Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: C:/Users/Appdata/Local/Temp/WAB.log

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 19.04.2011, 00:28   #1
Salzstreuer
 
C:/Users/Appdata/Local/Temp/WAB.log - Standard

C:/Users/Appdata/Local/Temp/WAB.log



hallo alle zusammen,

ich habe mir anscheinend geestern einen virus oder so eingefangen. seitdem sind alle dateien und bilder weg. es wird immer wieder folgendes angezeigt:

C:/Users/Appdata/Local/Temp/WAB.log

wenn ich aber z.b. bei word auf zuletzt bearbeitete dokumente gehe kann ich dir dateien öffnen. hab zwei mal das system zurückgesetzt, aber hat an dem verschwunden sein nichts geändert.
hab mich jetzt durchs forum gelesen und per otl die logs herausgesucht.

OTL Logfile:
OTL EXTRAS Logfile:
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL logfile created on: 19.04.2011 00:42:24 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Sally\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,00 Gb Available Physical Memory | 19,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 61,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,37 Gb Total Space | 34,13 Gb Free Space | 29,33% Space Free | Partition Type: NTFS
Drive E: | 115,05 Gb Total Space | 107,66 Gb Free Space | 93,57% Space Free | Partition Type: NTFS
 
Computer Name: SALLY-PC | User Name: Sally | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Sally\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Norton 360\Engine\5.0.0.125\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Ralink\Common\RalinkRegistryWriter.exe (Ralink Technology, Corp.)
PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATIEDE.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe ()
PRC - C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Programme\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()
PRC - C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - c:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - c:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
PRC - C:\Programme\IDM\Desktop SMS\DesktopSMS.exe (Interactive Digital Media)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Programme\Common Files\microsoft shared\Works Shared\WksCal.exe (Microsoft® Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Works Shared\wkcalrem.exe (Microsoft® Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Sally\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Programme\Norton 360\Engine\5.0.0.125\asOEHook.dll (Symantec Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)
MOD - C:\Programme\Norton 360\Engine\5.0.0.125\Microsoft.VC90.CRT\msvcr90.dll (Microsoft Corporation)
MOD - C:\Programme\Norton 360\Engine\5.0.0.125\Microsoft.VC90.CRT\msvcp90.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (N360) -- C:\Program Files\Norton 360\Engine\5.0.0.125\ccSvcHst.exe (Symantec Corporation)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (RalinkRegistryWriter) -- C:\Programme\Ralink\Common\RalinkRegistryWriter.exe (Ralink Technology, Corp.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
SRV - (AntiVirScheduler) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
SRV - (TNaviSrv) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TosCoSrv) -- c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (TOSHIBA SMART Log Service) -- c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110418.002\navex15.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20110418.002\naveng.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110415.003\IDSvix86.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110309.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SYMTDIV) -- C:\Windows\system32\drivers\N360\0500000.07D\SYMTDIV.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\system32\drivers\N360\0500000.07D\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\N360\0500000.07D\SRTSPX.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\N360\0500000.07D\SYMEFA.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\N360\0500000.07D\Ironx86.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\system32\drivers\N360\0500000.07D\SYMDS.SYS (Symantec Corporation)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (RTL8187B) -- C:\Windows\System32\drivers\rtl8187B.sys (Realtek Semiconductor Corporation )
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (AVIRA GmbH)
DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (avgio) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://alice.aol.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://alice.aol.de
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=hxxp://de.search.yahoo.com/search?fr=ffpro-nb&p="
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.studivz.net"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {2122962a-1424-fffe-19af-bba2ef3eff4a}:1.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.04.17 23:51:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011.04.18 23:38:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn\ [2011.04.18 23:34:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.16 16:12:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.01 11:22:54 | 000,000,000 | ---D | M]
 
[2009.05.14 20:02:15 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Sally\AppData\Roaming\mozilla\Extensions
[2011.04.18 23:39:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sally\AppData\Roaming\mozilla\Firefox\Profiles\wq7dbfm8.default\extensions
[2011.04.17 23:52:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sally\AppData\Roaming\mozilla\Firefox\Profiles\wq7dbfm8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.17 23:52:10 | 000,000,000 | ---D | M] (YouTube Downloader for Facebook) -- C:\Users\Sally\AppData\Roaming\mozilla\Firefox\Profiles\wq7dbfm8.default\extensions\{2122962a-1424-fffe-19af-bba2ef3eff4a}
[2011.04.17 23:52:10 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Sally\AppData\Roaming\mozilla\Firefox\Profiles\wq7dbfm8.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.04.17 23:52:10 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Sally\AppData\Roaming\mozilla\Firefox\Profiles\wq7dbfm8.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.04.17 23:52:10 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\Sally\AppData\Roaming\mozilla\Firefox\Profiles\wq7dbfm8.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011.04.17 23:52:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sally\AppData\Roaming\mozilla\Firefox\Profiles\wq7dbfm8.default\extensions\moveplayer@movenetworks.com
[2010.08.06 08:07:37 | 000,000,873 | -H-- | M] () -- C:\Users\Sally\AppData\Roaming\Mozilla\Firefox\Profiles\wq7dbfm8.default\searchplugins\conduit.xml
[2010.01.24 21:17:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.05.14 20:03:26 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009.05.14 20:03:26 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{635ABD67-4FE9-1B23-4F01-E679FA7484C1}
[2011.04.18 23:34:39 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\COFFPLGN
[2011.04.18 23:38:05 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPLGN
[2011.04.17 23:51:45 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2008.03.15 15:56:14 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2008.10.13 20:34:40 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2008.02.19 16:40:48 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2006.12.03 17:59:22 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2006.11.17 13:19:24 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\5.0.0.125\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\5.0.0.125\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe (Interactive Digital Media)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [EPSON SX100 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [setuptx] File not found
O4 - HKCU..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Download with Xilisoft YouTube Video Converter - C:\Programme\Xilisoft\YouTube Video Converter\upod_link.HTM ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Sally\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Sally\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Sally\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{31c94bdb-cd3f-11dd-b103-001644aa7e93}\Shell\AutoRun\command - "" = wscript.exe .\.vbs
O33 - MountPoints2\{31c94bdb-cd3f-11dd-b103-001644aa7e93}\Shell\open\command - "" = wscript.exe .\.vbs
O33 - MountPoints2\{49141fc7-1633-11de-aee7-001644aa7e93}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{49141fdb-1633-11de-aee7-001644aa7e93}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{4c6c3f8b-45f1-11dd-9bad-001e333302a6}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{4d9e3962-c485-11dd-b708-001e333302a6}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{5eb4e7a8-5c6e-11df-a5c2-001e333302a6}\Shell - "" = AutoRun
O33 - MountPoints2\{5eb4e7a8-5c6e-11df-a5c2-001e333302a6}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{6d674f2f-7adf-11de-ac14-001644aa7e93}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{c0588d7c-d2e2-11de-b802-001644aa7e93}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.18 23:42:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\N360_BACKUP
[2011.04.18 23:36:47 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011.04.18 23:36:47 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Symantec Shared
[2011.04.18 23:36:47 | 000,000,000 | ---D | C] -- C:\Programme\Symantec
[2011.04.18 23:36:18 | 000,652,336 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\SymEFA.sys
[2011.04.18 23:36:18 | 000,509,560 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\srtsp.sys
[2011.04.18 23:36:18 | 000,340,016 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\SymDS.sys
[2011.04.18 23:36:18 | 000,330,360 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\symtdiv.sys
[2011.04.18 23:36:18 | 000,295,032 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\symnets.sys
[2011.04.18 23:36:18 | 000,050,168 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\srtspx.sys
[2011.04.18 23:36:17 | 000,136,312 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0500000.07D\Ironx86.sys
[2011.04.18 23:36:10 | 000,106,928 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2011.04.18 23:35:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360
[2011.04.18 23:35:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0500000.07D
[2011.04.18 23:34:39 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2011.04.18 23:34:39 | 000,000,000 | ---D | C] -- C:\Programme\Norton 360
[2011.04.18 23:34:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011.04.18 23:06:40 | 000,000,000 | ---D | C] -- C:\Programme\NortonInstaller
[2011.04.18 23:06:40 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011.04.18 03:03:59 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.04.18 00:27:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Scavenger 3.2
[2011.04.18 00:27:45 | 000,000,000 | ---D | C] -- C:\Programme\File Scavenger 3.2
[2011.04.18 00:26:23 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.18 00:26:22 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.18 00:26:01 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.18 00:26:00 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.18 00:25:40 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.18 00:25:22 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.18 00:25:15 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.04.18 00:25:14 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.04.18 00:25:13 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.18 00:25:13 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.04.18 00:25:12 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.18 00:25:10 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.18 00:25:10 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2011.04.18 00:25:09 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.04.18 00:25:09 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.04.18 00:24:57 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.18 00:24:50 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.18 00:24:49 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.18 00:16:42 | 000,000,000 | ---D | C] -- C:\Users\Sally\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar
[2011.04.18 00:16:42 | 000,000,000 | ---D | C] -- C:\Programme\Convar
[2011.04.17 21:13:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\WindowsSearch
[2011.04.05 15:00:44 | 000,000,000 | -H-D | C] -- C:\Users\Sally\Desktop\Fotoseminar
[2011.03.31 20:54:25 | 000,000,000 | -H-D | C] -- C:\Users\Sally\Desktop\Hagen
[2011.03.31 15:46:59 | 000,000,000 | -H-D | C] -- C:\Users\Sally\Desktop\Internationales Seminar
[2011.03.27 20:36:40 | 000,000,000 | -H-D | C] -- C:\Users\Sally\Desktop\Musik Dini
[2011.03.27 20:36:12 | 000,000,000 | -H-D | C] -- C:\Users\Sally\Desktop\Neuer Ordner
[2011.03.27 20:36:01 | 000,000,000 | -H-D | C] -- C:\Users\Sally\Desktop\Berlin 11.-13.03.11
[2011.03.27 20:35:51 | 000,000,000 | -H-D | C] -- C:\Users\Sally\Desktop\Einweihungsfeiern + Andis Bday 05.02.2011
[2011.03.20 17:41:26 | 000,000,000 | ---D | C] -- C:\Users\Sally\Desktop\Musik Malte
[3 C:\Users\Sally\Documents\*.tmp files -> C:\Users\Sally\Documents\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Sally\Desktop\*.tmp files -> C:\Users\Sally\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.19 00:58:58 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.19 00:52:17 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{742D2DE0-19AB-4724-9CD2-0711A34EF90E}.job
[2011.04.19 00:00:03 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.18 23:38:00 | 002,132,488 | ---- | M] () -- C:\Windows\System32\drivers\N360\0500000.07D\Cat.DB
[2011.04.18 23:36:47 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011.04.18 23:36:47 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011.04.18 23:36:47 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011.04.18 23:36:40 | 000,002,154 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011.04.18 23:32:40 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.18 23:32:35 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.18 23:32:35 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.18 23:32:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.18 23:32:20 | 2136,952,832 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.18 17:49:31 | 000,644,136 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.18 17:49:31 | 000,600,690 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.18 17:49:31 | 000,131,388 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.18 17:49:31 | 000,108,572 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.18 09:13:33 | 000,005,864 | ---- | M] () -- C:\Users\Sally\AppData\Local\d3d9caps.dat
[2011.04.18 03:42:37 | 000,280,136 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.18 03:18:27 | 000,000,127 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2011.04.18 01:12:16 | 003,647,912 | ---- | M] () -- C:\Users\Sally\Desktop\PRPCDEM.zip
[2011.04.18 00:17:45 | 000,001,120 | ---- | M] () -- C:\Users\Sally\Desktop\PC Inspector File Recovery.lnk
[2011.04.17 19:43:36 | 000,000,160 | -H-- | M] () -- C:\ProgramData\~43376392r
[2011.04.17 19:43:36 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~43376392
[2011.04.17 19:43:07 | 000,000,336 | -H-- | M] () -- C:\ProgramData\43376392
[2011.04.10 20:04:30 | 000,842,808 | -H-- | M] () -- C:\Users\Sally\Documents\Guideline-Bachelor-Thesis-2010.pdf
[2011.03.23 15:53:04 | 000,002,605 | ---- | M] () -- C:\Users\Sally\Desktop\Microsoft Word.lnk
[2011.03.20 18:00:33 | 000,080,330 | -H-- | M] () -- C:\Users\Sally\Desktop\BTRD April.pdf
[3 C:\Users\Sally\Documents\*.tmp files -> C:\Users\Sally\Documents\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Sally\Desktop\*.tmp files -> C:\Users\Sally\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.18 23:37:29 | 002,132,488 | ---- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\Cat.DB
[2011.04.18 23:36:47 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011.04.18 23:36:47 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011.04.18 23:36:40 | 000,002,154 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011.04.18 23:35:38 | 000,001,474 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymNetV.inf
[2011.04.18 23:35:37 | 000,003,374 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymEFA.inf
[2011.04.18 23:35:37 | 000,002,792 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymDS.inf
[2011.04.18 23:35:37 | 000,001,446 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymNet.inf
[2011.04.18 23:35:37 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\srtspx.inf
[2011.04.18 23:35:37 | 000,001,383 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\srtsp.inf
[2011.04.18 23:35:37 | 000,000,742 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\Iron.inf
[2011.04.18 23:35:13 | 000,007,877 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\symnetv.cat
[2011.04.18 23:35:13 | 000,007,528 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\iron.cat
[2011.04.18 23:35:13 | 000,007,458 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymNet.cat
[2011.04.18 23:35:13 | 000,007,456 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymEFA.cat
[2011.04.18 23:35:13 | 000,007,454 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\srtspx.cat
[2011.04.18 23:35:13 | 000,007,450 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\SymDS.cat
[2011.04.18 23:35:13 | 000,007,450 | R--- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\srtsp.cat
[2011.04.18 23:35:13 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\N360\0500000.07D\isolate.ini
[2011.04.18 03:18:26 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.04.18 01:12:11 | 003,647,912 | ---- | C] () -- C:\Users\Sally\Desktop\PRPCDEM.zip
[2011.04.18 00:16:43 | 000,001,120 | ---- | C] () -- C:\Users\Sally\Desktop\PC Inspector File Recovery.lnk
[2011.04.17 19:43:36 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~43376392r
[2011.04.17 19:43:35 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~43376392
[2011.04.17 19:43:07 | 000,000,336 | -H-- | C] () -- C:\ProgramData\43376392
[2011.04.10 20:04:30 | 000,842,808 | -H-- | C] () -- C:\Users\Sally\Documents\Guideline-Bachelor-Thesis-2010.pdf
[2011.03.20 18:00:33 | 000,080,330 | -H-- | C] () -- C:\Users\Sally\Desktop\BTRD April.pdf
[2011.03.15 14:29:34 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011.03.15 14:29:34 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.12.15 19:44:09 | 000,000,801 | -H-- | C] () -- C:\Users\Sally\AppData\Local\RT2870_{D69940F0-4944-4DB2-9DD6-77322C5937EA}_sta
[2010.12.15 19:41:07 | 000,001,579 | -H-- | C] () -- C:\Users\Sally\AppData\Local\RT2870_{D69940F0-4944-4DB2-9DD6-77322C5937EA}_prof
[2010.12.05 15:04:49 | 000,013,931 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2010.05.16 16:31:09 | 000,005,864 | ---- | C] () -- C:\Users\Sally\AppData\Local\d3d9caps.dat
[2010.04.06 18:49:44 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010.04.06 18:49:43 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010.04.06 18:49:43 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010.04.06 18:49:43 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010.04.06 18:49:43 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010.04.06 18:49:43 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010.04.06 18:49:43 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010.04.06 18:49:43 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010.04.06 18:49:43 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010.04.06 18:49:43 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010.04.06 18:49:43 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2010.04.06 18:49:43 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010.04.06 18:49:43 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010.04.06 18:49:43 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010.04.06 18:49:43 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010.04.06 18:49:43 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010.04.06 18:49:43 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2010.04.06 18:49:43 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2010.04.06 18:49:43 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010.04.06 18:47:01 | 000,000,025 | ---- | C] () -- C:\Windows\CDESX100DEFGIPS.ini
[2010.01.24 12:33:21 | 000,024,064 | -H-- | C] () -- C:\Users\Sally\AppData\Roaming\UserTile.png
[2009.09.20 21:10:05 | 000,000,604 | ---- | C] () -- C:\Windows\Thps3.INI
[2009.05.14 20:02:15 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.05.02 12:41:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.05.01 20:08:37 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.05.01 20:08:37 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.02.12 17:39:20 | 000,024,576 | ---- | C] () -- C:\Users\Sally\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.07 20:39:44 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.06.30 15:34:36 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2008.06.30 15:33:41 | 000,000,024 | ---- | C] () -- C:\Windows\magix.ini
[2008.06.27 20:25:34 | 000,000,016 | -H-- | C] () -- C:\Users\Sally\AppData\Roaming\mxfilerelatedcache.mxc2
[2008.06.27 20:25:34 | 000,000,016 | -H-- | C] () -- C:\Users\Sally\AppData\Local\mxfilerelatedcache.mxc2
[2008.06.27 07:19:11 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008.06.27 07:19:11 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008.06.27 07:19:11 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008.06.27 07:19:10 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008.06.27 07:18:13 | 000,131,072 | ---- | C] () -- C:\Windows\System32\EnumDevLib.dll
[2008.02.22 11:34:00 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008.02.18 17:58:18 | 000,001,104 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.02.18 17:44:09 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008.02.18 17:44:09 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008.02.18 17:44:09 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008.02.18 17:44:09 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008.02.18 17:44:09 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008.02.18 17:44:09 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008.02.18 16:57:01 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.02.18 16:55:43 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008.02.18 16:55:43 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008.02.18 16:55:43 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2008.02.18 16:55:43 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008.01.28 18:01:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008.01.28 18:01:06 | 000,471,040 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008.01.28 17:53:02 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008.01.28 17:53:02 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008.01.28 17:53:02 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008.01.28 17:52:28 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2008.01.21 09:15:58 | 000,644,136 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,131,388 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.10.25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,280,136 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,600,690 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,108,572 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004.02.26 20:03:58 | 000,320,000 | ---- | C] () -- C:\Windows\System32\Reg.dll
[1999.01.22 20:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
 
< End of report >
         
--- --- ---

--- --- ---

--- --- ---










Code:
ATTFilter
 
OTL Extras logfile created on: 19.04.2011 00:42:24 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Sally\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,00 Gb Available Physical Memory | 19,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 61,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,37 Gb Total Space | 34,13 Gb Free Space | 29,33% Space Free | Partition Type: NTFS
Drive E: | 115,05 Gb Total Space | 107,66 Gb Free Space | 93,57% Space Free | Partition Type: NTFS
 
Computer Name: SALLY-PC | User Name: Sally | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1E9C9835-A73A-4BDE-950C-646B5EFDCA49}" = lport=139 | protocol=6 | dir=in | app=system | 
"{50B8D7B7-8627-4C4F-98FC-A9D1ABF7A374}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{7AC6A497-BE76-4A7E-98A8-C9F531E2C46E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7E0A3D54-005F-4DB1-B919-DC5C16F49F5F}" = rport=137 | protocol=17 | dir=out | app=system | 
"{86885190-27AF-4B89-B6F4-D924D9A97239}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8D16D3CB-3A09-400A-8197-1D07FC691742}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{8F2FFEA6-D6F1-4525-8367-5D2F8A1A7666}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A18CD79C-DF64-4CC7-A9E5-857C569BD368}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{AB67EDDE-7F7D-49B0-861D-28CCF64614C7}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B7A5CE84-74C8-4A34-99C9-EE5F021DB7B5}" = rport=138 | protocol=17 | dir=out | app=system | 
"{CBEA443A-304F-499F-9259-B0892B405DE1}" = lport=138 | protocol=17 | dir=in | app=system | 
"{D1CB42CF-62B5-43D2-9AB6-0E6964849C29}" = lport=445 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05DC1BDE-093E-4DC1-99DF-E6FC49F4FAAC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{2AA3BB95-9B6F-48CA-92B2-BBD9FEAB3F1C}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{5038D4B0-C76E-4E74-8F75-2C127614ABA5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{6347B604-9D74-4454-81E9-30D54E9466C6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{8459D6B1-34E3-4DA8-8B74-C7D7AC5BD6E8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{8A7AF852-E139-4DA3-8727-301F259F2CB4}" = protocol=17 | dir=in | app=c:\users\sally\downloads\freeyoutubedownloader_setup.exe | 
"{9D97FFB5-12E1-412F-BDC7-A2DEB0973F51}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{9E5C9429-C550-4D73-959F-8CCD7801AD9F}" = protocol=6 | dir=in | app=c:\users\sally\downloads\freeyoutubedownloader_setup.exe | 
"{AA4E8AD2-5B63-4ED6-A06A-E509C55B7AB2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CC8C6EF2-A4A7-41FF-8679-9F29965CFA6A}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{D5E0DDFB-83B5-466D-8E2F-4D2B4DBCA3F5}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{DEDBB377-8E5F-4D10-9FC7-2CCB35165A2C}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{FEEF8597-D03E-4DC6-BAB1-FBB3B132E1CC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{00170407-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00D0200F-3B4D-4A2F-869E-533ED835A943}" = Hervorhebe-Funktion (Windows Live Toolbar)
"{02CA24DD-C8B0-4280-BE53-7862869C2EB1}" = Realtek WiFi Protected Setup Library
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0CE473E5-4187-4D59-8CC0-0983395B37DC}" = GoGear SA19xx Device Manager
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{218761F6-CBF6-4973-B910-A33E6563A1EA}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink Wireless LAN
"{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}" = Smart Menus (Windows Live Toolbar)
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{52E1698D-8B87-4B79-B609-77C763C3E6D9}" = YouTube Video Converter
"{56364334-9530-11D2-BFFC-00C04FA329AA}" = Microsoft Works 2000
"{56995235-B76E-44A6-BA17-8FF13D3F907A}" = TOSHIBA Benutzerhandbücher
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5980B928-1C95-4B3E-957B-B02D8147FF9E}" = Desktop SMS
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites für Windows Live Toolbar
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-001C-0407-0000-0000000FF1CE}" = Microsoft Office Access Runtime (German) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90AB0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 1
"{90AC0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 2
"{90AD0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 3
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF35000B-8247-449B-85C9-D9C2A5936683}" = GoGear SA19xx Device Manager
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Hama Wireless LAN Adapter
"{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = Die Sims 2: Nightlife
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AliceHilfe 1.0.0.1" = AliceHilfe
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal – Free Antivirus
"Digital Editions" = Adobe Digital Editions
"DivX Setup.divx.com" = DivX-Setup
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"ElsterFormular 2007 - 2008 NE 2007-2008" = ElsterFormular 2007 - 2008 NE
"ElsterFormular 2008 - 2009 2008-2009" = ElsterFormular 2008 - 2009
"EPSON Scanner" = EPSON Scan
"EPSON Stylus SX100_TX100 Benutzerhandbuch" = EPSON Stylus SX100_TX100 Handbuch
"EPSON SX100 Series" = EPSON SX100 Series Printer Uninstall
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 4.1.0.835 (D)
"MAGIX Foto Suite D" = MAGIX Foto Suite 1.12.0.89 (D)
"MAGIX mp3 maker platinum SE" = MAGIX mp3 maker platinum SE
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"MAGIX playR jukebox" = MAGIX playR jukebox
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"myphotobook" = myphotobook 3.5
"N360" = Norton 360
"Passbild-Generator_is1" = Bewerbungsfoto-/Passbild-Generator v3.0b
"QueTek File Scavenger 3.2 (de)" = File Scavenger 3.2 (de)
"RealPlayer 12.0" = RealPlayer
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Uninstall_is1" = Uninstall 1.0.0.1
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xilisoft YouTube Video Converter" = Xilisoft YouTube Video Converter
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 07.09.2010 17:29:16 | Computer Name = Sally-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.09.2010 05:19:58 | Computer Name = Sally-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 08.09.2010 05:20:39 | Computer Name = Sally-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.09.2010 07:19:26 | Computer Name = Sally-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 08.09.2010 07:20:04 | Computer Name = Sally-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.09.2010 15:17:28 | Computer Name = Sally-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 08.09.2010 15:18:04 | Computer Name = Sally-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.09.2010 03:22:17 | Computer Name = Sally-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.09.2010 06:14:27 | Computer Name = Sally-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 09.09.2010 06:15:01 | Computer Name = Sally-PC | Source = WinMgmt | ID = 10
Description =
         

nach dem ich bei otl den scan hab durchlaufen lassen sind irgendwie zwei fenster aufgegangen. ich weiß nicht, was davon gebruacht wird deswegen hab ich mal den inhalt beider eingefügt.

wäre super, wnen mir jemand helfen kann. bin grad leicht verzweifelt wie ich die sachen alle wiederkriege. war dämlich kein back up zu machen.

liebe grüße

habe über nacht norton 360,anti-malware so wie eben noch norton eraser durchlaufen lassen. dabei wurden mehrere viren entdekct und entfernt. unschönes nebenergebnis ist aber, dass alle dateien wieder weg sind (ich konnte die meisten letzte nacht noch auf eine externe festplatte ziehen, allerdimgs wurden sie mir leicht durchsichtig angezeigt. heisst das sie sind beschädigt?), der desktop wieder komplett schwarz ist und das herunterfahren ewig dauert bzw ich den laptop teilweise selbst ausmachen muss, weil er nicht ausgeht.

Alt 21.04.2011, 15:59   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
C:/Users/Appdata/Local/Temp/WAB.log - Standard

C:/Users/Appdata/Local/Temp/WAB.log



Zitat:
dabei wurden mehrere viren entdekct und entfernt.
Und wer hat dir gesagt, die Logs seien unwichtig und müssen nicht gepostet werden?
__________________

__________________

Alt 21.04.2011, 16:23   #3
Salzstreuer
 
C:/Users/Appdata/Local/Temp/WAB.log - Standard

C:/Users/Appdata/Local/Temp/WAB.log



wieso nicht gepostet? ich habe sie doch gespostet. oder was meinst du?
__________________

Alt 21.04.2011, 16:58   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
C:/Users/Appdata/Local/Temp/WAB.log - Standard

C:/Users/Appdata/Local/Temp/WAB.log



Du hast OTL-Logs gepostet, aber nicht die der Virenscanner mit den Funden.
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu C:/Users/Appdata/Local/Temp/WAB.log
0x00000001, antivir, autorun, avgntflt.sys, avira, bho, c:\windows\system32\rundll32.exe, conduit, converter, desktop, downloader, druck, eraser, error, firefox, flash player, google chrome, home, install.exe, intranet, intrusion prevention, location, logfile, mozilla, mp3, msvcp90.dll, object, oldtimer, otl.exe, plug-in, realtek, rundll, saver, scan, searchplugins, security, shell32.dll, shortcut, skype.exe, software, start menu, studio, svchost.exe, symantec, system, usb 2.0, video converter, virus, vista, wieder weg, wscript.exe, youtube downloader



Ähnliche Themen: C:/Users/Appdata/Local/Temp/WAB.log


  1. TR/Agent.7375 in C:\Users\HerrTest\AppData\Local\Temp\nscA085.tmp\temp\5FT.zip
    Log-Analyse und Auswertung - 18.10.2015 (13)
  2. C:\Users\Be\AppData\Local\Temp\OCS Virus gefunden?
    Plagegeister aller Art und deren Bekämpfung - 05.07.2014 (14)
  3. TR/Dropper/A.15627 in C:\Users\XXX\AppData\Local\Temp\
    Plagegeister aller Art und deren Bekämpfung - 16.04.2014 (1)
  4. C:\Users\****\AppData\Local\Temp\jrscpls.exe
    Plagegeister aller Art und deren Bekämpfung - 30.09.2013 (39)
  5. C:\Users\*****\AppData\Local\Temp\jrscpls.exe
    Plagegeister aller Art und deren Bekämpfung - 23.02.2013 (3)
  6. C:/Users/User/AppData/Local/Temp/er_00_0_l.exe
    Log-Analyse und Auswertung - 17.10.2012 (4)
  7. C:/Users/User/AppData/Local/Temp/i4jdel0.exe
    Plagegeister aller Art und deren Bekämpfung - 20.09.2012 (5)
  8. C:\Users\Name\AppData\Local\Temp\g7i0ol_kaz.exe, was ist das??
    Plagegeister aller Art und deren Bekämpfung - 10.08.2012 (15)
  9. BKA Trojaner | C:\Users\~Name\AppData\Local\Temp\g7i0ol_kaz.exe
    Plagegeister aller Art und deren Bekämpfung - 30.07.2012 (5)
  10. c:\users\***\appdata\local\temp\vcplt.dll
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (21)
  11. C:\Users\***\AppData\Local\Temp!
    Plagegeister aller Art und deren Bekämpfung - 26.03.2012 (1)
  12. Malware in C:\Users\***\AppData\Local\Temp\msdump150auro.tmp
    Log-Analyse und Auswertung - 20.10.2011 (3)
  13. C:\Users\Melissa\AppData\Local\Temp\hdwwdial.dll
    Log-Analyse und Auswertung - 06.05.2011 (23)
  14. TR/FraudPack.kvb.76 in C:\Users\***\AppData\Local\Temp\Fj0.exe
    Plagegeister aller Art und deren Bekämpfung - 31.12.2010 (4)
  15. Virus unter C:\Users\***\AppData\Local\Temp
    Plagegeister aller Art und deren Bekämpfung - 06.07.2010 (2)
  16. XxX.xXx Malware in C:\Users\***\AppData\Local\Temp\XxX.xXx
    Plagegeister aller Art und deren Bekämpfung - 11.05.2010 (10)
  17. BDS/Bredavi.azd in C:\Users\****\AppData\Local\Temp\****.exe
    Plagegeister aller Art und deren Bekämpfung - 29.11.2009 (8)

Zum Thema C:/Users/Appdata/Local/Temp/WAB.log - hallo alle zusammen, ich habe mir anscheinend geestern einen virus oder so eingefangen. seitdem sind alle dateien und bilder weg. es wird immer wieder folgendes angezeigt: C:/Users/Appdata/Local/Temp/WAB.log wenn ich aber - C:/Users/Appdata/Local/Temp/WAB.log...
Archiv
Du betrachtest: C:/Users/Appdata/Local/Temp/WAB.log auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.