Verdacht auf Trojaner / Datenspionage eines Stalkers

Systir

Hallo liebes Trojaner-Board Team.
Seit einiger Zeit werde ich von einem Stalker belästigt, der eventuell gute Programmierkenntnisse besitzt bzw. sich mit Schadsoftware auskennt. Ich habe den verdacht, dass er meine Mails mitlesen kann bzw. msn und andere chat/mail Programme. MSN startet sich z.B. des öfteren von selbst. Des weiteren könnte er Benutzerkonten-Informationen von einem Online Rollenspiel gehackt haben da dort öfters mal Gegenstände fehlen.
Scans mit SpyBot haben einige Fehler mit der Notiz "AdwareC" (Baylon. Toolbar) bzw "Browser "(FastClick, MediaPlex,RightMedi,Tradedoubler) ergeben. Leider finde ich darüber keine weiteren Informationen.
Vielen Dank für eure Hilfe!

________________________________________________________________



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by tina at 19:39:16 on 2012-05-16
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.2815.1488 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\vVX3000.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Program Files (x86)\ICQ7.5\ICQ.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Users\tina\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\tina\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\tina\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\tina\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\tina\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\tina\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\tina\AppData\Local\TeamSpeak 3 Client\ts3client_win32.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Users\tina\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\tina\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://www.google.at/
uSearch Bar =
mStart Page = hxxp://home.sweetim.com
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll
uURLSearchHooks: H - No File
mURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll
BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
BHO: SearchCore for Browsers: {9d717f81-9148-4f12-8568-69135f087db0} - C:\PROGRA~2\SEARCH~1\SEARCH~1\BROWSE~1.DLL
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
TB: {7E111A5C-3D11-4F56-9463-5310C3C69025} - No File
EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
uRun: [Google Update] "C:\Users\tina\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [fsm]
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [DATAMNGR] C:\PROGRA~2\SEARCH~1\SEARCH~1\DATAMN~1.EXE
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Free YouTube Download - C:\Users\tina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - C:\Users\tina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4DBB71C8-713A-453F-9DBD-083304544BA8} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4DBB71C8-713A-453F-9DBD-083304544BA8}\6457E6E4564733 : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll
{30F9B915-B755-4826-820B-08FBA6BD249D}
{326E768D-4182-46FD-9C16-1449A49795F4}
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
{53707962-6F74-2D53-2644-206D7942484F}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{872b5b88-9db5-4310-bdd0-ac189557e5f5}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{99079a25-328f-4bd4-be04-00955acaa0a7}
{9D717F81-9148-4f12-8568-69135F087DB0}
{9FDDE16B-836F-4806-AB1F-1455CBEFF289}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{30F9B915-B755-4826-820B-08FBA6BD249D}
{872b5b88-9db5-4310-bdd0-ac189557e5f5}
{855F3B16-6D32-4FE6-8A56-BBB695989046}
{99079a25-328f-4bd4-be04-00955acaa0a7}
TB-X64: {7E111A5C-3D11-4F56-9463-5310C3C69025} - No File
EB-X64: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [DATAMNGR] C:\PROGRA~2\SEARCH~1\SEARCH~1\DATAMN~1.EXE
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
AppInit_DLLs-X64: C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\tina\AppData\Roaming\Mozilla\Firefox\Profiles\825fwb89.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - iLivid Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=KW_def&AF=10588&tt=190212_ctrl&q=
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff5.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff6.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff7.dll
FF - component: C:\Users\tina\AppData\Roaming\Mozilla\Firefox\Profiles\825fwb89.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}\components\FFExternalAlert.dll
FF - component: C:\Users\tina\AppData\Roaming\Mozilla\Firefox\Profiles\825fwb89.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}\components\FFExternalAlertGecko19.dll
FF - component: C:\Users\tina\AppData\Roaming\Mozilla\Firefox\Profiles\825fwb89.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}\components\RadioWMPCore.dll
FF - component: C:\Users\tina\AppData\Roaming\Mozilla\Firefox\Profiles\825fwb89.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\tina\AppData\Roaming\Mozilla\Firefox\Profiles\825fwb89.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: C:\Users\tina\AppData\Roaming\Mozilla\Firefox\Profiles\825fwb89.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - component: C:\Users\tina\AppData\Roaming\Mozilla\Firefox\Profiles\825fwb89.default\extensions\engine@conduit.com\components\FFExternalAlert.dll
FF - component: C:\Users\tina\AppData\Roaming\Mozilla\Firefox\Profiles\825fwb89.default\extensions\engine@conduit.com\components\FFExternalAlertGecko19.dll
FF - component: C:\Users\tina\AppData\Roaming\Mozilla\Firefox\Profiles\825fwb89.default\extensions\engine@conduit.com\components\RadioWMPCore.dll
FF - component: C:\Users\tina\AppData\Roaming\Mozilla\Firefox\Profiles\825fwb89.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\tina\AppData\Roaming\Mozilla\Firefox\Profiles\825fwb89.default\extensions\ffxtlbr@Facemoods.com\components\FFHst.dll
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\tina\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Freeware.de Community Toolbar: {7e111a5c-3d11-4f56-9463-5310c3c69025} - %profile%\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - C:\Program Files (x86)\AVG\AVG10\Firefox4
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - fce4b5810000000000001c4bd691ed0b
FF - user.js: extensions.BabylonToolbar_i.hardId - fce4b5810000000000001c4bd691ed0b
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15391
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:33:00
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babclient
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - tt=190212_ctrl
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - def
FF - user.js: extensions.BabylonToolbar_i.instlRef - std
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-9-8 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-1-31 7391072]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\system32\Drivers\nx6000.sys --> C:\Windows\system32\Drivers\nx6000.sys [?]
.
=============== Created Last 30 ================
.
2012-05-16 12:54:58 -------- d-----w- C:\Users\tina\AppData\Local\{752CE95C-6B26-4CA9-9F23-2998FB5EB90A}
2012-05-16 12:54:45 -------- d-----w- C:\Users\tina\AppData\Local\{88F32CA2-AF06-477E-8475-026C47AFEDB7}
2012-05-16 07:17:00 -------- d-----w- C:\Users\tina\AppData\Local\{1E0EA38C-9BF1-4E15-8F2B-30F32DA7B44D}
2012-05-16 07:16:41 -------- d-----w- C:\Users\tina\AppData\Local\{0B5AC592-B961-4DBB-8591-5511CDC20122}
2012-05-16 07:06:43 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-05-15 16:13:55 -------- d-----w- C:\Users\tina\AppData\Local\{0825FA15-6144-454E-8DE0-3E5FE48DAC1A}
2012-05-15 16:13:42 -------- d-----w- C:\Users\tina\AppData\Local\{FD162991-6D1B-48CB-AA1C-C87E0C5A26AC}
2012-05-14 22:02:59 -------- d-----w- C:\Users\tina\AppData\Local\{6B54E968-2453-41F4-8C04-276B8E25FAEC}
2012-05-14 22:02:44 -------- d-----w- C:\Users\tina\AppData\Local\{4A01D2A3-8036-42D9-9316-70FA19C67AEE}
2012-05-14 06:53:49 -------- d-----w- C:\Users\tina\AppData\Local\{ED123ACB-CBF5-4A26-BC75-A4C9C5243EDC}
2012-05-14 06:53:35 -------- d-----w- C:\Users\tina\AppData\Local\{723C3AE6-806D-4A67-9383-777FAD7062D2}
2012-05-13 20:15:03 -------- d-----w- C:\Users\tina\AppData\Local\{F9DC0166-01D5-481E-AD7E-64046CA06CF3}
2012-05-13 20:14:50 -------- d-----w- C:\Users\tina\AppData\Local\{3F50A407-C015-4B97-A1C5-A02F1CBEF930}
2012-05-13 12:55:19 -------- d-----w- C:\Users\tina\AppData\Local\{8AF33305-7E81-40C3-A3E9-D9CFAD7D85B8}
2012-05-13 12:55:04 -------- d-----w- C:\Users\tina\AppData\Local\{E7178FB0-F265-450B-9E39-819C7F01B41A}
2012-05-12 22:54:33 -------- d-----w- C:\Users\tina\AppData\Local\{DC7C7BE6-CA77-4E49-89DE-7A3783F57FA8}
2012-05-12 22:54:18 -------- d-----w- C:\Users\tina\AppData\Local\{9C36AC7C-BD32-44CC-B998-866528CB6F54}
2012-05-12 18:04:36 -------- d-----w- C:\Users\tina\.duginstaller
2012-05-11 19:09:33 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-05-11 19:09:33 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-11 19:09:32 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-05-11 19:09:32 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-05-11 19:09:32 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-05-11 19:09:32 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-05-11 19:09:32 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-05-11 19:09:32 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-11 19:09:31 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-05-11 19:09:31 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-05-11 19:07:50 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-11 19:07:47 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-11 19:07:46 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-11 19:07:46 3143680 ----a-w- C:\Windows\System32\win32k.sys
2012-05-11 19:07:37 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-11 19:07:30 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-11 19:07:25 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 19:07:25 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-11 19:07:25 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 19:07:24 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-11 19:07:23 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-08 13:04:24 -------- d-----w- C:\Users\tina\AppData\Local\{BAD79BE3-FFF2-4322-B4C1-F9E9AA142AA2}
2012-05-08 13:04:10 -------- d-----w- C:\Users\tina\AppData\Local\{9ACBC94D-3C90-4171-BB68-98CFA4DCCBCB}
2012-05-07 11:43:13 -------- d-----w- C:\Users\tina\AppData\Local\{A3486311-B52B-4DFA-B9D0-64A40FCB38CA}
2012-05-07 11:42:58 -------- d-----w- C:\Users\tina\AppData\Local\{9CF8BAA0-3BAB-4DD6-8D65-0A1F150CF94C}
2012-05-07 07:33:04 -------- d-----w- C:\Users\tina\AppData\Local\{1ACD66E7-77E0-452B-B0BE-64C9A8D356D4}
2012-05-07 07:32:51 -------- d-----w- C:\Users\tina\AppData\Local\{34EF728E-751B-4C53-98C9-DFA645C18B76}
2012-05-06 13:40:44 -------- d-----w- C:\Users\tina\AppData\Local\{7EBF707F-E16E-409F-9127-AA42665110F6}
2012-05-06 13:40:30 -------- d-----w- C:\Users\tina\AppData\Local\{D50D0A50-F167-4B33-95C0-20F59BAA6DF3}
2012-05-05 19:39:32 -------- d-----w- C:\Users\tina\AppData\Local\{468D69B5-95A8-4CE5-9C5E-1CDA8FB8450A}
2012-05-05 19:39:19 -------- d-----w- C:\Users\tina\AppData\Local\{88F2A4DB-7B8D-4469-88C0-343B2F6C7A60}
2012-05-05 12:29:40 -------- d-----w- C:\Users\tina\AppData\Local\{EEB67D5D-A033-465F-A2F2-C24B2D7E737A}
2012-05-05 12:29:25 -------- d-----w- C:\Users\tina\AppData\Local\{D36D58AA-5C4E-44CE-951F-3EB2697E2597}
2012-05-02 14:06:32 -------- d-----w- C:\Users\tina\AppData\Local\{8DBBB7AD-6437-4B4E-BACA-EBB9ADFD2734}
2012-05-02 14:06:19 -------- d-----w- C:\Users\tina\AppData\Local\{46B0B0C0-DC1B-4A92-AF78-CF23D33BDF07}
2012-04-28 21:13:31 -------- d-----w- C:\Users\tina\AppData\Local\{EF350EB1-FEB7-44B9-A0B0-F21DAF68C496}
2012-04-28 21:13:17 -------- d-----w- C:\Users\tina\AppData\Local\{420BFB95-815B-4F24-9A5E-B72B67566614}
2012-04-19 06:42:58 -------- d-----w- C:\Users\tina\AppData\Local\{6682AF13-BC09-4A38-87F0-EF4B52D52E3A}
2012-04-19 06:42:43 -------- d-----w- C:\Users\tina\AppData\Local\{5082B16F-DE00-4BBC-A144-40785170A795}
2012-04-18 16:29:00 -------- d-----w- C:\Program Files (x86)\Origin Games
2012-04-18 16:28:35 -------- d-----w- C:\Users\tina\AppData\Local\Origin
2012-04-18 16:28:34 -------- d-----w- C:\ProgramData\Origin
2012-04-18 16:21:56 -------- d-----w- C:\Users\tina\AppData\Roaming\Origin
2012-04-18 16:21:54 -------- d-----w- C:\ProgramData\Electronic Arts
2012-04-18 16:21:49 -------- d-----w- C:\Program Files (x86)\Origin
2012-04-17 08:15:22 -------- d-----w- C:\Users\tina\AppData\Local\{E4408884-5348-4B00-A52A-9BB466505D62}
2012-04-17 08:15:08 -------- d-----w- C:\Users\tina\AppData\Local\{B66304D4-A9DC-47FE-A8FD-6D4D03FEE5FB}
.
==================== Find3M ====================
.
2012-04-13 06:10:35 0 ----a-w- C:\Windows\SysWow64\shoC8.tmp
2012-04-12 10:28:32 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-27 02:53:13 0 ----a-w- C:\Windows\SysWow64\shoEF09.tmp
2012-03-26 03:54:41 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2012-03-26 03:54:41 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2012-03-26 03:54:41 144384 ----a-w- C:\Windows\System32\cdd.dll
2012-03-01 06:54:38 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:45:41 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-03-01 06:40:14 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2012-03-01 06:35:16 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-03-01 05:49:05 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:45:05 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:40:44 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 19:42:02,12 ===============