| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Live Security Platinum auf NotebookWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
25.07.2012, 23:03
| #1 |
| |  Live Security Platinum auf Notebook Liebe Trojanerboard Community, vorweg: Super Anlaufstelle. Zum Thema: Mein Notebook ist abgestürzt. Beim Neustarten ist der Virus aufgetreten. Die Symptome waren etwa so wie hier beschrieben: http://www.trojaner-board.de/116774-...entfernen.html Zunächst habe ich mir versucht durch googlen eine Lösung zu finden. Dabei bin ich auf diesen Forumseintrag von euch gestoßen und habe die Schritte wie dort beschrieben befolgt. Ohne Erfolg. http://www.trojaner-board.de/119769-...num-virus.html Als nächstes habe ich folgende Seite gefunden und versucht den Schritten zu folgen: http://www.trojaner-board.de/116774-...entfernen.html Abgesicherter Modus und Fix Exe habe ich noch hin bekommen. Danach war ich mir unsicher. Muss man die Schritte "Falsche Proxy Einstellungen entfernen" und den "Malewarescanner" auch im abgesicherten Modus machen? Auf die Internetoptionen konnte ich im abgesicherten Modus nicht zugreifen. Ich bin mir nicht sicher, ob ich die bisher durchgeführten Maßnahmen überhaupt hätte machen sollen. Einerseits stand in den Forumsregeln zwar, dass man nach vergleichbaren Problemen suchen soll. Andererseits habe ich auch gelesen, dass jedes Problem eine individuelle Lösung braucht. Anyway: Ich habe jetzt versucht die Schritte für einen eigenen Thread zu befolgen. Bevor der Log kommt noch eine Schwierigkeiten, die aufgetreten ist. Bei GMER kam kurz vor Abschluss des scans die Meldung. "Warning!!! GMER has found system..." In der Anleitung stand, dass man "no" klicken soll. Man konnte aber nur "ok" drücken, weshalb ich das Fenster mit "x" geschlossen habe. War das richtig? Hier die Otltext direkt in den Threat und die anderen im Anhang. OTL logfile created on: 25.07.2012 23:35:49 - Run 3 OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\User\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 68,42% Memory free 6,19 Gb Paging File | 5,44 Gb Available in Paging File | 87,90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,66 Gb Total Space | 4,21 Gb Free Space | 4,31% Space Free | Partition Type: NTFS Drive D: | 135,12 Gb Total Space | 91,05 Gb Free Space | 67,38% Space Free | Partition Type: NTFS Drive E: | 4,38 Gb Total Space | 0,80 Gb Free Space | 18,25% Space Free | Partition Type: UDF Computer Name: USER-PC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.25 21:15:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe PRC - [2012.04.11 23:07:38 | 000,175,632 | ---- | M] (Nitro PDF Software) -- C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\MsMpEng.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010.05.20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe PRC - [2010.03.09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Programme\Nuance\PaperPort\PDFProFiltSrvPP.exe PRC - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE PRC - [2009.04.11 15:18:30 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.07.29 10:11:00 | 000,071,512 | ---- | M] (O2Micro International) -- C:\Windows\System32\drivers\o2flash.exe PRC - [2008.06.15 15:34:20 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV - [2012.07.20 08:56:21 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.12 11:31:30 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.04.11 23:07:38 | 000,175,632 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2) SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.11.17 22:12:44 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service) SRV - [2010.05.20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc) SRV - [2010.03.09 00:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Programme\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP) SRV - [2010.01.25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Programme\Browny02\BrYNSvc.exe -- (BrYNSvc) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2008.07.29 10:11:00 | 000,071,512 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\System32\drivers\o2flash.exe -- (o2flash) SRV - [2008.06.15 15:34:20 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\User\AppData\Local\Temp\kxldapob.sys -- (kxldapob) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.07.25 22:35:56 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{89554D22-0033-47B8-A359-54F55D7F2E5A}\MpKsl6c41988e.sys -- (MpKsl6c41988e) DRV - [2012.06.06 09:08:25 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2010.05.20 16:27:26 | 001,961,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX3000.sys -- (VX3000) DRV - [2009.06.16 15:59:00 | 009,768,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.07.29 10:10:14 | 000,051,288 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR) DRV - [2008.06.12 09:28:56 | 000,043,608 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR) DRV - [2008.02.22 10:20:48 | 000,106,496 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.23 21:42:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.20 08:56:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.13 18:47:49 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.20 08:56:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.13 18:47:49 | 000,000,000 | ---D | M] [2012.02.11 18:23:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions [2012.05.09 16:39:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rmv37nxf.default\extensions [2012.05.09 16:39:46 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rmv37nxf.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.02.26 16:03:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.02.23 21:42:14 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>  -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5[2012.07.20 08:56:22 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.02.26 16:03:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2007.03.10 01:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll [2012.02.08 19:36:16 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.08 19:21:19 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.08 19:36:16 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.08 19:36:16 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.08 19:36:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.08 19:36:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Programme\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [Goodnight Timer] C:\Program Files\Goodnight Timer\Goodnight Timer.exe () O4 - HKLM..\Run: [IndexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Programme\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFHook] C:\Programme\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [Reader Application Helper] C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation) O4 - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) O4 - HKCU..\Run: [Neacybigr] C:\Users\User\AppData\Roaming\Acyhz\ebup.exe () O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKCU..\RunOnce: [036DFF980009EDE70303F3072F3B707C] C:\ProgramData\036DFF980009EDE70303F3072F3B707C\036DFF980009EDE70303F3072F3B707C.exe () O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{641C529A-DAAA-43E8-9028-40D299DB7849}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{6ed74e1b-9544-11e1-adbe-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{6ed74e1b-9544-11e1-adbe-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence O33 - MountPoints2\{af874f8a-af9d-11e1-8a5a-0021709b569f}\Shell - "" = AutoRun O33 - MountPoints2\{af874f8a-af9d-11e1-8a5a-0021709b569f}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.07.25 22:33:01 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\otl [2012.07.25 21:35:35 | 000,000,000 | ---D | C] -- C:\_OTL [2012.07.25 21:23:13 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2012.07.25 21:04:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum [2012.07.25 21:01:37 | 000,000,000 | ---D | C] -- C:\ProgramData\036DFF980009EDE70303F3072F3B707C [2012.07.25 21:00:17 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Oppa [2012.07.25 21:00:17 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Erxu [2012.07.25 21:00:17 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Acyhz [2012.07.15 13:24:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\ControlCenter4 [2012.07.15 13:18:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother [2012.07.15 13:16:37 | 000,000,000 | ---D | C] -- C:\Brother [2012.07.15 13:16:34 | 000,000,000 | ---D | C] -- C:\ProgramData\ControlCenter4 [2012.07.15 13:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\Browny02 [2012.07.15 13:16:29 | 000,000,000 | ---D | C] -- C:\Program Files\ControlCenter4 [2012.07.15 13:16:26 | 000,225,280 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrfxD05c.dll [2012.07.15 13:16:26 | 000,074,752 | R--- | C] (Brother Industries,Ltd.) -- C:\Windows\System32\BrWiaNCp.dll [2012.07.15 13:16:25 | 000,074,752 | R--- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrNetSti.dll [2012.07.15 13:16:25 | 000,051,200 | R--- | C] (Brother Industries,Ltd) -- C:\Windows\System32\Brnsplg.dll [2012.07.15 13:16:23 | 001,475,072 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrWi209d.dll [2012.07.15 13:16:23 | 000,217,088 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrJDec.dll [2012.07.15 13:16:10 | 000,103,736 | ---- | C] (Brother Industries Ltd) -- C:\Windows\System32\BRRBTOOL.EXE [2012.07.15 13:16:10 | 000,077,824 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BRLMW03A.DLL [2012.07.15 13:16:10 | 000,025,299 | ---- | C] (Brother Industries, Ltd) -- C:\Windows\System32\BRLM03A.DLL [2012.07.15 13:16:06 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2.dll [2012.07.15 13:16:06 | 000,005,632 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2L.dll [2012.07.15 13:16:06 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2S.dll [2012.07.15 13:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\Brother [2012.07.15 13:16:01 | 000,180,224 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BroSNMP.dll [2012.07.15 13:15:52 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information [2012.07.15 13:06:47 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\InstallShield [2012.07.15 13:05:52 | 000,000,000 | ---D | C] -- C:\ProgramData\zeon [2012.07.15 13:04:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PaperPort 12 [2012.07.15 13:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ScanSoft Shared [2012.07.15 13:04:00 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\MeineWebSeiten [2012.07.15 12:37:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\BrFaxRx [2012.07.15 12:35:05 | 000,073,728 | ---- | C] (Brother Industories Ltd. P&S Company) -- C:\Windows\System32\BRCrypt.dll [2012.07.15 12:34:52 | 000,180,224 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrMuSNMP.dll [2012.07.15 12:34:52 | 000,118,784 | ---- | C] (Brother Industries,LTD.) -- C:\Windows\System32\BrMfNt.dll [2012.07.15 12:34:36 | 000,217,088 | ---- | C] (brother) -- C:\Windows\System32\NSSearch.dll [2012.07.15 12:31:55 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Nuance [2012.07.15 12:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ScanSoft [2012.07.15 12:30:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance [2012.07.15 12:30:44 | 000,000,000 | ---D | C] -- C:\Program Files\Nuance [2012.07.15 12:30:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield [2012.07.15 12:28:54 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0 [2012.07.15 12:28:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother [2012.07.01 17:38:34 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Canneverbe_Limited [2012.07.01 17:38:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP [2012.07.01 17:38:19 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP [2012.02.11 19:21:47 | 001,762,824 | ---- | C] (Microsoft Corporation) -- C:\Users\User\vcredist_x86.exe ========== Files - Modified Within 30 Days ========== [2012.07.25 23:34:57 | 000,002,617 | ---- | M] () -- C:\Users\User\Desktop\Microsoft Word 2010.lnk [2012.07.25 23:28:16 | 005,649,446 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.25 23:28:16 | 002,169,524 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.25 23:28:16 | 001,777,302 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.25 23:28:16 | 001,613,574 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.07.25 23:24:54 | 000,031,776 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.07.25 23:24:54 | 000,031,776 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.07.25 23:07:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.25 23:07:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.25 23:00:35 | 000,000,705 | ---- | M] () -- C:\Users\User\Desktop\Gmer.text [2012.07.25 22:35:47 | 000,302,592 | ---- | M] () -- C:\Users\User\Desktop\ghgxs2i6.exe [2012.07.25 22:26:21 | 000,000,156 | ---- | M] () -- C:\Users\User\defogger_reenable [2012.07.25 22:20:39 | 000,050,477 | ---- | M] () -- C:\Users\User\Desktop\Defogger.exe [2012.07.25 22:07:31 | 000,000,059 | ---- | M] () -- C:\Users\User\AppData\Roaming\GoodnightTimer.ini [2012.07.25 22:07:17 | 000,004,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.25 22:07:17 | 000,004,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.25 22:07:16 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2012.07.25 22:07:14 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Final Media Player Update Checker.job [2012.07.25 22:07:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.25 22:07:05 | 3217,522,688 | -HS- | M] () -- C:\hiberfil.sys [2012.07.25 22:03:20 | 000,001,356 | ---- | M] () -- C:\Users\User\AppData\Local\d3d9caps.dat [2012.07.25 21:49:05 | 000,000,335 | ---- | M] () -- C:\Users\User\Desktop\FixExe.reg [2012.07.25 21:42:19 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7EC20672-B24D-480C-841B-67940E46BB1C}.job [2012.07.25 21:15:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2012.07.25 21:04:00 | 000,001,970 | ---- | M] () -- C:\Users\User\Desktop\Live Security Platinum.lnk [2012.07.15 13:23:12 | 000,406,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.07.15 13:19:14 | 000,001,921 | ---- | M] () -- C:\Users\Public\Desktop\Brother Creative Center.lnk [2012.07.15 13:18:50 | 000,000,233 | ---- | M] () -- C:\Windows\Brpfx04a.ini [2012.07.15 13:18:50 | 000,000,093 | ---- | M] () -- C:\Windows\brpcfx.ini [2012.07.15 13:16:37 | 000,000,066 | ---- | M] () -- C:\Windows\Brfaxrx.ini [2012.07.10 09:07:07 | 000,055,296 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.06 18:33:03 | 001,012,369 | ---- | M] () -- C:\Users\User\Documents\Gummibären Bande.mp3 [2012.07.04 15:50:54 | 002,136,651 | ---- | M] () -- C:\Users\User\Documents\Niederlande_zwei 020.JPG [2012.07.04 15:48:15 | 004,078,456 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 213.JPG [2012.07.04 15:48:04 | 004,539,879 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 207.JPG [2012.07.04 15:47:23 | 003,669,641 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 200.JPG [2012.07.04 15:47:07 | 004,037,891 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 197.JPG [2012.07.04 15:46:35 | 004,643,748 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 170.JPG [2012.07.04 15:44:04 | 004,503,041 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 187.JPG [2012.07.04 15:43:23 | 004,455,064 | ---- | M] () -- C:\Users\User\Documents\Niederlande_eins 171.JPG [2012.07.04 15:38:58 | 000,115,998 | ---- | M] () -- C:\Users\User\Documents\SAM_3423.JPG [2012.07.04 15:38:55 | 000,346,598 | ---- | M] () -- C:\Users\User\Documents\SAM_3610.JPG [2012.07.04 15:38:49 | 000,071,426 | ---- | M] () -- C:\Users\User\Documents\SAM_3570.JPG [2012.07.04 15:35:54 | 000,327,825 | ---- | M] () -- C:\Users\User\Documents\SAM_3602.JPG [2012.07.04 15:35:41 | 000,114,847 | ---- | M] () -- C:\Users\User\Documents\SAM_3586.JPG [2012.07.04 15:35:30 | 000,169,509 | ---- | M] () -- C:\Users\User\Documents\SAM_3442.JPG [2012.07.04 15:35:16 | 000,105,551 | ---- | M] () -- C:\Users\User\Documents\SAM_3559.JPG [2012.07.04 15:34:57 | 000,349,295 | ---- | M] () -- C:\Users\User\Documents\SAM_3518.JPG [2012.07.04 15:34:44 | 000,331,952 | ---- | M] () -- C:\Users\User\Documents\SAM_3506.JPG [2012.07.04 15:33:54 | 000,324,727 | ---- | M] () -- C:\Users\User\Documents\SAM_3457.JPG [2012.07.04 15:33:36 | 000,154,624 | ---- | M] () -- C:\Users\User\Documents\SAM_3430.JPG [2012.07.04 15:33:22 | 000,314,819 | ---- | M] () -- C:\Users\User\Documents\SAM_3624.JPG [2012.07.04 15:32:36 | 000,347,010 | ---- | M] () -- C:\Users\User\Documents\SAM_3674.JPG [2012.07.04 15:32:05 | 000,317,520 | ---- | M] () -- C:\Users\User\Documents\SAM_3647.JPG [2012.07.04 15:30:49 | 000,332,289 | ---- | M] () -- C:\Users\User\Documents\SAM_3652.JPG [2012.07.04 15:29:33 | 000,123,137 | ---- | M] () -- C:\Users\User\Documents\SAM_3571.JPG [2012.07.04 15:29:11 | 000,320,928 | ---- | M] () -- C:\Users\User\Documents\SAM_3558.JPG [2012.07.04 15:28:32 | 000,322,463 | ---- | M] () -- C:\Users\User\Documents\SAM_3544.JPG [2012.07.04 15:27:37 | 000,349,282 | ---- | M] () -- C:\Users\User\Documents\SAM_3521.JPG [2012.07.04 15:26:56 | 000,323,657 | ---- | M] () -- C:\Users\User\Documents\SAM_3414.JPG [2012.07.04 15:26:10 | 000,105,933 | ---- | M] () -- C:\Users\User\Documents\SAM_3409.JPG [2012.07.04 15:24:46 | 000,344,088 | ---- | M] () -- C:\Users\User\Documents\SAM_3633.JPG [2012.07.04 15:20:15 | 000,117,054 | ---- | M] () -- C:\Users\User\Documents\SAM_3405.JPG [2012.07.01 17:38:21 | 000,001,734 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk ========== Files Created - No Company Name ========== [2012.07.25 23:00:34 | 000,000,705 | ---- | C] () -- C:\Users\User\Desktop\Gmer.text [2012.07.25 22:35:46 | 000,302,592 | ---- | C] () -- C:\Users\User\Desktop\ghgxs2i6.exe [2012.07.25 22:26:05 | 000,000,156 | ---- | C] () -- C:\Users\User\defogger_reenable [2012.07.25 22:20:38 | 000,050,477 | ---- | C] () -- C:\Users\User\Desktop\Defogger.exe [2012.07.25 22:07:05 | 3217,522,688 | -HS- | C] () -- C:\hiberfil.sys [2012.07.25 21:49:04 | 000,000,335 | ---- | C] () -- C:\Users\User\Desktop\FixExe.reg [2012.07.25 21:05:07 | 000,001,712 | ---- | C] () -- C:\Users\User\AppData\Local\{2cbdefbf-11ec-2aaf-d277-1e022aacc726}\U\00000001.@ [2012.07.25 21:04:00 | 000,001,970 | ---- | C] () -- C:\Users\User\Desktop\Live Security Platinum.lnk [2012.07.15 13:19:14 | 000,001,921 | ---- | C] () -- C:\Users\Public\Desktop\Brother Creative Center.lnk [2012.07.15 13:18:50 | 000,000,233 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2012.07.15 13:18:50 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini [2012.07.15 13:16:27 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2012.07.15 13:16:26 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2012.07.15 13:16:11 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL [2012.07.15 13:16:10 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI [2012.07.15 13:16:09 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM10A.DAT [2012.07.06 18:32:54 | 001,012,369 | ---- | C] () -- C:\Users\User\Documents\Gummibären Bande.mp3 [2012.07.04 15:50:31 | 002,136,651 | ---- | C] () -- C:\Users\User\Documents\Niederlande_zwei 020.JPG [2012.07.04 15:46:34 | 004,078,456 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 213.JPG [2012.07.04 15:45:34 | 004,539,879 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 207.JPG [2012.07.04 15:45:03 | 003,669,641 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 200.JPG [2012.07.04 15:44:42 | 004,037,891 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 197.JPG [2012.07.04 15:44:34 | 004,643,748 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 170.JPG [2012.07.04 15:43:20 | 004,503,041 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 187.JPG [2012.07.04 15:42:43 | 004,455,064 | ---- | C] () -- C:\Users\User\Documents\Niederlande_eins 171.JPG [2012.07.04 15:38:56 | 000,115,998 | ---- | C] () -- C:\Users\User\Documents\SAM_3423.JPG [2012.07.04 15:38:51 | 000,346,598 | ---- | C] () -- C:\Users\User\Documents\SAM_3610.JPG [2012.07.04 15:38:47 | 000,071,426 | ---- | C] () -- C:\Users\User\Documents\SAM_3570.JPG [2012.07.04 15:35:50 | 000,327,825 | ---- | C] () -- C:\Users\User\Documents\SAM_3602.JPG [2012.07.04 15:35:39 | 000,114,847 | ---- | C] () -- C:\Users\User\Documents\SAM_3586.JPG [2012.07.04 15:35:27 | 000,169,509 | ---- | C] () -- C:\Users\User\Documents\SAM_3442.JPG [2012.07.04 15:35:14 | 000,105,551 | ---- | C] () -- C:\Users\User\Documents\SAM_3559.JPG [2012.07.04 15:34:53 | 000,349,295 | ---- | C] () -- C:\Users\User\Documents\SAM_3518.JPG [2012.07.04 15:34:40 | 000,331,952 | ---- | C] () -- C:\Users\User\Documents\SAM_3506.JPG [2012.07.04 15:33:50 | 000,324,727 | ---- | C] () -- C:\Users\User\Documents\SAM_3457.JPG [2012.07.04 15:33:33 | 000,154,624 | ---- | C] () -- C:\Users\User\Documents\SAM_3430.JPG [2012.07.04 15:33:18 | 000,314,819 | ---- | C] () -- C:\Users\User\Documents\SAM_3624.JPG [2012.07.04 15:32:32 | 000,347,010 | ---- | C] () -- C:\Users\User\Documents\SAM_3674.JPG [2012.07.04 15:32:00 | 000,317,520 | ---- | C] () -- C:\Users\User\Documents\SAM_3647.JPG [2012.07.04 15:30:45 | 000,332,289 | ---- | C] () -- C:\Users\User\Documents\SAM_3652.JPG [2012.07.04 15:29:31 | 000,123,137 | ---- | C] () -- C:\Users\User\Documents\SAM_3571.JPG [2012.07.04 15:29:07 | 000,320,928 | ---- | C] () -- C:\Users\User\Documents\SAM_3558.JPG [2012.07.04 15:28:27 | 000,322,463 | ---- | C] () -- C:\Users\User\Documents\SAM_3544.JPG [2012.07.04 15:27:33 | 000,349,282 | ---- | C] () -- C:\Users\User\Documents\SAM_3521.JPG [2012.07.04 15:26:52 | 000,323,657 | ---- | C] () -- C:\Users\User\Documents\SAM_3414.JPG [2012.07.04 15:26:07 | 000,105,933 | ---- | C] () -- C:\Users\User\Documents\SAM_3409.JPG [2012.07.04 15:24:41 | 000,344,088 | ---- | C] () -- C:\Users\User\Documents\SAM_3633.JPG [2012.07.04 15:20:13 | 000,117,054 | ---- | C] () -- C:\Users\User\Documents\SAM_3405.JPG [2012.07.01 17:38:21 | 000,001,734 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2012.06.10 23:35:24 | 000,000,059 | ---- | C] () -- C:\Users\User\AppData\Roaming\GoodnightTimer.ini [2012.05.02 22:20:28 | 000,584,644 | ---- | C] () -- C:\Users\User\castillo,_linda_-_blutige_stille.mobi [2012.02.23 21:42:19 | 000,001,393 | ---- | C] () -- C:\Users\User\DivX Movies.lnk [2012.02.23 21:41:56 | 000,000,917 | ---- | C] () -- C:\Users\User\DivX Plus Player.lnk [2012.02.23 21:41:36 | 000,001,897 | ---- | C] () -- C:\Users\User\DivX Plus Converter.lnk [2012.02.12 15:01:14 | 000,002,048 | -HS- | C] () -- C:\Users\User\AppData\Local\{2cbdefbf-11ec-2aaf-d277-1e022aacc726}\@ [2012.02.11 19:59:45 | 000,010,752 | ---- | C] () -- C:\Users\User\Gedicht Mutter.wps [2012.02.11 19:59:45 | 000,000,973 | ---- | C] () -- C:\Users\User\DivX Converter.lnk [2012.02.11 19:59:45 | 000,000,937 | ---- | C] () -- C:\Users\User\DivX Player.lnk [2012.02.11 19:21:38 | 000,689,664 | ---- | C] () -- C:\Users\User\MicrosoftFixit50202.msi [2012.02.11 19:05:26 | 000,055,296 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.02.11 14:15:20 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.001 [2012.02.11 14:15:18 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.dat [2012.02.11 13:47:57 | 000,001,356 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat ========== LOP Check ========== [2012.07.25 21:00:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Acyhz [2012.07.01 17:38:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Canneverbe_Limited [2012.07.15 13:24:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ControlCenter4 [2012.06.06 10:37:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools Lite [2012.04.25 16:20:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Downloaded Installations [2012.07.25 21:43:48 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Erxu [2012.02.13 14:12:26 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FinalMediaPlayer [2012.05.06 17:25:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GlarySoft [2012.02.11 17:03:29 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LibreOffice [2012.04.25 16:22:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Nitro PDF [2012.07.15 12:31:55 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Nuance [2012.07.25 21:00:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Oppa [2012.04.17 18:29:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SoftGrid Client [2012.05.15 12:15:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\supertuxkart [2012.02.13 14:49:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TP [2012.05.03 19:24:18 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Vodafone [2012.07.25 22:07:14 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Final Media Player Update Checker.job [2012.07.25 22:07:16 | 000,000,284 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job [2012.07.25 22:00:11 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.07.25 21:42:19 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7EC20672-B24D-480C-841B-67940E46BB1C}.job ========== Purity Check ========== < End of report > |
| Themen zu Live Security Platinum auf Notebook |
| adobe, autorun, bho, browser, cdburnerxp, defender, document, einstellungen, exe, explorer, firefox, format, google, google earth, home, installation, logfile, mozilla, nicht sicher, nvidia, plug-in, proxy, realtek, registry, searchscopes, security, senden, software, super, temp, vcredist, virus, vista |
Baum-Darstellung