Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Antimalware Doctor entfernen (https://www.trojaner-board.de/97050-antimalware-doctor-entfernen.html)

Nicolai88 01.04.2011 20:02
Antimalware Doctor entfernen
 
Hallo Liebes Trojaner Board Team,

habe mir den Antimalware Doctor eingefangen und ihn nach der Anleitung des Boardes hier mit Malwarebytes gelöscht. Bin mir jetzt nicht sicher ob das gesamte System sauber ist, wie kann ich das nachprüfen?
In der Anleitung kann ich nichts mehr finden...
Habe das Programm 3mal durchlaufen lassen, die Berichte sind als Anhang dabei.
Danke schonmal für die Hilfe

MFG Nicolai88
Anhang 15193

Anhang 15194

Anhang 15195

cosinus 03.04.2011 14:50
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Nicolai88 04.04.2011 19:51
Hallo,

danke für die Hilfe, hier die 2 Logfiles...einen Logfile kann ich nicht speichern, darum kopier ich ihn in diesen Post:OTL Logfile:
Code:
OTL logfile created on: 04.04.2011 20:05:22 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = I:\
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,90 Gb Total Space | 89,50 Gb Free Space | 39,97% Space Free | Partition Type: NTFS
Drive D: | 8,98 Gb Total Space | 6,23 Gb Free Space | 69,40% Space Free | Partition Type: NTFS
Drive I: | 974,13 Mb Total Space | 646,06 Mb Free Space | 66,32% Space Free | Partition Type: FAT
 
Computer Name: M-PC | User Name: marco | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.04.04 19:57:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- I:\OTL.exe
PRC - [2010.12.15 21:27:41 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.02.04 05:10:48 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxdumsdmon.exe
PRC - [2010.02.04 05:10:44 | 000,676,520 | ---- | M] () -- C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
PRC - [2009.08.27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.05.24 02:58:34 | 000,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxducoms.exe
PRC - [2008.04.26 01:15:26 | 000,361,808 | ---- | M] () -- C:\Windows\SMINST\BLService.exe
PRC - [2008.01.21 04:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [1997.09.04 00:00:00 | 000,111,376 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
 
 
========== Modules (All) ==========
 
MOD - [2011.04.04 19:57:26 | 000,580,608 | ---- | M] (OldTimer Tools) -- I:\OTL.exe
MOD - [2010.07.26 18:55:26 | 011,581,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
MOD - [2010.04.16 18:10:45 | 000,501,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll
MOD - [2009.07.17 16:35:11 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
MOD - [2009.06.15 17:24:05 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
MOD - [2009.04.23 14:43:04 | 000,784,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
MOD - [2009.02.13 10:49:05 | 000,888,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
MOD - [2008.10.21 07:25:18 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
MOD - [2008.10.16 06:47:33 | 000,466,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
MOD - [2008.07.08 15:17:25 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll
MOD - [2008.05.27 07:17:46 | 000,754,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll
MOD - [2008.01.21 04:25:01 | 001,203,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll
MOD - [2008.01.21 04:25:00 | 000,563,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
MOD - [2008.01.21 04:24:58 | 001,315,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll
MOD - [2008.01.21 04:24:57 | 000,806,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll
MOD - [2008.01.21 04:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ws2_32.dll
MOD - [2008.01.21 04:24:47 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nsi.dll
MOD - [2008.01.21 04:24:46 | 001,590,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll
MOD - [2008.01.21 04:24:38 | 000,450,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll
MOD - [2008.01.21 04:24:37 | 000,351,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll
MOD - [2008.01.21 04:24:37 | 000,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xmllite.dll
MOD - [2008.01.21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008.01.21 04:24:37 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll
MOD - [2008.01.21 04:24:36 | 000,680,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll
MOD - [2008.01.21 04:24:27 | 000,798,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll
MOD - [2008.01.21 04:24:26 | 001,076,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll
MOD - [2008.01.21 04:24:26 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll
MOD - [2008.01.21 04:24:24 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll
MOD - [2008.01.21 04:24:24 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll
MOD - [2008.01.21 04:24:23 | 000,121,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll
MOD - [2008.01.21 04:24:23 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authz.dll
MOD - [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll
MOD - [2008.01.21 04:24:14 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpr.dll
MOD - [2008.01.21 04:24:14 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll
MOD - [2008.01.21 04:24:13 | 000,289,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll
MOD - [2008.01.21 04:24:11 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll
MOD - [2008.01.21 04:24:10 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll
MOD - [2008.01.21 04:24:10 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\userenv.dll
MOD - [2008.01.21 04:23:50 | 000,258,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv
MOD - [2008.01.21 04:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
MOD - [2008.01.21 04:23:44 | 001,067,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll
MOD - [2008.01.21 04:23:43 | 000,240,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll
MOD - [2008.01.21 04:23:42 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll
MOD - [2008.01.21 04:23:27 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll
MOD - [2006.11.02 11:46:12 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (RoxLiveShare9)
SRV - [2010.06.24 16:41:38 | 000,092,008 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.10.27 10:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.08.27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008.08.07 12:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008.05.24 02:58:34 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxducoms.exe -- (lxdu_device)
SRV - [2008.05.24 02:58:22 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxduserv.exe -- (lxduCATSCustConnectService)
SRV - [2008.04.26 01:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008.02.03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2009.10.06 12:56:34 | 000,136,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2009.10.06 12:56:32 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009.10.06 12:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009.10.06 12:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009.10.06 12:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008.11.16 20:21:32 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.06.10 20:54:36 | 000,123,904 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.06.10 00:23:00 | 007,522,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.06.10 00:23:00 | 000,043,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.06.05 18:58:42 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008.04.27 11:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.10.18 01:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.06.18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006.11.22 11:01:48 | 000,100,096 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb)
DRV - [2006.11.22 11:01:46 | 000,327,168 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp)
DRV - [2006.11.22 10:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2006.11.02 09:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://alice.aol.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://alice.aol.de
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Presario&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} -  File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{F519B111-85D7-47F0-ABBF-BC297EF5FD14}: C:\Users\marco\AppData\Local\{F519B111-85D7-47F0-ABBF-BC297EF5FD14} [2011.03.31 18:26:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.02.24 13:10:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.09 20:33:31 | 000,000,000 | ---D | M]
 
[2009.08.20 21:38:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\marco\AppData\Roaming\mozilla\Extensions
[2009.08.20 21:38:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\marco\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.04.03 22:13:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\marco\AppData\Roaming\mozilla\Firefox\Profiles\0duczmih.default\extensions
[2010.05.16 11:28:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\marco\AppData\Roaming\mozilla\Firefox\Profiles\0duczmih.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.10.30 09:05:52 | 000,000,000 | ---D | M] (eBay Sidebar for Firefox) -- C:\Users\marco\AppData\Roaming\mozilla\Firefox\Profiles\0duczmih.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
[2010.07.27 18:38:29 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\marco\AppData\Roaming\mozilla\Firefox\Profiles\0duczmih.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.04.03 22:13:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008.10.08 20:29:32 | 000,000,000 | ---D | M] (Firefox Companion for eBay) -- C:\Program Files\Mozilla Firefox\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
[2011.03.09 20:33:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.05.06 10:53:29 | 000,000,000 | ---D | M] (Long Titles) -- C:\PROGRAM FILES\HAUFE\IDESK\IDESKBROWSER\EXTENSIONS\{C24AECC7-7C95-507F-D71F-155CB86656DF}
[2011.03.09 20:33:16 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.07.15 21:39:06 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.15 21:39:06 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.15 21:39:06 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.15 21:39:06 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.15 21:39:06 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.03.31 20:41:25 | 000,000,806 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 173.192.170.88 drghwaweg45j4i6u3q32fg2h.com
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} -  File not found
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [lxduamon] C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe ()
O4 - HKLM..\Run: [lxdumon.exe] C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: []  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\marco\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v911/Navigram.cab (Navigram Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.0.1
O18 - Protocol\Handler\haufereader - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\marco\Pictures\PF Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\marco\Pictures\PF Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.10.08 19:32:12 | 000,000,832 | ---- | M] () - C:\Autorun_dll.log -- [ NTFS ]
O33 - MountPoints2\{0d0c7e24-eb26-11de-ba54-001d726a89eb}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe
O33 - MountPoints2\{9621fb91-b40b-11dd-b354-001d726a89eb}\Shell - "" = AutoRun
O33 - MountPoints2\{9621fb91-b40b-11dd-b354-001d726a89eb}\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 360 Days ==========
 
[2011.03.31 20:03:03 | 000,000,000 | ---D | C] -- C:\Users\marco\AppData\Roaming\Malwarebytes
[2011.03.31 20:02:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.03.31 20:02:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.03.31 20:02:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.03.31 20:02:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.03.31 20:02:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.03.31 19:14:33 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011.03.31 19:14:33 | 000,000,000 | ---D | C] -- C:\Users\marco\Documents\Simply Super Software
[2011.03.31 19:14:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2011.03.31 19:14:23 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll
[2011.03.31 19:14:22 | 000,000,000 | ---D | C] -- C:\Users\marco\AppData\Roaming\Simply Super Software
[2011.03.31 19:14:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2011.03.31 19:14:21 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2011.03.31 18:26:39 | 000,000,000 | ---D | C] -- C:\Users\marco\AppData\Local\{F519B111-85D7-47F0-ABBF-BC297EF5FD14}
[2011.03.31 18:22:22 | 000,000,000 | ---D | C] -- C:\Users\marco\AppData\Roaming\2F226BF59323EBE4B91A64412BF6B060
[2011.03.15 20:56:23 | 000,000,000 | ---D | C] -- C:\Users\marco\AppData\Roaming\elsterformular
[2011.03.15 20:55:25 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular
[2011.03.15 20:55:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
[2011.03.15 20:54:51 | 000,000,000 | ---D | C] -- C:\Program Files\ElsterFormular
[2011.03.09 20:34:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011.03.09 20:33:31 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.03.09 20:33:31 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.03.09 20:33:31 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.03.09 20:33:31 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.03.06 16:45:09 | 000,000,000 | ---D | C] -- C:\Users\marco\Desktop\rudi bday
[2011.02.07 08:52:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mwm2011
[2011.01.28 14:10:39 | 000,000,000 | ---D | C] -- C:\Users\marco\AppData\Roaming\Amazon
[2011.01.28 14:08:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
[2011.01.28 14:08:36 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2010.12.17 17:42:54 | 000,000,000 | ---D | C] -- C:\Users\marco\AppData\Local\Research In Motion
[2010.12.17 17:41:19 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion Limited
[2010.12.14 21:42:42 | 000,000,000 | ---D | C] -- C:\Program Files\JL_Cmder
[2010.12.14 19:56:23 | 000,000,000 | ---D | C] -- C:\Users\marco\Documents\BlackBerry
[2010.12.14 18:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion
[2010.12.14 00:10:08 | 000,000,000 | ---D | C] -- C:\Users\marco\Desktop\Handy
[2010.12.14 00:05:22 | 000,000,000 | ---D | C] -- C:\Users\marco\AppData\Roaming\Research In Motion
[2010.12.14 00:00:46 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2010.12.14 00:00:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Sonic
[2010.12.13 23:53:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Roxio
[2010.12.13 23:53:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
[2010.12.13 23:44:59 | 000,000,000 | ---D | C] -- C:\Users\marco\AppData\Roaming\Blackberry Desktop
[2010.12.13 23:44:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry
[2010.12.13 23:44:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2010.12.13 23:44:25 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[2010.12.13 21:16:55 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2010.11.28 20:19:10 | 000,000,000 | ---D | C] -- C:\Users\marco\Documents\Gitarre
[2010.11.21 16:08:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Lexmark 5600-6600 Series
[2010.11.08 21:06:37 | 000,000,000 | ---D | C] -- C:\Users\marco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\d-lusion
[2010.11.08 21:06:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\d-lusion
[2010.11.08 21:06:37 | 000,000,000 | ---D | C] -- C:\Program Files\d-lusion
[2010.11.08 20:58:21 | 000,000,000 | ---D | C] -- C:\Users\marco\Documents\MAGIX Downloads
[2010.11.08 20:58:20 | 000,000,000 | ---D | C] -- C:\Users\marco\Documents\MAGIX_Music_Maker_17_Download-Version
[2010.11.08 20:57:40 | 000,000,000 | ---D | C] -- C:\Users\marco\AppData\Roaming\MAGIX
[2010.11.08 20:55:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
[2010.11.08 20:55:11 | 000,000,000 | ---D | C] -- C:\Program Files\MAGIX
[2010.11.08 20:54:34 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2010.11.08 20:54:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Services
[2010.10.10 14:00:41 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010.10.10 13:53:57 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010.10.10 13:53:57 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010.10.10 13:53:57 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010.10.10 13:47:28 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010.10.10 13:47:23 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010.10.10 13:35:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.10.10 13:35:23 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.10.10 13:35:23 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.10.10 13:35:23 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.10.10 13:35:23 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.10.10 13:35:23 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.10.10 13:35:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.10.10 13:35:22 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.10.10 13:35:21 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.10.10 13:35:21 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.10.10 13:35:19 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.10.10 13:35:19 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.10.10 13:35:19 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.10.10 13:35:19 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.10.10 13:35:17 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.10.10 13:35:17 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.10.10 13:35:15 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010.10.10 13:35:11 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.10.10 13:35:08 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2010.10.10 13:34:57 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010.10.10 13:34:55 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.10.10 13:34:51 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.10.10 13:34:51 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.10.10 13:34:49 | 002,036,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.10.10 13:34:35 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.10.10 13:34:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.10.10 13:34:33 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010.10.10 13:34:29 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010.10.10 13:34:23 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.10.10 13:27:15 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010.10.10 13:27:15 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010.10.10 13:27:15 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010.10.10 13:27:15 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2010.10.10 11:31:57 | 000,000,000 | ---D | C] -- C:\Users\marco\Desktop\Motorrad
[2010.09.21 11:21:22 | 000,000,000 | ---D | C] -- C:\Users\marco\Desktop\Büro
[2010.09.20 10:33:53 | 000,000,000 | ---D | C] -- C:\Users\marco\Desktop\Bilder Baustelle
[2010.09.15 10:14:40 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010.09.08 11:21:11 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\winBau 9
[2010.09.08 11:21:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\winBau 9
[2010.09.08 11:21:05 | 000,146,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFCOLEUI.DLL
[2010.09.08 11:21:05 | 000,000,000 | ---D | C] -- C:\Windows\WBIMPEXP
[2010.09.01 21:21:20 | 000,000,000 | ---D | C] -- C:\logs
[2010.08.16 10:54:52 | 000,000,000 | ---D | C] -- C:\Users\marco\AppData\Roaming\Lexmark Productivity Studio
[2010.08.16 10:53:15 | 000,000,000 | ---D | C] -- C:\ProgramData\lx_cats
[2010.08.16 10:49:41 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Toolbar
[2010.08.16 10:49:29 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Printable Web
[2010.08.16 10:49:28 | 000,352,256 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\LXDUwupd.dll
[2010.08.16 10:49:28 | 000,012,288 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\LXDUwupd.exe
[2010.08.16 10:48:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 5600-6600 Series
[2010.08.16 10:47:56 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\lxduserv.dll
[2010.08.16 10:47:56 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxduusb1.dll
[2010.08.16 10:47:56 | 000,651,264 | ---- | C] ( ) -- C:\Windows\System32\lxdupmui.dll
[2010.08.16 10:47:56 | 000,446,464 | ---- | C] ( ) -- C:\Windows\System32\LXDUhcp.dll
[2010.08.16 10:47:56 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxduinpa.dll
[2010.08.16 10:47:56 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxduiesc.dll
[2010.08.16 10:47:55 | 000,983,121 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lxdugf.dll
[2010.08.16 10:47:55 | 000,765,952 | ---- | C] ( ) -- C:\Windows\System32\lxducomc.dll
[2010.08.16 10:47:55 | 000,679,936 | ---- | C] ( ) -- C:\Windows\System32\lxduhbn3.dll
[2010.08.16 10:47:55 | 000,594,600 | ---- | C] ( ) -- C:\Windows\System32\lxducoms.exe
[2010.08.16 10:47:55 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxdulmpm.dll
[2010.08.16 10:47:55 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxducomm.dll
[2010.08.16 10:47:55 | 000,077,906 | ---- | C] (Lexmark International) -- C:\Windows\System32\LXDUcfg.dll
[2010.08.16 10:47:45 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark 5600-6600 Series
[2010.08.16 10:46:10 | 000,000,000 | ---D | C] -- C:\drivers
[2010.08.11 13:44:12 | 000,507,904 | R--- | C] (Broadcom Corporation.) -- C:\Windows\System32\btwapi.dll
[2010.08.10 11:52:48 | 003,063,561 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\MobileTV.exe
[2010.08.10 11:52:47 | 002,989,660 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\DVD.exe
[2010.08.10 11:52:47 | 002,864,396 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\MPV.exe
[2010.08.10 11:52:46 | 002,331,174 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\Karaoke.exe
[2010.08.10 11:52:46 | 002,231,606 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\Games.exe
[2010.08.10 11:52:45 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DEU
[2010.08.10 11:52:43 | 000,000,000 | ---D | C] -- C:\Users\marco\AppData\Local\QuickPlay
[2010.07.28 21:23:04 | 000,000,000 | ---D | C] -- C:\Users\marco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TomTom
[2010.07.28 21:23:02 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom International B.V
[2010.07.28 21:22:49 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom HOME 2
[2010.07.27 18:38:29 | 000,000,000 | ---D | C] -- C:\Users\marco\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.07.18 23:00:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2010.07.15 22:19:13 | 000,000,000 | ---D | C] -- C:\Program Files\Navigram
[2010.07.15 21:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2010.07.15 21:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010.07.15 21:50:13 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2010.07.10 18:24:55 | 000,000,000 | ---D | C] -- C:\Users\marco\AppData\Local\Hewlett-Packard
[2010.06.12 08:44:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MWM-Software
[2010.06.12 08:36:21 | 000,000,000 | ---D | C] -- C:\winBau 7
[2010.06.12 08:36:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\winBau 7
[2010.06.06 10:41:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2010.06.06 10:40:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010.06.06 10:40:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010.06.06 10:39:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010.06.06 10:36:00 | 000,000,000 | ---D | C] -- C:\Users\marco\AppData\Local\Microsoft Help
[2010.06.06 10:35:04 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010.05.28 19:35:26 | 000,000,000 | ---D | C] -- C:\Users\marco\AppData\Roaming\Lexware
[2010.05.06 11:50:55 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.05.06 11:50:36 | 000,000,000 | ---D | C] -- C:\Users\marco\AppData\Roaming\Haufe
[2010.05.06 11:50:36 | 000,000,000 | ---D | C] -- C:\Users\marco\AppData\Local\Haufe
[2010.05.06 10:59:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Haufe
[2010.05.06 10:58:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware
[2010.05.06 10:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\Lexware
[2010.05.06 10:57:23 | 000,000,000 | ---D | C] -- C:\ProgramData\BTrieve
[2010.05.06 10:54:58 | 000,000,000 | ---D | C] -- C:\ProgramData\lexware
[2010.05.06 10:54:00 | 000,000,000 | ---D | C] -- C:\Program Files\examotion
[2010.05.06 10:53:52 | 001,929,216 | ---- | C] (Amyuni Technologies
hxxp://www.amyuni.com) -- C:\Windows\System32\cdintf250.dll
[2010.05.06 10:52:06 | 000,000,000 | ---D | C] -- C:\Program Files\Haufe
[2010.05.06 10:52:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Haufe
[2010.05.06 10:50:31 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010.05.06 10:50:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010.05.06 10:47:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Lexware
[2010.05.06 10:47:32 | 000,000,000 | ---D | C] -- C:\Users\marco\AppData\Local\Lexware
[2008.05.24 02:58:36 | 000,328,360 | ---- | C] ( ) -- C:\Windows\System32\lxduih.exe
[2008.05.24 02:58:32 | 000,369,320 | ---- | C] ( ) -- C:\Windows\System32\lxducfg.exe
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 360 Days ==========
 
[2011.04.04 20:04:47 | 000,667,792 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.04 20:04:47 | 000,628,486 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.04 20:04:47 | 000,143,632 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.04 20:04:47 | 000,117,988 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.04 19:10:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.04 19:03:50 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.04 19:03:50 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.04 18:31:49 | 000,162,515 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.04.04 18:31:49 | 000,162,515 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.04.04 18:31:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.04 13:10:52 | 000,000,396 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B201204D-6472-4C97-9093-A78196F3E0B9}.job
[2011.04.03 12:10:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.01 20:58:29 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011.04.01 17:57:47 | 000,000,249 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011.04.01 17:14:44 | 3218,284,544 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.31 20:02:56 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.31 19:41:40 | 001,006,778 | ---- | M] () -- C:\Users\marco\Desktop\rkill.com
[2011.03.31 19:18:39 | 000,002,991 | ---- | M] () -- C:\Windows\lsrslt.ini
[2011.03.31 19:14:25 | 000,000,896 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2011.03.31 18:26:40 | 000,000,120 | ---- | M] () -- C:\Users\marco\AppData\Local\Cmabifeme.dat
[2011.03.31 18:26:40 | 000,000,000 | ---- | M] () -- C:\Users\marco\AppData\Local\Ctejuregadagaku.bin
[2011.03.29 06:47:21 | 000,007,592 | ---- | M] () -- C:\Users\marco\AppData\Local\d3d9caps.dat
[2011.03.26 17:54:10 | 000,004,182 | ---- | M] () -- C:\Users\marco\Documents\Ihre Bestellung bei  eventim_de, Bestellnummer 383251722.eml
[2011.03.24 17:04:36 | 001,153,312 | ---- | M] () -- C:\Users\marco\Desktop\IMG_3878.JPG
[2011.03.24 17:04:22 | 000,701,869 | ---- | M] () -- C:\Users\marco\Desktop\IMG_3877.JPG
[2011.03.24 17:04:02 | 000,757,116 | ---- | M] () -- C:\Users\marco\Desktop\IMG_3876.JPG
[2011.03.20 11:53:11 | 000,104,878 | ---- | M] () -- C:\Users\marco\Desktop\reifenfreigabe.pdf
[2011.03.16 19:10:32 | 000,002,591 | ---- | M] () -- C:\Users\marco\Desktop\Microsoft Office Word 2007.lnk
[2011.03.15 21:02:22 | 000,004,126 | ---- | M] () -- C:\Users\marco\ESt2010_Dillner_Nicolai.elfo
[2011.03.15 20:55:25 | 000,000,883 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular - Screenreadermodus.lnk
[2011.03.15 20:55:25 | 000,000,839 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2011.03.09 20:33:16 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.03.09 20:33:16 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.03.09 20:33:16 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.03.09 20:33:16 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.02.28 08:36:50 | 000,024,389 | ---- | M] () -- C:\Users\marco\Desktop\INFBMA7.pdf
[2011.02.28 08:35:20 | 000,027,236 | ---- | M] () -- C:\Users\marco\Desktop\Meisterbogen.pdf
[2011.02.26 15:14:56 | 000,906,554 | ---- | M] () -- C:\Users\marco\Desktop\26022011097.jpg
[2011.02.24 16:30:29 | 000,033,553 | ---- | M] () -- C:\Windows\WINBAU.INI
[2011.02.23 12:21:03 | 000,082,416 | ---- | M] () -- C:\Users\marco\Desktop\meister_maurer_vz_info.pdf
[2011.02.07 09:06:53 | 000,125,440 | ---- | M] () -- C:\Users\marco\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.07 08:52:33 | 000,000,901 | ---- | M] () -- C:\Users\Public\Desktop\MWM-Libero.lnk
[2011.02.02 18:11:20 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011.01.28 14:59:20 | 000,011,939 | -HS- | M] () -- C:\Users\marco\Desktop\Folder.jpg
[2011.01.28 14:59:20 | 000,003,030 | -HS- | M] () -- C:\Users\marco\Desktop\AlbumArtSmall.jpg
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.12.14 19:49:49 | 000,491,480 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.14 18:42:09 | 000,002,056 | ---- | M] () -- C:\Users\Public\Desktop\BlackBerry Desktop.lnk
[2010.12.14 18:30:48 | 000,000,256 | ---- | M] () -- C:\Windows\System32\pool.bin
[2010.12.13 23:44:55 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\Desktop Manager.lnk
[2010.11.07 13:40:30 | 000,000,992 | ---- | M] () -- C:\Users\marco\Desktop\DVDVideoSoft Free Studio.lnk
[2010.11.03 16:36:36 | 000,000,391 | ---- | M] () -- C:\Windows\COVERE~1.INI
[2010.10.10 13:22:40 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010.10.09 10:34:02 | 000,015,348 | ---- | M] () -- C:\Windows\marco.acl
[2010.09.15 12:16:34 | 004,202,496 | ---- | M] () -- C:\ffastunT.ffl
[2010.09.15 09:13:46 | 001,187,840 | -H-- | M] () -- C:\ffastun.ffo
[2010.09.15 09:13:46 | 000,005,161 | -H-- | M] () -- C:\ffastun.ffa
[2010.09.15 09:13:44 | 011,304,960 | -H-- | M] () -- C:\ffastun0.ffx
[2010.09.15 09:13:44 | 004,202,496 | -H-- | M] () -- C:\ffastun.ffl
[2010.09.08 11:21:23 | 000,227,432 | ---- | M] () -- C:\Program Files\Winbau.isu
[2010.09.01 21:32:49 | 000,165,592 | ---- | M] () -- C:\Windows\System32\LexFiles.ulf
[2010.08.16 10:50:13 | 000,000,857 | ---- | M] () -- C:\Users\Public\Desktop\Lexmark Productivity Studio - 5600-6600 Series.LNK
[2010.08.11 13:44:12 | 000,507,904 | R--- | M] (Broadcom Corporation.) -- C:\Windows\System32\btwapi.dll
[2010.08.10 11:52:49 | 003,063,561 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\MobileTV.exe
[2010.08.10 11:52:48 | 002,989,660 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\DVD.exe
[2010.08.10 11:52:47 | 002,864,396 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\MPV.exe
[2010.08.10 11:52:46 | 002,331,174 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\Karaoke.exe
[2010.08.10 11:52:46 | 002,231,606 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\Games.exe
[2010.07.26 22:03:55 | 000,001,175 | ---- | M] () -- C:\Users\marco\Desktop\Free YouTube to MP3 Converter.lnk
[2010.06.26 08:03:22 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.06.26 08:03:02 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.06.26 08:03:02 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.06.26 08:02:31 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.06.26 08:02:26 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.06.26 08:02:15 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.06.26 08:02:15 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.06.26 08:02:15 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.06.26 08:02:14 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.06.26 08:02:14 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.06.26 08:02:09 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.06.26 06:25:02 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.06.26 06:24:51 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.06.26 06:24:17 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.06.26 06:23:53 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.06.22 14:57:18 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.06.21 15:18:15 | 002,036,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.06.18 18:43:54 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.06.12 09:14:21 | 000,539,648 | ---- | M] () -- C:\Users\marco\Documents\9027.lbo
[2010.06.12 08:36:27 | 000,208,421 | ---- | M] () -- C:\Windows\Winbau.isu
[2010.06.12 08:30:48 | 000,000,793 | ---- | M] () -- C:\Users\marco\Documents\Meine freigegebenen Ordner.lnk
[2010.06.08 19:00:42 | 003,598,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.06.08 19:00:41 | 003,545,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.05.27 21:16:09 | 000,081,920 | ---- | M] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.05.26 18:16:50 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.05.26 16:25:15 | 000,289,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.05.06 14:05:25 | 000,105,974 | ---- | M] () -- C:\Users\marco\Documents\steuererklärung Nicki.xps
[2010.05.06 13:57:25 | 000,083,423 | ---- | M] () -- C:\Users\marco\Documents\TAXMAN_2010_Dasi.zip
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.03.31 20:02:56 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.31 19:56:42 | 001,006,778 | ---- | C] () -- C:\Users\marco\Desktop\rkill.com
[2011.03.31 19:18:39 | 000,002,991 | ---- | C] () -- C:\Windows\lsrslt.ini
[2011.03.31 19:14:25 | 000,000,896 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2011.03.31 19:14:23 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2011.03.31 19:14:23 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2011.03.31 19:14:23 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2011.03.31 19:14:22 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2011.03.31 18:26:40 | 000,000,120 | ---- | C] () -- C:\Users\marco\AppData\Local\Cmabifeme.dat
[2011.03.31 18:26:40 | 000,000,000 | ---- | C] () -- C:\Users\marco\AppData\Local\Ctejuregadagaku.bin
[2011.03.26 19:24:02 | 001,153,312 | ---- | C] () -- C:\Users\marco\Desktop\IMG_3878.JPG
[2011.03.26 19:24:02 | 000,757,116 | ---- | C] () -- C:\Users\marco\Desktop\IMG_3876.JPG
[2011.03.26 19:24:02 | 000,701,869 | ---- | C] () -- C:\Users\marco\Desktop\IMG_3877.JPG
[2011.03.26 17:54:09 | 000,004,182 | ---- | C] () -- C:\Users\marco\Documents\Ihre Bestellung bei  eventim_de, Bestellnummer 383251722.eml
[2011.03.20 11:53:11 | 000,104,878 | ---- | C] () -- C:\Users\marco\Desktop\reifenfreigabe.pdf
[2011.03.15 21:02:09 | 000,004,126 | ---- | C] () -- C:\Users\marco\ESt2010_Dillner_Nicolai.elfo
[2011.03.15 20:55:25 | 000,000,883 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular - Screenreadermodus.lnk
[2011.03.15 20:55:25 | 000,000,839 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2011.02.28 08:36:50 | 000,024,389 | ---- | C] () -- C:\Users\marco\Desktop\INFBMA7.pdf
[2011.02.28 08:35:20 | 000,027,236 | ---- | C] () -- C:\Users\marco\Desktop\Meisterbogen.pdf
[2011.02.26 21:58:50 | 000,906,554 | ---- | C] () -- C:\Users\marco\Desktop\26022011097.jpg
[2011.02.23 12:21:03 | 000,082,416 | ---- | C] () -- C:\Users\marco\Desktop\meister_maurer_vz_info.pdf
[2010.12.14 18:42:09 | 000,002,056 | ---- | C] () -- C:\Users\Public\Desktop\BlackBerry Desktop.lnk
[2010.12.14 00:04:49 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2010.12.13 23:44:55 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\Desktop Manager.lnk
[2010.11.03 16:36:36 | 000,000,391 | ---- | C] () -- C:\Windows\COVERE~1.INI
[2010.10.10 13:22:40 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010.10.10 13:22:40 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
[2010.10.09 10:34:02 | 000,015,348 | ---- | C] () -- C:\Windows\marco.acl
[2010.09.15 12:16:34 | 004,202,496 | ---- | C] () -- C:\ffastunT.ffl
[2010.09.08 11:21:05 | 000,033,553 | ---- | C] () -- C:\Windows\WINBAU.INI
[2010.09.08 11:21:05 | 000,028,400 | ---- | C] () -- C:\Windows\WBSTART.EXE
[2010.09.08 11:21:05 | 000,004,074 | ---- | C] () -- C:\Windows\FORMULAR.INI
[2010.09.08 11:20:53 | 000,227,432 | ---- | C] () -- C:\Program Files\Winbau.isu
[2010.09.01 21:16:45 | 000,065,632 | ---- | C] () -- C:\Windows\System32\lxduprpr.chm
[2010.09.01 21:16:44 | 000,360,448 | ---- | C] () -- C:\Windows\System32\lxducoin.dll
[2010.09.01 21:14:02 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxduvs.dll
[2010.09.01 21:11:24 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxdurwrd.ini
[2010.08.16 10:50:22 | 001,036,288 | ---- | C] () -- C:\Windows\System32\lxdudrs.dll
[2010.08.16 10:50:22 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxducaps.dll
[2010.08.16 10:50:22 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxducnv4.dll
[2010.08.16 10:50:13 | 000,000,857 | ---- | C] () -- C:\Users\Public\Desktop\Lexmark Productivity Studio - 5600-6600 Series.LNK
[2010.08.16 10:47:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\LXDUinst.dll
[2010.08.16 10:47:55 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdugrd.dll
[2010.08.16 10:47:55 | 000,165,592 | ---- | C] () -- C:\Windows\System32\LexFiles.ulf
[2010.08.16 10:47:55 | 000,001,867 | ---- | C] () -- C:\Windows\System32\lxdu.loc
[2010.07.27 18:38:21 | 000,000,992 | ---- | C] () -- C:\Users\marco\Desktop\DVDVideoSoft Free Studio.lnk
[2010.07.26 22:03:55 | 000,001,175 | ---- | C] () -- C:\Users\marco\Desktop\Free YouTube to MP3 Converter.lnk
[2010.06.12 09:14:19 | 000,539,648 | ---- | C] () -- C:\Users\marco\Documents\9027.lbo
[2010.06.12 08:44:54 | 000,000,901 | ---- | C] () -- C:\Users\Public\Desktop\MWM-Libero.lnk
[2010.06.12 08:36:01 | 000,208,421 | ---- | C] () -- C:\Windows\Winbau.isu
[2010.06.12 07:35:49 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.06.06 10:42:00 | 000,002,591 | ---- | C] () -- C:\Users\marco\Desktop\Microsoft Office Word 2007.lnk
[2010.05.26 20:28:22 | 000,011,939 | -HS- | C] () -- C:\Users\marco\Desktop\Folder.jpg
[2010.05.26 20:28:22 | 000,003,030 | -HS- | C] () -- C:\Users\marco\Desktop\AlbumArtSmall.jpg
[2010.05.06 13:57:22 | 000,083,423 | ---- | C] () -- C:\Users\marco\Documents\TAXMAN_2010_Dasi.zip
[2010.05.06 13:55:46 | 000,105,974 | ---- | C] () -- C:\Users\marco\Documents\steuererklärung Nicki.xps
[2010.04.02 19:46:45 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.02.01 09:42:02 | 000,028,672 | ---- | C] () -- C:\Windows\System32\hlduinst.exe
[2010.02.01 09:42:01 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE
[2010.02.01 09:42:01 | 000,006,836 | ---- | C] () -- C:\Windows\System32\UNWISE.INI
[2009.08.19 16:27:51 | 000,000,022 | ---- | C] () -- C:\Windows\exchng.ini
[2009.08.19 16:27:50 | 000,000,967 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009.08.19 16:27:50 | 000,000,634 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.08.19 16:18:09 | 000,000,082 | ---- | C] () -- C:\Users\marco\AppData\Roaming\wklnhst.dat
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.04.22 00:19:06 | 000,172,173 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009.04.08 15:25:44 | 000,364,544 | ---- | C] () -- C:\Windows\System32\BH_DATA120VC8.dll
[2009.04.08 07:17:48 | 000,057,344 | ---- | C] () -- C:\Windows\System32\FKStampPainter20.dll
[2009.02.24 22:22:51 | 000,000,084 | ---- | C] () -- C:\Windows\System32\USBInfo.ini
[2009.02.24 22:22:50 | 000,001,080 | ---- | C] () -- C:\Windows\System32\NORInfo.ini
[2009.02.23 00:40:25 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.02.02 20:11:40 | 000,208,896 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll
[2009.02.02 20:10:14 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll
[2009.02.02 20:08:36 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll
[2009.02.02 20:08:22 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll
[2008.12.15 20:13:30 | 000,000,554 | ---- | C] () -- C:\Windows\eReg.dat
[2008.11.30 21:13:21 | 000,007,592 | ---- | C] () -- C:\Users\marco\AppData\Local\d3d9caps.dat
[2008.11.19 20:58:33 | 000,000,093 | ---- | C] () -- C:\Users\marco\AppData\Local\fusioncache.dat
[2008.11.16 20:54:45 | 000,000,283 | ---- | C] () -- C:\Windows\game.ini
[2008.11.04 20:38:23 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2008.10.11 22:38:22 | 000,125,440 | ---- | C] () -- C:\Users\marco\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.11 21:09:36 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008.10.11 21:09:36 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.07.08 15:14:34 | 000,667,792 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.07.08 15:14:34 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.07.08 15:14:34 | 000,143,632 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.07.08 15:14:34 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.07.08 06:49:54 | 000,000,428 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat
[2007.05.15 20:06:58 | 000,071,208 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll
[2007.04.27 11:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2007.04.14 16:57:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007.04.14 16:57:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007.04.14 16:57:06 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007.04.14 16:57:04 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007.04.14 16:57:04 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007.04.14 16:57:04 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007.04.14 16:57:04 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007.04.14 16:57:04 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007.04.14 16:57:04 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,491,480 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,628,486 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,117,988 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.04.21 10:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\System32\HtmlHelp.dll
[2006.03.09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[1997.09.04 00:00:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\WRKGADM.EXE
[1997.09.04 00:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\ODBCSTF.DLL
[1997.09.04 00:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\DOCOBJ.DLL
[1997.09.04 00:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\VADE232.DLL
[1997.09.04 00:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL
 
========== Files - Unicode (All) ==========
[2010.11.03 18:07:03 | 000,000,000 | ---D | M](C:\Users\marco\AppData\Roaming\???????sAppData) -- C:\Users\marco\AppData\Roaming\敎潲䍄敔灭慬整sAppData
[2010.11.03 18:07:03 | 000,000,000 | ---D | M](C:\Users\marco\AppData\Roaming\???????sAppData) -- C:\Users\marco\AppData\Roaming\敎潲䍄敔灭慬整sAppData
(C:\Users\marco\AppData\Roaming\???????sAppData) -- C:\Users\marco\AppData\Roaming\敎潲䍄敔灭慬整sAppData
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 1017 bytes -> C:\Users\marco\Documents\Ihre Bestellung bei  eventim_de, Bestellnummer 383251722.eml:OECustomProperty

< End of report >
--- --- ---

cosinus 04.04.2011 20:29
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:CB0AACC9
[2010.11.03 16:36:36 | 000,000,391 | ---- | C] () -- C:\Windows\COVERE~1.INI
[2010.10.09 10:34:02 | 000,015,348 | ---- | M] () -- C:\Windows\marco.acl
[2010.09.15 12:16:34 | 004,202,496 | ---- | M] () -- C:\ffastunT.ffl
[2010.09.15 09:13:46 | 001,187,840 | -H-- | M] () -- C:\ffastun.ffo
[2010.09.15 09:13:46 | 000,005,161 | -H-- | M] () -- C:\ffastun.ffa
[2010.09.15 09:13:44 | 011,304,960 | -H-- | M] () -- C:\ffastun0.ffx
[2010.09.15 09:13:44 | 004,202,496 | -H-- | M] () -- C:\ffastun.ffl
[2010.09.08 11:21:23 | 000,227,432 | ---- | M] () -- C:\Program Files\Winbau.isu
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.10.08 19:32:12 | 000,000,832 | ---- | M] () - C:\Autorun_dll.log -- [ NTFS ]
O33 - MountPoints2\{0d0c7e24-eb26-11de-ba54-001d726a89eb}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe
O33 - MountPoints2\{9621fb91-b40b-11dd-b354-001d726a89eb}\Shell - "" = AutoRun
O33 - MountPoints2\{9621fb91-b40b-11dd-b354-001d726a89eb}\Shell\AutoRun\command - "" = F:\Autorun.exe
O4 - HKCU..\Run: []  File not found
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} -  File not found
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Nicolai88 05.04.2011 20:09
Danke für die Hilfe:singsing:

All processes killed
========== OTL ==========
ADS C:\ProgramData\TEMP:CB0AACC9 deleted successfully.
C:\Windows\COVERE~1.INI moved successfully.
C:\Windows\marco.acl moved successfully.
C:\ffastunT.ffl moved successfully.
C:\ffastun.ffo moved successfully.
C:\ffastun.ffa moved successfully.
C:\ffastun0.ffx moved successfully.
C:\ffastun.ffl moved successfully.
C:\Program Files\Winbau.isu moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
C:\Autorun_dll.log moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d0c7e24-eb26-11de-ba54-001d726a89eb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0d0c7e24-eb26-11de-ba54-001d726a89eb}\ not found.
File G:\InstallTomTomHOME.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9621fb91-b40b-11dd-b354-001d726a89eb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9621fb91-b40b-11dd-b354-001d726a89eb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9621fb91-b40b-11dd-b354-001d726a89eb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9621fb91-b40b-11dd-b354-001d726a89eb}\ not found.
File F:\Autorun.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: marco
->Temp folder emptied: 1250587136 bytes
->Temporary Internet Files folder emptied: 95061355 bytes
->Java cache emptied: 10771 bytes
->FireFox cache emptied: 94331283 bytes
->Google Chrome cache emptied: 120112836 bytes
->Flash cache emptied: 122266 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 194750981 bytes
RecycleBin emptied: 82615319 bytes

Total Files Cleaned = 1.752,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04052011_210028

Files\Folders moved on Reboot...
C:\Users\marco\AppData\Local\Temp\ehmsas.txt moved successfully.
File move failed. C:\Windows\temp\hlktmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus 06.04.2011 08:06
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:20 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131