| Kaylia1991 | 03.12.2011 17:05 |
TR/Spy.Banker.Gen2
Hallo ihr Lieben,
ich bin ein absoluter Nichts-Könner, was diese Dinge anbelangt.
Deshalb dachte ich mir mal, dass ich mir hier rat hole.
Also mein Antivir-Programm hat den berühmten TR/Spy.Banker Gen2 was auch immer Trojaner bei mir auf dem Laptop entdeckt. Ich habe schon meinen Online-Banking pin über einen anderen Rechner geändert, so wie die Passwörter aller relevanten Accounts, die ich so habe.
Dann habe ich mal einen OTL Scan gemacht, um mir bei euch eine Diagnose zu holen. PHP-Code:
OTL Logfile:
[CODE]OTL logfile created on: 03.12.2011 16:46:05 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Svenja\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,93 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 50,08% Memory free
7,86 Gb Paging File | 5,77 Gb Available in Paging File | 73,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220,78 Gb Total Space | 76,51 Gb Free Space | 34,65% Space Free | Partition Type: NTFS
Computer Name: SVENJASLAPTOP | User Name: Svenja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - C:\Users\Svenja\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Svenja\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\program files (x86)\avira\antivir desktop\avscan.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
PRC - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Windows\SysWOW64\TSTheme.exe (Microsoft Corporation)
PRC - C:\Programme\eMachines\eMachines Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated)
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\Svenja\AppData\Roaming\Mozilla\Firefox\Profiles\gmdpvsh4.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCoreGecko8.dll ()
MOD - C:\program files (x86)\avira\antivir desktop\sqlite3.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll ()
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_d768ebc.dll ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (ePowerSvc) -- C:\Programme\eMachines\eMachines Power Management\ePowerSvc.exe (Acer Incorporated)
SRV - (Updater Service) -- C:\Programme\eMachines\eMachines Updater\UpdaterService.exe (Acer)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (Greg_Service) -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV:[b]64bit:[/b] - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:[b]64bit:[/b] - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:[b]64bit:[/b] - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:[b]64bit:[/b] - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:[b]64bit:[/b] - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:[b]64bit:[/b] - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:[b]64bit:[/b] - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:[b]64bit:[/b] - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:[b]64bit:[/b] - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:[b]64bit:[/b] - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (FlashUSB) -- C:\Windows\SysNative\drivers\FlashUSB_x64.sys (Danish Wireless Design A/S)
DRV:[b]64bit:[/b] - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:[b]64bit:[/b] - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (FlashUSB) -- C:\Windows\SysWOW64\drivers\FlashUsb_x64.sys (Danish Wireless Design A/S)
DRV - (DKbFltr) Dritek Keyboard Filter Driver (64-bit) -- C:\Windows\SysWOW64\Drivers\DKbFltr.sys (Dritek System Inc.)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=e725&r=273611098415l0304z1i5r48320260
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=e725&r=273611098415l0304z1i5r48320260
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=e725&r=273611098415l0304z1i5r48320260
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=e725&r=273611098415l0304z1i5r48320260
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=e725&r=273611098415l0304z1i5r48320260
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.1&q="
FF - prefs.js..network.proxy.http: "137.99.11.86"
FF - prefs.js..network.proxy.http_port: 3127
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPWMDRMWrapper: C:\Program Files (x86)\Videoload Manager\NPWMDRMWrapper.dll ( )
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Svenja\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.10 08:27:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.04.18 11:25:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Svenja\AppData\Roaming\5052 [2011.12.01 13:48:50 | 000,000,000 | ---D | M]
[2009.11.23 17:38:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Svenja\AppData\Roaming\mozilla\Extensions
[2011.11.29 06:52:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Svenja\AppData\Roaming\mozilla\Firefox\Profiles\gmdpvsh4.default\extensions
[2011.11.29 06:52:56 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Svenja\AppData\Roaming\mozilla\Firefox\Profiles\gmdpvsh4.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.11.09 08:10:04 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Svenja\AppData\Roaming\mozilla\Firefox\Profiles\gmdpvsh4.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.07.22 21:59:48 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Svenja\AppData\Roaming\mozilla\Firefox\Profiles\gmdpvsh4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.11.11 08:30:15 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Svenja\AppData\Roaming\mozilla\Firefox\Profiles\gmdpvsh4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.04.15 08:34:37 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Svenja\AppData\Roaming\mozilla\Firefox\Profiles\gmdpvsh4.default\extensions\engine@conduit.com
[2011.04.04 13:34:56 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Svenja\AppData\Roaming\mozilla\Firefox\Profiles\gmdpvsh4.default\extensions\firefox@tvunetworks.com
[2011.12.01 21:59:13 | 000,000,950 | ---- | M] () -- C:\Users\Svenja\AppData\Roaming\Mozilla\Firefox\Profiles\gmdpvsh4.default\searchplugins\icqplugin-1.xml
[2010.09.16 16:03:48 | 000,000,950 | ---- | M] () -- C:\Users\Svenja\AppData\Roaming\Mozilla\Firefox\Profiles\gmdpvsh4.default\searchplugins\icqplugin-10.xml
[2010.10.21 23:05:31 | 000,000,950 | ---- | M] () -- C:\Users\Svenja\AppData\Roaming\Mozilla\Firefox\Profiles\gmdpvsh4.default\searchplugins\icqplugin-11.xml
[2010.11.01 12:46:09 | 000,000,950 | ---- | M] () -- C:\Users\Svenja\AppData\Roaming\Mozilla\Firefox\Profiles\gmdpvsh4.default\searchplugins\icqplugin-12.xml
[2010.12.11 10:06:32 | 000,000,950 | ---- | M] () -- C:\Users\Svenja\AppData\Roaming\Mozilla\Firefox\Profiles\gmdpvsh4.default\searchplugins\icqplugin-13.xml
[2011.02.01 21:43:57 | 000,000,950 | ---- | M] () -- C:\Users\Svenja\AppData\Roaming\Mozilla\Firefox\Profiles\gmdpvsh4.default\searchplugins\icqplugin-14.xml
[2011.03.06 00:39:12 | 000,000,950 | ---- | M] () -- C:\Users\Svenja\AppData\Roaming\Mozilla\Firefox\Profiles\gmdpvsh4.default\searchplugins\icqplugin-15.xml
[2011.03.24 11:35:08 | 000,000,950 | ---- | M] () -- C:\Users\Svenja\AppData\Roaming\Mozilla\Firefox\Profiles\gmdpvsh4.default\searchplugins\icqplugin-16.xml
[2011.04.14 17:42:56 | 000,000,950 | ---- | M] () -- C:\Users\Svenja\AppData\Roaming\Mozilla\Firefox\Profiles\gmdpvsh4.default\searchplugins\icqplugin-17.xml
[2011.05.01 11:56:58 | 000,000,950 | ---- | M] () -- C:\Users\Svenja\AppData\Roaming\Mozilla\Firefox\Profiles\gmdpvsh4.default\searchplugins\icqplugin-18.xml
[2011.06.23 07:39:40 | 000,000,950 | ---- | M] () -- C:\Users\Svenja\AppData\Roaming\Mozilla\Firefox\Profiles\gmdpvsh4.default\searchplugins\icqplugin-19.xml
[2010.01.07 15:46:45 | 000,000,961 | ---- | M] () -- C:\Users\Svenja\AppData\Roaming\Mozilla\Firefox\Profiles\gmdpvsh4.default\searchplugins\icqplugin-2.xml
[2011.07.07 07:57:28 | 000,000,950 | ---- | M] () -- C:\Users\Svenja\AppData\Roaming\Mozilla\Firefox\Profiles\gmdpvsh4.default\searchplugins\icqplugin-20.xml
[2011.08.18 08:12:22 | 000,000,950 | ---- | M] () -- C:\Users\Svenja\AppData\Roaming\Mozilla\Firefox\Profiles\gmdpvsh4.default\searchplugins\icqplugin-21.xml
[2011.08.23 08:30:59 | 000,000,950 | ---- | M] () -- C:\Users\Svenja\AppData\Roaming\Mozilla\Firefox\Profiles\gmdpvsh4.default\searchplugins\icqplugin-22.xml
[2011.09.06 16:09:08 | 000,000,950 | ---- | M] () -- C:\Users\Svenja\AppData\Roaming\Mozilla\Firefox\Profiles\gmdpvsh4.default\searchplugins\icqplugin-23.xml
[2011.09.14 05:28:15 | 000,000,950 | ---- | M] () -- C:\Users\Svenja\AppData\Roaming\Mozilla\Firefox\Profiles\gmdpvsh4.default\searchplugins\icqplugin-24.xml
[2011.10.02 14:51:28 | 000,000,950 | ---- | M] () -- C:\Users\Svenja\AppData\Roaming\Mozilla\Firefox\Profiles\gmdpvsh4.default\searchplugins\icqplugin-25.xml
[2011.10.05 14:59:29 | 000,000,950 | ---- | M] () -- C:\Users\Svenja\AppData\Roaming\Mozilla\Firefox\Profiles\gmdpvsh4.default\searchplugins\icqplugin-26.xml
[2011.11.10 08:28:37 | 000,000,950 | ---- | M] () -- C:\Users\Svenja\AppData\Roaming\Mozilla\Firefox\Profiles\gmdpvsh4.default\searchplugins\icqplugin-27.xml
[2011.11.10 12:24:44 | 000,000,950 | ---- | M] () -- C:\Users\Svenja\AppData\Roaming\Mozilla\Firefox\Profiles\gmdpvsh4.default\searchplugins\icqplugin-28.xml
[2010.03.24 00:18:04 | 000,000,950 | ---- | M] () -- C:\Users\Svenja\AppData\Roaming\Mozilla\Firefox\Profiles\gmdpvsh4.default\searchplugins\icqplugin-3.xml
[2010.04.03 22:00:58 | 000,000,950 | ---- | M] () -- C:\Users\Svenja\AppData\Roaming\Mozilla\Firefox\Profiles\gmdpvsh4.default\searchplugins\icqplugin-4.xml
[2010.06.15 23:30:50 | 000,000,950 | ---- | M] () -- C:\Users\Svenja\AppData\Roaming\Mozilla\Firefox\Profiles\gmdpvsh4.default\searchplugins\icqplugin-5.xml
[2010.07.06 16:13:08 | 000,000,950 | ---- | M] () -- C:\Users\Svenja\AppData\Roaming\Mozilla\Firefox\Profiles\gmdpvsh4.default\searchplugins\icqplugin-6.xml
[2010.07.22 20:47:33 | 000,000,950 | ---- | M] () -- C:\Users\Svenja\AppData\Roaming\Mozilla\Firefox\Profiles\gmdpvsh4.default\searchplugins\icqplugin-7.xml
[2010.07.25 02:26:11 | 000,000,950 | ---- | M] () -- C:\Users\Svenja\AppData\Roaming\Mozilla\Firefox\Profiles\gmdpvsh4.default\searchplugins\icqplugin-8.xml
[2010.09.10 13:11:48 | 000,000,950 | ---- | M] () -- C:\Users\Svenja\AppData\Roaming\Mozilla\Firefox\Profiles\gmdpvsh4.default\searchplugins\icqplugin-9.xml
[2011.11.27 12:03:28 | 000,000,168 | ---- | M] () -- C:\Users\Svenja\AppData\Roaming\Mozilla\Firefox\Profiles\gmdpvsh4.default\searchplugins\icqplugin.gif
[2011.11.27 12:03:28 | 000,000,618 | ---- | M] () -- C:\Users\Svenja\AppData\Roaming\Mozilla\Firefox\Profiles\gmdpvsh4.default\searchplugins\icqplugin.src
[2010.05.12 17:40:48 | 000,001,042 | ---- | M] () -- C:\Users\Svenja\AppData\Roaming\Mozilla\Firefox\Profiles\gmdpvsh4.default\searchplugins\icqplugin.xml
[2011.11.10 18:36:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2009.11.23 17:44:28 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.08.26 21:04:38 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.11.10 18:36:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011.12.01 13:48:50 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\SVENJA\APPDATA\ROAMING\5052
() (No name found) -- C:\USERS\SVENJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GMDPVSH4.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
[2011.11.10 08:27:57 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011.10.02 14:51:03 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.02 14:51:03 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.02 14:51:03 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.02 14:51:03 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.02 14:51:03 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.02 14:51:03 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:[b]64bit:[/b] - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [Acer ePower Management] C:\Programme\eMachines\eMachines Power Management\ePowerTray.exe (Acer Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Svenja\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Userinit] C:\Users\Svenja\AppData\Roaming\appconf32.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8:[b]64bit:[/b] - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:[b]64bit:[/b] - Extra context menu item: Free YouTube Download - C:\Users\Svenja\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8:[b]64bit:[/b] - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Svenja\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59598702-B36D-4791-90DB-5DEA24689785}: DhcpNameServer = 192.168.2.1
O18:[b]64bit:[/b] - Protocol\Handler\fluxhttp - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\fluxhttp\0x00000007 - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-itss - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2011.12.01 23:42:41 | 000,000,000 | ---D | C] -- C:\Users\Svenja\AppData\Roaming\UAs
[2011.12.01 13:48:38 | 000,000,000 | ---D | C] -- C:\Users\Svenja\AppData\Roaming\5052
[2011.11.28 17:45:16 | 000,000,000 | ---D | C] -- C:\Users\Svenja\AppData\Roaming\5051
[2011.11.25 21:04:06 | 000,000,000 | ---D | C] -- C:\Users\Svenja\AppData\Roaming\5050
[2011.11.24 10:12:21 | 000,000,000 | ---D | C] -- C:\Users\Svenja\AppData\Roaming\5049
[2011.11.23 11:30:59 | 000,000,000 | ---D | C] -- C:\Users\Svenja\AppData\Roaming\5048
[2011.11.22 17:05:28 | 000,000,000 | ---D | C] -- C:\Users\Svenja\AppData\Roaming\5047
[2011.11.21 20:12:40 | 000,000,000 | ---D | C] -- C:\Users\Svenja\AppData\Roaming\5045
[2011.11.20 14:38:32 | 000,000,000 | ---D | C] -- C:\Users\Svenja\AppData\Roaming\5044
[2011.11.18 19:44:04 | 000,000,000 | ---D | C] -- C:\Users\Svenja\AppData\Roaming\5043
[2011.11.17 19:17:15 | 000,000,000 | ---D | C] -- C:\Users\Svenja\AppData\Roaming\5042
[2011.11.16 16:44:50 | 000,000,000 | ---D | C] -- C:\Users\Svenja\AppData\Roaming\5041
[2011.11.15 17:25:48 | 000,000,000 | ---D | C] -- C:\Users\Svenja\AppData\Roaming\5040
[2011.11.11 15:07:18 | 000,000,000 | ---D | C] -- C:\Users\Svenja\AppData\Roaming\5039
[2011.11.10 18:37:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.11.10 18:36:55 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011.11.10 18:36:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011.11.10 18:36:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011.11.10 08:26:52 | 000,000,000 | ---D | C] -- C:\Users\Svenja\AppData\Local\Akamai
[2011.11.08 23:20:43 | 000,000,000 | ---D | C] -- C:\Users\Svenja\AppData\Roaming\5038
[2011.11.08 23:20:29 | 000,000,000 | ---D | C] -- C:\Users\Svenja\AppData\Roaming\xmldm
[2011.11.08 23:16:37 | 000,000,000 | ---D | C] -- C:\Users\Svenja\AppData\Roaming\kock
[2009.08.14 14:15:09 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[2 C:\Users\Svenja\AppData\Roaming\*.tmp files -> C:\Users\Svenja\AppData\Roaming\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2011.12.03 16:36:52 | 000,000,036 | ---- | M] () -- C:\Users\Svenja\AppData\Roaming\blckdom.res
[2011.12.03 16:00:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.03 09:48:40 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.03 09:48:40 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.03 09:41:16 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.03 09:41:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.03 09:40:54 | 3166,154,752 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.01 22:27:36 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.12.01 22:27:36 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.12.01 22:27:36 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.12.01 22:27:36 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.12.01 22:27:36 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.12.01 22:27:31 | 000,676,156 | ---- | M] () -- C:\Users\Svenja\Desktop\DSCN0745.JPG
[2011.12.01 16:19:48 | 000,005,012 | R--- | M] () -- C:\Users\Svenja\Desktop\Schule und Demokratie.rtf
[2011.11.29 22:36:58 | 014,629,795 | ---- | M] () -- C:\Users\Svenja\Desktop\Tim_Bendzko_-_Nur_Noch_Kurz_Die_Welt_Retten_Official_Video.mp4
[2011.11.24 17:19:35 | 002,312,104 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.11.24 15:25:57 | 000,091,315 | ---- | M] () -- C:\Users\Svenja\Desktop\Desktop.rar
[2011.11.18 20:11:04 | 017,345,552 | ---- | M] () -- C:\Users\Svenja\Desktop\THE_RAVEONETTES_-_APPARITIONS.mp4
[2011.11.09 16:45:40 | 1695,407,454 | ---- | M] () -- C:\Users\Svenja\Desktop\DSCN0730.AVI
[2 C:\Users\Svenja\AppData\Roaming\*.tmp files -> C:\Users\Svenja\AppData\Roaming\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2011.12.03 13:46:18 | 014,135,706 | ---- | C] () -- C:\Users\Svenja\Desktop\It's love.wmv
[2011.12.03 13:45:59 | 023,348,626 | ---- | C] () -- C:\Users\Svenja\Desktop\Chris's death and brith.wmv
[2011.12.03 13:45:24 | 048,204,224 | ---- | C] () -- C:\Users\Svenja\Desktop\Chrisforever.wmv
[2011.12.03 13:45:03 | 027,220,872 | ---- | C] () -- C:\Users\Svenja\Desktop\chris- forever in our mind.wmv
[2011.12.03 13:44:14 | 061,772,666 | ---- | C] () -- C:\Users\Svenja\Desktop\chris and paige for dani.wmv
[2011.12.03 13:44:00 | 016,916,172 | ---- | C] () -- C:\Users\Svenja\Desktop\charmed-the BITTER- end.wmv
[2011.12.03 13:43:46 | 016,652,158 | ---- | C] () -- C:\Users\Svenja\Desktop\charmed-the bitter end.wmv
[2011.12.01 22:24:53 | 000,676,156 | ---- | C] () -- C:\Users\Svenja\Desktop\DSCN0745.JPG
[2011.12.01 16:35:36 | 000,005,012 | R--- | C] () -- C:\Users\Svenja\Desktop\Schule und Demokratie.rtf
[2011.11.29 22:35:12 | 014,629,795 | ---- | C] () -- C:\Users\Svenja\Desktop\Tim_Bendzko_-_Nur_Noch_Kurz_Die_Welt_Retten_Official_Video.mp4
[2011.11.28 19:58:44 | 000,000,036 | ---- | C] () -- C:\Users\Svenja\AppData\Roaming\blckdom.res
[2011.11.24 15:25:57 | 000,091,315 | ---- | C] () -- C:\Users\Svenja\Desktop\Desktop.rar
[2011.11.18 20:09:45 | 017,345,552 | ---- | C] () -- C:\Users\Svenja\Desktop\THE_RAVEONETTES_-_APPARITIONS.mp4
[2011.11.09 19:31:42 | 1695,407,454 | ---- | C] () -- C:\Users\Svenja\Desktop\DSCN0730.AVI
[2011.09.11 12:52:38 | 000,004,096 | -H-- | C] () -- C:\Users\Svenja\AppData\Local\keyfile3.drm
[2010.08.26 21:08:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.07.22 20:32:39 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2010.07.22 20:32:39 | 000,002,411 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2010.03.29 19:36:36 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2010.03.21 17:12:01 | 000,004,608 | ---- | C] () -- C:\Users\Svenja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.21 16:00:07 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.01.01 15:52:06 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2009.11.27 23:24:31 | 000,000,906 | ---- | C] () -- C:\Users\Svenja\AppData\Roaming\wklnhst.dat
[2009.11.23 17:38:05 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.09.02 17:52:46 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009.08.14 14:58:48 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009.08.14 14:58:48 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009.08.14 14:58:47 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008.12.09 16:23:13 | 000,050,656 | RHS- | C] () -- C:\Users\Svenja\AppData\Roaming\appconf32.exe
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:A3E39C6A
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:93DE1838
< End of report >[/CODE]
--- --- ---
Ich hoffe, dass ihr mir sagen könnt, wie ich weiterverfahren kann. Ich bin wirklich ein Nubie und eine typische, dumme Frau, wenn es um Viren/Trojaner etc geht.
Danke für eure Hilfe schon mal :)
Liebe Grüße |
