| |
| |||||||
Log-Analyse und Auswertung: AVG meldet: services.exe mit Trojaner infiziertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
09.10.2012, 19:19
| #1 |
 |  AVG meldet: services.exe mit Trojaner infiziert Liebes Trojaner-Board-Team, Das Antiviren Programm AVG meldet bei dem Laptop einer Bekannten: Trojaner: Patched_c.LZE Datei: C:\Windows\System32\services.exe Beim Zugriff, Prozessname: C:\Windows\System32\svchost.exe Prozess-ID: 1016 Malwarebytes habe ich bereits durchlaufen lassen und bereinigen lassen. Ebenfalls lief OTL bereits durch. Anbei die Logs. Lohnt es sich hier den Laptop zu bereinigen oder ist eine Neuinstallation hier besser geraten? Im Fall einer Bereinigung wie soll ich vorgehen? Code:
ATTFilter OTL logfile created on: 07.10.2012 18:09:17 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Vanessa\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,93 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 67,57% Memory free 6,06 Gb Paging File | 5,12 Gb Available in Paging File | 84,44% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 222,35 Gb Total Space | 126,93 Gb Free Space | 57,09% Space Free | Partition Type: NTFS Drive D: | 10,53 Gb Total Space | 1,79 Gb Free Space | 16,98% Space Free | Partition Type: NTFS Computer Name: VANESSA-PC | User Name: Vanessa | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Vanessa\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Iminent\Iminent.Messengers.exe (Iminent) PRC - C:\Programme\Iminent\Iminent.exe (Iminent) PRC - C:\Programme\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\iMesh Applications\MediaBar\DataMngr\DataMngrUI.exe (iMesh, Inc) PRC - C:\Programme\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\Canon\SELPHY Photo Print\CIC_SPPhelper.exe (Canon Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\SMINST\BLService.exe () PRC - C:\Programme\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Iminent\System.Data.SQLite.dll () MOD - C:\Programme\Iminent\Iminent.Workflow.dll () MOD - C:\Programme\Iminent\Iminent.Windows.dll () MOD - C:\Programme\Iminent\Iminent.Mediator.ActivePlayers.dll () MOD - C:\Programme\Iminent\Iminent.Booster.UI.dll () MOD - C:\Programme\Iminent\de\Iminent.Booster.UI.resources.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\63d1eb27f55bfa47a1a9328172bfb604\System.IdentityModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\19ca73856f91e0fd4d5353a9373f8b6a\System.Runtime.Serialization.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\fe38867d2e5f029a61369d60cb366db6\SMDiagnostics.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\550d497e3f4cc73b5e323711edb1b592\System.ServiceModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\2e2615fe0b5497263891553e13b697c6\System.Web.Services.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\47b2e1d9030f551f685dfea0b618e7fd\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9a01d9b5c7b5509bbc964881ce2be5a1\System.Transactions.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\7895f580432cd243f19aa40db58d38bc\System.EnterpriseServices.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\45d73bf5a07b8fd8a12fcf7d68e9b318\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\7749403068ce1f517692d61ae5af97cb\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\4f15f4468f90ae42f43a74b94b064fae\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6d75eb3ca10a514754f5e87cc2134f07\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\19d027c3381110e60c003f2c8bd307ee\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\d3915d0144a91ab76bfaad80d5d7308c\System.Configuration.Install.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\38b9d09539b67b08ee996db6c71f8a9b\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\982c005f97eacba888acdda322c49362\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\8a84d9c1f313d52f24bf191df15eead2\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\880639d34ff339510176a4c8b4251954\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\57ac9ba5419d6bf4b79f2979b0755428\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\c068708e16abf0be77a21b9f29817d83\mscorlib.ni.dll () MOD - C:\Programme\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Programme\Canon\SELPHY Photo Print\EnoJPEG4.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\SMDiagnostics.resources\3.0.0.0_de_b77a5c561934e089\SMDiagnostics.resources.dll () MOD - \\.\globalroot\systemroot\system32\mswsock.dll () MOD - C:\Programme\Common Files\LightScribe\QtGui4.dll () MOD - C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll () MOD - C:\Programme\Common Files\LightScribe\QtCore4.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.) SRV - (avg8wd) -- C:\Programme\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (Recovery Service for Windows) -- C:\Programme\SMINST\BLService.exe () SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (AvgLdx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgMfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (IntcHdmiAddService) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = hxxp://search.imesh.com/web?src=ieb&q={searchTerms} IE - HKLM\..\SearchScopes\{A46EE1F2-1DCC-4E7A-B630-0598B55B6A72}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = hxxp://search.iminent.com/?appId=&ref=toolbox&q={searchTerms} IE - HKLM\..\SearchScopes\{EA45296E-B074-43DB-905C-55050CB89E29}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKLM\..\SearchScopes\{F51E7796-A29C-45E8-AEBB-2E661894CEEB}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1520116365-816098757-2297299363-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb IE - HKU\S-1-5-21-1520116365-816098757-2297299363-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.iminent.com/?appId=undefined&ref=homepage IE - HKU\S-1-5-21-1520116365-816098757-2297299363-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1520116365-816098757-2297299363-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-1520116365-816098757-2297299363-1000\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found IE - HKU\S-1-5-21-1520116365-816098757-2297299363-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\S-1-5-21-1520116365-816098757-2297299363-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1520116365-816098757-2297299363-1000\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19} IE - HKU\S-1-5-21-1520116365-816098757-2297299363-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-1520116365-816098757-2297299363-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = hxxp://search.imesh.com/web?src=ieb&q={searchTerms} IE - HKU\S-1-5-21-1520116365-816098757-2297299363-1000\..\SearchScopes\{A46EE1F2-1DCC-4E7A-B630-0598B55B6A72}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKU\S-1-5-21-1520116365-816098757-2297299363-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKU\S-1-5-21-1520116365-816098757-2297299363-1000\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = hxxp://search.iminent.com/?appId=&ref=toolbox&q={searchTerms} IE - HKU\S-1-5-21-1520116365-816098757-2297299363-1000\..\SearchScopes\{EA45296E-B074-43DB-905C-55050CB89E29}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKU\S-1-5-21-1520116365-816098757-2297299363-1000\..\SearchScopes\{F51E7796-A29C-45E8-AEBB-2E661894CEEB}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKU\S-1-5-21-1520116365-816098757-2297299363-1000\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms} IE - HKU\S-1-5-21-1520116365-816098757-2297299363-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.defaultenginename: "SearchTheWeb" FF - prefs.js..browser.search.defaultthis.engineName: "Plasmoo" FF - prefs.js..browser.search.defaulturl: "hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}" FF - prefs.js..browser.search.order.1: "iMesh Web Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://search.iminent.com/?appId=7b844c31-848f-44b8-b728-2c58f1b919bf&lcid=1031&ref=homepage" FF - prefs.js..extensions.enabledAddons: engine@plasmoo.com:1.0.0.32 FF - prefs.js..extensions.enabledAddons: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledAddons: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.2.6 FF - prefs.js..extensions.enabledAddons: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 FF - prefs.js..extensions.enabledAddons: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.14.1.0 FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledAddons: {C9B68337-E93A-44EA-94DC-CB300EC06444}:4.51.0 FF - prefs.js..extensions.enabledAddons: {9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}:1.0 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.2 FF - prefs.js..extensions.enabledItems: {28D35620-51D9-11DE-9D13-2DB156D89593}:3.1 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\2.0.40115.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.17 18:14:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.07 06:53:48 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Vanessa\AppData\Roaming\13001.042 [2012.08.30 16:27:33 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.17 18:14:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.07 06:53:48 | 000,000,000 | ---D | M] [2009.05.09 16:29:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vanessa\AppData\Roaming\mozilla\Extensions [2012.08.16 15:44:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vanessa\AppData\Roaming\mozilla\Firefox\Profiles\h3wstyft.default\extensions [2010.06.21 15:21:34 | 000,000,000 | ---D | M] (MediaBar) -- C:\Users\Vanessa\AppData\Roaming\mozilla\Firefox\Profiles\h3wstyft.default\extensions\{28D35620-51D9-11DE-9D13-2DB156D89593} [2012.08.16 15:43:36 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Vanessa\AppData\Roaming\mozilla\Firefox\Profiles\h3wstyft.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.06.28 10:36:55 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Vanessa\AppData\Roaming\mozilla\Firefox\Profiles\h3wstyft.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.01.11 15:31:09 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Vanessa\AppData\Roaming\mozilla\Firefox\Profiles\h3wstyft.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.04.11 18:04:13 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\Vanessa\AppData\Roaming\mozilla\Firefox\Profiles\h3wstyft.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} [2011.05.19 21:37:34 | 000,000,000 | ---D | M] (Plasmoo Search Engine) -- C:\Users\Vanessa\AppData\Roaming\mozilla\Firefox\Profiles\h3wstyft.default\extensions\engine@plasmoo.com [2012.02.19 13:17:55 | 000,000,000 | ---D | M] ("Facebook: Rosa Themen-Plugin") -- C:\Users\Vanessa\AppData\Roaming\mozilla\Firefox\Profiles\h3wstyft.default\extensions\pink@rosafarbe.info [2012.02.27 20:00:57 | 000,000,000 | ---D | M] ("Facebook: Rosa Themen-Plugin") -- C:\Users\Vanessa\AppData\Roaming\mozilla\Firefox\Profiles\h3wstyft.default\extensions\pink@rosaplugin.info [2012.02.19 13:17:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vanessa\AppData\Roaming\mozilla\Firefox\Profiles\h3wstyft.default\extensions\pink@rosafarbe.info\resources\jrd0-g48yojdcu5i9a8n0j2se5vmy76e-at-jetpack-pink-theme-extension-data [2012.02.19 13:17:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vanessa\AppData\Roaming\mozilla\Firefox\Profiles\h3wstyft.default\extensions\pink@rosafarbe.info\resources\jrd0-g48yojdcu5i9a8n0j2se5vmy76e-at-jetpack-pink-theme-extension-lib [2012.02.27 20:00:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vanessa\AppData\Roaming\mozilla\Firefox\Profiles\h3wstyft.default\extensions\pink@rosaplugin.info\resources\jrd0-g48yojdcu5i9a8n0j2se5vmy76e-at-jetpack-pink-theme-extension-data [2012.02.27 20:00:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vanessa\AppData\Roaming\mozilla\Firefox\Profiles\h3wstyft.default\extensions\pink@rosaplugin.info\resources\jrd0-g48yojdcu5i9a8n0j2se5vmy76e-at-jetpack-pink-theme-extension-lib [2012.07.14 11:58:59 | 001,611,859 | ---- | M] () (No name found) -- C:\Users\Vanessa\AppData\Roaming\mozilla\firefox\profiles\h3wstyft.default\extensions\firebug@software.joehewitt.com.xpi [2011.08.22 14:26:51 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\Vanessa\AppData\Roaming\mozilla\firefox\profiles\h3wstyft.default\extensions\personas@christopher.beard.xpi [2012.02.29 13:55:53 | 000,258,567 | ---- | M] () (No name found) -- C:\Users\Vanessa\AppData\Roaming\mozilla\firefox\profiles\h3wstyft.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2011.01.11 15:32:15 | 000,000,873 | ---- | M] () -- C:\Users\Vanessa\AppData\Roaming\mozilla\firefox\profiles\h3wstyft.default\searchplugins\conduit.xml [2012.07.14 18:01:03 | 000,000,950 | ---- | M] () -- C:\Users\Vanessa\AppData\Roaming\mozilla\firefox\profiles\h3wstyft.default\searchplugins\icqplugin-1.xml [2011.03.17 18:53:41 | 000,000,950 | ---- | M] () -- C:\Users\Vanessa\AppData\Roaming\mozilla\firefox\profiles\h3wstyft.default\searchplugins\icqplugin-10.xml [2011.03.26 20:37:30 | 000,000,950 | ---- | M] () -- C:\Users\Vanessa\AppData\Roaming\mozilla\firefox\profiles\h3wstyft.default\searchplugins\icqplugin-11.xml [2011.05.01 09:00:12 | 000,000,950 | ---- | M] () -- C:\Users\Vanessa\AppData\Roaming\mozilla\firefox\profiles\h3wstyft.default\searchplugins\icqplugin-12.xml [2011.05.07 06:58:58 | 000,000,950 | ---- | M] () -- C:\Users\Vanessa\AppData\Roaming\mozilla\firefox\profiles\h3wstyft.default\searchplugins\icqplugin-13.xml [2011.05.07 20:16:25 | 000,000,950 | ---- | M] () -- C:\Users\Vanessa\AppData\Roaming\mozilla\firefox\profiles\h3wstyft.default\searchplugins\icqplugin-14.xml [2011.07.11 18:15:24 | 000,000,950 | ---- | M] () -- C:\Users\Vanessa\AppData\Roaming\mozilla\firefox\profiles\h3wstyft.default\searchplugins\icqplugin-15.xml [2011.07.11 20:24:07 | 000,000,950 | ---- | M] () -- C:\Users\Vanessa\AppData\Roaming\mozilla\firefox\profiles\h3wstyft.default\searchplugins\icqplugin-16.xml [2011.09.11 14:44:34 | 000,000,950 | ---- | M] () -- C:\Users\Vanessa\AppData\Roaming\mozilla\firefox\profiles\h3wstyft.default\searchplugins\icqplugin-17.xml [2011.10.11 10:28:04 | 000,000,950 | ---- | M] () -- C:\Users\Vanessa\AppData\Roaming\mozilla\firefox\profiles\h3wstyft.default\searchplugins\icqplugin-18.xml [2011.10.24 14:44:00 | 000,000,950 | ---- | M] () -- C:\Users\Vanessa\AppData\Roaming\mozilla\firefox\profiles\h3wstyft.default\searchplugins\icqplugin-19.xml [2010.04.05 18:39:17 | 000,000,950 | ---- | M] () -- C:\Users\Vanessa\AppData\Roaming\mozilla\firefox\profiles\h3wstyft.default\searchplugins\icqplugin-2.xml [2011.11.25 01:12:48 | 000,000,950 | ---- | M] () -- C:\Users\Vanessa\AppData\Roaming\mozilla\firefox\profiles\h3wstyft.default\searchplugins\icqplugin-20.xml [2012.01.20 18:49:40 | 000,000,950 | ---- | M] () -- C:\Users\Vanessa\AppData\Roaming\mozilla\firefox\profiles\h3wstyft.default\searchplugins\icqplugin-21.xml [2012.02.13 21:52:25 | 000,000,950 | ---- | M] () -- C:\Users\Vanessa\AppData\Roaming\mozilla\firefox\profiles\h3wstyft.default\searchplugins\icqplugin-22.xml [2012.02.15 07:52:03 | 000,000,950 | ---- | M] () -- C:\Users\Vanessa\AppData\Roaming\mozilla\firefox\profiles\h3wstyft.default\searchplugins\icqplugin-23.xml [2012.02.18 12:03:01 | 000,000,950 | ---- | M] () -- C:\Users\Vanessa\AppData\Roaming\mozilla\firefox\profiles\h3wstyft.default\searchplugins\icqplugin-24.xml [2012.03.18 21:01:26 | 000,000,950 | ---- | M] () -- C:\Users\Vanessa\AppData\Roaming\mozilla\firefox\profiles\h3wstyft.default\searchplugins\icqplugin-25.xml [2012.04.11 23:28:14 | 000,000,950 | ---- | M] () -- C:\Users\Vanessa\AppData\Roaming\mozilla\firefox\profiles\h3wstyft.default\searchplugins\icqplugin-26.xml [2012.04.27 18:12:19 | 000,000,950 | ---- | M] () -- C:\Users\Vanessa\AppData\Roaming\mozilla\firefox\profiles\h3wstyft.default\searchplugins\icqplugin-27.xml [2012.06.17 18:16:12 | 000,000,950 | ---- | M] () -- C:\Users\Vanessa\AppData\Roaming\mozilla\firefox\profiles\h3wstyft.default\searchplugins\icqplugin-28.xml [2010.06.21 21:51:45 | 000,000,950 | ---- | M] () -- C:\Users\Vanessa\AppData\Roaming\mozilla\firefox\profiles\h3wstyft.default\searchplugins\icqplugin-3.xml [2010.08.19 18:53:36 | 000,000,950 | ---- | M] () -- C:\Users\Vanessa\AppData\Roaming\mozilla\firefox\profiles\h3wstyft.default\searchplugins\icqplugin-4.xml [2010.09.24 16:15:45 | 000,000,950 | ---- | M] () -- C:\Users\Vanessa\AppData\Roaming\mozilla\firefox\profiles\h3wstyft.default\searchplugins\icqplugin-5.xml [2010.10.20 19:10:27 | 000,000,950 | ---- | M] () -- C:\Users\Vanessa\AppData\Roaming\mozilla\firefox\profiles\h3wstyft.default\searchplugins\icqplugin-6.xml [2010.10.20 19:15:06 | 000,000,950 | ---- | M] () -- C:\Users\Vanessa\AppData\Roaming\mozilla\firefox\profiles\h3wstyft.default\searchplugins\icqplugin-7.xml [2010.11.12 19:32:45 | 000,000,950 | ---- | M] () -- C:\Users\Vanessa\AppData\Roaming\mozilla\firefox\profiles\h3wstyft.default\searchplugins\icqplugin-8.xml [2011.01.11 15:37:46 | 000,000,950 | ---- | M] () -- C:\Users\Vanessa\AppData\Roaming\mozilla\firefox\profiles\h3wstyft.default\searchplugins\icqplugin-9.xml [2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Vanessa\AppData\Roaming\mozilla\firefox\profiles\h3wstyft.default\searchplugins\icqplugin.xml [2010.04.12 14:01:34 | 000,002,456 | ---- | M] () -- C:\Users\Vanessa\AppData\Roaming\mozilla\firefox\profiles\h3wstyft.default\searchplugins\iMeshWebSearch.xml [2009.07.12 23:05:16 | 000,009,941 | ---- | M] () -- C:\Users\Vanessa\AppData\Roaming\mozilla\firefox\profiles\h3wstyft.default\searchplugins\mywebsearch.xml [2011.04.28 19:42:58 | 000,001,975 | ---- | M] () -- C:\Users\Vanessa\AppData\Roaming\mozilla\firefox\profiles\h3wstyft.default\searchplugins\plasmoo.xml [2012.08.22 15:41:42 | 000,002,270 | ---- | M] () -- C:\Users\Vanessa\AppData\Roaming\mozilla\firefox\profiles\h3wstyft.default\searchplugins\SearchTheWeb.xml [2012.04.11 18:03:42 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.03.12 21:09:08 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.10.06 20:19:07 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2012.04.11 18:03:42 | 000,000,000 | ---D | M] (Iminent WebBooster) -- C:\Programme\Mozilla Firefox\extensions\webbooster@iminent.com [2012.08.30 16:27:33 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\VANESSA\APPDATA\ROAMING\13001.042 [2012.06.17 18:14:46 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.17 18:14:43 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.17 18:14:43 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.17 18:14:43 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.04.12 14:01:34 | 000,002,456 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\iMeshWebSearch.xml [2012.06.17 18:14:43 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.23 13:02:16 | 000,002,157 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchTheWeb.xml [2012.06.17 18:14:43 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.17 18:14:43 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Iminent (Enabled) CHR - default_search_provider: search_url = hxxp://search.iminent.com/?appId=7B844C31-848F-44B8-B728-2C58F1B919BF&ref=toolbox&q={searchTerms} CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://search.iminent.com/?appId=7B844C31-848F-44B8-B728-2C58F1B919BF CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 6.0.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 6.0.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 6.0.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 6.0.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 6.0.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\2.0.40115.0\npctrl.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Users\Vanessa\AppData\Roaming\Mozilla\plugins\np-mswmp.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.168\pdf.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Iminent = C:\Users\Vanessa\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\4.43.0_0\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (UrlHelper Class) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Programme\iMesh Applications\MediaBar\DataMngr\IEBHO.dll (iMesh, Inc) O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Programme\IMinent Toolbar\tbcore3.dll () O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found. O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Programme\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent) O2 - BHO: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Programme\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll () O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Programme\IMinent Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Programme\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll () O3 - HKU\S-1-5-21-1520116365-816098757-2297299363-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1520116365-816098757-2297299363-1000\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Programme\IMinent Toolbar\tbcore3.dll () O4 - HKLM..\Run: [AVG8_TRAY] C:\Programme\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [DataMngr] C:\Programme\iMesh Applications\MediaBar\DataMngr\DataMngrUI.exe (iMesh, Inc) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Iminent] C:\Program Files\Iminent\Iminent.exe (Iminent) O4 - HKLM..\Run: [IminentMessenger] C:\Program Files\Iminent\Iminent.Messengers.exe (Iminent) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\Vanessa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Vanessa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-21-1520116365-816098757-2297299363-1000\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23E12A94-F7AD-453B-8AB3-99D046FDC74F}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42EF9CC3-56C9-4D93-944A-406D3693BE15}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\DataMngr\datamngr.dll) - C:\Programme\iMesh Applications\MediaBar\DataMngr\datamngr.dll (iMesh, Inc) O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Vanessa\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Vanessa\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{2597e768-498c-11e0-897c-001f1664d863}\Shell - "" = AutoRun O33 - MountPoints2\{2597e768-498c-11e0-897c-001f1664d863}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe O33 - MountPoints2\{4d58667a-887c-11e0-93e5-001f1664d863}\Shell - "" = AutoRun O33 - MountPoints2\{4d58667a-887c-11e0-93e5-001f1664d863}\Shell\AutoRun\command - "" = F:\DPFMate.exe O33 - MountPoints2\{d5ffbfe2-4e77-11de-8802-001f1664d863}\Shell - "" = AutoRun O33 - MountPoints2\{d5ffbfe2-4e77-11de-8802-001f1664d863}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\infocenter.exe O33 - MountPoints2\{ebec0069-cd9d-11df-9ad8-001f1664d863}\Shell - "" = AutoRun O33 - MountPoints2\{ebec0069-cd9d-11df-9ad8-001f1664d863}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.hta O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.10.07 14:58:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Vanessa\Desktop\OTL.exe [2012.10.07 14:58:40 | 000,000,000 | ---D | C] -- C:\Users\Vanessa\AppData\Roaming\Malwarebytes [2012.10.07 14:58:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.07 14:58:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.07 14:58:28 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.10.07 14:58:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.10.03 15:14:46 | 000,000,000 | R--D | C] -- C:\Alle Bilder [2012.09.15 14:03:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2012.09.15 13:31:16 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2012.09.15 13:31:07 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2012.09.15 13:31:05 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan [2008.09.05 23:34:14 | 006,416,169 | ---- | C] (Kellogg's ) -- C:\Users\Vanessa\Rock Deinen PC Vol 4.exe [2 C:\Users\Vanessa\AppData\Roaming\*.tmp files -> C:\Users\Vanessa\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== File not found -- C:\Users\Vanessa\Desktop\Horses. My life. My love. My death. (kussmund mit zwinker).My life.My Love.My death. [2012.10.07 18:04:42 | 000,000,286 | ---- | M] () -- C:\ProgramData\hpqp.ini [2012.10.07 18:04:18 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.07 18:04:18 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.07 18:04:18 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.07 18:04:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.07 17:53:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.07 17:25:13 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.07 15:01:11 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.10.07 15:01:11 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.10.07 15:01:11 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.10.07 15:01:11 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.10.07 14:58:31 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.07 14:54:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vanessa\Desktop\OTL.exe [2012.10.03 14:51:00 | 058,476,226 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2012.09.16 20:12:44 | 000,000,478 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Vanessa.job [2012.09.15 14:03:06 | 000,001,947 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012.09.15 13:30:58 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.09.15 13:30:58 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.09.10 22:02:44 | 000,000,034 | ---- | M] () -- C:\Users\Vanessa\AppData\Roaming\blckdom.res [2 C:\Users\Vanessa\AppData\Roaming\*.tmp files -> C:\Users\Vanessa\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== File not found -- C:\Users\Vanessa\Desktop\Horses. My life. My love. My death. (kussmund mit zwinker).My life.My Love.My death. [2012.10.07 14:58:31 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.15 13:31:07 | 000,001,947 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012.08.31 17:59:12 | 000,198,200 | ---- | C] () -- C:\Users\Vanessa\AppData\Roaming\AcroIEHelpe205.dll [2012.08.30 16:27:50 | 000,007,424 | ---- | C] () -- C:\Users\Vanessa\AppData\Roaming\BAcroIEHelpe204.dll [2012.08.23 22:01:53 | 000,000,034 | ---- | C] () -- C:\Users\Vanessa\AppData\Roaming\blckdom.res [2012.08.22 20:24:29 | 000,000,011 | ---- | C] () -- C:\Users\Vanessa\AppData\Roaming\urhtps.dat [2012.08.20 20:05:09 | 000,000,000 | -H-- | C] () -- C:\Users\Vanessa\AppData\Roaming\winbras.sys [2012.08.16 15:39:12 | 000,006,400 | ---- | C] () -- C:\Users\Vanessa\AppData\Roaming\BAcroIEHelpe192.dll [2012.08.13 19:37:31 | 000,006,400 | ---- | C] () -- C:\Users\Vanessa\AppData\Roaming\BAcroIEHelpe188.dll [2012.08.10 20:05:34 | 000,006,400 | ---- | C] () -- C:\Users\Vanessa\AppData\Roaming\BAcroIEHelpe187.dll [2012.08.09 12:24:09 | 000,006,400 | ---- | C] () -- C:\Users\Vanessa\AppData\Roaming\BAcroIEHelpe186.dll [2012.08.08 13:17:16 | 000,006,400 | ---- | C] () -- C:\Users\Vanessa\AppData\Roaming\BAcroIEHelpe184.dll [2012.08.07 13:40:23 | 000,006,400 | ---- | C] () -- C:\Users\Vanessa\AppData\Roaming\BAcroIEHelpe182.dll [2012.07.31 22:35:41 | 000,006,400 | ---- | C] () -- C:\Users\Vanessa\AppData\Roaming\BAcroIEHelpe179.dll [2012.07.29 22:54:35 | 000,006,400 | ---- | C] () -- C:\Users\Vanessa\AppData\Roaming\BAcroIEHelpe177.dll [2012.07.18 18:03:42 | 000,006,400 | ---- | C] () -- C:\Users\Vanessa\AppData\Roaming\BAcroIEHelpe171.dll [2012.07.16 14:07:29 | 000,006,400 | ---- | C] () -- C:\Users\Vanessa\AppData\Roaming\BAcroIEHelpe169.dll [2012.07.15 19:21:45 | 000,006,400 | ---- | C] () -- C:\Users\Vanessa\AppData\Roaming\BAcroIEHelpe168.dll [2012.07.12 13:19:54 | 000,006,400 | ---- | C] () -- C:\Users\Vanessa\AppData\Roaming\BAcroIEHelpe166.dll [2012.07.11 15:32:36 | 000,006,400 | ---- | C] () -- C:\Users\Vanessa\AppData\Roaming\BAcroIEHelpe165.dll [2011.07.24 11:38:34 | 000,020,304 | ---- | C] () -- C:\Users\Vanessa\AppData\Roaming\UserTile.png [2010.12.05 14:46:55 | 000,000,010 | ---- | C] () -- C:\Windows\WININIT.INI [2010.01.05 10:46:12 | 000,000,552 | ---- | C] () -- C:\Users\Vanessa\AppData\Local\d3d8caps.dat [2009.12.29 09:37:34 | 000,000,680 | ---- | C] () -- C:\Users\Vanessa\AppData\Local\d3d9caps.dat [2009.05.09 15:38:17 | 000,005,562 | ---- | C] () -- C:\Users\Vanessa\AppData\Roaming\wklnhst.dat [2009.03.22 15:45:22 | 000,011,264 | ---- | C] () -- C:\Users\Vanessa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.02.02 21:36:33 | 000,000,286 | ---- | C] () -- C:\ProgramData\hpqp.ini ========== ZeroAccess Check ========== [2008.01.21 04:25:01 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@ [2012.08.20 16:40:31 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L [2012.10.07 18:02:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U [2012.10.07 14:40:24 | 000,000,804 | ---- | M] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L\00000004.@ [2012.10.03 14:48:57 | 000,087,040 | ---- | M] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\80000032.@ [2012.08.22 18:31:15 | 000,002,048 | -HS- | M] () -- C:\Users\Vanessa\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@ [2008.01.21 04:25:01 | 000,000,000 | -HSD | M] -- C:\Users\Vanessa\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L [2008.01.21 04:25:01 | 000,000,000 | -HSD | M] -- C:\Users\Vanessa\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [2012.10.07 18:04:22 | 000,005,120 | ---- | M] () -- C:\Windows\assembly\GAC\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2008.11.06 15:14:25 | 011,580,928 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 06:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 04:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010.07.03 16:25:19 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\WildTangent [2012.07.06 16:18:35 | 000,000,000 | ---D | M] -- C:\Users\Vanessa\AppData\Roaming\13001.017 [2012.07.07 16:33:59 | 000,000,000 | ---D | M] -- C:\Users\Vanessa\AppData\Roaming\13001.018 [2012.07.08 14:22:16 | 000,000,000 | ---D | M] -- C:\Users\Vanessa\AppData\Roaming\13001.019 [2012.07.09 12:13:23 | 000,000,000 | ---D | M] -- C:\Users\Vanessa\AppData\Roaming\13001.020 [2012.07.10 14:32:35 | 000,000,000 | ---D | M] -- C:\Users\Vanessa\AppData\Roaming\13001.021 [2012.07.11 15:32:24 | 000,000,000 | ---D | M] -- C:\Users\Vanessa\AppData\Roaming\13001.022 [2012.07.12 20:56:40 | 000,000,000 | ---D | M] -- C:\Users\Vanessa\AppData\Roaming\13001.023 [2012.07.13 18:56:12 | 000,000,000 | ---D | M] -- C:\Users\Vanessa\AppData\Roaming\13001.024 [2012.07.14 21:04:32 | 000,000,000 | ---D | M] -- C:\Users\Vanessa\AppData\Roaming\13001.025 [2012.07.18 18:03:27 | 000,000,000 | ---D | M] -- C:\Users\Vanessa\AppData\Roaming\13001.027 [2012.07.20 23:38:56 | 000,000,000 | ---D | M] -- C:\Users\Vanessa\AppData\Roaming\13001.028 [2012.07.25 12:58:15 | 000,000,000 | ---D | M] -- C:\Users\Vanessa\AppData\Roaming\13001.029 [2012.07.29 22:54:23 | 000,000,000 | ---D | M] -- C:\Users\Vanessa\AppData\Roaming\13001.031 [2012.07.31 22:35:30 | 000,000,000 | ---D | M] -- C:\Users\Vanessa\AppData\Roaming\13001.033 [2012.08.06 16:54:42 | 000,000,000 | ---D | M] -- C:\Users\Vanessa\AppData\Roaming\13001.034 [2012.08.07 13:40:12 | 000,000,000 | ---D | M] -- C:\Users\Vanessa\AppData\Roaming\13001.035 [2012.08.08 13:17:07 | 000,000,000 | ---D | M] -- C:\Users\Vanessa\AppData\Roaming\13001.036 [2012.08.08 16:07:54 | 000,000,000 | ---D | M] -- C:\Users\Vanessa\AppData\Roaming\13001.037 [2012.08.09 11:30:02 | 000,000,000 | ---D | M] -- C:\Users\Vanessa\AppData\Roaming\13001.038 [2012.08.10 20:05:21 | 000,000,000 | ---D | M] -- C:\Users\Vanessa\AppData\Roaming\13001.040 [2012.08.15 15:51:03 | 000,000,000 | ---D | M] -- C:\Users\Vanessa\AppData\Roaming\13001.041 [2012.08.30 16:27:33 | 000,000,000 | ---D | M] -- C:\Users\Vanessa\AppData\Roaming\13001.042 [2010.07.24 20:02:04 | 000,000,000 | ---D | M] -- C:\Users\Vanessa\AppData\Roaming\AlderGames [2010.12.05 15:44:59 | 000,000,000 | ---D | M] -- C:\Users\Vanessa\AppData\Roaming\Canon [2009.03.07 22:15:01 | 000,000,000 | ---D | M] -- C:\Users\Vanessa\AppData\Roaming\cerasus.media [2010.08.02 17:36:34 | 000,000,000 | ---D | M] -- C:\Users\Vanessa\AppData\Roaming\Chicken Chase [2011.05.19 21:37:22 | 000,000,000 | ---D | M] -- C:\Users\Vanessa\AppData\Roaming\DVDVideoSoftIEHelpers [2009.03.16 19:33:35 | 000,000,000 | ---D | M] -- C:\Users\Vanessa\AppData\Roaming\FloodLightGames [2009.03.20 16:20:13 | 000,000,000 | ---D | M] -- C:\Users\Vanessa\AppData\Roaming\funkitron [2009.03.08 16:02:46 | 000,000,000 | ---D | M] -- C:\Users\Vanessa\AppData\Roaming\Gaijin Ent [2010.06.26 09:10:45 | 000,000,000 | ---D | M] -- C:\Users\Vanessa\AppData\Roaming\Hrsim [2012.08.16 15:46:44 | 000,000,000 | ---D | M] -- C:\Users\Vanessa\AppData\Roaming\ICQ [2012.04.11 18:03:50 | 000,000,000 | ---D | M] -- C:\Users\Vanessa\AppData\Roaming\Iminent [2012.08.28 17:54:50 | 000,000,000 | ---D | M] -- C:\Users\Vanessa\AppData\Roaming\kock [2011.06.04 11:00:05 | 000,000,000 | ---D | M] -- C:\Users\Vanessa\AppData\Roaming\muvee Technologies [2012.07.09 19:20:12 | 000,000,000 | ---D | M] -- C:\Users\Vanessa\AppData\Roaming\PhotoScape [2009.05.18 11:47:31 | 000,000,000 | ---D | M] -- C:\Users\Vanessa\AppData\Roaming\PlayFirst [2009.04.07 12:14:29 | 000,000,000 | ---D | M] -- C:\Users\Vanessa\AppData\Roaming\SPORE Creature Creator [2009.05.09 15:38:18 | 000,000,000 | ---D | M] -- C:\Users\Vanessa\AppData\Roaming\Template [2012.09.16 03:16:56 | 000,000,000 | ---D | M] -- C:\Users\Vanessa\AppData\Roaming\UAs [2009.07.28 17:30:05 | 000,000,000 | ---D | M] -- C:\Users\Vanessa\AppData\Roaming\Wildlife Park 2 [2009.07.27 18:16:33 | 000,000,000 | ---D | M] -- C:\Users\Vanessa\AppData\Roaming\Wildlife Park 2 - Abenteuer auf der Ranch [2009.03.07 10:00:39 | 000,000,000 | ---D | M] -- C:\Users\Vanessa\AppData\Roaming\WildTangent [2012.09.16 03:16:56 | 000,000,000 | ---D | M] -- C:\Users\Vanessa\AppData\Roaming\xmldm ========== Purity Check ========== ========== Files - Unicode (All) ========== [2012.09.16 19:48:31 | 000,000,000 | ---D | M](C:\Users\Vanessa\Desktop\Mein Traum ?) -- C:\Users\Vanessa\Desktop\Mein Traum ♥ [2012.07.17 01:30:59 | 000,000,000 | ---D | C](C:\Users\Vanessa\Desktop\Mein Traum ?) -- C:\Users\Vanessa\Desktop\Mein Traum ♥ ========== Alternate Data Streams ========== @Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp:F036C20D @Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp:50DD4118 @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:68A56598 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:9857FAE3 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:A6CDBCAC @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:3118E26B @Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:404390E0 < End of report > Grüße Nico |
| Themen zu AVG meldet: services.exe mit Trojaner infiziert |
| autorun, avg, bho, canon, converter, explorer, firefox, flash player, format, home, iminent, iminent toolbar, infiziert, intranet, logfile, mp3, plug-in, programm, prozess, realtek, registry, rundll, scan, security, services.exe, software, system, trojaner, vista, windows |
Baum-Darstellung