| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Kritischer Fehler. Beschädigte Festplatten-Cluster gefunden .... und destopsymbole verschwundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.05.2011, 16:39
| #1 |
 |  Kritischer Fehler. Beschädigte Festplatten-Cluster gefunden .... und destopsymbole verschwunden also ich habe letztens mein pc hochgefahren und dan waren alle desktopsymbole schon weg also die meisten lieder und so ... und es kamen von antivir immer warnungen aufjedem fall hab ich mal einige forums durch gelesen und habe Malwarebytes installiert und durch geführt und otl installiert und laufen lassen .... aber wie bekomme ich meine allten desktop symbole wieder???????????????????????? |
|
03.05.2011, 16:42
| #2 |
| /// Malware-holic   | Kritischer Fehler. Beschädigte Festplatten-Cluster gefunden .... und destopsymbole verschwunden hi, schön das du die programme genutzt hast, aber wie sollen wir ohne die log files wissen was gefunden wurde?
__________________öffne malwarebytes, logdateien, poste alle scan logs. poste beide otl logs.
__________________ |
|
03.05.2011, 16:50
| #3 |
| | Kritischer Fehler. Beschädigte Festplatten-Cluster gefunden .... und destopsymbole verschwunden schuldigung
__________________ Malwarebytes: Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 6499 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 03.05.2011 17:45:04 mbam-log-2011-05-03 (17-45-04).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 164973 Laufzeit: 4 Minute(n), 27 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) otl: OTL logfile created on: 03.05.2011 17:25:37 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Oguz\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111,44 Gb Total Space | 38,16 Gb Free Space | 34,25% Space Free | Partition Type: NTFS Drive D: | 107,90 Gb Total Space | 92,18 Gb Free Space | 85,43% Space Free | Partition Type: NTFS Computer Name: OGUZ38 | User Name: Oguz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.05.03 17:23:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Oguz\Desktop\OTL.exe PRC - [2011.05.03 17:11:20 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.04.16 16:42:05 | 000,187,456 | ---- | M] (DATA BECKER GmbH & Co KG) -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe PRC - [2010.11.07 04:04:06 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Oguz\AppData\Local\Temp\RtkBtMnt.exe PRC - [2010.05.14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2010.04.16 23:12:28 | 003,872,080 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe PRC - [2009.08.06 09:53:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.10.25 12:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2008.09.20 15:49:38 | 003,520,512 | -H-- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Programme\Acer\Acer Bio Protection\CompPtcVUI.exe PRC - [2008.09.20 15:49:30 | 003,602,432 | -H-- | M] () -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe PRC - [2008.09.10 13:11:12 | 000,676,520 | ---- | M] () -- C:\Programme\Lexmark 5600-6600 Series\lxdumon.exe PRC - [2008.09.10 13:11:09 | 000,025,256 | ---- | M] () -- C:\Programme\Lexmark 5600-6600 Series\lxdumsdmon.exe PRC - [2008.08.01 09:51:42 | 000,405,504 | ---- | M] (Acer Inc.) -- C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe PRC - [2008.07.20 11:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008.06.02 09:25:40 | 000,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe PRC - [2008.05.30 12:24:30 | 000,544,768 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Empowering Technology\eAudio\eAudio.exe PRC - [2008.05.23 14:58:34 | 000,594,600 | -H-- | M] ( ) -- C:\Windows\System32\lxducoms.exe PRC - [2008.05.14 17:05:30 | 000,500,784 | -H-- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe PRC - [2008.05.07 10:19:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.03.25 15:25:06 | 000,050,952 | ---- | M] (UPEK Inc.) -- C:\Programme\Common Files\SPBA\upeksvr.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.16 18:35:02 | 000,081,504 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe PRC - [2008.01.10 17:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\RS_Service.exe PRC - [2007.12.06 16:15:28 | 000,110,592 | -H-- | M] () -- C:\ACER\Mobility Center\MobilityService.exe ========== Modules (SafeList) ========== MOD - [2011.05.03 17:23:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Oguz\Desktop\OTL.exe MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (LTJT) SRV - File not found [On_Demand | Stopped] -- -- (GUHWVKIZ) SRV - File not found [On_Demand | Stopped] -- -- (DBGJWBQPT) SRV - File not found [On_Demand | Stopped] -- -- (CLUZLMTOI) SRV - File not found [On_Demand | Stopped] -- -- (BEKVJDDAJ) SRV - File not found [On_Demand | Stopped] -- -- (AJPVQTZPIEZX) SRV - [2011.04.16 16:42:05 | 000,187,456 | ---- | M] (DATA BECKER GmbH & Co KG) [Auto | Running] -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe -- (DBService) SRV - [2009.09.03 19:51:00 | 003,347,280 | -H-- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2009.08.06 09:53:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2008.09.20 15:49:30 | 003,602,432 | -H-- | M] () [Auto | Running] -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe -- (IGBASVC) SRV - [2008.07.20 11:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2008.06.02 09:25:40 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2008.05.23 14:58:34 | 000,594,600 | -H-- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxducoms.exe -- (lxdu_device) SRV - [2008.05.23 14:58:22 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe -- (lxduCATSCustConnectService) SRV - [2008.05.14 17:05:30 | 000,500,784 | -H-- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.16 18:35:02 | 000,081,504 | ---- | M] () [Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService) SRV - [2008.01.10 17:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2007.12.06 16:15:28 | 000,110,592 | -H-- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) ========== Driver Services (SafeList) ========== DRV - [2009.12.07 20:43:33 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.09.20 15:49:26 | 000,042,608 | -H-- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\system32\Drivers\AlfaFF.sys -- (AlfaFF) DRV - [2008.07.18 18:23:00 | 007,545,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.07.18 16:05:10 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2008.06.25 07:05:06 | 000,044,064 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008.05.26 11:54:28 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD) DRV - [2008.05.19 18:23:00 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E) DRV - [2008.05.05 03:05:00 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2008.01.16 18:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel) DRV - [2007.10.19 00:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007.06.05 12:09:26 | 000,035,072 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiBus.sys -- (SaiNtBus) DRV - [2007.06.05 12:09:26 | 000,014,080 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiMini.sys -- (SaiMini) DRV - [2007.06.05 12:09:14 | 000,135,048 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiHF518.sys -- (SaiHF518) DRV - [2007.03.28 07:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir) DRV - [2007.01.26 08:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Sign In [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Web Search..." FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.27.0 FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.03 17:11:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.03 17:11:21 | 000,000,000 | ---D | M] [2009.09.19 05:56:04 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Oguz\AppData\Roaming\mozilla\Extensions [2011.05.03 11:48:35 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Oguz\AppData\Roaming\mozilla\Firefox\Profiles\7da1es29.default\extensions [2010.07.04 12:14:24 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Oguz\AppData\Roaming\mozilla\Firefox\Profiles\7da1es29.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.03.27 21:04:07 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Users\Oguz\AppData\Roaming\mozilla\Firefox\Profiles\7da1es29.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011.01.27 22:58:28 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Oguz\AppData\Roaming\mozilla\Firefox\Profiles\7da1es29.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.01.27 22:58:15 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Oguz\AppData\Roaming\mozilla\Firefox\Profiles\7da1es29.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.02.01 20:03:06 | 000,000,000 | -H-D | M] (Battlefield Heroes Updater) -- C:\Users\Oguz\AppData\Roaming\mozilla\Firefox\Profiles\7da1es29.default\extensions\battlefieldheroespatcher@ea.com [2010.04.28 11:59:32 | 000,000,000 | -H-D | M] (RadioBar Toolbar) -- C:\Users\Oguz\AppData\Roaming\mozilla\Firefox\Profiles\7da1es29.default\extensions\radiobar@toolbar [2009.08.17 18:54:53 | 000,000,681 | -H-- | M] () -- C:\Users\Oguz\AppData\Roaming\Mozilla\Firefox\Profiles\7da1es29.default\searchplugins\ask.xml [2009.10.02 12:20:28 | 000,002,171 | -H-- | M] () -- C:\Users\Oguz\AppData\Roaming\Mozilla\Firefox\Profiles\7da1es29.default\searchplugins\bing.xml [2011.01.27 23:03:30 | 000,000,873 | -H-- | M] () -- C:\Users\Oguz\AppData\Roaming\Mozilla\Firefox\Profiles\7da1es29.default\searchplugins\conduit.xml [2010.04.23 10:25:21 | 000,001,589 | -H-- | M] () -- C:\Users\Oguz\AppData\Roaming\Mozilla\Firefox\Profiles\7da1es29.default\searchplugins\web-search.xml [2010.12.31 06:51:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.02.17 17:19:09 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2009.03.13 15:22:01 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [2009.04.10 04:53:10 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.07.23 20:06:16 | 000,317,952 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 007guard.com - 007guard and Free Antivirus O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 Avast | Cash Advance | Debt Consolidation | Insurance | Free Credit Report at 0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com - Informationen zum Thema Sex links. Diese Website steht zum Verkauf! O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 10907 more lines... O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll () O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.) O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll () O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll () O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated) O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [Lexmark 5600-6600 Series Fax Server] C:\Program Files\Lexmark 5600-6600 Series\fm3032.exe () O4 - HKLM..\Run: [lxduamon] C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe () O4 - HKLM..\Run: [lxdumon.exe] C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [94CCCDB3307A9707] File not found O4 - HKCU..\Run: [vKECjCxHfiQS] File not found O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Oguz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8 - Extra context menu item: Free YouTube to iPhone Converter - C:\Users\Oguz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoiphoneconverter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam) O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.36.0.cab (Battlefield Heroes Updater) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/1.4/jinstall-14_03-windows-i586.cab (Java Plug-in 1.4.1_03) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: CabBuilder hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.) O20 - Winlogon\Notify\spba: DllName - C:\Program Files\Common Files\SPBA\homefus2.dll - C:\Programme\Common Files\SPBA\homefus2.dll (UPEK Inc.) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img34.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img34.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{7f115f11-3fa5-11de-8468-001e68eac376}\Shell\Auto\command - "" = activexdebugger32.exe f O33 - MountPoints2\{7f115f11-3fa5-11de-8468-001e68eac376}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f O33 - MountPoints2\{7f115f11-3fa5-11de-8468-001e68eac376}\Shell\explore\Command - "" = activexdebugger32.exe f O33 - MountPoints2\{7f115f11-3fa5-11de-8468-001e68eac376}\Shell\open\Command - "" = activexdebugger32.exe f O33 - MountPoints2\{8039931b-ef91-11dd-8618-001e68eac376}\Shell\Auto\command - "" = activexdebugger32.exe f O33 - MountPoints2\{8039931b-ef91-11dd-8618-001e68eac376}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f O33 - MountPoints2\{8039931b-ef91-11dd-8618-001e68eac376}\Shell\explore\Command - "" = activexdebugger32.exe f O33 - MountPoints2\{8039931b-ef91-11dd-8618-001e68eac376}\Shell\open\Command - "" = activexdebugger32.exe f O33 - MountPoints2\{8c0f733a-bfa3-11dd-a26a-001e68eac376}\Shell\Auto\command - "" = activexdebugger32.exe f O33 - MountPoints2\{8c0f733a-bfa3-11dd-a26a-001e68eac376}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f O33 - MountPoints2\{8c0f733a-bfa3-11dd-a26a-001e68eac376}\Shell\explore\Command - "" = activexdebugger32.exe f O33 - MountPoints2\{8c0f733a-bfa3-11dd-a26a-001e68eac376}\Shell\open\Command - "" = activexdebugger32.exe f O33 - MountPoints2\{96fdc18e-d9b4-11dd-a132-001e68eac376}\Shell\Auto\command - "" = activexdebugger32.exe f O33 - MountPoints2\{96fdc18e-d9b4-11dd-a132-001e68eac376}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f O33 - MountPoints2\{96fdc18e-d9b4-11dd-a132-001e68eac376}\Shell\explore\Command - "" = activexdebugger32.exe f O33 - MountPoints2\{96fdc18e-d9b4-11dd-a132-001e68eac376}\Shell\open\Command - "" = activexdebugger32.exe f O33 - MountPoints2\{ce71dda0-bedf-11dd-9dcb-001e68eac376}\Shell\Auto\command - "" = activexdebugger32.exe f O33 - MountPoints2\{ce71dda0-bedf-11dd-9dcb-001e68eac376}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f O33 - MountPoints2\{ce71dda0-bedf-11dd-9dcb-001e68eac376}\Shell\explore\Command - "" = activexdebugger32.exe f O33 - MountPoints2\{ce71dda0-bedf-11dd-9dcb-001e68eac376}\Shell\open\Command - "" = activexdebugger32.exe f O33 - MountPoints2\{ce71ddab-bedf-11dd-9dcb-001e68eac376}\Shell\Auto\command - "" = activexdebugger32.exe f O33 - MountPoints2\{ce71ddab-bedf-11dd-9dcb-001e68eac376}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f O33 - MountPoints2\{ce71ddab-bedf-11dd-9dcb-001e68eac376}\Shell\explore\Command - "" = activexdebugger32.exe f O33 - MountPoints2\{ce71ddab-bedf-11dd-9dcb-001e68eac376}\Shell\open\Command - "" = activexdebugger32.exe f O33 - MountPoints2\{d5c50d32-bb0e-11dd-9f29-001e68eac376}\Shell - "" = AutoRun O33 - MountPoints2\{d5c50d32-bb0e-11dd-9f29-001e68eac376}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{df483e95-d204-11df-9f8e-001e68fd1c2d}\Shell - "" = AutoRun O33 - MountPoints2\{df483e95-d204-11df-9f8e-001e68fd1c2d}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta O33 - MountPoints2\{f3536679-b8c5-11dd-a07e-001e68eac376}\Shell - "" = AutoRun O33 - MountPoints2\{f3536679-b8c5-11dd-a07e-001e68eac376}\Shell\AutoRun\command - "" = E:\EasySuite.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.05.03 17:23:03 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Oguz\Desktop\OTL.exe [2011.05.03 16:59:01 | 000,000,000 | ---D | C] -- C:\Users\Oguz\AppData\Roaming\Malwarebytes [2011.05.03 16:58:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.05.03 16:58:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.05.03 16:58:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.05.03 16:58:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.05.03 16:58:51 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.05.03 16:57:57 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Oguz\Desktop\mbam-setup.exe [2011.05.03 10:14:57 | 000,000,000 | ---D | C] -- C:\Windows\Profiles [2011.04.25 19:10:24 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011.04.25 19:10:24 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011.04.25 19:10:24 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011.04.25 19:10:24 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011.04.25 19:10:24 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.04.25 19:10:23 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.25 19:10:23 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011.04.25 19:10:23 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011.04.25 19:10:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.04.25 19:10:23 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.04.25 19:10:23 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011.04.25 19:10:22 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.04.25 19:10:22 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.04.25 19:10:22 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.04.25 19:10:22 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.04.25 19:10:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.04.25 19:10:22 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011.04.25 19:10:22 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.04.25 19:10:22 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.04.25 19:10:22 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.04.25 19:10:22 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.04.25 19:10:21 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.04.25 19:10:21 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.25 19:10:21 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.25 19:10:21 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011.04.25 19:10:21 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011.04.25 19:10:21 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.04.25 19:10:21 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011.04.25 19:10:20 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.04.25 19:10:20 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.25 19:10:20 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.04.25 19:10:20 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011.04.25 19:10:20 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011.04.25 19:10:20 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.25 19:10:20 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011.04.25 19:10:20 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011.04.25 19:10:20 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.04.25 19:10:20 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011.04.25 19:10:20 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.04.25 16:08:03 | 000,000,000 | -H-D | C] -- C:\Users\Oguz\Desktop\Neuer Ordner (2) [2011.04.16 18:34:01 | 000,000,000 | -H-D | C] -- C:\Users\Oguz\Desktop\Power Point [2011.04.16 16:42:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\DATA BECKER Downloads [2011.04.16 16:41:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DATA BECKER [2011.04.16 16:41:25 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DATA BECKER Shared [2011.04.16 16:40:08 | 000,000,000 | -H-D | C] -- C:\ProgramData\Kit d'impression CD-DVD 7 LE [2011.04.16 16:40:08 | 000,000,000 | -H-D | C] -- C:\ProgramData\CD-DVD Printing Kit 7 LE [2011.04.16 16:40:07 | 000,260,880 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\MSFLXGRD.OCX [2011.04.16 16:40:07 | 000,212,240 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\richtx32.ocx [2011.04.16 16:40:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\CD-DVD Druckerei 7 LE [2011.04.16 16:40:06 | 000,647,872 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\mscomct2.ocx [2011.04.16 16:40:06 | 000,516,096 | -H-- | C] (Newtone Corporation) -- C:\Windows\System32\IK7SxfSfc.dll [2011.04.16 16:40:06 | 000,255,656 | -H-- | C] (MIIK Ltd) -- C:\Windows\System32\CDTextReader.dll [2011.04.16 16:40:06 | 000,200,704 | -H-- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7Tiff.dll [2011.04.16 16:40:06 | 000,172,032 | -H-- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7VectCom.dll [2011.04.16 16:40:06 | 000,125,712 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\vb6de.dll [2011.04.16 16:40:06 | 000,094,208 | -H-- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7Wmf.dll [2011.04.16 16:40:06 | 000,033,792 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdlgde.dll [2011.04.16 16:40:05 | 001,142,784 | -H-- | C] (Newtone Corporation) -- C:\Windows\System32\IK7SxfP21.dll [2011.04.16 16:40:05 | 000,249,856 | -H-- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7Effect.dll [2011.04.16 16:40:05 | 000,229,376 | -H-- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7J2k.dll [2011.04.16 16:40:05 | 000,200,704 | -H-- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7Png.dll [2011.04.16 16:40:05 | 000,159,744 | -H-- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7Jpeg.dll [2011.04.16 16:40:05 | 000,151,552 | -H-- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7Fpx.dll [2011.04.16 16:40:05 | 000,126,976 | -H-- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7Com.dll [2011.04.16 16:40:05 | 000,122,880 | -H-- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7Print.dll [2011.04.16 16:40:05 | 000,118,784 | -H-- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7Svg.dll [2011.04.16 16:40:05 | 000,118,784 | -H-- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7Dxf.dll [2011.04.16 16:40:05 | 000,102,400 | -H-- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7File.dll [2011.04.16 16:40:05 | 000,102,400 | -H-- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7Emf.dll [2011.04.16 16:40:05 | 000,098,304 | -H-- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7Scan.dll [2011.04.16 16:40:05 | 000,061,440 | -H-- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7Bmp.dll [2011.04.16 16:40:05 | 000,057,344 | -H-- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7Gif.dll [2011.04.16 16:40:05 | 000,053,248 | -H-- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7Pcx.dll [2011.04.16 16:39:50 | 000,499,712 | -H-- | C] (H.Phlipsen - Softwareentwicklung (hxxp://www.phlipsen.de)) -- C:\Windows\System32\cdd7.vbx.gui2.dll [2011.04.16 16:39:50 | 000,303,104 | -H-- | C] (H.Phlipsen - Softwareentwicklung (hxxp://www.phlipsen.de)) -- C:\Windows\System32\cdd7.vbx.ikw.dll [2011.04.16 16:39:50 | 000,135,168 | -H-- | C] (H.Phlipsen - Softwareentwicklung (hxxp://www.phlipsen.de)) -- C:\Windows\System32\cdd7.vbx.inet.dll [2011.04.16 16:39:49 | 001,798,144 | -H-- | C] (H.Phlipsen - Softwareentwicklung (hxxp://www.phlipsen.de)) -- C:\Windows\System32\cdd7.vbx.gui.dll [2011.04.16 16:39:49 | 000,663,552 | -H-- | C] (H.Phlipsen - Softwareentwicklung (hxxp://www.phlipsen.de)) -- C:\Windows\System32\cdd7.vbx.dll [2011.04.16 16:39:48 | 000,790,528 | -H-- | C] (H.Phlipsen - Softwareentwicklung (hxxp://www.hphlipsen.de)) -- C:\Windows\System32\cdd7.res.dll [2011.04.16 16:39:48 | 000,765,952 | -H-- | C] (H.Phlipsen - Softwareentwicklung (hxxp://www.hphlipsen.de)) -- C:\Windows\System32\cdd7.res.fr.dll [2011.04.16 16:39:48 | 000,733,184 | -H-- | C] (H.Phlipsen - Softwareentwicklung (hxxp://www.hphlipsen.de)) -- C:\Windows\System32\cdd7.res.us.dll [2011.04.16 16:39:47 | 001,146,880 | -H-- | C] (H.Phlipsen - Softwareentwicklung (hxxp://www.hphlipsen.de)) -- C:\Windows\System32\cdd7.obj.edit.dll [2011.04.16 16:39:47 | 001,024,000 | -H-- | C] (H.Phlipsen - Softwareentwicklung (hxxp://www.hphlipsen.de)) -- C:\Windows\System32\cdd7.obj.dll [2011.04.16 16:39:47 | 000,651,264 | -H-- | C] (H.Phlipsen - Softwareentwicklung (hxxp://www.hphlipsen.de)) -- C:\Windows\System32\cdd7.prn.dll [2011.04.16 16:39:46 | 000,339,968 | -H-- | C] (H.Phlipsen - Softwareentwicklung (hxxp://www.hphlipsen.de)) -- C:\Windows\System32\cdd7.ass.dll [2011.04.16 16:39:41 | 000,000,000 | -H-D | C] -- C:\Users\Oguz\Favorites\Dokumente\Eigene Projekte [2011.04.16 16:39:37 | 000,000,000 | ---D | C] -- C:\Programme\DATA BECKER [2011.04.14 05:31:59 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.14 05:31:58 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.14 05:31:47 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.14 05:31:47 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.14 05:31:45 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.14 05:31:44 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2009.11.05 21:34:21 | 000,438,272 | -H-- | C] ( ) -- C:\Windows\System32\LXDUhcp.dll [2009.11.05 21:34:21 | 000,364,544 | -H-- | C] ( ) -- C:\Windows\System32\lxduinpa.dll [2009.11.05 21:34:21 | 000,339,968 | -H-- | C] ( ) -- C:\Windows\System32\lxduiesc.dll [2009.11.05 21:34:20 | 001,069,056 | -H-- | C] ( ) -- C:\Windows\System32\lxduserv.dll [2009.11.05 21:34:20 | 000,851,968 | -H-- | C] ( ) -- C:\Windows\System32\lxduusb1.dll [2009.11.05 21:34:19 | 000,651,264 | -H-- | C] ( ) -- C:\Windows\System32\lxdupmui.dll [2009.11.05 21:34:19 | 000,577,536 | -H-- | C] ( ) -- C:\Windows\System32\lxdulmpm.dll [2009.11.05 21:34:18 | 000,679,936 | -H-- | C] ( ) -- C:\Windows\System32\lxduhbn3.dll [2009.11.05 21:34:18 | 000,328,360 | -H-- | C] ( ) -- C:\Windows\System32\lxduih.exe [2009.11.05 21:34:17 | 000,765,952 | -H-- | C] ( ) -- C:\Windows\System32\lxducomc.dll [2009.11.05 21:34:17 | 000,594,600 | -H-- | C] ( ) -- C:\Windows\System32\lxducoms.exe [2009.11.05 21:34:17 | 000,376,832 | -H-- | C] ( ) -- C:\Windows\System32\lxducomm.dll [2009.11.05 21:34:17 | 000,369,320 | -H-- | C] ( ) -- C:\Windows\System32\lxducfg.exe [2008.07.22 10:01:25 | 000,049,152 | -H-- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.05.03 17:23:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Oguz\Desktop\OTL.exe [2011.05.03 17:13:50 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.05.03 17:13:50 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.05.03 17:13:50 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.05.03 17:13:50 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.05.03 17:08:57 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.03 17:08:57 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.03 17:08:57 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.05.03 17:08:38 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat [2011.05.03 17:08:32 | 3184,381,952 | -HS- | M] () -- C:\hiberfil.sys [2011.05.03 16:58:56 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.03 16:58:13 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Oguz\Desktop\mbam-setup.exe [2011.05.03 14:30:01 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.05.02 19:24:00 | 258,722,961 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.04.29 19:15:17 | 000,070,656 | -H-- | M] () -- C:\Users\Oguz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.28 09:12:49 | 000,000,178 | ---- | M] () -- C:\Users\Oguz\Desktop\Dokument.rtf [2011.04.27 08:18:20 | 000,001,804 | -H-- | M] () -- C:\Users\Oguz\Desktop\Adobe Reader 8.lnk [2011.04.27 08:18:14 | 000,001,875 | -H-- | M] () -- C:\Users\Oguz\Desktop\AntiVir starten.lnk [2011.04.27 08:18:09 | 000,001,668 | -H-- | M] () -- C:\Users\Oguz\Desktop\iTunes.lnk [2011.04.27 08:18:04 | 000,001,219 | -H-- | M] () -- C:\Users\Oguz\Desktop\Free YouTube to MP3 Converter.lnk [2011.04.27 08:18:00 | 000,000,258 | -H-- | M] () -- C:\Users\Oguz\Desktop\Shows Desktop.lnk [2011.04.27 08:17:57 | 000,001,680 | -H-- | M] () -- C:\Users\Oguz\Desktop\CCleaner (3).lnk [2011.04.27 08:17:46 | 000,001,680 | -H-- | M] () -- C:\Users\Oguz\Desktop\CCleaner (2).lnk [2011.04.27 08:17:41 | 000,001,638 | -H-- | M] () -- C:\Users\Oguz\Desktop\Mobility Center (3).lnk [2011.04.27 08:17:33 | 000,000,591 | -H-- | M] () -- C:\Users\Oguz\Desktop\Acer Crystal Eye Webcam.lnk [2011.04.27 08:17:22 | 000,001,979 | -H-- | M] () -- C:\Users\Oguz\Desktop\Windows Live Messenger (2).lnk [2011.04.25 19:10:33 | 000,008,798 | -H-- | M] () -- C:\Windows\System32\icrav03.rat [2011.04.25 19:10:33 | 000,001,988 | -H-- | M] () -- C:\Windows\System32\ticrf.rat [2011.04.25 19:10:24 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011.04.25 19:10:24 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011.04.25 19:10:24 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011.04.25 19:10:24 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011.04.25 19:10:24 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.04.25 19:10:23 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.25 19:10:23 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011.04.25 19:10:23 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011.04.25 19:10:23 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.04.25 19:10:23 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.04.25 19:10:23 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011.04.25 19:10:22 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.04.25 19:10:22 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.04.25 19:10:22 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.04.25 19:10:22 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.04.25 19:10:22 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.04.25 19:10:22 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011.04.25 19:10:22 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.04.25 19:10:22 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.04.25 19:10:22 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2011.04.25 19:10:22 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.04.25 19:10:22 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.04.25 19:10:21 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.04.25 19:10:21 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.25 19:10:21 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.25 19:10:21 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011.04.25 19:10:21 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011.04.25 19:10:21 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.04.25 19:10:21 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011.04.25 19:10:20 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.04.25 19:10:20 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.25 19:10:20 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.04.25 19:10:20 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011.04.25 19:10:20 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011.04.25 19:10:20 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.25 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011.04.25 19:10:20 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011.04.25 19:10:20 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.04.25 19:10:20 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011.04.25 19:10:20 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.04.25 18:38:28 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2011.04.25 16:13:25 | 000,172,712 | -H-- | M] () -- C:\ProgramData\nvModes.001 [2011.04.22 19:28:06 | 000,001,638 | -H-- | M] () -- C:\Users\Oguz\Desktop\Mobility Center (2).lnk [2011.04.19 16:17:45 | 000,001,638 | -H-- | M] () -- C:\Users\Oguz\Desktop\Mobility Center.lnk [2011.04.18 13:48:16 | 000,002,631 | -H-- | M] () -- C:\Users\Oguz\Desktop\Microsoft Office Word 2007.lnk [2011.04.17 05:59:24 | 000,428,240 | -H-- | M] () -- C:\Windows\System32\FNTCACHE.DAT [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.05.03 16:58:56 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.01 09:00:33 | 258,722,961 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011.04.28 09:12:49 | 000,000,178 | ---- | C] () -- C:\Users\Oguz\Desktop\Dokument.rtf [2011.04.27 08:18:20 | 000,001,804 | -H-- | C] () -- C:\Users\Oguz\Desktop\Adobe Reader 8.lnk [2011.04.27 08:18:14 | 000,001,875 | -H-- | C] () -- C:\Users\Oguz\Desktop\AntiVir starten.lnk [2011.04.27 08:18:09 | 000,001,668 | -H-- | C] () -- C:\Users\Oguz\Desktop\iTunes.lnk [2011.04.27 08:18:04 | 000,001,219 | -H-- | C] () -- C:\Users\Oguz\Desktop\Free YouTube to MP3 Converter.lnk [2011.04.27 08:18:00 | 000,000,258 | -H-- | C] () -- C:\Users\Oguz\Desktop\Shows Desktop.lnk [2011.04.27 08:17:57 | 000,001,680 | -H-- | C] () -- C:\Users\Oguz\Desktop\CCleaner (3).lnk [2011.04.27 08:17:46 | 000,001,680 | -H-- | C] () -- C:\Users\Oguz\Desktop\CCleaner (2).lnk [2011.04.27 08:17:41 | 000,001,638 | -H-- | C] () -- C:\Users\Oguz\Desktop\Mobility Center (3).lnk [2011.04.27 08:17:33 | 000,000,591 | -H-- | C] () -- C:\Users\Oguz\Desktop\Acer Crystal Eye Webcam.lnk [2011.04.27 08:17:22 | 000,001,979 | -H-- | C] () -- C:\Users\Oguz\Desktop\Windows Live Messenger (2).lnk [2011.04.25 19:10:22 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011.04.25 18:35:35 | 3184,381,952 | -HS- | C] () -- C:\hiberfil.sys [2011.04.22 19:28:06 | 000,001,638 | -H-- | C] () -- C:\Users\Oguz\Desktop\Mobility Center (2).lnk [2011.04.19 16:17:45 | 000,001,638 | -H-- | C] () -- C:\Users\Oguz\Desktop\Mobility Center.lnk [2011.01.23 10:43:48 | 000,120,200 | -H-- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2010.11.16 22:26:36 | 000,000,036 | -H-- | C] () -- C:\Windows\System32\swk.ini [2010.09.25 07:09:34 | 000,000,552 | -H-- | C] () -- C:\Users\Oguz\AppData\Local\d3d8caps.dat [2010.05.30 13:39:37 | 000,000,600 | -H-- | C] () -- C:\Users\Oguz\AppData\Roaming\winscp.rnd [2010.02.01 20:37:42 | 000,139,456 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.02.01 20:37:41 | 000,138,056 | -H-- | C] () -- C:\Users\Oguz\AppData\Roaming\PnkBstrK.sys [2010.02.01 20:37:26 | 000,190,160 | -H-- | C] () -- C:\Windows\System32\PnkBstrB.exe [2010.02.01 20:37:23 | 002,395,944 | -H-- | C] () -- C:\Windows\System32\pbsvc_heroes.exe [2010.02.01 20:37:23 | 000,075,064 | -H-- | C] () -- C:\Windows\System32\PnkBstrA.exe [2009.11.05 21:42:50 | 000,360,448 | -H-- | C] () -- C:\Windows\System32\lxducoin.dll [2009.11.05 21:40:53 | 000,040,960 | -H-- | C] () -- C:\Windows\System32\lxduvs.dll [2009.11.05 21:39:10 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxducaps.dll [2009.11.05 21:39:09 | 001,036,288 | ---- | C] () -- C:\Windows\System32\lxdudrs.dll [2009.11.05 21:39:09 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxducnv4.dll [2009.11.05 21:38:50 | 000,045,056 | -H-- | C] () -- C:\Windows\System32\LXDUPMON.DLL [2009.11.05 21:38:50 | 000,032,768 | -H-- | C] () -- C:\Windows\System32\LXDUFXPU.DLL [2009.11.05 21:38:30 | 000,086,016 | -H-- | C] () -- C:\Windows\System32\lxduoem.dll [2009.11.05 21:35:55 | 000,000,044 | -H-- | C] () -- C:\Windows\System32\lxdurwrd.ini [2009.11.05 21:34:22 | 000,389,120 | -H-- | C] () -- C:\Windows\System32\LXDUinst.dll [2009.11.05 21:34:18 | 000,208,896 | -H-- | C] () -- C:\Windows\System32\lxdugrd.dll [2009.09.24 13:01:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.24 13:01:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.07.23 21:06:46 | 000,053,264 | -H-- | C] () -- C:\ProgramData\Viewoozeooze.ieyat8 [2009.07.23 20:44:56 | 000,323,600 | -H-- | C] () -- C:\ProgramData\Viewoozeooze.okuik [2009.07.23 20:22:46 | 000,364,560 | -H-- | C] () -- C:\ProgramData\Viewoozeooze.waj34n8 [2009.07.23 20:00:54 | 000,307,216 | -H-- | C] () -- C:\ProgramData\Viewoozeooze.fh1sr [2009.06.17 19:30:16 | 000,106,512 | -H-- | C] () -- C:\ProgramData\nurb start wipe.jxfk5 [2009.06.17 19:29:56 | 000,380,944 | -H-- | C] () -- C:\ProgramData\Viewoozeooze.n8vkx8 [2009.06.17 19:29:56 | 000,253,968 | -H-- | C] () -- C:\ProgramData\Viewoozeooze.dsi0mdn [2009.06.14 13:49:04 | 000,339,968 | -H-- | C] () -- C:\Windows\System32\pythoncom25.dll [2009.06.14 13:49:04 | 000,114,688 | -H-- | C] () -- C:\Windows\System32\pywintypes25.dll [2009.02.26 20:26:38 | 001,351,392 | -H-- | C] () -- C:\Windows\EPVP-MHS 4.0.exe [2009.01.21 16:52:51 | 000,005,073 | -H-- | C] () -- C:\ProgramData\nmpmeswb.lkq [2009.01.05 13:33:11 | 000,002,299 | -H-- | C] () -- C:\Users\Oguz\AppData\Roaming\acervcmtmp.ini [2008.12.08 13:14:32 | 000,428,240 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2008.11.25 19:13:12 | 000,000,510 | -H-- | C] () -- C:\Windows\WORDPAD.INI [2008.10.25 10:51:25 | 000,000,010 | -H-- | C] () -- C:\Windows\popcinfo.dat [2008.10.24 20:19:39 | 000,001,356 | -H-- | C] () -- C:\Users\Oguz\AppData\Local\d3d9caps.dat [2008.10.20 12:53:40 | 000,070,656 | -H-- | C] () -- C:\Users\Oguz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.10.14 07:02:46 | 000,106,496 | RH-- | C] () -- C:\Windows\System32\VSHP1018.DLL [2008.10.14 07:02:45 | 000,442,368 | -H-- | C] () -- C:\Windows\System32\ZSHP1018.EXE [2008.10.11 19:19:40 | 002,514,944 | ---- | C] () -- C:\Windows\System32\SaiCF518.Dll [2008.10.11 19:19:40 | 000,008,704 | ---- | C] () -- C:\Windows\System32\SaiCF518_0C.dll [2008.10.11 19:19:40 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiCF518_10.dll [2008.10.11 19:19:40 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiCF518_0A.dll [2008.10.11 19:19:40 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiCF518_07.dll [2008.10.11 19:19:40 | 000,007,680 | ---- | C] () -- C:\Windows\System32\SaiCF518_09.dll [2008.10.11 19:19:40 | 000,007,168 | ---- | C] () -- C:\Windows\System32\SaiCF518_0402.dll [2008.10.11 19:19:40 | 000,005,632 | ---- | C] () -- C:\Windows\System32\SaiCF518_11.dll [2008.10.04 14:57:05 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat [2008.10.04 14:22:59 | 000,002,626 | -H-- | C] () -- C:\Users\Oguz\AppData\Roaming\wklnhst.dat [2008.10.04 13:34:26 | 000,172,712 | -H-- | C] () -- C:\ProgramData\nvModes.001 [2008.10.04 13:34:23 | 000,172,712 | -H-- | C] () -- C:\ProgramData\nvModes.dat [2008.10.04 12:26:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.09.20 15:49:50 | 000,118,784 | -H-- | C] () -- C:\Windows\System32\VMC3KAPI.dll [2008.07.30 04:13:17 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll [2008.07.30 04:13:17 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll [2008.07.30 03:47:56 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll [2008.07.30 03:42:04 | 000,487,424 | -H-- | C] () -- C:\Windows\System32\INT15.dll [2008.07.30 03:25:14 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2008.07.30 03:25:14 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2008.07.30 03:25:14 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2008.07.30 03:25:14 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2008.01.21 09:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.01.26 08:32:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys [2006.11.02 14:57:28 | 000,067,584 | ---- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll [2000.01.07 02:00:00 | 000,024,448 | -H-- | C] () -- C:\Windows\sysgtime.dll [2000.01.07 02:00:00 | 000,024,448 | -H-- | C] () -- C:\Windows\System32\proclsvr.drv ========== LOP Check ========== [2009.06.12 08:10:11 | 000,000,000 | -HSD | M] -- C:\Users\Oguz\AppData\Roaming\.# [2010.02.28 14:36:25 | 000,000,000 | -H-D | M] -- C:\Users\Oguz\AppData\Roaming\5600-6600 Series [2008.10.04 18:07:35 | 000,000,000 | -H-D | M] -- C:\Users\Oguz\AppData\Roaming\Acer [2008.07.30 04:10:28 | 000,000,000 | -H-D | M] -- C:\Users\Oguz\AppData\Roaming\Acer GameZone Console [2008.10.31 20:25:24 | 000,000,000 | -H-D | M] -- C:\Users\Oguz\AppData\Roaming\ASCOMP Software [2009.05.06 19:13:32 | 000,000,000 | -H-D | M] -- C:\Users\Oguz\AppData\Roaming\Azureus [2008.10.08 16:11:05 | 000,000,000 | -H-D | M] -- C:\Users\Oguz\AppData\Roaming\Big Fish Games [2010.10.10 19:52:11 | 000,000,000 | -H-D | M] -- C:\Users\Oguz\AppData\Roaming\DVDVideoSoft [2011.01.27 22:58:14 | 000,000,000 | -H-D | M] -- C:\Users\Oguz\AppData\Roaming\DVDVideoSoftIEHelpers [2008.12.07 23:42:20 | 000,000,000 | -H-D | M] -- C:\Users\Oguz\AppData\Roaming\EAST Technologies [2009.07.23 21:10:39 | 000,000,000 | -H-D | M] -- C:\Users\Oguz\AppData\Roaming\eSobi [2010.06.24 15:33:11 | 000,000,000 | -H-D | M] -- C:\Users\Oguz\AppData\Roaming\Facebook [2008.10.04 16:26:11 | 000,000,000 | -H-D | M] -- C:\Users\Oguz\AppData\Roaming\FloodLightGames [2009.09.30 18:21:43 | 000,000,000 | -H-D | M] -- C:\Users\Oguz\AppData\Roaming\FreeFLVConverter [2009.06.12 08:10:40 | 000,000,000 | -H-D | M] -- C:\Users\Oguz\AppData\Roaming\Gaijin Ent [2009.02.17 17:31:42 | 000,000,000 | -H-D | M] -- C:\Users\Oguz\AppData\Roaming\ICQ [2009.01.11 19:26:37 | 000,000,000 | -H-D | M] -- C:\Users\Oguz\AppData\Roaming\iWin [2009.11.06 19:34:17 | 000,000,000 | -H-D | M] -- C:\Users\Oguz\AppData\Roaming\Lexmark Productivity Studio [2011.01.23 10:50:51 | 000,000,000 | -H-D | M] -- C:\Users\Oguz\AppData\Roaming\MAGIX [2010.12.26 03:21:11 | 000,000,000 | -H-D | M] -- C:\Users\Oguz\AppData\Roaming\NCH Swift Sound [2009.07.23 20:58:58 | 000,000,000 | -H-D | M] -- C:\Users\Oguz\AppData\Roaming\OpenOffice.org [2008.10.13 16:11:17 | 000,000,000 | -H-D | M] -- C:\Users\Oguz\AppData\Roaming\PlayFirst [2008.10.04 14:25:36 | 000,000,000 | -H-D | M] -- C:\Users\Oguz\AppData\Roaming\Template [2011.05.03 17:06:01 | 000,032,512 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.12.16 04:39:24 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{100455A1-98F1-4670-B68B-35AF6331F03D}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:FC420CE6 @Alternate Data Stream - 98 bytes -> C:\ProgramData\Temp:9E22BBE8 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:FEBEC560 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:861A898F @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:671329E4 @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:E36F5B57 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:9F683177 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:580E04D8 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:8AB6C1D7 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:2B99FE60 @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:193426B4 @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:C97C8631 @Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:B623B5B8 @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:C95B63DA @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:793F316E @Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:8173A019 @Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:4F636E25 @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:4CF61E54 @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:4BB26BE9 @Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:24051EFF @Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:131C0EE9 < End of report |
|
03.05.2011, 16:51
| #4 |
| | Kritischer Fehler. Beschädigte Festplatten-Cluster gefunden .... und destopsymbole verschwunden schuldigung Malwarebytes: Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 6499 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 03.05.2011 17:45:04 mbam-log-2011-05-03 (17-45-04).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 164973 Laufzeit: 4 Minute(n), 27 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) otl: OTL Logfile: Code:
ATTFilter OTL logfile created on: 03.05.2011 17:25:37 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Oguz\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111,44 Gb Total Space | 38,16 Gb Free Space | 34,25% Space Free | Partition Type: NTFS Drive D: | 107,90 Gb Total Space | 92,18 Gb Free Space | 85,43% Space Free | Partition Type: NTFS Computer Name: OGUZ38 | User Name: Oguz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.05.03 17:23:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Oguz\Desktop\OTL.exe PRC - [2011.05.03 17:11:20 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.04.16 16:42:05 | 000,187,456 | ---- | M] (DATA BECKER GmbH & Co KG) -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe PRC - [2010.11.07 04:04:06 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Oguz\AppData\Local\Temp\RtkBtMnt.exe PRC - [2010.05.14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2010.04.16 23:12:28 | 003,872,080 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe PRC - [2009.08.06 09:53:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.10.25 12:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2008.09.20 15:49:38 | 003,520,512 | -H-- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Programme\Acer\Acer Bio Protection\CompPtcVUI.exe PRC - [2008.09.20 15:49:30 | 003,602,432 | -H-- | M] () -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe PRC - [2008.09.10 13:11:12 | 000,676,520 | ---- | M] () -- C:\Programme\Lexmark 5600-6600 Series\lxdumon.exe PRC - [2008.09.10 13:11:09 | 000,025,256 | ---- | M] () -- C:\Programme\Lexmark 5600-6600 Series\lxdumsdmon.exe PRC - [2008.08.01 09:51:42 | 000,405,504 | ---- | M] (Acer Inc.) -- C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe PRC - [2008.07.20 11:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008.06.02 09:25:40 | 000,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe PRC - [2008.05.30 12:24:30 | 000,544,768 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Empowering Technology\eAudio\eAudio.exe PRC - [2008.05.23 14:58:34 | 000,594,600 | -H-- | M] ( ) -- C:\Windows\System32\lxducoms.exe PRC - [2008.05.14 17:05:30 | 000,500,784 | -H-- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe PRC - [2008.05.07 10:19:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.03.25 15:25:06 | 000,050,952 | ---- | M] (UPEK Inc.) -- C:\Programme\Common Files\SPBA\upeksvr.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.16 18:35:02 | 000,081,504 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe PRC - [2008.01.10 17:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\RS_Service.exe PRC - [2007.12.06 16:15:28 | 000,110,592 | -H-- | M] () -- C:\ACER\Mobility Center\MobilityService.exe ========== Modules (SafeList) ========== MOD - [2011.05.03 17:23:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Oguz\Desktop\OTL.exe MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (LTJT) SRV - File not found [On_Demand | Stopped] -- -- (GUHWVKIZ) SRV - File not found [On_Demand | Stopped] -- -- (DBGJWBQPT) SRV - File not found [On_Demand | Stopped] -- -- (CLUZLMTOI) SRV - File not found [On_Demand | Stopped] -- -- (BEKVJDDAJ) SRV - File not found [On_Demand | Stopped] -- -- (AJPVQTZPIEZX) SRV - [2011.04.16 16:42:05 | 000,187,456 | ---- | M] (DATA BECKER GmbH & Co KG) [Auto | Running] -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe -- (DBService) SRV - [2009.09.03 19:51:00 | 003,347,280 | -H-- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2009.08.06 09:53:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2008.09.20 15:49:30 | 003,602,432 | -H-- | M] () [Auto | Running] -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe -- (IGBASVC) SRV - [2008.07.20 11:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2008.06.02 09:25:40 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2008.05.23 14:58:34 | 000,594,600 | -H-- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxducoms.exe -- (lxdu_device) SRV - [2008.05.23 14:58:22 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe -- (lxduCATSCustConnectService) SRV - [2008.05.14 17:05:30 | 000,500,784 | -H-- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.16 18:35:02 | 000,081,504 | ---- | M] () [Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService) SRV - [2008.01.10 17:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2007.12.06 16:15:28 | 000,110,592 | -H-- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) ========== Driver Services (SafeList) ========== DRV - [2009.12.07 20:43:33 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.09.20 15:49:26 | 000,042,608 | -H-- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\system32\Drivers\AlfaFF.sys -- (AlfaFF) DRV - [2008.07.18 18:23:00 | 007,545,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.07.18 16:05:10 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2008.06.25 07:05:06 | 000,044,064 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008.05.26 11:54:28 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD) DRV - [2008.05.19 18:23:00 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E) DRV - [2008.05.05 03:05:00 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2008.01.16 18:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel) DRV - [2007.10.19 00:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007.06.05 12:09:26 | 000,035,072 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiBus.sys -- (SaiNtBus) DRV - [2007.06.05 12:09:26 | 000,014,080 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiMini.sys -- (SaiMini) DRV - [2007.06.05 12:09:14 | 000,135,048 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiHF518.sys -- (SaiHF518) DRV - [2007.03.28 07:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir) DRV - [2007.01.26 08:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Sign In [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Web Search..." FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.27.0 FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.03 17:11:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.03 17:11:21 | 000,000,000 | ---D | M] [2009.09.19 05:56:04 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Oguz\AppData\Roaming\mozilla\Extensions [2011.05.03 11:48:35 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Oguz\AppData\Roaming\mozilla\Firefox\Profiles\7da1es29.default\extensions [2010.07.04 12:14:24 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Oguz\AppData\Roaming\mozilla\Firefox\Profiles\7da1es29.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.03.27 21:04:07 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Users\Oguz\AppData\Roaming\mozilla\Firefox\Profiles\7da1es29.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011.01.27 22:58:28 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Oguz\AppData\Roaming\mozilla\Firefox\Profiles\7da1es29.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.01.27 22:58:15 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Oguz\AppData\Roaming\mozilla\Firefox\Profiles\7da1es29.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.02.01 20:03:06 | 000,000,000 | -H-D | M] (Battlefield Heroes Updater) -- C:\Users\Oguz\AppData\Roaming\mozilla\Firefox\Profiles\7da1es29.default\extensions\battlefieldheroespatcher@ea.com [2010.04.28 11:59:32 | 000,000,000 | -H-D | M] (RadioBar Toolbar) -- C:\Users\Oguz\AppData\Roaming\mozilla\Firefox\Profiles\7da1es29.default\extensions\radiobar@toolbar [2009.08.17 18:54:53 | 000,000,681 | -H-- | M] () -- C:\Users\Oguz\AppData\Roaming\Mozilla\Firefox\Profiles\7da1es29.default\searchplugins\ask.xml [2009.10.02 12:20:28 | 000,002,171 | -H-- | M] () -- C:\Users\Oguz\AppData\Roaming\Mozilla\Firefox\Profiles\7da1es29.default\searchplugins\bing.xml [2011.01.27 23:03:30 | 000,000,873 | -H-- | M] () -- C:\Users\Oguz\AppData\Roaming\Mozilla\Firefox\Profiles\7da1es29.default\searchplugins\conduit.xml [2010.04.23 10:25:21 | 000,001,589 | -H-- | M] () -- C:\Users\Oguz\AppData\Roaming\Mozilla\Firefox\Profiles\7da1es29.default\searchplugins\web-search.xml [2010.12.31 06:51:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.02.17 17:19:09 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2009.03.13 15:22:01 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [2009.04.10 04:53:10 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.07.23 20:06:16 | 000,317,952 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 007guard.com - 007guard and Free Antivirus O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 Avast | Cash Advance | Debt Consolidation | Insurance | Free Credit Report at 0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com - Informationen zum Thema Sex links. Diese Website steht zum Verkauf! O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 10907 more lines... O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll () O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.) O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll () O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll () O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated) O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [Lexmark 5600-6600 Series Fax Server] C:\Program Files\Lexmark 5600-6600 Series\fm3032.exe () O4 - HKLM..\Run: [lxduamon] C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe () O4 - HKLM..\Run: [lxdumon.exe] C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [94CCCDB3307A9707] File not found O4 - HKCU..\Run: [vKECjCxHfiQS] File not found O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Oguz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8 - Extra context menu item: Free YouTube to iPhone Converter - C:\Users\Oguz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoiphoneconverter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam) O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.36.0.cab (Battlefield Heroes Updater) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/1.4/jinstall-14_03-windows-i586.cab (Java Plug-in 1.4.1_03) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: CabBuilder hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.) O20 - Winlogon\Notify\spba: DllName - C:\Program Files\Common Files\SPBA\homefus2.dll - C:\Programme\Common Files\SPBA\homefus2.dll (UPEK Inc.) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img34.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img34.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{7f115f11-3fa5-11de-8468-001e68eac376}\Shell\Auto\command - "" = activexdebugger32.exe f O33 - MountPoints2\{7f115f11-3fa5-11de-8468-001e68eac376}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f O33 - MountPoints2\{7f115f11-3fa5-11de-8468-001e68eac376}\Shell\explore\Command - "" = activexdebugger32.exe f O33 - MountPoints2\{7f115f11-3fa5-11de-8468-001e68eac376}\Shell\open\Command - "" = activexdebugger32.exe f O33 - MountPoints2\{8039931b-ef91-11dd-8618-001e68eac376}\Shell\Auto\command - "" = activexdebugger32.exe f O33 - MountPoints2\{8039931b-ef91-11dd-8618-001e68eac376}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f O33 - MountPoints2\{8039931b-ef91-11dd-8618-001e68eac376}\Shell\explore\Command - "" = activexdebugger32.exe f O33 - MountPoints2\{8039931b-ef91-11dd-8618-001e68eac376}\Shell\open\Command - "" = activexdebugger32.exe f O33 - MountPoints2\{8c0f733a-bfa3-11dd-a26a-001e68eac376}\Shell\Auto\command - "" = activexdebugger32.exe f O33 - MountPoints2\{8c0f733a-bfa3-11dd-a26a-001e68eac376}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f O33 - MountPoints2\{8c0f733a-bfa3-11dd-a26a-001e68eac376}\Shell\explore\Command - "" = activexdebugger32.exe f O33 - MountPoints2\{8c0f733a-bfa3-11dd-a26a-001e68eac376}\Shell\open\Command - "" = activexdebugger32.exe f O33 - MountPoints2\{96fdc18e-d9b4-11dd-a132-001e68eac376}\Shell\Auto\command - "" = activexdebugger32.exe f O33 - MountPoints2\{96fdc18e-d9b4-11dd-a132-001e68eac376}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f O33 - MountPoints2\{96fdc18e-d9b4-11dd-a132-001e68eac376}\Shell\explore\Command - "" = activexdebugger32.exe f O33 - MountPoints2\{96fdc18e-d9b4-11dd-a132-001e68eac376}\Shell\open\Command - "" = activexdebugger32.exe f O33 - MountPoints2\{ce71dda0-bedf-11dd-9dcb-001e68eac376}\Shell\Auto\command - "" = activexdebugger32.exe f O33 - MountPoints2\{ce71dda0-bedf-11dd-9dcb-001e68eac376}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f O33 - MountPoints2\{ce71dda0-bedf-11dd-9dcb-001e68eac376}\Shell\explore\Command - "" = activexdebugger32.exe f O33 - MountPoints2\{ce71dda0-bedf-11dd-9dcb-001e68eac376}\Shell\open\Command - "" = activexdebugger32.exe f O33 - MountPoints2\{ce71ddab-bedf-11dd-9dcb-001e68eac376}\Shell\Auto\command - "" = activexdebugger32.exe f O33 - MountPoints2\{ce71ddab-bedf-11dd-9dcb-001e68eac376}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f O33 - MountPoints2\{ce71ddab-bedf-11dd-9dcb-001e68eac376}\Shell\explore\Command - "" = activexdebugger32.exe f O33 - MountPoints2\{ce71ddab-bedf-11dd-9dcb-001e68eac376}\Shell\open\Command - "" = activexdebugger32.exe f O33 - MountPoints2\{d5c50d32-bb0e-11dd-9f29-001e68eac376}\Shell - "" = AutoRun O33 - MountPoints2\{d5c50d32-bb0e-11dd-9f29-001e68eac376}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{df483e95-d204-11df-9f8e-001e68fd1c2d}\Shell - "" = AutoRun O33 - MountPoints2\{df483e95-d204-11df-9f8e-001e68fd1c2d}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta O33 - MountPoints2\{f3536679-b8c5-11dd-a07e-001e68eac376}\Shell - "" = AutoRun O33 - MountPoints2\{f3536679-b8c5-11dd-a07e-001e68eac376}\Shell\AutoRun\command - "" = E:\EasySuite.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.05.03 17:23:03 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Oguz\Desktop\OTL.exe [2011.05.03 16:59:01 | 000,000,000 | ---D | C] -- C:\Users\Oguz\AppData\Roaming\Malwarebytes [2011.05.03 16:58:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.05.03 16:58:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.05.03 16:58:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.05.03 16:58:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.05.03 16:58:51 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.05.03 16:57:57 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Oguz\Desktop\mbam-setup.exe [2011.05.03 10:14:57 | 000,000,000 | ---D | C] -- C:\Windows\Profiles [2011.04.25 19:10:24 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011.04.25 19:10:24 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011.04.25 19:10:24 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011.04.25 19:10:24 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011.04.25 19:10:24 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.04.25 19:10:23 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.25 19:10:23 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011.04.25 19:10:23 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011.04.25 19:10:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.04.25 19:10:23 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.04.25 19:10:23 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011.04.25 19:10:22 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.04.25 19:10:22 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.04.25 19:10:22 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.04.25 19:10:22 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.04.25 19:10:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.04.25 19:10:22 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011.04.25 19:10:22 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.04.25 19:10:22 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.04.25 19:10:22 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.04.25 19:10:22 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.04.25 19:10:21 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.04.25 19:10:21 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.25 19:10:21 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.25 19:10:21 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011.04.25 19:10:21 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011.04.25 19:10:21 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.04.25 19:10:21 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011.04.25 19:10:20 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.04.25 19:10:20 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.25 19:10:20 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.04.25 19:10:20 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011.04.25 19:10:20 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011.04.25 19:10:20 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.25 19:10:20 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011.04.25 19:10:20 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011.04.25 19:10:20 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.04.25 19:10:20 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011.04.25 19:10:20 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.04.25 16:08:03 | 000,000,000 | -H-D | C] -- C:\Users\Oguz\Desktop\Neuer Ordner (2) [2011.04.16 18:34:01 | 000,000,000 | -H-D | C] -- C:\Users\Oguz\Desktop\Power Point [2011.04.16 16:42:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\DATA BECKER Downloads [2011.04.16 16:41:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DATA BECKER [2011.04.16 16:41:25 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DATA BECKER Shared [2011.04.16 16:40:08 | 000,000,000 | -H-D | C] -- C:\ProgramData\Kit d'impression CD-DVD 7 LE [2011.04.16 16:40:08 | 000,000,000 | -H-D | C] -- C:\ProgramData\CD-DVD Printing Kit 7 LE [2011.04.16 16:40:07 | 000,260,880 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\MSFLXGRD.OCX [2011.04.16 16:40:07 | 000,212,240 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\richtx32.ocx [2011.04.16 16:40:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\CD-DVD Druckerei 7 LE [2011.04.16 16:40:06 | 000,647,872 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\mscomct2.ocx [2011.04.16 16:40:06 | 000,516,096 | -H-- | C] (Newtone Corporation) -- C:\Windows\System32\IK7SxfSfc.dll [2011.04.16 16:40:06 | 000,255,656 | -H-- | C] (MIIK Ltd) -- C:\Windows\System32\CDTextReader.dll [2011.04.16 16:40:06 | 000,200,704 | -H-- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7Tiff.dll [2011.04.16 16:40:06 | 000,172,032 | -H-- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7VectCom.dll [2011.04.16 16:40:06 | 000,125,712 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\vb6de.dll [2011.04.16 16:40:06 | 000,094,208 | -H-- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7Wmf.dll [2011.04.16 16:40:06 | 000,033,792 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdlgde.dll [2011.04.16 16:40:05 | 001,142,784 | -H-- | C] (Newtone Corporation) -- C:\Windows\System32\IK7SxfP21.dll [2011.04.16 16:40:05 | 000,249,856 | -H-- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7Effect.dll [2011.04.16 16:40:05 | 000,229,376 | -H-- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7J2k.dll [2011.04.16 16:40:05 | 000,200,704 | -H-- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7Png.dll [2011.04.16 16:40:05 | 000,159,744 | -H-- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7Jpeg.dll [2011.04.16 16:40:05 | 000,151,552 | -H-- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7Fpx.dll [2011.04.16 16:40:05 | 000,126,976 | -H-- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7Com.dll [2011.04.16 16:40:05 | 000,122,880 | -H-- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7Print.dll [2011.04.16 16:40:05 | 000,118,784 | -H-- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7Svg.dll [2011.04.16 16:40:05 | 000,118,784 | -H-- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7Dxf.dll [2011.04.16 16:40:05 | 000,102,400 | -H-- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7File.dll [2011.04.16 16:40:05 | 000,102,400 | -H-- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7Emf.dll [2011.04.16 16:40:05 | 000,098,304 | -H-- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7Scan.dll [2011.04.16 16:40:05 | 000,061,440 | -H-- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7Bmp.dll [2011.04.16 16:40:05 | 000,057,344 | -H-- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7Gif.dll [2011.04.16 16:40:05 | 000,053,248 | -H-- | C] (Newtone Corporation) -- C:\Windows\System32\Ik7Pcx.dll [2011.04.16 16:39:50 | 000,499,712 | -H-- | C] (H.Phlipsen - Softwareentwicklung (hxxp://www.phlipsen.de)) -- C:\Windows\System32\cdd7.vbx.gui2.dll [2011.04.16 16:39:50 | 000,303,104 | -H-- | C] (H.Phlipsen - Softwareentwicklung (hxxp://www.phlipsen.de)) -- C:\Windows\System32\cdd7.vbx.ikw.dll [2011.04.16 16:39:50 | 000,135,168 | -H-- | C] (H.Phlipsen - Softwareentwicklung (hxxp://www.phlipsen.de)) -- C:\Windows\System32\cdd7.vbx.inet.dll [2011.04.16 16:39:49 | 001,798,144 | -H-- | C] (H.Phlipsen - Softwareentwicklung (hxxp://www.phlipsen.de)) -- C:\Windows\System32\cdd7.vbx.gui.dll [2011.04.16 16:39:49 | 000,663,552 | -H-- | C] (H.Phlipsen - Softwareentwicklung (hxxp://www.phlipsen.de)) -- C:\Windows\System32\cdd7.vbx.dll [2011.04.16 16:39:48 | 000,790,528 | -H-- | C] (H.Phlipsen - Softwareentwicklung (hxxp://www.hphlipsen.de)) -- C:\Windows\System32\cdd7.res.dll [2011.04.16 16:39:48 | 000,765,952 | -H-- | C] (H.Phlipsen - Softwareentwicklung (hxxp://www.hphlipsen.de)) -- C:\Windows\System32\cdd7.res.fr.dll [2011.04.16 16:39:48 | 000,733,184 | -H-- | C] (H.Phlipsen - Softwareentwicklung (hxxp://www.hphlipsen.de)) -- C:\Windows\System32\cdd7.res.us.dll [2011.04.16 16:39:47 | 001,146,880 | -H-- | C] (H.Phlipsen - Softwareentwicklung (hxxp://www.hphlipsen.de)) -- C:\Windows\System32\cdd7.obj.edit.dll [2011.04.16 16:39:47 | 001,024,000 | -H-- | C] (H.Phlipsen - Softwareentwicklung (hxxp://www.hphlipsen.de)) -- C:\Windows\System32\cdd7.obj.dll [2011.04.16 16:39:47 | 000,651,264 | -H-- | C] (H.Phlipsen - Softwareentwicklung (hxxp://www.hphlipsen.de)) -- C:\Windows\System32\cdd7.prn.dll [2011.04.16 16:39:46 | 000,339,968 | -H-- | C] (H.Phlipsen - Softwareentwicklung (hxxp://www.hphlipsen.de)) -- C:\Windows\System32\cdd7.ass.dll [2011.04.16 16:39:41 | 000,000,000 | -H-D | C] -- C:\Users\Oguz\Favorites\Dokumente\Eigene Projekte [2011.04.16 16:39:37 | 000,000,000 | ---D | C] -- C:\Programme\DATA BECKER [2011.04.14 05:31:59 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.14 05:31:58 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.14 05:31:47 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.14 05:31:47 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.14 05:31:45 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.14 05:31:44 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2009.11.05 21:34:21 | 000,438,272 | -H-- | C] ( ) -- C:\Windows\System32\LXDUhcp.dll [2009.11.05 21:34:21 | 000,364,544 | -H-- | C] ( ) -- C:\Windows\System32\lxduinpa.dll [2009.11.05 21:34:21 | 000,339,968 | -H-- | C] ( ) -- C:\Windows\System32\lxduiesc.dll [2009.11.05 21:34:20 | 001,069,056 | -H-- | C] ( ) -- C:\Windows\System32\lxduserv.dll [2009.11.05 21:34:20 | 000,851,968 | -H-- | C] ( ) -- C:\Windows\System32\lxduusb1.dll [2009.11.05 21:34:19 | 000,651,264 | -H-- | C] ( ) -- C:\Windows\System32\lxdupmui.dll [2009.11.05 21:34:19 | 000,577,536 | -H-- | C] ( ) -- C:\Windows\System32\lxdulmpm.dll [2009.11.05 21:34:18 | 000,679,936 | -H-- | C] ( ) -- C:\Windows\System32\lxduhbn3.dll [2009.11.05 21:34:18 | 000,328,360 | -H-- | C] ( ) -- C:\Windows\System32\lxduih.exe [2009.11.05 21:34:17 | 000,765,952 | -H-- | C] ( ) -- C:\Windows\System32\lxducomc.dll [2009.11.05 21:34:17 | 000,594,600 | -H-- | C] ( ) -- C:\Windows\System32\lxducoms.exe [2009.11.05 21:34:17 | 000,376,832 | -H-- | C] ( ) -- C:\Windows\System32\lxducomm.dll [2009.11.05 21:34:17 | 000,369,320 | -H-- | C] ( ) -- C:\Windows\System32\lxducfg.exe [2008.07.22 10:01:25 | 000,049,152 | -H-- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.05.03 17:23:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Oguz\Desktop\OTL.exe [2011.05.03 17:13:50 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.05.03 17:13:50 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.05.03 17:13:50 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.05.03 17:13:50 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.05.03 17:08:57 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.03 17:08:57 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.03 17:08:57 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.05.03 17:08:38 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat [2011.05.03 17:08:32 | 3184,381,952 | -HS- | M] () -- C:\hiberfil.sys [2011.05.03 16:58:56 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.03 16:58:13 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Oguz\Desktop\mbam-setup.exe [2011.05.03 14:30:01 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.05.02 19:24:00 | 258,722,961 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.04.29 19:15:17 | 000,070,656 | -H-- | M] () -- C:\Users\Oguz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.28 09:12:49 | 000,000,178 | ---- | M] () -- C:\Users\Oguz\Desktop\Dokument.rtf [2011.04.27 08:18:20 | 000,001,804 | -H-- | M] () -- C:\Users\Oguz\Desktop\Adobe Reader 8.lnk [2011.04.27 08:18:14 | 000,001,875 | -H-- | M] () -- C:\Users\Oguz\Desktop\AntiVir starten.lnk [2011.04.27 08:18:09 | 000,001,668 | -H-- | M] () -- C:\Users\Oguz\Desktop\iTunes.lnk [2011.04.27 08:18:04 | 000,001,219 | -H-- | M] () -- C:\Users\Oguz\Desktop\Free YouTube to MP3 Converter.lnk [2011.04.27 08:18:00 | 000,000,258 | -H-- | M] () -- C:\Users\Oguz\Desktop\Shows Desktop.lnk [2011.04.27 08:17:57 | 000,001,680 | -H-- | M] () -- C:\Users\Oguz\Desktop\CCleaner (3).lnk [2011.04.27 08:17:46 | 000,001,680 | -H-- | M] () -- C:\Users\Oguz\Desktop\CCleaner (2).lnk [2011.04.27 08:17:41 | 000,001,638 | -H-- | M] () -- C:\Users\Oguz\Desktop\Mobility Center (3).lnk [2011.04.27 08:17:33 | 000,000,591 | -H-- | M] () -- C:\Users\Oguz\Desktop\Acer Crystal Eye Webcam.lnk [2011.04.27 08:17:22 | 000,001,979 | -H-- | M] () -- C:\Users\Oguz\Desktop\Windows Live Messenger (2).lnk [2011.04.25 19:10:33 | 000,008,798 | -H-- | M] () -- C:\Windows\System32\icrav03.rat [2011.04.25 19:10:33 | 000,001,988 | -H-- | M] () -- C:\Windows\System32\ticrf.rat [2011.04.25 19:10:24 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011.04.25 19:10:24 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011.04.25 19:10:24 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011.04.25 19:10:24 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011.04.25 19:10:24 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.04.25 19:10:23 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.25 19:10:23 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011.04.25 19:10:23 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011.04.25 19:10:23 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.04.25 19:10:23 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.04.25 19:10:23 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011.04.25 19:10:22 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.04.25 19:10:22 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.04.25 19:10:22 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.04.25 19:10:22 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.04.25 19:10:22 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.04.25 19:10:22 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011.04.25 19:10:22 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.04.25 19:10:22 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.04.25 19:10:22 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2011.04.25 19:10:22 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.04.25 19:10:22 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.04.25 19:10:21 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.04.25 19:10:21 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.25 19:10:21 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.25 19:10:21 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011.04.25 19:10:21 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011.04.25 19:10:21 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.04.25 19:10:21 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011.04.25 19:10:20 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.04.25 19:10:20 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.25 19:10:20 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.04.25 19:10:20 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011.04.25 19:10:20 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011.04.25 19:10:20 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.25 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011.04.25 19:10:20 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011.04.25 19:10:20 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.04.25 19:10:20 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011.04.25 19:10:20 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.04.25 18:38:28 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2011.04.25 16:13:25 | 000,172,712 | -H-- | M] () -- C:\ProgramData\nvModes.001 [2011.04.22 19:28:06 | 000,001,638 | -H-- | M] () -- C:\Users\Oguz\Desktop\Mobility Center (2).lnk [2011.04.19 16:17:45 | 000,001,638 | -H-- | M] () -- C:\Users\Oguz\Desktop\Mobility Center.lnk [2011.04.18 13:48:16 | 000,002,631 | -H-- | M] () -- C:\Users\Oguz\Desktop\Microsoft Office Word 2007.lnk [2011.04.17 05:59:24 | 000,428,240 | -H-- | M] () -- C:\Windows\System32\FNTCACHE.DAT [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.05.03 16:58:56 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.01 09:00:33 | 258,722,961 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011.04.28 09:12:49 | 000,000,178 | ---- | C] () -- C:\Users\Oguz\Desktop\Dokument.rtf [2011.04.27 08:18:20 | 000,001,804 | -H-- | C] () -- C:\Users\Oguz\Desktop\Adobe Reader 8.lnk [2011.04.27 08:18:14 | 000,001,875 | -H-- | C] () -- C:\Users\Oguz\Desktop\AntiVir starten.lnk [2011.04.27 08:18:09 | 000,001,668 | -H-- | C] () -- C:\Users\Oguz\Desktop\iTunes.lnk [2011.04.27 08:18:04 | 000,001,219 | -H-- | C] () -- C:\Users\Oguz\Desktop\Free YouTube to MP3 Converter.lnk [2011.04.27 08:18:00 | 000,000,258 | -H-- | C] () -- C:\Users\Oguz\Desktop\Shows Desktop.lnk [2011.04.27 08:17:57 | 000,001,680 | -H-- | C] () -- C:\Users\Oguz\Desktop\CCleaner (3).lnk [2011.04.27 08:17:46 | 000,001,680 | -H-- | C] () -- C:\Users\Oguz\Desktop\CCleaner (2).lnk [2011.04.27 08:17:41 | 000,001,638 | -H-- | C] () -- C:\Users\Oguz\Desktop\Mobility Center (3).lnk [2011.04.27 08:17:33 | 000,000,591 | -H-- | C] () -- C:\Users\Oguz\Desktop\Acer Crystal Eye Webcam.lnk [2011.04.27 08:17:22 | 000,001,979 | -H-- | C] () -- C:\Users\Oguz\Desktop\Windows Live Messenger (2).lnk [2011.04.25 19:10:22 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011.04.25 18:35:35 | 3184,381,952 | -HS- | C] () -- C:\hiberfil.sys [2011.04.22 19:28:06 | 000,001,638 | -H-- | C] () -- C:\Users\Oguz\Desktop\Mobility Center (2).lnk [2011.04.19 16:17:45 | 000,001,638 | -H-- | C] () -- C:\Users\Oguz\Desktop\Mobility Center.lnk [2011.01.23 10:43:48 | 000,120,200 | -H-- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2010.11.16 22:26:36 | 000,000,036 | -H-- | C] () -- C:\Windows\System32\swk.ini [2010.09.25 07:09:34 | 000,000,552 | -H-- | C] () -- C:\Users\Oguz\AppData\Local\d3d8caps.dat [2010.05.30 13:39:37 | 000,000,600 | -H-- | C] () -- C:\Users\Oguz\AppData\Roaming\winscp.rnd [2010.02.01 20:37:42 | 000,139,456 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.02.01 20:37:41 | 000,138,056 | -H-- | C] () -- C:\Users\Oguz\AppData\Roaming\PnkBstrK.sys [2010.02.01 20:37:26 | 000,190,160 | -H-- | C] () -- C:\Windows\System32\PnkBstrB.exe [2010.02.01 20:37:23 | 002,395,944 | -H-- | C] () -- C:\Windows\System32\pbsvc_heroes.exe [2010.02.01 20:37:23 | 000,075,064 | -H-- | C] () -- C:\Windows\System32\PnkBstrA.exe [2009.11.05 21:42:50 | 000,360,448 | -H-- | C] () -- C:\Windows\System32\lxducoin.dll [2009.11.05 21:40:53 | 000,040,960 | -H-- | C] () -- C:\Windows\System32\lxduvs.dll [2009.11.05 21:39:10 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxducaps.dll [2009.11.05 21:39:09 | 001,036,288 | ---- | C] () -- C:\Windows\System32\lxdudrs.dll [2009.11.05 21:39:09 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxducnv4.dll [2009.11.05 21:38:50 | 000,045,056 | -H-- | C] () -- C:\Windows\System32\LXDUPMON.DLL [2009.11.05 21:38:50 | 000,032,768 | -H-- | C] () -- C:\Windows\System32\LXDUFXPU.DLL [2009.11.05 21:38:30 | 000,086,016 | -H-- | C] () -- C:\Windows\System32\lxduoem.dll [2009.11.05 21:35:55 | 000,000,044 | -H-- | C] () -- C:\Windows\System32\lxdurwrd.ini [2009.11.05 21:34:22 | 000,389,120 | -H-- | C] () -- C:\Windows\System32\LXDUinst.dll [2009.11.05 21:34:18 | 000,208,896 | -H-- | C] () -- C:\Windows\System32\lxdugrd.dll [2009.09.24 13:01:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.24 13:01:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.07.23 21:06:46 | 000,053,264 | -H-- | C] () -- C:\ProgramData\Viewoozeooze.ieyat8 [2009.07.23 20:44:56 | 000,323,600 | -H-- | C] () -- C:\ProgramData\Viewoozeooze.okuik [2009.07.23 20:22:46 | 000,364,560 | -H-- | C] () -- C:\ProgramData\Viewoozeooze.waj34n8 [2009.07.23 20:00:54 | 000,307,216 | -H-- | C] () -- C:\ProgramData\Viewoozeooze.fh1sr [2009.06.17 19:30:16 | 000,106,512 | -H-- | C] () -- C:\ProgramData\nurb start wipe.jxfk5 [2009.06.17 19:29:56 | 000,380,944 | -H-- | C] () -- C:\ProgramData\Viewoozeooze.n8vkx8 [2009.06.17 19:29:56 | 000,253,968 | -H-- | C] () -- C:\ProgramData\Viewoozeooze.dsi0mdn [2009.06.14 13:49:04 | 000,339,968 | -H-- | C] () -- C:\Windows\System32\pythoncom25.dll [2009.06.14 13:49:04 | 000,114,688 | -H-- | C] () -- C:\Windows\System32\pywintypes25.dll [2009.02.26 20:26:38 | 001,351,392 | -H-- | C] () -- C:\Windows\EPVP-MHS 4.0.exe [2009.01.21 16:52:51 | 000,005,073 | -H-- | C] () -- C:\ProgramData\nmpmeswb.lkq [2009.01.05 13:33:11 | 000,002,299 | -H-- | C] () -- C:\Users\Oguz\AppData\Roaming\acervcmtmp.ini [2008.12.08 13:14:32 | 000,428,240 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2008.11.25 19:13:12 | 000,000,510 | -H-- | C] () -- C:\Windows\WORDPAD.INI [2008.10.25 10:51:25 | 000,000,010 | -H-- | C] () -- C:\Windows\popcinfo.dat [2008.10.24 20:19:39 | 000,001,356 | -H-- | C] () -- C:\Users\Oguz\AppData\Local\d3d9caps.dat [2008.10.20 12:53:40 | 000,070,656 | -H-- | C] () -- C:\Users\Oguz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.10.14 07:02:46 | 000,106,496 | RH-- | C] () -- C:\Windows\System32\VSHP1018.DLL [2008.10.14 07:02:45 | 000,442,368 | -H-- | C] () -- C:\Windows\System32\ZSHP1018.EXE [2008.10.11 19:19:40 | 002,514,944 | ---- | C] () -- C:\Windows\System32\SaiCF518.Dll [2008.10.11 19:19:40 | 000,008,704 | ---- | C] () -- C:\Windows\System32\SaiCF518_0C.dll [2008.10.11 19:19:40 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiCF518_10.dll [2008.10.11 19:19:40 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiCF518_0A.dll [2008.10.11 19:19:40 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiCF518_07.dll [2008.10.11 19:19:40 | 000,007,680 | ---- | C] () -- C:\Windows\System32\SaiCF518_09.dll [2008.10.11 19:19:40 | 000,007,168 | ---- | C] () -- C:\Windows\System32\SaiCF518_0402.dll [2008.10.11 19:19:40 | 000,005,632 | ---- | C] () -- C:\Windows\System32\SaiCF518_11.dll [2008.10.04 14:57:05 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat [2008.10.04 14:22:59 | 000,002,626 | -H-- | C] () -- C:\Users\Oguz\AppData\Roaming\wklnhst.dat [2008.10.04 13:34:26 | 000,172,712 | -H-- | C] () -- C:\ProgramData\nvModes.001 [2008.10.04 13:34:23 | 000,172,712 | -H-- | C] () -- C:\ProgramData\nvModes.dat [2008.10.04 12:26:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.09.20 15:49:50 | 000,118,784 | -H-- | C] () -- C:\Windows\System32\VMC3KAPI.dll [2008.07.30 04:13:17 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll [2008.07.30 04:13:17 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll [2008.07.30 03:47:56 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll [2008.07.30 03:42:04 | 000,487,424 | -H-- | C] () -- C:\Windows\System32\INT15.dll [2008.07.30 03:25:14 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2008.07.30 03:25:14 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2008.07.30 03:25:14 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2008.07.30 03:25:14 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2008.01.21 09:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.01.26 08:32:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys [2006.11.02 14:57:28 | 000,067,584 | ---- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll [2000.01.07 02:00:00 | 000,024,448 | -H-- | C] () -- C:\Windows\sysgtime.dll [2000.01.07 02:00:00 | 000,024,448 | -H-- | C] () -- C:\Windows\System32\proclsvr.drv ========== LOP Check ========== [2009.06.12 08:10:11 | 000,000,000 | -HSD | M] -- C:\Users\Oguz\AppData\Roaming\.# [2010.02.28 14:36:25 | 000,000,000 | -H-D | M] -- C:\Users\Oguz\AppData\Roaming\5600-6600 Series [2008.10.04 18:07:35 | 000,000,000 | -H-D | M] -- C:\Users\Oguz\AppData\Roaming\Acer [2008.07.30 04:10:28 | 000,000,000 | -H-D | M] -- C:\Users\Oguz\AppData\Roaming\Acer GameZone Console [2008.10.31 20:25:24 | 000,000,000 | -H-D | M] -- C:\Users\Oguz\AppData\Roaming\ASCOMP Software [2009.05.06 19:13:32 | 000,000,000 | -H-D | M] -- C:\Users\Oguz\AppData\Roaming\Azureus [2008.10.08 16:11:05 | 000,000,000 | -H-D | M] -- C:\Users\Oguz\AppData\Roaming\Big Fish Games [2010.10.10 19:52:11 | 000,000,000 | -H-D | M] -- C:\Users\Oguz\AppData\Roaming\DVDVideoSoft [2011.01.27 22:58:14 | 000,000,000 | -H-D | M] -- C:\Users\Oguz\AppData\Roaming\DVDVideoSoftIEHelpers [2008.12.07 23:42:20 | 000,000,000 | -H-D | M] -- C:\Users\Oguz\AppData\Roaming\EAST Technologies [2009.07.23 21:10:39 | 000,000,000 | -H-D | M] -- C:\Users\Oguz\AppData\Roaming\eSobi [2010.06.24 15:33:11 | 000,000,000 | -H-D | M] -- C:\Users\Oguz\AppData\Roaming\Facebook [2008.10.04 16:26:11 | 000,000,000 | -H-D | M] -- C:\Users\Oguz\AppData\Roaming\FloodLightGames [2009.09.30 18:21:43 | 000,000,000 | -H-D | M] -- C:\Users\Oguz\AppData\Roaming\FreeFLVConverter [2009.06.12 08:10:40 | 000,000,000 | -H-D | M] -- C:\Users\Oguz\AppData\Roaming\Gaijin Ent [2009.02.17 17:31:42 | 000,000,000 | -H-D | M] -- C:\Users\Oguz\AppData\Roaming\ICQ [2009.01.11 19:26:37 | 000,000,000 | -H-D | M] -- C:\Users\Oguz\AppData\Roaming\iWin [2009.11.06 19:34:17 | 000,000,000 | -H-D | M] -- C:\Users\Oguz\AppData\Roaming\Lexmark Productivity Studio [2011.01.23 10:50:51 | 000,000,000 | -H-D | M] -- C:\Users\Oguz\AppData\Roaming\MAGIX [2010.12.26 03:21:11 | 000,000,000 | -H-D | M] -- C:\Users\Oguz\AppData\Roaming\NCH Swift Sound [2009.07.23 20:58:58 | 000,000,000 | -H-D | M] -- C:\Users\Oguz\AppData\Roaming\OpenOffice.org [2008.10.13 16:11:17 | 000,000,000 | -H-D | M] -- C:\Users\Oguz\AppData\Roaming\PlayFirst [2008.10.04 14:25:36 | 000,000,000 | -H-D | M] -- C:\Users\Oguz\AppData\Roaming\Template [2011.05.03 17:06:01 | 000,032,512 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.12.16 04:39:24 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{100455A1-98F1-4670-B68B-35AF6331F03D}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:FC420CE6 @Alternate Data Stream - 98 bytes -> C:\ProgramData\Temp:9E22BBE8 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:FEBEC560 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:861A898F @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:671329E4 @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:E36F5B57 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:9F683177 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:580E04D8 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:8AB6C1D7 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:2B99FE60 @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:193426B4 @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:C97C8631 @Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:B623B5B8 @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:C95B63DA @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:793F316E @Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:8173A019 @Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:4F636E25 @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:4CF61E54 @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:4BB26BE9 @Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:24051EFF @Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:131C0EE9 < End of report > |
|
03.05.2011, 16:55
| #5 |
| /// Malware-holic | Kritischer Fehler. Beschädigte Festplatten-Cluster gefunden .... und destopsymbole verschwunden sind dies alle Malwarebytes logfiles, die du unter malwarebytes, logfiles hast?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.05.2011, 17:00
| #6 |
| | Kritischer Fehler. Beschädigte Festplatten-Cluster gefunden .... und destopsymbole verschwunden Ja das ist das neue sry ich mach noch das alte rein sorry Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 6499 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 03.05.2011 17:05:28 mbam-log-2011-05-03 (17-05-28).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 164831 Laufzeit: 5 Minute(n), 12 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 2 Infizierte Dateien: 3 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bootstartx.exe (Trojan.SpyEyes) -> Value: bootstartx.exe -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\sdfsdfsfdsf (Trojan.SpyEyes) -> Quarantined and deleted successfully. c:\bootstartx.exe (Trojan.SpyEyes) -> Quarantined and deleted successfully. Infizierte Dateien: c:\programdata\42000136.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\sdfsdfsfdsf\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully. c:\bootstartx.exe\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully. und soll ich vllt unhide benutzen ? |
|
03.05.2011, 17:03
| #7 |
| /// Malware-holic | Kritischer Fehler. Beschädigte Festplatten-Cluster gefunden .... und destopsymbole verschwunden lade unhide: http://filepony.de/download-unhide/ doppelklicken, dateien werden sichtbar machst du onlinebanking einkäufe oder sonst was wichtiges mit diesem gerät?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.05.2011, 17:10
| #8 |
| | Kritischer Fehler. Beschädigte Festplatten-Cluster gefunden .... und destopsymbole verschwunden mein vater ist bei mobile.de angemeldet und verkauft autos falls du so was meinst er könnte es auch lassen sonst kein onlinebanking oder einkäufe nur ich speicher meine anmelde daten bei facebook und so ... und danke für die antworten  |
|
03.05.2011, 17:13
| #9 |
| | Kritischer Fehler. Beschädigte Festplatten-Cluster gefunden .... und destopsymbole verschwunden danke die daten sind gekommen und wie lange braucht das programm unhide soll ich es eingfach schlißen oder warten |
|
03.05.2011, 17:14
| #10 |
| /// Malware-holic | Kritischer Fehler. Beschädigte Festplatten-Cluster gefunden .... und destopsymbole verschwunden also. dieses system muss neu aufgesetzt werden, ihr habt den spyeye trojaner, der es auf alle möglichen zugangsdaten abgesehen hatt. da diese malware dem angreifer umfassende kontrolle über das system gibt, können wir nicht garantieren, dass er nicht weitere enderungen gemacht hatt. da dein vater autos verkauft, sind dort ja auch andere sensible userdaten von fremden im spiel, deswegen seit ihr denen gegenüber auch verpflichtet, ein sauberes system zu nutzen. dies heißt: - daten sichern. nur daten aus legalen quellen, keine keygens cracks etc. gesichert können werden: musik bilder dokumente instalationsdateien, e-mails. - pc formatieren, windows neu aufspielen. - pc absichern, dabei helfe ich euch, wenn das gewünscht ist.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.05.2011, 17:21
| #11 |
| | Kritischer Fehler. Beschädigte Festplatten-Cluster gefunden .... und destopsymbole verschwunden wie kann ich windows formatieren? ich hab keine zugehörigen cd zum leptop! |
|
03.05.2011, 17:31
| #12 |
| /// Malware-holic | Kritischer Fehler. Beschädigte Festplatten-Cluster gefunden .... und destopsymbole verschwunden war das windows vor instaliert? schau dann mal im handbuch.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.05.2011, 17:41
| #13 |
| | Kritischer Fehler. Beschädigte Festplatten-Cluster gefunden .... und destopsymbole verschwunden ja das war schon instaliert ! handbuch hab ich auch nicht .... ich lass es dan lieber was kann den schon so schlimmes passieren? |
|
03.05.2011, 17:52
| #14 |
| /// Malware-holic | Kritischer Fehler. Beschädigte Festplatten-Cluster gefunden .... und destopsymbole verschwunden naja jemand kann übe deinen pc spam versenden, damit wird dann dein zugang irgendwann vom provider gesperrt, jemand kann deinen pc als illegalen datei server nutzen, für strafbare inhalte, dann wird er von der polizei abgehohlt. dein pc kann für ddos angriffe genutzt werden, dies ist im bestenfall ebenfalls ne sperrung vom provider oder abhohlung zur untersuchung. je nach dem welche daten ihr bei eurem verkaufsportal angegeben habt, kann jemand damit ein und verkaufen. jemand kann die daten eurer gescheftspartner auslesen, das heißt mails wenn ihr dort über bankdaten etc gesprochen habt. reicht das als erster überblick? was für ein laptop ist das, gerätetyp, firma.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.05.2011, 18:01
| #15 |
| | Kritischer Fehler. Beschädigte Festplatten-Cluster gefunden .... und destopsymbole verschwunden acer aspire 6930G... was soll ich jetzt machen ? |
|
| Themen zu Kritischer Fehler. Beschädigte Festplatten-Cluster gefunden .... und destopsymbole verschwunden |
| antivir, beschädigte, desktopsymbole, festplatte, forums, gefunde, gen, hochgefahren, installier, installiert, kritischer, laufe, laufen, malwarebytes, platte, verschwunden, warnungen |
Linear-Darstellung
