojaner-Board.URL [2012.10.23 23:21:13 | 000,131,064 | ---- | C] () -- C:\Users\manfred\Desktop\2.PNG [2012.10.23 23:20:24 | 000,107,823 | ---- | C] () -- C:\Users\manfred\Desktop\1.PNG [2012.10.23 22:30:16 | 000,158,675 | ---- | C] () -- C:\sdbgh.PNG [2012.10.22 20:18:06 | 000,139,603 | ---- | C] () -- C:\Users\manfred\Desktop\fff.PNG [2012.10.22 14:58:45 | 000,187,929 | ---- | C] () -- C:\Users\manfred\Desktop\Unbenanntcdsx.PNG [2012.10.22 14:57:18 | 000,172,824 | ---- | C] () -- C:\Users\manfred\Desktop\cdfr.PNG [2012.10.20 14:53:33 | 000,012,493 | ---- | C] () -- C:\ght.PNG [2012.10.19 22:33:11 | 000,000,049 | ---- | C] () -- C:\Users\manfred\Desktop\Blue-Book.URL [2012.10.16 15:57:43 | 000,302,642 | ---- | C] () -- C:\Users\manfred\Desktop\Unbenanntse.PNG [2012.10.12 13:11:30 | 000,000,087 | ---- | C] () -- C:\Users\manfred\Desktop\Antworten auf Fragen von mt6215.URL [2012.10.11 22:42:26 | 000,000,095 | ---- | C] () -- C:\CallYa Sprach- und Smartphone-Tarife.URL [2012.10.11 21:08:48 | 000,000,061 | ---- | C] () -- C:\httpwww.lidl.dedeClassic-Tarif.URL [2012.10.11 21:08:42 | 000,000,063 | ---- | C] () -- C:\httpwww.lidl.dedeInternet-Stick1.URL [2012.10.10 20:39:59 | 000,000,078 | ---- | C] () -- C:\Sternzeichen deutsch - englisch.URL [2012.10.10 19:35:18 | 000,000,076 | ---- | C] () -- C:\Users\manfred\Desktop\Barbie Games - Fun Games for Girls, Free - Dress-Up & Makeover, Arcade, Sports, Puzzle Game.URL [2012.10.03 08:24:35 | 000,278,066 | ---- | C] () -- C:\am,,lk.PNG [2012.10.03 08:20:55 | 000,026,876 | ---- | C] () -- C:\gg.PNG [2012.10.03 08:02:01 | 000,000,145 | ---- | C] () -- C:\Citizen GN-4-S, WR100,Wasserdicht 100m,Verschraubtes Gehäuse. in Altona - Bahrenfeld Accessoires & Schmuck eBay Kleinanzeige.URL [2012.10.02 23:09:54 | 000,054,649 | ---- | C] () -- C:\s1.PNG [2012.10.02 23:02:46 | 000,086,347 | ---- | C] () -- C:\s.PNG [2012.02.19 12:31:33 | 000,021,504 | ---- | C] () -- C:\Users\manfred\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.02.15 18:58:11 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll [2012.02.15 18:58:10 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2012.02.15 18:58:07 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2012.02.15 18:58:07 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2012.02.15 18:58:07 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2012.02.15 18:37:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2012.01.11 05:17:08 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin [2012.01.11 05:17:04 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin [2012.01.11 05:17:02 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin [2012.01.11 04:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll [2012.01.11 04:14:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2012.01.11 04:12:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll ========== ZeroAccess Check ========== [2009.07.14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 09:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 09:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.02.21 01:07:20 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\Farm Mania [2012.02.15 18:51:53 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\GrabPro [2012.03.14 00:22:22 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\IrfanView [2012.05.11 11:11:08 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\Lingo4u [2012.03.14 22:31:14 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\Nokia [2012.04.20 19:43:51 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\OpenOffice.org [2012.06.19 13:02:13 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\Orbit [2012.03.30 16:41:06 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\PC Suite [2012.02.15 18:52:00 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\ProgSense [2012.07.29 00:11:35 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\Toshiba [2012.03.21 23:37:37 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\uTorrent [2012.09.13 18:27:08 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\Wildfire [2012.03.16 15:41:59 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\WinBatch [2012.02.22 08:52:59 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\Windows SideBar [2012.02.15 16:53:29 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\Zbshareware Lab ========== Purity Check ========== ========== Custom Scans ========== < OTL logfile created on: 30.10.2012 04:37:55 - Run 9 > [2009.07.14 12:53:46 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009.07.14 12:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2012.02.19 11:33:05 | 000,001,096 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2012.02.19 11:33:06 | 000,001,100 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2012.02.29 01:03:23 | 000,001,124 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000Core.job [2012.02.29 01:03:24 | 000,001,146 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000UA.job [2012.04.13 10:50:10 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2012.05.17 21:09:41 | 000,001,076 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000Core.job [2012.05.17 21:09:42 | 000,001,128 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000UA.job < OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\manfred\Desktop > < Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation > < Internet Explorer (Version = 8.0.7600.16385) > < Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy > < > < 2,93 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 54,25% Memory free > < 5,85 Gb Paging File | 4,36 Gb Available in Paging File | 74,46% Paging File free > < Paging file location(s): ?:\pagefile.sys [binary data] > < > < %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files > < Drive C: | 297,99 Gb Total Space | 221,29 Gb Free Space | 74,26% Space Free | Partition Type: NTFS > < Drive F: | 24,63 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS > < > < Computer Name: MANFRED-LAPTOP | User Name: manfred | Logged in as Administrator. > < Boot Mode: Normal | Scan Mode: All users > < Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days > < > < ========== Processes (SafeList) ========== > Invalid Switch: color] < > < PRC - C:\Users\manfred\Desktop\OTL.exe (OldTimer Tools) > < PRC - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook) > < PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) > < PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) > < PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) > < PRC - C:\Programme\Globe Broadband\Globe Broadband.exe () > < PRC - C:\Programme\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) > < PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) > < PRC - C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) > < PRC - C:\Programme\PC Connectivity Solution\Transports\NclToBTSrv.exe (Nokia) > < PRC - C:\Programme\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia) > < PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) > < PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) > < PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) > < PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) > < PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) > < PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (TOSHIBA CORPORATION.) > < PRC - C:\Programme\USB Disk Security\USBGuard.exe (Zbshareware Lab) > < PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe (TOSHIBA CORPORATION.) > < PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.) > < PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.) > < PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.) > < PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) > < PRC - C:\Programme\Toshiba\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) > < PRC - C:\Windows\explorer.exe (Microsoft Corporation) > < PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) > < PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) > < PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) > < PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.) > < PRC - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) > < > < > < ========== Modules (No Company Name) ========== > Invalid Switch: color] < > < MOD - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\libcef.dll () > < MOD - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.WinForms.dll () > < MOD - C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.dll () > < MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll () > < MOD - C:\Programme\Globe Broadband\Globe Broadband.exe () > < MOD - C:\Programme\Nokia\Nokia Suite\ssoengine.dll () > < MOD - C:\Programme\Nokia\Nokia Suite\securestorage.dll () > < MOD - C:\Programme\Nokia\Nokia Suite\qjson.dll () > < MOD - C:\Programme\Nokia\Nokia Suite\QxtCore.dll () > < MOD - C:\Programme\Nokia\Nokia Suite\QxtWeb.dll () > < MOD - C:\Programme\Nokia\Nokia Suite\NService.dll () > < MOD - C:\Windows\System32\IccLibDll.dll () > < MOD - C:\Programme\Nokia\Nokia Suite\phonon4.dll () > < MOD - C:\Programme\Nokia\Nokia Suite\QtXmlPatterns4.dll () > < MOD - C:\Programme\Nokia\Nokia Suite\QtXml4.dll () > < MOD - C:\Programme\Nokia\Nokia Suite\QtWebKit4.dll () > < MOD - C:\Programme\Nokia\Nokia Suite\QtSql4.dll () > < MOD - C:\Programme\Nokia\Nokia Suite\QtScript4.dll () > < MOD - C:\Programme\Nokia\Nokia Suite\QtOpenGL4.dll () > < MOD - C:\Programme\Nokia\Nokia Suite\QtNetwork4.dll () > < MOD - C:\Programme\Nokia\Nokia Suite\QtMultimediaKit1.dll () > < MOD - C:\Programme\Nokia\Nokia Suite\QtGui4.dll () > < MOD - C:\Programme\Nokia\Nokia Suite\QtDeclarative4.dll () > < MOD - C:\Programme\Nokia\Nokia Suite\QtCore4.dll () > < MOD - C:\Programme\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll () > < MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qjpeg4.dll () > < MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qico4.dll () > < MOD - C:\Programme\Nokia\Nokia Suite\Imageformats\qgif4.dll () > < MOD - C:\Programme\Nokia\Nokia Suite\OviShareLib.dll () > < MOD - C:\Programme\Nokia\Nokia Suite\Maps Service API.dll () > < MOD - C:\Programme\Nokia\Nokia Suite\CommonUpdateChecker.dll () > < MOD - C:\Programme\Nokia\Nokia Suite\mediaservice\dsengine.dll () > < MOD - C:\Programme\Yahoo!\Messenger\yui.dll () > < MOD - C:\Programme\WinRAR\RarExt.dll () > < MOD - C:\Programme\Globe Broadband\NDISAPI.dll () > < MOD - C:\Programme\Globe Broadband\DeviceMgrUIPlugin.dll () > < MOD - C:\Programme\Globe Broadband\DeviceMgrPlugin.dll () > < MOD - C:\Programme\Globe Broadband\atcomm.dll () > < MOD - C:\Programme\Globe Broadband\SMSPlugin.dll () > < MOD - C:\Programme\Globe Broadband\DetectDev.dll () > < MOD - C:\Programme\Globe Broadband\LocaleMgrPlugin.dll () > < MOD - C:\Programme\Globe Broadband\FileManager.dll () > < MOD - C:\Programme\Globe Broadband\DialUpPlugin.dll () > < MOD - C:\Programme\Globe Broadband\CallPlugin.dll () > < MOD - C:\Programme\Globe Broadband\XCodec.dll () > < MOD - C:\Programme\Globe Broadband\DeviceOperate.dll () > < MOD - C:\Programme\Globe Broadband\ConfigFilePlugin.dll () > < MOD - C:\Programme\Globe Broadband\NotifyServicePlugin.dll () > < MOD - C:\Programme\Globe Broadband\isaputrace.dll () > < MOD - C:\Programme\Globe Broadband\NetInfoPlugin.dll () > < MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () > < MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () > < MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3871fc2b96345aa6f3be81d9e3c97160\System.Web.ni.dll () > < MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\7f457271e765b5d72f081942b829469c\System.Data.ni.dll () > < MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll () > < MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll () > < MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll () > < MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll () > < MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll () > < MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll () > < MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () > < > < > < ========== Services (SafeList) ========== > Invalid Switch: color] < > < SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) > < SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) > < SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) > < SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) > < SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) > < SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) > < SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) > < SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) > < SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) > < SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) > < SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) > < SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) > < SRV - (YahooAUService) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) > < > < > < ========== Driver Services (SafeList) ========== > Invalid Switch: color] < > < DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc) > < DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) > < DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia) > < DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia) > < DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia) > < DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) > < DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia) > < DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software) > < DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) > < DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) > < DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software) > < DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) > < DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) > < DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project) > < DRV - (L1C) -- C:\Windows\System32\drivers\L1C60x86.sys (Atheros Communications, Inc.) > < DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) > < DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) > < DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation) > < DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation) > < DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.) > < DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation) > < DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation) > < DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) > < DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) > < DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.) > < DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation) > < DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.) > < DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) > < DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) > < DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) > < DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) > < DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) > < DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) > < DRV - (PGEffect) -- C:\Windows\System32\drivers\PGEffect.sys (TOSHIBA Corporation) > < DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation) > < DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) > < DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation) > < > < > < ========== Standard Registry (SafeList) ========== > Invalid Switch: color] < > < > < ========== Internet Explorer ========== > Invalid Switch: color] < > < IE - HKLM\..\URLSearchHook: {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.) > < IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} > < IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC > < > < > < IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 > < > < IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 > < > < > < > < IE - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ > Invalid Switch: < IE - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp > Invalid Switch: ?ocid=iehp < IE - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de > < IE - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3B 91 5D E6 D0 EB CC 01 [binary data] > < IE - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\..\URLSearchHook: {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.) > < IE - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} > < IE - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC > < IE - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 > < > < ========== FireFox ========== > Invalid Switch: color] < > < FF - prefs.js..extensions.enabledAddons: {C3949AC2-4B17-43ee-B4F1-D26B9D42404D}:15.0.5 > < FF - prefs.js..extensions.enabledAddons: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.2.2 > < FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.5.1.20121012015120 > < FF - prefs.js..extensions.enabledAddons: printedit@DW-dev:8.9 > < > < > < FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () > Invalid Switch: FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () < FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.) > Invalid Switch: ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.) < FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) > Invalid Switch: GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) < FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) > Invalid Switch: DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) < FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) > Invalid Switch: JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) < FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) > Invalid Switch: YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) < FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) > Invalid Switch: NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) < FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) > Invalid Switch: nppl3260;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) < FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) > Invalid Switch: nprjplug;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) < FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) > Invalid Switch: nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) < FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) > Invalid Switch: nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) < FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) > Invalid Switch: nprpplugin;version=15.0.5.109: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) < FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) > Invalid Switch: Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) < FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) > Invalid Switch: Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) < FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) > < FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\manfred\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) > Invalid Switch: Facebook Video Calling Plugin: C:\Users\manfred\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) < FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) > Invalid Switch: GoogleTalkPlugin: C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) < FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () > Invalid Switch: O3DPlugin: C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () < FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\manfred\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) > Invalid Switch: Google Update;version=3: C:\Users\manfred\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) < FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\manfred\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) > Invalid Switch: Google Update;version=9: C:\Users\manfred\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) < FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.) > Invalid Switch: fbDesktopPlugin: C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.) < > < FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.02.19 17:39:44 | 000,000,000 | ---D | M] > < FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.07.03 15:40:31 | 000,000,000 | ---D | M] > < FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 22:32:12 | 000,000,000 | ---D | M] > < FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 22:32:10 | 000,000,000 | ---D | M] > < FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.03.14 22:28:06 | 000,000,000 | ---D | M] > < FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 22:32:12 | 000,000,000 | ---D | M] > < FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 22:32:10 | 000,000,000 | ---D | M] > < > < [2012.02.15 17:30:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\Extensions > < [2012.10.28 01:46:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions > < [2012.10.11 22:35:48 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} > < [2012.08.22 20:10:25 | 000,000,000 | ---D | M] (Avanquest App'-Anwendungsleiste Community Toolbar) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions\{1d8566bd-f06f-4029-a3be-ba80af5a09f3} > < [2012.10.16 00:44:44 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\manfred\AppData\Roaming\mozilla\Firefox\Profiles\3til95lj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} > < [2012.05.20 10:56:27 | 000,009,693 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\java@flyordie.com.xpi > < [2012.09.26 21:15:19 | 000,027,267 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\map@quickmaps.me.xpi > < [2012.10.28 01:46:01 | 000,091,555 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\printedit@DW-dev.xpi > < [2012.07.29 22:14:44 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi > < [2012.02.18 21:03:48 | 000,000,933 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\11-suche.xml > < [2012.02.18 21:03:49 | 000,002,419 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\englische-ergebnisse.xml > < [2012.02.18 21:03:48 | 000,010,525 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\gmx-suche.xml > < [2012.02.18 21:03:49 | 000,002,457 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\lastminute.xml > < [2012.02.18 21:03:48 | 000,005,508 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\mozilla\firefox\profiles\3til95lj.default\searchplugins\webde-suche.xml > < [2012.10.27 22:32:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions > < [2012.07.03 15:40:31 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT > < [2012.10.27 22:32:12 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll > < [2012.07.03 15:40:07 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll > < [2011.07.12 05:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll > < [2012.08.25 10:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml > < [2012.08.25 10:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml > < [2012.08.25 10:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml > < [2012.08.25 10:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml > < [2012.08.25 10:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml > < [2012.08.25 10:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml > < > < ========== Chrome ========== > Invalid Switch: color] < > < CHR - homepage: hxxp://www.google.com/ > Invalid Switch: < CHR - default_search_provider: Google (Enabled) > < CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} > < CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}, > < CHR - homepage: hxxp://www.google.com/ > Invalid Switch: < CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer > < CHR - plugin: Native Client (Enabled) = C:\Users\manfred\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll > < CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\manfred\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll > < CHR - plugin: Shockwave Flash (Enabled) = C:\Users\manfred\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll > < CHR - plugin: Shockwave Flash (Disabled) = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll > < CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll > < CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll > < CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll > < CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll > < CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll > < CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll > < CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll > < CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll > < CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll > < CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll > < CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\manfred\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll > < CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll > < CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll > < CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll > < CHR - plugin: Facebook Desktop (Enabled) = C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll > < CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\manfred\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll > < CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll > < CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll > < CHR - Extension: Counter Strike (Flash-Version) = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcbegflbljflchoahmigblmabofoinkh\1.0.1_0\ > < CHR - Extension: avast! WebRep = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1203_0\ > < CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ > < CHR - Extension: Plants vs Zombies = C:\Users\manfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\ > < > < O1 HOSTS File: ([2009.06.11 05:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts > < O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) > < O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) > < O2 - BHO: (Avanquest App'-Anwendungsleiste Toolbar) - {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Program Files\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.) > < O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) > < O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) > < O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) > < O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) > < O3 - HKLM\..\Toolbar: (Avanquest App'-Anwendungsleiste Toolbar) - {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.) > < O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) > < O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () > < O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) > < O3 - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\..\Toolbar\WebBrowser: (Avanquest App'-Anwendungsleiste Toolbar) - {1D8566BD-F06F-4029-A3BE-BA80AF5A09F3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll (Conduit Ltd.) > < O3 - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () > < O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) > < O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION) > < O4 - HKLM..\Run: [TaskTray] File not found > < O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) > < O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) > < O4 - HKLM..\Run: [USB Antivirus] C:\Programme\USB Disk Security\USBGuard.exe (Zbshareware Lab) > < O4 - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000..\Run: [] File not found > < O4 - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000..\Run: [Facebook Update] C:\Users\manfred\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) > < O4 - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000..\Run: [Messenger (Yahoo!)] C:\Programme\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) > < O4 - HKU\S-1-5-21-3718335332-4058801294-3006936124-1000..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) > < O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) > < O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) > < O4 - Startup: C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook) > < O4 - Startup: C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () > < O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 > < O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 > < O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) > < O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) > < O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) > < O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) > < O13 - gopher Prefix: missing > < O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) > Invalid Switch: jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) < O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) > Invalid Switch: jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) < O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) > Invalid Switch: jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) < O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) > Invalid Switch: jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) < O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CAE6AB4-F441-49C1-8BC4-17A07A1B4578}: NameServer = 10.68.80.1 > < O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1F44AEA-9C2D-4102-A3D6-B26516F71AFF}: DhcpNameServer = 124.106.7.2 124.106.5.2 > < O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) > < O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) > < O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) > < O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) > < O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. > < O32 - HKLM CDRom: AutoRun - 1 > < O32 - AutoRun File - [2012.06.26 22:57:06 | 000,284,654 | ---- | M] () - C:\auto verkaufsschild.PNG -- [ NTFS ] > < O32 - AutoRun File - [2009.06.11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] > < O32 - AutoRun File - [2009.08.24 10:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ] > < O32 - AutoRun File - [2008.06.17 10:13:46 | 000,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ] > < O33 - MountPoints2\{751940b0-5bb9-11e1-a9b3-e839df2c34d5}\Shell - "" = AutoRun > < O33 - MountPoints2\{751940b0-5bb9-11e1-a9b3-e839df2c34d5}\Shell\AutoRun\command - "" = E:\AutoRun.exe > < O33 - MountPoints2\{75466f3a-5add-11e1-a4e4-806e6f6e6963}\Shell - "" = AutoRun > < O33 - MountPoints2\{75466f3a-5add-11e1-a4e4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe > < O33 - MountPoints2\{75466f86-5add-11e1-a4e4-e839df2c34d5}\Shell - "" = AutoRun > < O33 - MountPoints2\{75466f86-5add-11e1-a4e4-e839df2c34d5}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009.08.24 10:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) > < O33 - MountPoints2\E\Shell - "" = AutoRun > < O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe > < O33 - MountPoints2\F\Shell - "" = AutoRun > < O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2009.08.24 10:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) > < O34 - HKLM BootExecute: (autocheck autochk *) > < O35 - HKLM\..comfile [open] -- "%1" %* > < O35 - HKLM\..exefile [open] -- "%1" %* > < O37 - HKLM\...com [@ = comfile] -- "%1" %* > < O37 - HKLM\...exe [@ = exefile] -- "%1" %* > < O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) > < O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) > < O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) > < > < ========== Files/Folders - Created Within 30 Days ========== > Invalid Switch: color] < > < [2012.10.27 22:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox > < [2012.10.23 23:28:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\manfred\Desktop\OTL.exe > < [2012.10.22 10:52:57 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe > < [2012.10.22 10:52:57 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe > < [2012.10.22 10:52:57 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll > < [2012.10.20 23:01:44 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\Neuer Ordner > < [2012.10.04 12:25:34 | 000,000,000 | ---D | C] -- C:\Users\manfred\Desktop\tausch > < > < ========== Files - Modified Within 30 Days ========== > Invalid Switch: color] < > < [2012.10.30 04:39:05 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000UA.job > < [2012.10.30 04:26:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000UA.job > < [2012.10.30 03:57:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job > < [2012.10.30 03:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job > < [2012.10.29 22:39:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000Core.job > < [2012.10.29 19:39:16 | 000,001,284 | ---- | M] () -- C:\Users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk > < [2012.10.29 14:44:08 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 > < [2012.10.29 14:44:08 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 > < [2012.10.29 14:39:11 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job > < [2012.10.29 14:38:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat > < [2012.10.29 14:38:52 | 2357,612,544 | -HS- | M] () -- C:\hiberfil.sys > < [2012.10.26 20:57:23 | 000,008,943 | ---- | M] () -- C:\Users\manfred\Desktop\11.PNG > < [2012.10.26 19:27:37 | 000,405,354 | ---- | M] () -- C:\wvb,,mn (2).PNG > < [2012.10.26 19:27:04 | 000,198,964 | ---- | M] () -- C:\wvb,,mn (1).PNG > < [2012.10.26 14:55:53 | 000,000,150 | ---- | M] () -- C:\Users\manfred\Desktop\Neues Betriebssystem im Handel Microsoft lockt Windows 8-Kunden zum Start mit Kampfpreis - Computer - FOCUS Online - Nachric.URL > < [2012.10.26 00:59:31 | 000,097,410 | ---- | M] () -- C:\Users\manfred\Desktop\1...PNG > < [2012.10.24 11:26:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000Core.job > < [2012.10.24 10:06:25 | 000,000,075 | ---- | M] () -- C:\Users\manfred\Desktop\Trojaner oder ............ - Trojaner-Board.URL > < [2012.10.23 23:28:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\manfred\Desktop\OTL.exe > < [2012.10.23 23:21:13 | 000,131,064 | ---- | M] () -- C:\Users\manfred\Desktop\2.PNG > < [2012.10.23 23:20:24 | 000,107,823 | ---- | M] () -- C:\Users\manfred\Desktop\1.PNG > < [2012.10.23 22:30:16 | 000,158,675 | ---- | M] () -- C:\sdbgh.PNG > < [2012.10.22 20:18:06 | 000,139,603 | ---- | M] () -- C:\Users\manfred\Desktop\fff.PNG > < [2012.10.22 14:58:45 | 000,187,929 | ---- | M] () -- C:\Users\manfred\Desktop\Unbenanntcdsx.PNG > < [2012.10.22 14:57:19 | 000,172,824 | ---- | M] () -- C:\Users\manfred\Desktop\cdfr.PNG > < [2012.10.20 14:53:33 | 000,012,493 | ---- | M] () -- C:\ght.PNG > < [2012.10.19 22:33:11 | 000,000,049 | ---- | M] () -- C:\Users\manfred\Desktop\Blue-Book.URL > < [2012.10.19 18:44:23 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat > < [2012.10.19 18:44:23 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat > < [2012.10.19 18:44:23 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat > < [2012.10.19 18:44:23 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat > < [2012.10.16 15:57:43 | 000,302,642 | ---- | M] () -- C:\Users\manfred\Desktop\Unbenanntse.PNG > < [2012.10.12 13:11:30 | 000,000,087 | ---- | M] () -- C:\Users\manfred\Desktop\Antworten auf Fragen von mt6215.URL > < [2012.10.11 22:42:26 | 000,000,095 | ---- | M] () -- C:\CallYa Sprach- und Smartphone-Tarife.URL > < [2012.10.11 21:08:48 | 000,000,061 | ---- | M] () -- C:\httpwww.lidl.dedeClassic-Tarif.URL > < [2012.10.11 21:08:42 | 000,000,063 | ---- | M] () -- C:\httpwww.lidl.dedeInternet-Stick1.URL > < [2012.10.11 20:55:29 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe > < [2012.10.11 20:55:29 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl > < [2012.10.11 20:27:55 | 000,002,459 | ---- | M] () -- C:\Users\manfred\Desktop\Google Chrome.lnk > < [2012.10.10 20:39:59 | 000,000,078 | ---- | M] () -- C:\Sternzeichen deutsch - englisch.URL > < [2012.10.10 19:35:18 | 000,000,076 | ---- | M] () -- C:\Users\manfred\Desktop\Barbie Games - Fun Games for Girls, Free - Dress-Up & Makeover, Arcade, Sports, Puzzle Game.URL > < [2012.10.09 15:56:10 | 000,045,056 | ---- | M] (Northern Codeworks) -- C:\Windows\NCUNINST.EXE > < [2012.10.03 08:24:35 | 000,278,066 | ---- | M] () -- C:\am,,lk.PNG > < [2012.10.03 08:20:55 | 000,026,876 | ---- | M] () -- C:\gg.PNG > < [2012.10.03 08:02:01 | 000,000,145 | ---- | M] () -- C:\Citizen GN-4-S, WR100,Wasserdicht 100m,Verschraubtes Gehäuse. in Altona - Bahrenfeld Accessoires & Schmuck eBay Kleinanzeige.URL > < [2012.10.02 23:09:54 | 000,054,649 | ---- | M] () -- C:\s1.PNG > < [2012.10.02 23:02:46 | 000,086,347 | ---- | M] () -- C:\s.PNG > < > < ========== Files Created - No Company Name ========== > Invalid Switch: color] < > < [2012.10.26 20:57:22 | 000,008,943 | ---- | C] () -- C:\Users\manfred\Desktop\11.PNG > < [2012.10.26 19:27:37 | 000,405,354 | ---- | C] () -- C:\wvb,,mn (2).PNG > < [2012.10.26 19:27:04 | 000,198,964 | ---- | C] () -- C:\wvb,,mn (1).PNG > < [2012.10.26 14:55:53 | 000,000,150 | ---- | C] () -- C:\Users\manfred\Desktop\Neues Betriebssystem im Handel Microsoft lockt Windows 8-Kunden zum Start mit Kampfpreis - Computer - FOCUS Online - Nachric.URL > < [2012.10.26 00:59:31 | 000,097,410 | ---- | C] () -- C:\Users\manfred\Desktop\1...PNG > < [2012.10.24 10:06:25 | 000,000,075 | ---- | C] () -- C:\Users\manfred\Desktop\Trojaner oder ............ - Trojaner-Board.URL > < [2012.10.23 23:21:13 | 000,131,064 | ---- | C] () -- C:\Users\manfred\Desktop\2.PNG > < [2012.10.23 23:20:24 | 000,107,823 | ---- | C] () -- C:\Users\manfred\Desktop\1.PNG > < [2012.10.23 22:30:16 | 000,158,675 | ---- | C] () -- C:\sdbgh.PNG > < [2012.10.22 20:18:06 | 000,139,603 | ---- | C] () -- C:\Users\manfred\Desktop\fff.PNG > < [2012.10.22 14:58:45 | 000,187,929 | ---- | C] () -- C:\Users\manfred\Desktop\Unbenanntcdsx.PNG > < [2012.10.22 14:57:18 | 000,172,824 | ---- | C] () -- C:\Users\manfred\Desktop\cdfr.PNG > < [2012.10.20 14:53:33 | 000,012,493 | ---- | C] () -- C:\ght.PNG > < [2012.10.19 22:33:11 | 000,000,049 | ---- | C] () -- C:\Users\manfred\Desktop\Blue-Book.URL > < [2012.10.16 15:57:43 | 000,302,642 | ---- | C] () -- C:\Users\manfred\Desktop\Unbenanntse.PNG > < [2012.10.12 13:11:30 | 000,000,087 | ---- | C] () -- C:\Users\manfred\Desktop\Antworten auf Fragen von mt6215.URL > < [2012.10.11 22:42:26 | 000,000,095 | ---- | C] () -- C:\CallYa Sprach- und Smartphone-Tarife.URL > < [2012.10.11 21:08:48 | 000,000,061 | ---- | C] () -- C:\httpwww.lidl.dedeClassic-Tarif.URL > < [2012.10.11 21:08:42 | 000,000,063 | ---- | C] () -- C:\httpwww.lidl.dedeInternet-Stick1.URL > < [2012.10.10 20:39:59 | 000,000,078 | ---- | C] () -- C:\Sternzeichen deutsch - englisch.URL > < [2012.10.10 19:35:18 | 000,000,076 | ---- | C] () -- C:\Users\manfred\Desktop\Barbie Games - Fun Games for Girls, Free - Dress-Up & Makeover, Arcade, Sports, Puzzle Game.URL > < [2012.10.03 08:24:35 | 000,278,066 | ---- | C] () -- C:\am,,lk.PNG > < [2012.10.03 08:20:55 | 000,026,876 | ---- | C] () -- C:\gg.PNG > < [2012.10.03 08:02:01 | 000,000,145 | ---- | C] () -- C:\Citizen GN-4-S, WR100,Wasserdicht 100m,Verschraubtes Gehäuse. in Altona - Bahrenfeld Accessoires & Schmuck eBay Kleinanzeige.URL > < [2012.10.02 23:09:54 | 000,054,649 | ---- | C] () -- C:\s1.PNG > < [2012.10.02 23:02:46 | 000,086,347 | ---- | C] () -- C:\s.PNG > < [2012.02.19 12:31:33 | 000,021,504 | ---- | C] () -- C:\Users\manfred\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini > < [2012.02.15 18:58:11 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll > < [2012.02.15 18:58:10 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini > < [2012.02.15 18:58:07 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll > < [2012.02.15 18:58:07 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll > < [2012.02.15 18:58:07 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll > < [2012.02.15 18:37:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config > < [2012.01.11 05:17:08 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin > < [2012.01.11 05:17:04 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin > < [2012.01.11 05:17:02 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin > < [2012.01.11 04:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll > < [2012.01.11 04:14:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll > < [2012.01.11 04:12:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll > < > < ========== ZeroAccess Check ========== > Invalid Switch: color] < > < [2009.07.14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini > < > < [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] > < > < [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] > < > < [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] > < "" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 09:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) > < "ThreadingModel" = Apartment > < > < [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] > < "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 09:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) > < "ThreadingModel" = Free > < > < [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] > < "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) > < "ThreadingModel" = Both > < > < ========== LOP Check ========== > Invalid Switch: color] < > < [2012.02.21 01:07:20 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\Farm Mania > < [2012.02.15 18:51:53 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\GrabPro > < [2012.03.14 00:22:22 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\IrfanView > < [2012.05.11 11:11:08 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\Lingo4u > < [2012.03.14 22:31:14 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\Nokia > < [2012.04.20 19:43:51 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\OpenOffice.org > < [2012.06.19 13:02:13 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\Orbit > < [2012.03.30 16:41:06 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\PC Suite > < [2012.02.15 18:52:00 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\ProgSense > < [2012.07.29 00:11:35 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\Toshiba > < [2012.03.21 23:37:37 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\uTorrent > < [2012.09.13 18:27:08 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\Wildfire > < [2012.03.16 15:41:59 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\WinBatch > < [2012.02.22 08:52:59 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\Windows SideBar > < [2012.02.15 16:53:29 | 000,000,000 | ---D | M] -- C:\Users\manfred\AppData\Roaming\Zbshareware Lab > < > < ========== Purity Check ========== > Invalid Switch: color] < > < > < > < ========== Files - Unicode (All) ========== > Invalid Switch: color] < [2012.07.01 11:32:34 | 000,000,084 | ---- | M] ()(C:\????????/???? ??? ???? - YouTube.URL) -- C:\幸せになりたいね/大島優子 フォト ムービー - YouTube.URL > Invalid Switch: ???? ??? ???? - YouTube.URL) -- C:\幸せになりたいね/大島優子 フォト ムービー - YouTube.URL < [2012.07.01 11:32:34 | 000,000,084 | ---- | C] ()(C:\????????/???? ??? ???? - YouTube.URL) -- C:\幸せになりたいね/大島優子 フォト ムービー - YouTube.URL > Invalid Switch: ???? ??? ???? - YouTube.URL) -- C:\幸せになりたいね/大島優子 フォト ムービー - YouTube.URL < [2012.03.28 18:14:06 | 000,000,091 | ---- | M] ()(C:\? What If We Fall in Love ? - YouTube.URL) -- C:\♥ What If We Fall in Love ♥ - YouTube.URL > < [2012.03.28 18:14:06 | 000,000,091 | ---- | C] ()(C:\? What If We Fall in Love ? - YouTube.URL) -- C:\♥ What If We Fall in Love ♥ - YouTube.URL > < > < < End of report > --- --- --- --- --- --- > ========== Files - Unicode (All) ========== [2012.07.01 11:32:34 | 000,000,084 | ---- | M] ()(C:\????????/???? ??? ???? - YouTube.URL) -- C:\幸せになりたいね/大島優子 フォト ムービー - YouTube.URL [2012.07.01 11:32:34 | 000,000,084 | ---- | C] ()(C:\????????/???? ??? ???? - YouTube.URL) -- C:\幸せになりたいね/大島優子 フォト ムービー - YouTube.URL [2012.03.28 18:14:06 | 000,000,091 | ---- | M] ()(C:\? What If We Fall in Love ? - YouTube.URL) -- C:\♥ What If We Fall in Love ♥ - YouTube.URL [2012.03.28 18:14:06 | 000,000,091 | ---- | C] ()(C:\? What If We Fall in Love ? - YouTube.URL) -- C:\♥ What If We Fall in Love ♥ - YouTube.URL < End of report > ich hoffe das es nun richtig ist , habe gescant und dann kopiert und den text im eingabefeld bei OTL eingefügt ,dann auf --Quick Scan gedrückt - nun scant er nochmal . dann ging wieder eine seite auf . diesen text habe ich nun hier eingefügt . mfg manfred |
31.10.2012, 14:04 | #10 |
| Trojaner oder ............???? habe ich wieder was falsch gemacht ?? |
31.10.2012, 19:04 | #11 | |
/// Malware-holic | Trojaner oder ............???? nein nein, alles io Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
01.11.2012, 04:24 | #12 |
| Trojaner oder ............???? danke für die antwort aber nun das problem : ich habe avast free ich war nun auf der seite von avast und sehe da nichts zum ausschalten des programms . wie geht das ?? mfg manfred Combofix Logfile: Code:
ATTFilter ComboFix 12-10-31.03 - manfred 01.11.2012 13:08:45.1.4 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.2998.1800 [GMT 8:00] ausgeführt von:: c:\users\manfred\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\manfred\AppData\Roaming\Microsoft\Windows\Recent\Baby i miss you - Chris Norman - with lyricswww.youtube.comno copyright intended.URL c:\users\manfred\AppData\Roaming\Microsoft\Windows\Recent\God Will Make a Waywww.youtube.comDon Moen's popular song God Will Make a Way with lyrics.URL c:\windows\system32\DEBUG.log . . ((((((((((((((((((((((( Dateien erstellt von 2012-10-01 bis 2012-11-01 )))))))))))))))))))))))))))))) . . 2012-11-01 05:14 . 2012-11-01 05:14 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-01 03:55 . 2012-11-01 03:55 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E467866C-414B-428B-BE74-4B64C718CC08}\offreg.dll 2012-10-22 02:52 . 2012-09-24 15:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-11 12:55 . 2012-04-13 02:50 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-11 12:55 . 2012-02-15 10:56 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-09 07:56 . 2012-02-22 11:02 45056 ----a-w- c:\windows\NCUNINST.EXE 2012-09-18 02:24 . 2012-05-20 02:48 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-09-18 02:24 . 2012-02-15 10:57 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-10-27 14:32 . 2012-10-27 14:32 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{1d8566bd-f06f-4029-a3be-ba80af5a09f3}"= "c:\program files\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{1d8566bd-f06f-4029-a3be-ba80af5a09f3}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1d8566bd-f06f-4029-a3be-ba80af5a09f3}] 2011-05-09 09:49 176936 ----a-w- c:\program files\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{1d8566bd-f06f-4029-a3be-ba80af5a09f3}"= "c:\program files\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{1d8566bd-f06f-4029-a3be-ba80af5a09f3}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{1D8566BD-F06F-4029-A3BE-BA80AF5A09F3}"= "c:\program files\Avanquest_App'-Anwendungsleiste\prxtbAva0.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{1d8566bd-f06f-4029-a3be-ba80af5a09f3}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-07-04 12:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-01-03 6497592] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] "Facebook Update"="c:\users\manfred\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-13 138096] "NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2012-02-01 1083264] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2010-11-09 824224] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 142616] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 177432] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 177944] "ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-07-03 296096] "TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-23 2454840] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\users\manfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Facebook Messenger.lnk - c:\users\manfred\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe [2012-9-25 247728] OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2010-12-14 2749856] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x] R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x] R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x] S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x86.sys [x] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - WS2IFSL . Inhalt des "geplante Tasks" Ordners . 2012-11-01 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 12:55] . 2012-10-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000Core.job - c:\users\manfred\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-28 14:34] . 2012-10-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000UA.job - c:\users\manfred\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-28 14:34] . 2012-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-19 03:32] . 2012-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-19 03:32] . 2012-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000Core.job - c:\users\manfred\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-17 08:40] . 2012-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3718335332-4058801294-3006936124-1000UA.job - c:\users\manfred\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-17 08:40] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.de/ IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202 TCP: Interfaces\{21F0735F-35A1-4812-B527-E0E99412945B}: NameServer = 10.198.220.124 202.126.40.5 TCP: Interfaces\{5CAE6AB4-F441-49C1-8BC4-17A07A1B4578}: NameServer = 10.68.80.1 FF - ProfilePath - c:\users\manfred\AppData\Roaming\Mozilla\Firefox\Profiles\3til95lj.default\ FF - ExtSQL: 2012-09-27 20:04; {1018e4d6-728f-4b20-ad56-37578a4de76b}; c:\users\manfred\AppData\Roaming\Mozilla\Firefox\Profiles\3til95lj.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extensions.BabylonToolbar_i.babTrack, affID=66756 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - def FF - user.js: extensions.BabylonToolbar_i.id - d8f1fe63000000000000000000000000 FF - user.js: extensions.BabylonToolbar_i.hardId - d8f1fe63000000000000000000000000 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15444 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.176:11 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babclient FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - base FF - user.js: extensions.BabylonToolbar_i.instlRef - std . - - - - Entfernte verwaiste Registrierungseinträge - - - - . HKLM-Run-TaskTray - (no file) . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2012-11-01 13:16:13 ComboFix-quarantined-files.txt 2012-11-01 05:16 . Vor Suchlauf: 26 Verzeichnis(se), 239.976.271.872 Bytes frei Nach Suchlauf: 30 Verzeichnis(se), 240.920.682.496 Bytes frei . - - End Of File - - F0D04BAF03088B1875E6A2F52495E161 ein neustart wurde nicht gemacht |
02.11.2012, 18:11 | #13 |
/// Malware-holic | Trojaner oder ............???? malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
02.11.2012, 20:33 | #14 |
| Trojaner oder ............???? Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.02.09 Windows 7 x86 NTFS Internet Explorer 8.0.7600.16385 manfred :: MANFRED-LAPTOP [Administrator] Schutz: Aktiviert 03.11.2012 01:52:04 mbam-log-2012-11-03 (01-52-04).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 347742 Laufzeit: 1 Stunde(n), 37 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
Themen zu Trojaner oder ............???? |
ahnung, blödes, brauche, computer, daten, fotos, gestern, grau, helft, java, neu, nichts, problem, probleme, rechts, redet, seite, seiten, sprache, totaler, troja, trojaner, update, verzweifeln, zeichen |