Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
AppData\Roamin\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANWD~1.DLL

AppData\Roamin\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANWD~1.DLL


Plagegeister aller Art und deren Bekämpfung: AppData\Roamin\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANWD~1.DLL

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 30.05.2011, 15:24   #1
pcstress
 
AppData\Roamin\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANWD~1.DLL - Ausrufezeichen

AppData\Roamin\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANWD~1.DLL


also ich hatte gestern nen trojaner und zwar den hier:
"
TR/Crypt.XPACK.Gen2

trojaner
"
dann hab ich mich hier umgesehen und n topic dazu gefunden hab des mehr oder weniger befolgt hab den trojaner soweit ich das beurteilen kann auch weg wenn ich jetzt hoch fahre kommt immer die meldung:
"
AppData\Roamin\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANWD~1.DLL

das angegebene modul wurde nicht gefunden.
"

muss ich mir sorgen machen oder hab ich nur ne defekte datei und wenn ja wie repariere ich sie bzw. was kann ich dagegen machen, bin echt ratlos und googel aber find nichts was mir hilft

Alt 30.05.2011, 15:32   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
AppData\Roamin\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANWD~1.DLL - Standard

AppData\Roamin\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANWD~1.DLL


Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!


Danach OTL-Custom:


CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________

__________________
Alt 30.05.2011, 15:56   #3
pcstress
 
AppData\Roamin\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANWD~1.DLL - Standard

AppData\Roamin\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANWD~1.DLL


ok hab jetzt diesen Malwarebytes laufen lassen,
der log ist im anhang.

war dann so frei auf entfernen zu drücken, bekam dann die meldung erfolgreich entfernt bitte pc neu starten hab ihn neu gestartet und diesmal keine meldung mehr bekommen soll ich diesen otl scan jetzt trotzdem noch machen oder wars das schon?
__________________
Alt 30.05.2011, 16:15   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
AppData\Roamin\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANWD~1.DLL - Standard

AppData\Roamin\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANWD~1.DLL


Zitat:
Art des Suchlaufs: Quick-Scan
Sry aber ich wollte einen Vollscan sehen...bitte nachholen und Log posten!
Denk dran vorher die Signaturen von Malwarebytes zu aktualisieren, da gibt es sehr häufig neue Updates!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 30.05.2011, 19:15   #5
pcstress
 
AppData\Roamin\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANWD~1.DLL - Standard

AppData\Roamin\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANWD~1.DLL


also hat bissel gedauert hier n vollständiger reicht des jetzt? oder muss ich noch den otl scan machen?


Alt 30.05.2011, 19:41   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
AppData\Roamin\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANWD~1.DLL - Standard

AppData\Roamin\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANWD~1.DLL


Ok. Das OTL-Log brauch ich noch.
__________________
--> AppData\Roamin\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANWD~1.DLL

Alt 31.05.2011, 15:53   #7
pcstress
 
AppData\Roamin\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANWD~1.DLL - Standard

AppData\Roamin\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANWD~1.DLL


hier noch der otl ich hoffe es is alles in ordnung

Code:
ATTFilter
OTL logfile created on: 31.05.2011 16:31:06 - Run 1
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\HubnerM\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 68,50% Memory free
6,08 Gb Paging File | 5,05 Gb Available in Paging File | 83,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 143,19 Gb Total Space | 93,88 Gb Free Space | 65,56% Space Free | Partition Type: NTFS
Drive D: | 143,18 Gb Total Space | 120,80 Gb Free Space | 84,37% Space Free | Partition Type: NTFS
 
Computer Name: HUBNERM-PC | User Name: HubnerM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.05.30 16:43:44 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\HubnerM\Downloads\OTL.exe
PRC - [2011.04.27 12:54:49 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.17 18:23:04 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.11.04 18:03:11 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.08.06 11:18:52 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.07.20 17:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008.07.20 17:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.06.24 10:33:44 | 000,817,672 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\QtZyEmachine.EXE
PRC - [2008.06.11 11:18:30 | 000,024,576 | ---- | M] () -- C:\Programme\EMACHINES\eMachines Recovery Management\Service\ETService.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.21 04:23:32 | 000,319,544 | ---- | M] (Microsoft Corporation) -- c:\Programme\Windows Defender\MpCmdRun.exe
PRC - [2007.01.04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.05.30 16:43:44 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\HubnerM\Downloads\OTL.exe
MOD - [2010.08.31 17:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.04.27 12:54:49 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.17 18:23:04 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2008.07.20 17:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008.06.11 11:18:30 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\EMACHINES\eMachines Recovery Management\Service\ETService.exe -- (ETService)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.01.04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.03.17 18:23:06 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.11.23 18:43:05 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.07.10 04:43:00 | 000,917,504 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.06.11 11:13:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2007.04.17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=1010&m=emg720
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=1010&m=emg720
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=1010&m=emg720
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hiergehtslos.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}:5.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.30 12:32:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.30 12:32:37 | 000,000,000 | ---D | M]
 
[2010.10.22 16:41:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HubnerM\AppData\Roaming\mozilla\Extensions
[2011.05.30 23:42:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HubnerM\AppData\Roaming\mozilla\Firefox\Profiles\sb9c7ecq.default\extensions
[2010.11.28 14:39:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\HubnerM\AppData\Roaming\mozilla\Firefox\Profiles\sb9c7ecq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.01 07:46:05 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\HubnerM\AppData\Roaming\mozilla\Firefox\Profiles\sb9c7ecq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.05.22 12:31:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.05.22 12:31:41 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.02.11 21:34:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}
[2011.04.18 18:57:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.03.10 19:10:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.05.22 12:31:41 | 000,000,000 | ---D | M] (Skype extension) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.02.11 21:34:20 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}
[2011.04.18 18:57:43 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.03.10 19:10:36 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.03.10 19:10:18 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.10.12 22:24:52 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.10.12 22:24:52 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.10.12 22:24:52 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.10.12 22:24:52 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.10.12 22:24:52 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\QtZyEmachine.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\EMACHINES\WR_PopUp\WarReg_PopUp.exe (eMachines)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Users\HubnerM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_21-windows-i586.cab (Java Plug-in 1.5.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 78.42.43.62 82.212.62.62
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\HubnerM\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\HubnerM\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.30 16:39:39 | 000,000,000 | ---D | C] -- C:\Users\HubnerM\AppData\Roaming\Malwarebytes
[2011.05.30 16:39:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.30 16:39:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.05.30 16:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.05.30 16:39:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.05.30 16:39:23 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.05.29 05:15:01 | 000,000,000 | ---D | C] -- C:\Users\HubnerM\AppData\Roaming\go
[2011.05.29 05:14:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Easybits GO
[2011.05.22 12:31:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras
[2011.05.22 12:31:08 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2011.05.22 12:31:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.05.13 20:23:14 | 000,000,000 | ---D | C] -- C:\Users\HubnerM\Desktop\Neuer Ordner
[2010.08.25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.31 16:06:41 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.05.31 16:06:41 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.05.31 16:06:41 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.05.31 16:06:41 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.05.31 16:01:02 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.31 16:00:17 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011.05.31 16:00:11 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.31 16:00:11 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.31 16:00:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.31 16:00:02 | 3146,637,312 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.31 07:51:03 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.30 16:39:28 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.29 21:48:52 | 000,008,290 | ---- | M] () -- C:\Users\HubnerM\.recently-used.xbel
[2011.05.23 23:00:28 | 000,007,229 | ---- | M] () -- C:\Users\HubnerM\Desktop\HNI_0009tttttttt.JPG
[2011.05.23 22:34:58 | 000,463,301 | ---- | M] () -- C:\Users\HubnerM\Desktop\DSC00977.JPG
[2011.05.15 22:13:52 | 000,014,297 | ---- | M] () -- C:\Users\HubnerM\Desktop\Kampfrechner alle truppen.ods
[2011.05.15 18:44:32 | 000,393,498 | ---- | M] () -- C:\Users\HubnerM\Desktop\show_img_teshht.php.jpg
[2011.05.15 18:41:18 | 000,057,024 | ---- | M] () -- C:\Users\HubnerM\Desktop\show_img_tehjst.php.jpg
[2011.05.15 18:40:15 | 000,065,889 | ---- | M] () -- C:\Users\HubnerM\Desktop\show_img_test.php.jpg
 
========== Files Created - No Company Name ==========
 
[2011.05.30 16:39:28 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.29 21:48:52 | 000,008,290 | ---- | C] () -- C:\Users\HubnerM\.recently-used.xbel
[2011.05.29 05:15:01 | 000,001,587 | ---- | C] () -- C:\Users\HubnerM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spielen (EasyBits GO).lnk
[2011.05.23 23:00:28 | 000,007,229 | ---- | C] () -- C:\Users\HubnerM\Desktop\HNI_0009tttttttt.JPG
[2011.05.23 22:34:39 | 000,463,301 | ---- | C] () -- C:\Users\HubnerM\Desktop\DSC00977.JPG
[2011.05.15 22:13:50 | 000,014,297 | ---- | C] () -- C:\Users\HubnerM\Desktop\Kampfrechner alle truppen.ods
[2011.05.15 18:44:31 | 000,393,498 | ---- | C] () -- C:\Users\HubnerM\Desktop\show_img_teshht.php.jpg
[2011.05.15 18:41:17 | 000,057,024 | ---- | C] () -- C:\Users\HubnerM\Desktop\show_img_tehjst.php.jpg
[2011.05.15 18:40:14 | 000,065,889 | ---- | C] () -- C:\Users\HubnerM\Desktop\show_img_test.php.jpg
[2010.12.12 23:25:02 | 000,039,860 | ---- | C] () -- C:\Users\HubnerM\AppData\Roaming\face attempt.k3d
[2010.10.29 12:17:01 | 000,000,680 | ---- | C] () -- C:\Users\HubnerM\AppData\Local\d3d9caps.dat
[2010.10.24 19:33:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.10.24 13:22:34 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.10.24 13:22:34 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.10.22 19:34:50 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2010.10.22 16:40:36 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.10.12 13:26:58 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2010.08.25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.08.25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.08.25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.08.25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.08.25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.08.25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2008.06.01 18:38:43 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.06.01 18:38:34 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2008.06.01 18:38:34 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008.06.01 09:47:11 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.06.01 09:47:11 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.06.01 09:25:11 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008.06.01 09:25:11 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008.06.01 09:25:11 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008.06.01 09:25:11 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008.01.21 09:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,330,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== LOP Check ==========
 
[2010.12.09 20:19:24 | 000,000,000 | ---D | M] -- C:\Users\HubnerM\AppData\Roaming\.k3d
[2011.05.02 17:06:56 | 000,000,000 | ---D | M] -- C:\Users\HubnerM\AppData\Roaming\.minecraft
[2011.04.16 17:21:07 | 000,000,000 | ---D | M] -- C:\Users\HubnerM\AppData\Roaming\AnvSoft
[2010.12.07 00:00:11 | 000,000,000 | ---D | M] -- C:\Users\HubnerM\AppData\Roaming\DAZ 3D
[2011.05.29 05:15:01 | 000,000,000 | ---D | M] -- C:\Users\HubnerM\AppData\Roaming\go
[2011.05.29 21:48:52 | 000,000,000 | ---D | M] -- C:\Users\HubnerM\AppData\Roaming\gtk-2.0
[2010.12.09 19:33:06 | 000,000,000 | ---D | M] -- C:\Users\HubnerM\AppData\Roaming\Notepad++
[2011.04.18 19:00:43 | 000,000,000 | ---D | M] -- C:\Users\HubnerM\AppData\Roaming\OpenOffice.org
[2011.05.12 17:22:01 | 000,000,000 | ---D | M] -- C:\Users\HubnerM\AppData\Roaming\TS3Client
[2011.05.31 08:25:32 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
[2008.06.01 09:48:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\Adobe
[2010.10.22 16:11:00 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data\Anwendungsdaten
[2010.10.22 16:16:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\Application Data
[2010.10.22 16:23:41 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\Avira
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data\Desktop
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data\Documents
[2010.10.22 16:11:00 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data\Dokumente
[2011.05.31 16:03:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\Easybits GO
[2010.10.22 16:11:00 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data\Favoriten
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data\Favorites
[2008.06.01 09:38:14 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\FloodLightGames
[2010.10.22 16:29:36 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\Google
[2011.05.30 16:39:27 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\Malwarebytes
[2010.11.19 19:21:23 | 000,000,000 | --SD | M] -- C:\ProgramData\Application Data\Microsoft
[2008.06.01 10:01:14 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\Microsoft Help
[2010.12.07 00:08:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\OptiTex
[2011.05.22 12:31:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\Skype
[2011.05.30 00:08:20 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\Skype Extras
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data\Start Menu
[2010.10.22 16:11:00 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data\Startmenü
[2011.03.10 19:10:59 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\Sun
[2006.11.02 15:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data\Templates
[2010.10.22 16:11:00 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data\Vorlagen
[2008.06.01 09:58:22 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2007.03.23 23:10:17 | 003,124,038 | ---- | M] (Microsoft Corporation                                                                                                                                                                                                                                                                                       ) -- C:\ProgramData\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe
[2007.03.23 23:10:17 | 003,124,038 | ---- | M] (Microsoft Corporation                                                                                                                                                                                                                                                                                       ) -- C:\ProgramData\Application Data\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe
[2007.03.23 23:10:17 | 003,124,038 | ---- | M] (Microsoft Corporation                                                                                                                                                                                                                                                                                       ) -- C:\ProgramData\Application Data\Application Data\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe
[2007.03.23 23:10:17 | 003,124,038 | ---- | M] (Microsoft Corporation                                                                                                                                                                                                                                                                                       ) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe
[2007.03.23 23:10:17 | 003,124,038 | ---- | M] (Microsoft Corporation                                                                                                                                                                                                                                                                                       ) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe
[2007.03.23 23:10:17 | 003,124,038 | ---- | M] (Microsoft Corporation                                                                                                                                                                                                                                                                                       ) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe
[2007.03.23 23:10:17 | 003,124,038 | ---- | M] (Microsoft Corporation                                                                                                                                                                                                                                                                                       ) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe
[2007.03.23 23:10:17 | 003,124,038 | ---- | M] (Microsoft Corporation                                                                                                                                                                                                                                                                                       ) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe
[2007.03.23 23:10:17 | 003,124,038 | ---- | M] (Microsoft Corporation                                                                                                                                                                                                                                                                                       ) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe
File not found -- 
File not found -- 
File not found -- 
File not found -- 
[2011.05.29 05:14:59 | 000,423,296 | ---- | M] (EasyBits Software AS) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Easybits GO\EasyBitsGO.exe
[2011.05.29 05:14:59 | 000,014,208 | ---- | M] () -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Easybits GO\ezShell64Run.exe
[2011.05.29 05:15:01 | 000,718,208 | ---- | M] (EasyBits Media) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Easybits GO\Svc\GOUpdate.exe
File not found -- 
[2011.05.29 05:14:59 | 000,423,296 | ---- | M] (EasyBits Software AS) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Easybits GO\EasyBitsGO.exe
[2011.05.29 05:14:59 | 000,014,208 | ---- | M] () -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Easybits GO\ezShell64Run.exe
[2011.05.29 05:15:01 | 000,718,208 | ---- | M] (EasyBits Media) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Easybits GO\Svc\GOUpdate.exe
[2011.05.29 05:14:59 | 000,423,296 | ---- | M] (EasyBits Software AS) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Easybits GO\EasyBitsGO.exe
[2011.05.29 05:14:59 | 000,014,208 | ---- | M] () -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Easybits GO\ezShell64Run.exe
[2011.05.29 05:15:01 | 000,718,208 | ---- | M] (EasyBits Media) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Easybits GO\Svc\GOUpdate.exe
[2011.03.10 18:27:04 | 000,523,440 | ---- | M] (Google Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe
[2011.05.29 05:14:59 | 000,423,296 | ---- | M] (EasyBits Software AS) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Easybits GO\EasyBitsGO.exe
[2011.05.29 05:14:59 | 000,014,208 | ---- | M] () -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Easybits GO\ezShell64Run.exe
[2011.05.29 05:15:01 | 000,718,208 | ---- | M] (EasyBits Media) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Easybits GO\Svc\GOUpdate.exe
[2011.03.10 18:27:04 | 000,523,440 | ---- | M] (Google Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe
[2011.05.29 05:14:59 | 000,423,296 | ---- | M] (EasyBits Software AS) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Easybits GO\EasyBitsGO.exe
[2011.05.29 05:14:59 | 000,014,208 | ---- | M] () -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Easybits GO\ezShell64Run.exe
[2011.05.29 05:15:01 | 000,718,208 | ---- | M] (EasyBits Media) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Easybits GO\Svc\GOUpdate.exe
[2011.03.10 18:27:04 | 000,523,440 | ---- | M] (Google Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe
[2011.05.29 05:14:59 | 000,423,296 | ---- | M] (EasyBits Software AS) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Easybits GO\EasyBitsGO.exe
[2011.05.29 05:14:59 | 000,014,208 | ---- | M] () -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Easybits GO\ezShell64Run.exe
[2011.05.29 05:15:01 | 000,718,208 | ---- | M] (EasyBits Media) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Easybits GO\Svc\GOUpdate.exe
[2011.03.10 18:27:04 | 000,523,440 | ---- | M] (Google Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe
[2011.05.29 05:14:59 | 000,423,296 | ---- | M] (EasyBits Software AS) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Easybits GO\EasyBitsGO.exe
[2011.05.29 05:14:59 | 000,014,208 | ---- | M] () -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Easybits GO\ezShell64Run.exe
[2011.05.29 05:15:01 | 000,718,208 | ---- | M] (EasyBits Media) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Easybits GO\Svc\GOUpdate.exe
[2011.03.10 18:27:04 | 000,523,440 | ---- | M] (Google Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe
[2011.05.29 05:14:59 | 000,423,296 | ---- | M] (EasyBits Software AS) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Easybits GO\EasyBitsGO.exe
[2011.05.29 05:14:59 | 000,014,208 | ---- | M] () -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Easybits GO\ezShell64Run.exe
[2011.05.29 05:15:01 | 000,718,208 | ---- | M] (EasyBits Media) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Easybits GO\Svc\GOUpdate.exe
[2011.03.10 18:27:04 | 000,523,440 | ---- | M] (Google Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe
[2011.05.29 05:14:59 | 000,423,296 | ---- | M] (EasyBits Software AS) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Easybits GO\EasyBitsGO.exe
[2011.05.29 05:14:59 | 000,014,208 | ---- | M] () -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Easybits GO\ezShell64Run.exe
[2011.05.29 05:15:01 | 000,718,208 | ---- | M] (EasyBits Media) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Easybits GO\Svc\GOUpdate.exe
[2011.03.10 18:27:04 | 000,523,440 | ---- | M] (Google Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe
[2011.05.29 05:14:59 | 000,423,296 | ---- | M] (EasyBits Software AS) -- C:\ProgramData\Application Data\Application Data\Application Data\Easybits GO\EasyBitsGO.exe
[2011.05.29 05:14:59 | 000,014,208 | ---- | M] () -- C:\ProgramData\Application Data\Application Data\Application Data\Easybits GO\ezShell64Run.exe
[2011.05.29 05:15:01 | 000,718,208 | ---- | M] (EasyBits Media) -- C:\ProgramData\Application Data\Application Data\Application Data\Easybits GO\Svc\GOUpdate.exe
[2011.03.10 18:27:04 | 000,523,440 | ---- | M] (Google Inc.) -- C:\ProgramData\Application Data\Application Data\Application Data\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe
[2011.05.29 05:14:59 | 000,423,296 | ---- | M] (EasyBits Software AS) -- C:\ProgramData\Application Data\Application Data\Easybits GO\EasyBitsGO.exe
[2011.05.29 05:14:59 | 000,014,208 | ---- | M] () -- C:\ProgramData\Application Data\Application Data\Easybits GO\ezShell64Run.exe
[2011.05.29 05:15:01 | 000,718,208 | ---- | M] (EasyBits Media) -- C:\ProgramData\Application Data\Application Data\Easybits GO\Svc\GOUpdate.exe
[2011.03.10 18:27:04 | 000,523,440 | ---- | M] (Google Inc.) -- C:\ProgramData\Application Data\Application Data\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe
[2011.05.29 05:14:59 | 000,423,296 | ---- | M] (EasyBits Software AS) -- C:\ProgramData\Application Data\Easybits GO\EasyBitsGO.exe
[2011.05.29 05:14:59 | 000,014,208 | ---- | M] () -- C:\ProgramData\Application Data\Easybits GO\ezShell64Run.exe
[2011.05.29 05:15:01 | 000,718,208 | ---- | M] (EasyBits Media) -- C:\ProgramData\Application Data\Easybits GO\Svc\GOUpdate.exe
[2011.03.10 18:27:04 | 000,523,440 | ---- | M] (Google Inc.) -- C:\ProgramData\Application Data\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe
 
< %APPDATA%\*. >
[2010.12.09 20:19:24 | 000,000,000 | ---D | M] -- C:\Users\HubnerM\AppData\Roaming\.k3d
[2011.05.02 17:06:56 | 000,000,000 | ---D | M] -- C:\Users\HubnerM\AppData\Roaming\.minecraft
[2010.10.23 21:32:02 | 000,000,000 | ---D | M] -- C:\Users\HubnerM\AppData\Roaming\Adobe
[2011.04.16 17:21:07 | 000,000,000 | ---D | M] -- C:\Users\HubnerM\AppData\Roaming\AnvSoft
[2011.04.10 00:39:58 | 000,000,000 | ---D | M] -- C:\Users\HubnerM\AppData\Roaming\Avira
[2010.12.07 00:00:11 | 000,000,000 | ---D | M] -- C:\Users\HubnerM\AppData\Roaming\DAZ 3D
[2011.05.29 05:15:01 | 000,000,000 | ---D | M] -- C:\Users\HubnerM\AppData\Roaming\go
[2010.10.22 16:20:01 | 000,000,000 | ---D | M] -- C:\Users\HubnerM\AppData\Roaming\Google
[2011.05.29 21:48:52 | 000,000,000 | ---D | M] -- C:\Users\HubnerM\AppData\Roaming\gtk-2.0
[2010.10.22 16:16:28 | 000,000,000 | ---D | M] -- C:\Users\HubnerM\AppData\Roaming\Identities
[2010.10.22 16:16:53 | 000,000,000 | ---D | M] -- C:\Users\HubnerM\AppData\Roaming\Macromedia
[2011.05.30 16:39:39 | 000,000,000 | ---D | M] -- C:\Users\HubnerM\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\HubnerM\AppData\Roaming\Media Center Programs
[2011.02.28 22:41:52 | 000,000,000 | --SD | M] -- C:\Users\HubnerM\AppData\Roaming\Microsoft
[2011.04.02 22:55:11 | 000,000,000 | ---D | M] -- C:\Users\HubnerM\AppData\Roaming\Mozilla
[2010.12.09 19:33:06 | 000,000,000 | ---D | M] -- C:\Users\HubnerM\AppData\Roaming\Notepad++
[2011.04.18 19:00:43 | 000,000,000 | ---D | M] -- C:\Users\HubnerM\AppData\Roaming\OpenOffice.org
[2011.05.31 16:30:44 | 000,000,000 | ---D | M] -- C:\Users\HubnerM\AppData\Roaming\Skype
[2011.05.31 16:02:57 | 000,000,000 | ---D | M] -- C:\Users\HubnerM\AppData\Roaming\skypePM
[2010.10.22 16:16:49 | 000,000,000 | ---D | M] -- C:\Users\HubnerM\AppData\Roaming\Symantec
[2011.05.12 17:22:01 | 000,000,000 | ---D | M] -- C:\Users\HubnerM\AppData\Roaming\TS3Client
[2011.04.28 18:20:19 | 000,000,000 | ---D | M] -- C:\Users\HubnerM\AppData\Roaming\vlc
[2011.01.14 22:01:10 | 000,000,000 | ---D | M] -- C:\Users\HubnerM\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.01.19 13:33:04 | 000,475,016 | ---- | M] () -- C:\Users\HubnerM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3 (de) Installation Files\setup.exe
[2011.01.19 12:14:50 | 016,074,528 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\HubnerM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3 (de) Installation Files\java\jre-windows-i586.exe
[2011.01.19 12:15:38 | 005,225,304 | ---- | M] (Microsoft Corporation) -- C:\Users\HubnerM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3 (de) Installation Files\redist\vcredist_x64.exe
[2011.01.19 12:15:40 | 004,485,976 | ---- | M] (Microsoft Corporation) -- C:\Users\HubnerM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3 (de) Installation Files\redist\vcredist_x86.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2008.07.20 17:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Programme\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008.07.20 17:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Windows\System32\drivers\iaStor.sys
[2008.07.20 17:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7b6e77f6\iaStor.sys
[2008.07.20 17:44:54 | 000,402,456 | ---- | M] (Intel Corporation) MD5=FC28E90F2204D8FD147FA9BFA8A51C01 -- C:\Programme\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >

Alt 31.05.2011, 16:14   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
AppData\Roamin\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANWD~1.DLL - Standard

AppData\Roamin\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANWD~1.DLL


Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 31.05.2011, 18:13   #9
pcstress
 
AppData\Roamin\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANWD~1.DLL - Standard

AppData\Roamin\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANWD~1.DLL


Zitat:
Zitat von cosinus Beitrag anzeigen
Dann bitte jetzt CF ausführen:

Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
muss ich des unbedingt machen hört sich nicht ganz ungefährlich an, ich bekomm keine meldung mehr und es scheint alles in ordnung zu sein soweit ich das beurteilen kann, falls etwas vorhanden sein sollte aufgrund dessen ich es machen muss wäre es gut zu wissen ob ich damit noch bis freitag warten kann oder ob es eine gefahr darstellt zu warten?

Alt 31.05.2011, 18:36   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
AppData\Roamin\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANWD~1.DLL - Standard

AppData\Roamin\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANWD~1.DLL


Halte dich an die Anleitung und führ es aus. Der unten genannte Hinweis soll nur dazu dienen, dass die Leute sich an die Anweisungen halten und CF nicht mal eben so aus Spaß ausführen.
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu AppData\Roamin\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANWD~1.DLL
.dll, appdata, befolgt, datei, defekte, gefunde, gestern, googel, hilft, meldung, modul, modul nicht gefunden, nichts, ratlos, scanwd~1.dll, sorge, sorgen, startup, tr/crypt.xpack.gen2, troja, trojaner, weniger, windows


« Elawya.exe / esm.exe / esj.ese - Spyware? | Festplatte durch Virus geclustert? »


Ähnliche Themen: AppData\Roamin\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANWD~1.DLL


  1. Windows 7 Startup Repair Endlosschleife
    Alles rund um Windows - 13.12.2014 (5)
  2. Trojan.Agent e:\programs\\rhv\ati\7-zip\7-zip\...
    Log-Analyse und Auswertung - 10.08.2014 (27)
  3. Windows 7: Avast Startup-Scan entdeckt Win32:Malware-gen in BrCcBoot.exe
    Log-Analyse und Auswertung - 29.07.2014 (4)
  4. Windows 7 Startup Repair Virus
    Plagegeister aller Art und deren Bekämpfung - 02.04.2013 (2)
  5. Polizeitrojaner ...Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen)
    Plagegeister aller Art und deren Bekämpfung - 01.03.2013 (11)
  6. tbhcn im Systemstart unter C\users\***\AppData\Roaming\Microsoft\Windows\Startmenü\Programs\Start up
    Plagegeister aller Art und deren Bekämpfung - 05.01.2013 (20)
  7. Windows 7 , nach Boot endlosschleife des Startup Repairs Diagnose: Bootmanager fehlt / ist defekt / Was tun?
    Plagegeister aller Art und deren Bekämpfung - 04.12.2012 (7)
  8. Malewarebytes Fund Trojan.Ransom.Gen c:\..\AppData\Roaming\Microsoft\Windows\StartMenu\Programs\Startup\ctfmon.Ink und Hijack.Shell.Gen
    Log-Analyse und Auswertung - 01.11.2012 (8)
  9. BKA-Trojaner - ..\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen)
    Log-Analyse und Auswertung - 14.09.2012 (9)
  10. Phishing Postbank, McAfee meldet unsichere Seite C:\users\...\appdata\roamin\azimcoz\cucilei.exe
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (41)
  11. Trojan.Ransom.Gen in …\Start Menu\Programs\Startup\ctfmon.lnk
    Plagegeister aller Art und deren Bekämpfung - 07.08.2012 (19)
  12. Avast-Virenscanner kann Datei " c:\progra~1\micros~2\shellext.dll "nicht scannen
    Plagegeister aller Art und deren Bekämpfung - 04.08.2012 (32)
  13. 0_0uI.exe,FQ10 c:\user\musterman\appdate\roaming\microsoft\windows\startmenü\programs\startup\ctfmon
    Log-Analyse und Auswertung - 09.07.2012 (3)
  14. Weißer Bildschirm mit Text bei Startup. Windows XP Prof.
    Log-Analyse und Auswertung - 08.06.2012 (3)
  15. Trojaner Fake.AV c:\Users\Sexgott\AppData\Roaming\microsoft\Windows\start menu\Programs\windows reco
    Mülltonne - 28.04.2011 (1)
  16. HTML/silly.sys in C:/ProgramData/Micros./Search/Data/App./Win./tmp.edb
    Plagegeister aller Art und deren Bekämpfung - 17.07.2010 (3)
  17. Windows startup in Endlos-Schleife
    Alles rund um Windows - 13.07.2009 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema AppData\Roamin\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANWD~1.DLL - also ich hatte gestern nen trojaner und zwar den hier: " TR/Crypt.XPACK.Gen2 trojaner " dann hab ich mich hier umgesehen und n topic dazu gefunden hab des mehr oder weniger - AppData\Roamin\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANWD~1.DLL...
Archiv
Du betrachtest: AppData\Roamin\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANWD~1.DLL auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131