Home » Spyware & Browser Hijacker Support Forum » VIRUS...polizeiliche Mitteilung...PC ist gesperrt !!! » Themenansicht
VIRUS...polizeiliche Mitteilung...PC ist gesperrt !!! |
||
|---|---|---|
| #0
| ||
|
20.11.2011, 23:40
...neu hier
Beiträge: 2 |
||
 
|
|
|
|
21.11.2011, 04:41
...neu hier
Themenstarter Beiträge: 2 |
#2
hallo liebe Helfer und User...
habe zusätzlich noch ComboFix drüber scannen lassen und folgendes wurde gefunden und gelöscht: Fund: WIN32/injector.KCP.trojan gelöscht: c:\windows\system32\winservice.exe anschließend habe ich noch eine avira-antivir-rescue-system CD drüber scannen lassen, jedoch waren es dann nur noch Warnungen und keine infected files mehr... die furchtbare...angsteinflößende Warnung von den sogenannten hochwichtigen Herrschaften, daß ich entdeckt...quasi enttarnt sei....erschien zum Glück bis jetzt nicht wieder naja und falls doch werde ich Sie bestimmt nicht übersehen können, denn die erfaßte ja nun mal den kompletten Screen... liebe Grüße und ein gutes Gelingen an Alle... vivi |
|
|
|
|
|
|
21.11.2011, 09:02
Moderator
Beiträge: 5694 |
#3
Hallo
Es ist nicht sinnvoll Combofix ohne Anweisung auszuführen. Es ist ein sehr mächtiges Tool und kann unter Umständen das System lahm legen. Da Du aber bereits gescannt hast poste mir bitte das entsprechende Combofix Log. |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
zuerst bin ich sehr erschrocken, als ich über den ganzen Screen eine polizeiliche Warnung mit meiner IP-Adr.
und meinem Provider laß...
unter diesem Benutzerkonto läßt mein PC sich auch nicht mehr bedienen, so kann ich z.B. auch nicht mehr auf das START Menü zugreifen...
jedoch unter einem anderen Benutzerkonto konnte ich zumindest wieder online gehen und somit hier meinen Hilferuf starten...
vorab habe ich wie empfohlen OTL.exe mit Quick-Scan für alle Benutzerkonten ausgeführt und hier ist
folgendes gescannt worden:
OTL logfile created on: 20.11.2011 22:49:31 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = c:\Users\am Start\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,97 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 59,05% Memory free
6,15 Gb Paging File | 4,68 Gb Available in Paging File | 76,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 192,38 Gb Total Space | 4,04 Gb Free Space | 2,10% Space Free | Partition Type: NTFS
Drive D: | 55,30 Gb Total Space | 54,75 Gb Free Space | 99,01% Space Free | Partition Type: NTFS
Drive E: | 50,41 Gb Total Space | 35,42 Gb Free Space | 70,25% Space Free | Partition Type: NTFS
Computer Name: VIVI | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2011.11.20 22:36:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- c:\Users\am Start\Downloads\OTL.exe
PRC - [2011.11.20 22:11:13 | 000,185,344 | ---- | M] (Agnitum Ltd.) -- C:\Users\Christian\AppData\Local\temp\upd.exe
PRC - [2011.08.22 10:01:00 | 000,593,920 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2011.08.12 17:13:26 | 000,087,040 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011.08.01 09:28:16 | 000,124,480 | ---- | M] (ICQ, LLC.) -- C:\Program Files\ICQ7.5\ICQ.exe
PRC - [2011.06.14 20:13:59 | 000,580,608 | ---- | M] (OldTimer Tools) -- c:\Users\Christian\Downloads\OTL.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.06.01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010.10.18 14:37:35 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
PRC - [2009.12.04 10:16:39 | 000,187,456 | ---- | M] (DATA BECKER GmbH & Co KG) -- C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe
PRC - [2009.06.18 15:19:30 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.03.20 01:03:00 | 000,368,640 | R--- | M] (AVM Berlin) -- C:\Program Files\avmwlanstick\WLanNetService.exe
PRC - [2008.08.04 16:16:46 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.07.15 11:20:04 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2008.01.21 03:24:05 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
PRC - [2008.01.21 03:23:24 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2007.07.17 14:48:16 | 000,180,224 | ---- | M] () -- C:\Windows\System32\WinService.exe
PRC - [2007.04.13 09:51:46 | 001,261,568 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
PRC - [2007.02.02 17:26:44 | 000,283,136 | ---- | M] (AVM Berlin) -- C:\Program Files\avmwlanstick\FRITZWLANMini.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2011.08.22 10:01:00 | 001,515,520 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\Maps\R66Api.dll
MOD - [2011.08.22 10:01:00 | 000,593,920 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2011.08.22 10:01:00 | 000,559,244 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\sqlite3.7.dll
MOD - [2011.08.22 10:01:00 | 000,516,599 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2011.08.22 10:01:00 | 000,389,120 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2011.08.22 10:01:00 | 000,139,264 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2011.08.22 10:01:00 | 000,139,264 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2011.08.22 10:01:00 | 000,094,208 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2011.04.18 14:36:29 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\886c8bd1f835e78b659b71aeed3ed15a\System.Configuration.ni.dll
MOD - [2011.04.18 14:34:11 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\653b1be0c33cfade02fb0a61f135e488\System.Xml.ni.dll
MOD - [2011.04.18 14:33:45 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\e1053db6ce65cc97268fc79cc380f0c1\System.Data.ni.dll
MOD - [2011.04.18 14:33:03 | 007,949,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\45f10e36f25d92dd808caab75e45b8ae\System.ni.dll
MOD - [2011.04.18 14:32:58 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b2a5854682691830b9f62ec351c8b54e\mscorlib.ni.dll
MOD - [2009.03.30 05:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2007.04.13 09:51:46 | 001,261,568 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - [2011.08.12 17:13:26 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.06.01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2009.12.04 10:16:39 | 000,187,456 | ---- | M] (DATA BECKER GmbH & Co KG) [Auto | Running] -- C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe -- (DBService)
SRV - [2009.08.24 12:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009.06.18 15:19:30 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.03.20 01:03:00 | 000,368,640 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2008.07.15 11:20:04 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.21 03:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.21 03:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007.07.17 14:48:16 | 000,180,224 | ---- | M] () [Auto | Running] -- C:\Windows\System32\WinService.exe -- (SCM_Service)
SRV - [2006.12.14 17:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - [2010.06.23 10:23:46 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010.02.26 13:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.02.26 13:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.02.26 13:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.02.26 13:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009.10.27 11:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2009.07.10 05:44:52 | 000,122,880 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2009.06.10 15:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009.05.07 01:01:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2009.04.11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008.07.30 06:51:30 | 000,277,736 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2008.05.02 12:59:40 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.01.21 03:23:26 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
DRV - [2007.12.26 09:46:00 | 000,288,768 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wg111v2.sys -- (RTL8187)
DRV - [2007.06.25 08:43:38 | 000,098,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117obex.sys -- (s117obex)
DRV - [2007.06.25 08:43:36 | 000,108,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117mdm.sys -- (s117mdm)
DRV - [2007.06.25 08:43:26 | 000,014,888 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117mdfl.sys -- (s117mdfl)
DRV - [2007.06.25 08:43:22 | 000,082,984 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117bus.sys -- (s117bus) Sony Ericsson Device 117 driver (WDM)
DRV - [2007.03.27 17:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2007.01.19 02:20:54 | 000,021,728 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\scmndisp.sys -- (SCMNdisP)
DRV - [2006.11.02 09:27:22 | 001,083,520 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4093077739-1572550361-4217914438-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-4093077739-1572550361-4217914438-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=13814
IE - HKU\S-1-5-21-4093077739-1572550361-4217914438-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-4093077739-1572550361-4217914438-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-4093077739-1572550361-4217914438-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-4093077739-1572550361-4217914438-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4093077739-1572550361-4217914438-1003\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - No CLSID value found
IE - HKU\S-1-5-21-4093077739-1572550361-4217914438-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.startup.homepage: "http://start.facemoods.com/?a=wbst"
FF - prefs.js..keyword.URL: "http://start.facemoods.com/?a=wbst&s={searchTerms}&f=4&hl={language}&src=chrm"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@innoplus.de/ino3DViewer: C:\Program Files\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden)
FF - HKLM\Software\MozillaPlugins\@innoplus.de/inoPanoViewer: C:\Program Files\innoPlus\Rundum-Betrachter-innoPlus\npirsviewer.dll (INNOVA-engineering GmbH Dresden)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/Acrobat,version=5.1: C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.12 02:31:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.12 02:31:08 | 000,000,000 | ---D | M]
[2010.10.25 01:48:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions
[2010.04.19 10:13:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com
[2011.05.16 08:10:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\djvuzk0n.default\extensions
[2011.04.09 03:53:07 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\djvuzk0n.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.05.15 04:05:55 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\djvuzk0n.default\extensions\ffxtlbr@babylon.com
[2010.09.24 21:18:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\djvuzk0n.default\extensions\staged-xpis
[2011.11.20 00:15:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Profiles\extensions
[2010.10.26 02:34:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Christian\AppData\Roaming\mozilla\Profiles\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.10.23 09:24:00 | 000,000,000 | ---D | M] (Google Analytics Opt-out Browser Add-on) -- C:\Users\Christian\AppData\Roaming\mozilla\Profiles\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}
[2011.11.03 07:27:52 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\Christian\AppData\Roaming\mozilla\Profiles\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010.10.25 02:00:09 | 000,000,000 | ---D | M] (Page Zoom Buttons) -- C:\Users\Christian\AppData\Roaming\mozilla\Profiles\extensions\54c7d9671b9eccd9e5686a73df34ab60@button.codefisher.org
[2011.11.03 07:27:55 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Users\Christian\AppData\Roaming\mozilla\Profiles\extensions\toolbar@web.de
[2009.12.03 02:22:08 | 000,002,236 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\djvuzk0n.default\searchplugins\askcom.xml
[2009.06.08 08:00:54 | 000,002,428 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\djvuzk0n.default\searchplugins\babylon.xml
[2010.09.19 11:16:03 | 000,001,196 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\djvuzk0n.default\searchplugins\winamp-search.xml
[2011.10.23 04:17:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.07.19 04:18:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.10.18 05:31:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.15 08:13:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.04.25 18:40:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.17 16:17:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008.11.19 14:32:26 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2008.02.22 16:24:06 | 000,095,832 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPPDLicenseHelper.dll
[2010.12.09 11:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.10.23 04:07:07 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.15 04:05:52 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011.10.23 04:07:07 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.03.18 23:38:11 | 000,003,700 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.png
[2010.03.18 23:38:11 | 000,001,963 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.xml
[2011.04.26 03:57:46 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.10.23 04:07:07 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.23 04:07:07 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.23 04:07:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
[color=#E56717]========== Chrome ==========[/color]
CHR - Extension: Babylon Chrome OCR = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.1_0\
CHR - Extension: Facemoods = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.2.1_0\
O1 HOSTS File: ([2011.06.16 21:13:08 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKU\S-1-5-21-4093077739-1572550361-4217914438-1001\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKU\S-1-5-21-4093077739-1572550361-4217914438-1003\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\FRITZWLANMini.exe (AVM Berlin)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4093077739-1572550361-4217914438-1001..\Run: [ICQ] C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-4093077739-1572550361-4217914438-1001..\Run: [vasja] C:\Users\Christian\AppData\Local\temp\upd.exe (Agnitum Ltd.)
O4 - HKU\S-1-5-21-4093077739-1572550361-4217914438-1003..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4093077739-1572550361-4217914438-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4093077739-1572550361-4217914438-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-21-4093077739-1572550361-4217914438-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-4093077739-1572550361-4217914438-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: HP Sammelmappe - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Intelligente Auswahl - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O15 - HKU\S-1-5-21-4093077739-1572550361-4217914438-1001\..Trusted Domains: softonic.de ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = vivi
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{336540C5-A66C-4583-A807-B77254D1CCE7}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F855E6A-66EA-40E8-A827-F4BAE5CEBB46}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C66B0A56-2BCD-4E00-9B5E-AD3A3BDAD693}: DhcpNameServer = 192.168.42.129
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Christian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Christian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-4093077739-1572550361-4217914438-1001\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-21-4093077739-1572550361-4217914438-1001\...exe [@ = exefile] -- Reg Error: Key error. File not found
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2011.11.20 22:21:39 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.11.20 07:57:05 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\index.php-Dateien\Documents\DVDVideoSoft
[2011.11.20 04:57:42 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\index.php-Dateien
[2011.11.20 03:15:43 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011.11.20 03:08:55 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Htc
[2011.11.20 03:08:03 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\HTC
[2011.11.20 03:07:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync
[2011.11.20 03:06:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
[2011.11.20 03:05:47 | 000,000,000 | ---D | C] -- C:\Program Files\Spirent Communications
[2011.11.20 03:04:57 | 000,000,000 | ---D | C] -- C:\Program Files\HTC
[2011.11.20 03:04:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011.11.06 03:11:15 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.10.24 08:33:54 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Malwarebytes
[2011.10.24 08:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.10.24 08:33:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.10.24 08:33:33 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.10.24 08:33:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.08.25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2009.12.12 01:21:01 | 001,306,624 | ---- | C] (Redfield Plugins) -- C:\Program Files\SketchMasterDemo.8bf
[2007.03.12 10:41:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2005.11.23 11:55:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2011.11.20 22:27:31 | 000,616,050 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.20 22:27:31 | 000,585,132 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.20 22:27:31 | 000,121,650 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.20 22:27:31 | 000,100,066 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.20 22:21:45 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.20 22:21:45 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.20 22:21:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.20 22:21:38 | 3184,513,024 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.20 22:21:35 | 316,075,510 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.11.20 17:32:36 | 000,070,480 | ---- | M] () -- C:\Users\Christian\Desktop\index.php-Dateien\Documents\M8_Schwangerschaft.pdf
[2011.11.20 07:37:05 | 000,023,552 | ---- | M] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.20 06:02:37 | 000,330,770 | ---- | M] () -- C:\Users\Christian\Desktop\index.php-Dateien\Documents\bda41427de.pdf
[2011.11.20 03:09:29 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf
[2011.11.20 03:07:59 | 000,000,907 | ---- | M] () -- C:\Users\Public\Desktop\HTC Sync.lnk
[2011.11.12 02:33:53 | 000,001,406 | ---- | M] () -- C:\Users\Christian\Desktop\Songtext - Burned With Desire.rtf.lnk
[2011.11.06 03:11:15 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.11.06 03:10:55 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.03 19:56:11 | 000,002,457 | ---- | M] () -- C:\Users\Christian\Desktop\no music...no life 3 + Übersetzung.rtf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2011.11.20 22:21:35 | 316,075,510 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.11.20 17:32:36 | 000,070,480 | ---- | C] () -- C:\Users\Christian\Desktop\index.php-Dateien\Documents\M8_Schwangerschaft.pdf
[2011.11.20 06:02:37 | 000,330,770 | ---- | C] () -- C:\Users\Christian\Desktop\index.php-Dateien\Documents\bda41427de.pdf
[2011.11.20 03:09:29 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf
[2011.11.20 03:07:59 | 000,000,907 | ---- | C] () -- C:\Users\Public\Desktop\HTC Sync.lnk
[2011.11.11 19:19:30 | 000,013,099 | R--- | C] () -- C:\Windows\instwcli.inf
[2011.11.06 03:10:55 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.13 10:04:20 | 000,180,224 | ---- | C] () -- C:\Windows\System32\WinService.exe
[2011.06.23 12:05:48 | 000,013,363 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\UserTile.png
[2011.05.01 12:51:43 | 000,160,396 | ---- | C] () -- C:\Windows\hpoins15.dat.temp
[2011.05.01 12:51:41 | 000,001,039 | ---- | C] () -- C:\Windows\hpomdl15.dat.temp
[2011.04.26 09:39:32 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.04.17 02:16:59 | 000,004,140 | ---- | C] () -- C:\ProgramData\oafcpcef.qqj
[2010.09.12 15:16:55 | 000,159,633 | ---- | C] () -- C:\Windows\hpoins15.dat
[2010.08.25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.08.25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.08.25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.08.25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.08.25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.08.25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010.07.27 09:48:28 | 000,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI
[2010.04.19 17:35:40 | 000,000,126 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\default.rss
[2010.04.19 05:43:57 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.04.19 05:43:57 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.02.22 08:17:54 | 000,000,181 | ---- | C] () -- C:\Windows\WININIT.INI
[2010.02.22 07:50:01 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2010.02.17 09:48:41 | 000,007,052 | ---- | C] () -- C:\Users\Christian\AppData\Local\d3d9caps.dat
[2010.01.18 04:21:09 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2010.01.18 04:19:39 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.01.18 04:18:40 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.12.27 05:15:41 | 000,070,512 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009.12.12 11:20:20 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.12.12 02:37:03 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ArtFfct.dll
[2009.12.12 02:31:37 | 000,228,351 | ---- | C] () -- C:\Windows\LOOP.exe
[2009.12.12 01:21:01 | 000,534,975 | ---- | C] () -- C:\Program Files\Strokes.8tx
[2009.12.03 06:20:33 | 000,000,305 | ---- | C] () -- C:\Windows\Lexstat.ini
[2009.12.02 21:57:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.12.02 21:57:09 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.12.02 21:56:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.11.02 12:20:37 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2009.10.24 08:47:30 | 000,023,552 | ---- | C] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.24 06:26:01 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.10.23 18:48:43 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2009.10.17 10:42:54 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009.10.17 04:06:36 | 000,616,050 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.10.17 04:06:36 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.10.17 04:06:36 | 000,121,650 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.10.17 04:06:36 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.10.16 18:33:25 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1545.dll
[2009.10.16 18:33:25 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009.10.16 18:33:24 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2009.09.09 07:57:40 | 000,134,544 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2007.12.12 21:02:34 | 000,001,039 | ---- | C] () -- C:\Windows\hpomdl15.dat
[2007.02.07 18:58:12 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,366,744 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,585,132 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,100,066 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.09.19 08:07:28 | 000,827,392 | ---- | C] () -- C:\Windows\vsnpstd3.exe
[2006.06.07 14:23:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv7.dll
[2006.03.07 12:59:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv6.dll
[2006.01.10 18:11:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv5.dll
[2004.02.27 15:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[2003.02.20 16:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[color=#E56717]========== LOP Check ==========[/color]
[2010.08.16 18:47:19 | 000,000,000 | ---D | M] -- C:\Users\am Start\AppData\Roaming\freenet
[2011.11.20 22:22:51 | 000,000,000 | ---D | M] -- C:\Users\am Start\AppData\Roaming\HTC
[2009.11.01 06:56:04 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Ableton
[2010.04.18 18:07:40 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Anthropics
[2009.12.12 22:13:28 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Ashampoo
[2010.10.26 06:13:58 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Audacity
[2011.05.02 05:38:30 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\BitTorrent
[2009.11.14 05:44:42 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Canneverbe_Limited
[2011.04.25 18:11:32 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\CommunicaEtor
[2011.07.30 17:02:02 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DVDVideoSoft
[2011.04.09 03:53:06 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.04.20 09:52:15 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\foobar2000
[2011.04.17 01:22:52 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\FreeFLVConverter
[2010.08.24 12:11:08 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\freenet
[2011.11.20 03:09:08 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\HTC
[2011.11.20 03:15:43 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011.11.20 20:21:47 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\ICQ
[2009.10.24 12:51:21 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\InterTrust
[2010.07.01 02:20:51 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\LG Electronics
[2010.08.04 21:50:03 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\MAGIX
[2009.12.27 17:54:37 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Metaversum
[2011.04.17 02:16:59 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\MOVAVI
[2010.09.22 18:23:10 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Nokia
[2010.09.27 21:06:28 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Nokia Multimedia Player
[2010.09.27 21:04:20 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\NSeries
[2010.09.01 16:14:57 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\OpenOffice.org
[2010.09.27 21:43:19 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PC Suite
[2011.06.23 12:05:48 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PeerNetworking
[2010.08.29 07:52:30 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Softplicity
[2010.09.08 09:32:42 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Sony
[2010.09.16 19:49:10 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\T-Online
[2010.10.08 00:42:29 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\TuneUp Software
[2010.04.18 19:56:46 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Uniblue
[2010.04.19 16:44:40 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Vivox
[2010.09.06 23:29:08 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\WinAVI
[2011.11.17 01:20:55 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[color=#E56717]========== Purity Check ==========[/color]
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:1957F8A9
< End of report >
für Eure Hilfe wäre ich sehr dankbar und mich über eine Antwort oder Lösung von Euch freuen...
glg vivi