Ebenfalls ein Problem mit TR/AGENT.GX.361
Hallo Zusammen!
Zwar wurde vor kurzem ein ähnliches Thread geöffnet, aber der Poster hat auf die Anweisung noch nicht reagiert. Daher mache ich dass jetzt mal...
Also seit mehreren Tagen meldet sich mein aktueller AntiVir regelmäßig alle 10 Minuten mit folgender Meldung:
C:WINDOWS\Temp\*****.tmp\svchost.exe
Ist das Trojanische Pferd TR/AGENT.GX.361
Die Datei lässt sich aber nicht löschen oder in die Quarantäne verschieben.
Darüber hinaus gehen im Mozilla ständig neue Fenster auf und die Googlesuche wird manipuliert... (Wenn man das Suchergebnis anklickt kommt man immer auf irgendwelche suspekten Seiten) - CCleaner habe ich wie beschrieben über das System laufen lassen (Auch Reg gecleant)
- Malewarebytes habe ich wie beschrieben über das System laufen lassen
und die Logfile ist hier:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4198
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904
16.06.2010 18:51:40
mbam-log-2010-06-16 (18-51-40).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 127187
Laufzeit: 5 Minute(n), 29 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden) - OTL habe ich wie beschrieben über das System laufen lassen
und die Logfile ist hier:
OTL Logfile: Code:
OTL logfile created on: 16.06.2010 19:32:15 - Run 2
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\HSG\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 10,44 Gb Free Space | 7,24% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 21,98 Gb Free Space | 15,26% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HSG-PC
Current User Name: HSG
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Users\HSG\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Update\1.2.183.27\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Lexmark S300-S400 Series\ezprint.exe ()
PRC - C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe ()
PRC - C:\Windows\System32\lxeacoms.exe ( )
PRC - C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe (Mediafour Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe (Mediafour Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics)
PRC - C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe (T-Mobile)
PRC - C:\Program Files\T-Mobile\web'n'walk Manager\GtDetectSc.exe (Option)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
========== Modules (SafeList) ==========
MOD - C:\Users\HSG\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\BtMmHook.dll (Broadcom Corporation.)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\rswin_3697.dll ()
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (lxea_device) -- C:\Windows\System32\lxeacoms.exe ( )
SRV - (lxeaCATSCustConnectService) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxeaserv.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (MacDrive8Service) -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe (Mediafour Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (Samsung Update Plus) -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (GtDetectSc) -- C:\Program Files\T-Mobile\web'n'walk Manager\GtDetectSc.exe (Option)
SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (MDFSYSNT) -- C:\Windows\System32\drivers\MDFSYSNT.SYS (Mediafour Corporation)
DRV - (MDPMGRNT) -- C:\Windows\System32\drivers\MDPMGRNT.SYS (Mediafour Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (volmgrx) -- C:\Windows\System32\drivers\volmgrx.sys ()
DRV - (VMC302) -- C:\Windows\VMC302 [2009.03.16 03:08:50 | 000,000,000 | ---D | M]
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (VMC326) -- C:\Windows\System32\drivers\VMC326.sys (Vimicro Corporation)
DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (GT72NDISIPXP) -- C:\Windows\System32\drivers\Gt51Ip.sys (Option NV)
DRV - (GT72UBUS) -- C:\Windows\System32\drivers\gt72ubus.sys (Option N.V.)
DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)
DRV - (GTPTSER) -- C:\Windows\System32\drivers\gtptser.sys (Option N.V.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\agrsm.sys (Agere Systems)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.06 09:38:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.21 06:03:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.05.30 11:08:23 | 000,000,000 | ---D | M]
[2009.06.25 10:15:44 | 000,000,000 | ---D | M] -- C:\Users\HSG\AppData\Roaming\mozilla\Extensions
[2010.06.16 06:33:38 | 000,000,000 | ---D | M] -- C:\Users\HSG\AppData\Roaming\mozilla\Firefox\Profiles\zpmdc86i.default\extensions
[2009.08.08 19:35:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\HSG\AppData\Roaming\mozilla\Firefox\Profiles\zpmdc86i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.14 18:39:24 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\HSG\AppData\Roaming\mozilla\Firefox\Profiles\zpmdc86i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.04.29 21:20:05 | 000,002,555 | ---- | M] () -- C:\Users\HSG\AppData\Roaming\Mozilla\FireFox\Profiles\zpmdc86i.default\searchplugins\askcom.xml
[2010.06.16 06:33:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.04.05 00:24:15 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.05 00:24:15 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.05 00:24:15 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.05 00:24:15 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.05 00:24:16 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.11.16 23:01:57 | 000,002,089 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 hxxp://www.adobeereg.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 192.150.18.108
O1 - Hosts: 127.0.0.1 activate.adobe.com:443
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 192.150.18.108
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 15 more lines...
O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark S300-S400 Series\ezprint.exe ()
O4 - HKLM..\Run: [Getting started with MacDrive 8] C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe (Mediafour Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [lxeamon.exe] C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe ()
O4 - HKLM..\Run: [MacDrive 8 application] C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe (Mediafour Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://hsg.ilohost.com/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {B7039D87-D648-4431-BA87-C3A04E6111DA} https://92-51-163-7.kundenadmin.hosteurope.de:8443/vz/ssh/wodTelnetDLX.cab (wodTelnetDLX Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Sec\Wallpapers\Wallpaper2.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Sec\Wallpapers\Wallpaper2.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{becc049b-60eb-11de-9bae-001377f35c50}\Shell - "" = AutoRun
O33 - MountPoints2\{becc049b-60eb-11de-9bae-001377f35c50}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O33 - MountPoints2\{d279bf7b-cb47-11de-95f4-001377f35c50}\Shell\AutoRun\command - "" = USBStarter.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010.06.16 18:53:35 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.06.16 18:53:34 | 000,000,000 | ---D | C] -- C:\rsit
[2010.06.15 06:27:13 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\HSG\Desktop\OTL.exe
[2010.06.12 12:04:50 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\HSG\Desktop\mbam-setup-1.46.exe
[2010.06.11 06:58:09 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010.06.11 05:52:52 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.06.10 21:54:21 | 000,000,000 | ---D | C] -- C:\Users\HSG\Desktop\2010-05-14 Mallorca SB
[2010.06.10 21:52:54 | 000,000,000 | ---D | C] -- C:\Users\HSG\Desktop\2010-05-14 Mallorca KB
[2010.06.10 21:50:44 | 000,000,000 | ---D | C] -- C:\Users\HSG\Desktop\2010-05-14 Mallorca FF
[2010.06.10 21:48:26 | 000,000,000 | ---D | C] -- C:\Users\HSG\Desktop\2010-05-08 Mallorca NH
[2010.06.04 11:43:44 | 000,000,000 | ---D | C] -- C:\Users\HSG\Desktop\Geschenke
[2010.06.04 04:14:42 | 000,000,000 | ---D | C] -- C:\Users\HSG\Desktop\MAC_iTunes_Scripts
[2010.05.30 19:52:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Lexmark S300-S400 Series
[2010.05.30 19:52:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Ezprint
[2010.05.30 19:33:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Lx_cats
[2010.05.30 19:27:20 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\lxeacoin.dll
[2010.05.30 19:27:15 | 000,983,121 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lxk_gf.dll
[2010.05.30 19:25:12 | 000,000,000 | ---D | C] -- C:\Program Files\Abbyy FineReader 6.0 Sprint
[2010.05.30 19:25:01 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Tools for Office
[2010.05.30 19:24:57 | 000,372,736 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\LXEAwupd.dll
[2010.05.30 19:24:57 | 000,213,672 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\LXEAwupd.exe
[2010.05.30 19:24:35 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark
[2010.05.30 19:24:29 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Toolbar
[2010.05.30 19:24:25 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Printable Web
[2010.05.30 19:24:06 | 001,048,576 | ---- | C] ( ) -- C:\Windows\System32\lxeaserv.dll
[2010.05.30 19:24:06 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\lxeausb1.dll
[2010.05.30 19:24:06 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxeapmui.dll
[2010.05.30 19:24:06 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxealmpm.dll
[2010.05.30 19:24:06 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxeainpa.dll
[2010.05.30 19:24:06 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\LXEAhcp.dll
[2010.05.30 19:24:06 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\lxeaiesc.dll
[2010.05.30 19:24:05 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lxeacomc.dll
[2010.05.30 19:24:05 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\lxeahbn3.dll
[2010.05.30 19:24:05 | 000,598,696 | ---- | C] ( ) -- C:\Windows\System32\lxeacoms.exe
[2010.05.30 19:24:05 | 000,373,416 | ---- | C] ( ) -- C:\Windows\System32\lxeacfg.exe
[2010.05.30 19:24:05 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\lxeacomm.dll
[2010.05.30 19:24:05 | 000,324,264 | ---- | C] ( ) -- C:\Windows\System32\lxeaih.exe
[2010.05.30 19:24:05 | 000,086,186 | ---- | C] (Lexmark International) -- C:\Windows\System32\LXEAcfg.dll
[2010.05.30 19:21:57 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark S300-S400 Series
[2010.05.30 16:26:14 | 000,000,000 | ---D | C] -- C:\Users\HSG\Desktop\Vector
[2010.05.30 11:03:28 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010.05.26 19:13:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.05.26 07:06:24 | 000,096,104 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.05.25 21:14:47 | 000,000,000 | ---D | C] -- C:\Users\HSG\AppData\Roaming\Malwarebytes
[2010.05.25 21:14:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.05.25 21:14:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.05.25 21:14:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.05.25 21:14:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.05.25 20:39:41 | 000,000,000 | ---D | C] -- C:\_407225_
[2010.05.25 20:39:40 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010.05.25 20:39:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010.05.25 20:39:29 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010.05.25 19:53:48 | 000,000,000 | ---D | C] -- C:\Users\HSG\AppData\Local\jvnpwsade
[2010.05.24 02:43:22 | 000,000,000 | ---D | C] -- C:\Users\HSG\Desktop\N2010
[2010.05.23 00:23:40 | 000,000,000 | ---D | C] -- C:\Program Files\T-Mobile
[2010.05.21 06:05:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010.05.21 06:05:42 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010.05.21 06:05:42 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.05.21 06:03:04 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010.05.21 05:56:32 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010.05.20 22:59:48 | 000,000,000 | ---D | C] -- C:\Users\HSG\Desktop\HSG
[6 C:\Users\HSG\Desktop\*.tmp files -> C:\Users\HSG\Desktop\*.tmp -> ]
[1 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.06.16 19:31:38 | 004,456,448 | -HS- | M] () -- C:\Users\HSG\NTUSER.DAT
[2010.06.16 19:18:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.16 19:10:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2174544188-3004431551-2931290358-1003UA.job
[2010.06.16 18:09:51 | 000,074,240 | ---- | M] () -- C:\Users\HSG\Desktop\VorläufigeTermine HSG Koch...xls
[2010.06.16 18:09:39 | 000,087,040 | ---- | M] () -- C:\Users\HSG\Desktop\BWOL 10-11 F Kennzifferzut...doc
[2010.06.16 18:09:13 | 000,049,152 | ---- | M] () -- C:\Users\HSG\Desktop\Vorbereitung HSG Koch.-Ste...xls
[2010.06.16 17:59:47 | 000,824,681 | ---- | M] () -- C:\Users\HSG\Desktop\RSIT.exe
[2010.06.16 17:52:26 | 000,166,295 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.06.16 17:52:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.16 07:18:16 | 000,000,346 | ---- | M] () -- C:\Users\HSG\Desktop\NeueSpieler
[2010.06.16 07:10:00 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2174544188-3004431551-2931290358-1003Core.job
[2010.06.16 06:31:02 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.16 06:31:02 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.16 04:18:00 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.06.16 00:19:18 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7681B4BF-99B0-4B50-A1AD-934BA40098EC}.job
[2010.06.15 22:31:04 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.15 22:30:28 | 3215,572,992 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.15 22:29:57 | 000,524,288 | -HS- | M] () -- C:\Users\HSG\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.06.15 22:29:57 | 000,065,536 | -HS- | M] () -- C:\Users\HSG\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.06.15 22:29:37 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.06.15 22:29:30 | 003,182,338 | -H-- | M] () -- C:\Users\HSG\AppData\Local\IconCache.db
[2010.06.15 20:51:27 | 000,002,150 | ---- | M] () -- C:\Users\HSG\Documents\cc_20100615_205123.reg
[2010.06.15 06:27:12 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\HSG\Desktop\OTL.exe
[2010.06.15 06:23:45 | 000,293,376 | ---- | M] () -- C:\Users\HSG\Desktop\gce6bdv2.exe
[2010.06.13 11:22:37 | 000,043,008 | ---- | M] () -- C:\Users\HSG\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.12 12:36:40 | 000,016,974 | ---- | M] () -- C:\Users\HSG\Desktop\Tabellen_ HVW - ...pdf
[2010.06.12 12:23:04 | 000,038,400 | ---- | M] () -- C:\Users\HSG\Desktop\2010 VL Anmeldung Vorberei...doc
[2010.06.12 12:18:48 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\HSG\Desktop\mbam-setup-1.46.exe
[2010.06.11 06:59:58 | 000,002,032 | ---- | M] () -- C:\Users\HSG\Desktop\Google Chrome.lnk
[2010.06.11 06:57:31 | 000,000,206 | ---- | M] () -- C:\Users\HSG\Documents\cc_20100611_065728.reg
[2010.06.11 06:56:46 | 000,000,498 | ---- | M] () -- C:\Users\HSG\Documents\cc_20100611_065643.reg
[2010.06.11 06:56:24 | 000,003,034 | ---- | M] () -- C:\Users\HSG\Documents\cc_20100611_065622.reg
[2010.06.11 06:55:36 | 000,270,608 | ---- | M] () -- C:\Users\HSG\Documents\cc_20100611_065513.reg
[2010.06.11 05:52:53 | 000,001,630 | ---- | M] () -- C:\Users\HSG\Desktop\CCleaner.lnk
[2010.06.10 06:52:45 | 002,013,794 | ---- | M] () -- C:\Users\HSG\Desktop\DSC03099_3.jpg
[2010.06.10 06:50:21 | 001,922,905 | ---- | M] () -- C:\Users\HSG\Desktop\DSC03099.JPG
[2010.06.10 06:48:38 | 001,650,811 | ---- | M] () -- C:\Users\HSG\Desktop\DSC02991_2.jpg
[2010.06.10 06:48:18 | 016,523,080 | ---- | M] () -- C:\Users\HSG\Desktop\DSC02991_2.psd
[2010.06.10 06:32:39 | 019,336,289 | ---- | M] () -- C:\Users\HSG\Desktop\DSC03099_2.psd
[2010.06.10 06:21:23 | 002,137,190 | ---- | M] () -- C:\Users\HSG\Desktop\DSC03099_2.jpg
[2010.06.10 06:11:41 | 000,476,574 | ---- | M] () -- C:\Users\HSG\Desktop\BPF.pdf
[2010.06.09 16:52:33 | 001,404,002 | ---- | M] () -- C:\Users\HSG\Desktop\DSC03100.JPG
[2010.06.09 16:52:00 | 001,439,778 | ---- | M] () -- C:\Users\HSG\Desktop\DSC02991.JPG
[2010.06.07 21:51:39 | 000,166,295 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.06.05 01:59:33 | 000,018,576 | ---- | M] () -- C:\Users\HSG\Desktop\incl123.php
[2010.06.05 01:53:12 | 000,018,622 | ---- | M] () -- C:\Users\HSG\Desktop\incl123
[2010.06.04 12:21:46 | 000,675,412 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.06.04 12:21:46 | 000,633,886 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.06.04 12:21:46 | 000,146,368 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.06.04 12:21:46 | 000,118,772 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.06.04 12:21:45 | 001,566,246 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.06.03 21:04:16 | 000,021,205 | ---- | M] () -- C:\Users\HSG\Desktop\incl123_normal.php
[2010.06.03 09:35:45 | 000,013,312 | ---- | M] () -- C:\Users\HSG\Desktop\Spalierstehen.Sportfest.doc
[2010.06.02 22:43:03 | 000,000,962 | ---- | M] () -- C:\Users\HSG\Desktop\Adobe Photoshop.lnk
[2010.05.30 19:31:57 | 000,210,584 | ---- | M] () -- C:\Windows\System32\LexFiles.ulf
[2010.05.26 20:38:40 | 000,000,394 | ---- | M] () -- C:\Windows\capture.ini
[2010.05.26 07:04:31 | 000,096,104 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.05.26 00:04:16 | 002,718,644 | ---- | M] () -- C:\Users\HSG\Desktop\Handballheft_2010.pdf
[2010.05.25 21:14:43 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.23 00:23:41 | 000,001,049 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\web'n'walk Manager.lnk
[2010.05.23 00:23:41 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\web'n'walk Manager.lnk
[6 C:\Users\HSG\Desktop\*.tmp files -> C:\Users\HSG\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.06.16 18:09:53 | 000,074,240 | ---- | C] () -- C:\Users\HSG\Desktop\VorläufigeTermine HSG Koch...xls
[2010.06.16 18:09:45 | 000,087,040 | ---- | C] () -- C:\Users\HSG\Desktop\BWOL 10-11 F Kennzifferzut...doc
[2010.06.16 18:09:21 | 000,049,152 | ---- | C] () -- C:\Users\HSG\Desktop\Vorbereitung HSG Koch.-Ste...xls
[2010.06.16 17:59:50 | 000,824,681 | ---- | C] () -- C:\Users\HSG\Desktop\RSIT.exe
[2010.06.15 20:51:25 | 000,002,150 | ---- | C] () -- C:\Users\HSG\Documents\cc_20100615_205123.reg
[2010.06.15 06:23:48 | 000,293,376 | ---- | C] () -- C:\Users\HSG\Desktop\gce6bdv2.exe
[2010.06.12 12:36:40 | 000,016,974 | ---- | C] () -- C:\Users\HSG\Desktop\Tabellen_ HVW - ...pdf
[2010.06.12 12:23:04 | 000,038,400 | ---- | C] () -- C:\Users\HSG\Desktop\2010 VL Anmeldung Vorberei...doc
[2010.06.11 06:59:58 | 000,002,032 | ---- | C] () -- C:\Users\HSG\Desktop\Google Chrome.lnk
[2010.06.11 06:59:32 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2174544188-3004431551-2931290358-1003UA.job
[2010.06.11 06:59:32 | 000,001,058 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2174544188-3004431551-2931290358-1003Core.job
[2010.06.11 06:57:30 | 000,000,206 | ---- | C] () -- C:\Users\HSG\Documents\cc_20100611_065728.reg
[2010.06.11 06:56:45 | 000,000,498 | ---- | C] () -- C:\Users\HSG\Documents\cc_20100611_065643.reg
[2010.06.11 06:56:23 | 000,003,034 | ---- | C] () -- C:\Users\HSG\Documents\cc_20100611_065622.reg
[2010.06.11 06:55:16 | 000,270,608 | ---- | C] () -- C:\Users\HSG\Documents\cc_20100611_065513.reg
[2010.06.11 05:52:53 | 000,001,630 | ---- | C] () -- C:\Users\HSG\Desktop\CCleaner.lnk
[2010.06.10 06:52:39 | 002,013,794 | ---- | C] () -- C:\Users\HSG\Desktop\DSC03099_3.jpg
[2010.06.10 06:48:16 | 016,523,080 | ---- | C] () -- C:\Users\HSG\Desktop\DSC02991_2.psd
[2010.06.10 06:35:32 | 001,650,811 | ---- | C] () -- C:\Users\HSG\Desktop\DSC02991_2.jpg
[2010.06.10 06:32:37 | 019,336,289 | ---- | C] () -- C:\Users\HSG\Desktop\DSC03099_2.psd
[2010.06.10 06:18:39 | 002,137,190 | ---- | C] () -- C:\Users\HSG\Desktop\DSC03099_2.jpg
[2010.06.09 16:52:52 | 001,922,905 | ---- | C] () -- C:\Users\HSG\Desktop\DSC03099.JPG
[2010.06.09 16:52:39 | 001,404,002 | ---- | C] () -- C:\Users\HSG\Desktop\DSC03100.JPG
[2010.06.09 16:52:05 | 001,439,778 | ---- | C] () -- C:\Users\HSG\Desktop\DSC02991.JPG
[2010.06.07 06:02:10 | 000,476,574 | ---- | C] () -- C:\Users\HSG\Desktop\BPF.pdf
[2010.06.05 01:54:04 | 000,018,576 | ---- | C] () -- C:\Users\HSG\Desktop\incl123.php
[2010.06.05 01:41:00 | 000,018,622 | ---- | C] () -- C:\Users\HSG\Desktop\incl123
[2010.06.03 21:04:27 | 000,021,205 | ---- | C] () -- C:\Users\HSG\Desktop\incl123_normal.php
[2010.06.03 09:35:51 | 000,013,312 | ---- | C] () -- C:\Users\HSG\Desktop\Spalierstehen.Sportfest.doc
[2010.06.02 22:43:03 | 000,000,962 | ---- | C] () -- C:\Users\HSG\Desktop\Adobe Photoshop.lnk
[2010.06.02 18:49:49 | 000,000,252 | ---- | C] () -- C:\ProgramData\lxea.log
[2010.05.31 19:16:16 | 000,000,346 | ---- | C] () -- C:\Users\HSG\Desktop\NeueSpieler
[2010.05.30 19:52:07 | 000,009,656 | ---- | C] () -- C:\ProgramData\lxeaJSW.log
[2010.05.30 19:52:03 | 000,000,252 | ---- | C] () -- C:\ProgramData\FastPics.log
[2010.05.30 19:27:22 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxeavs.dll
[2010.05.30 19:27:15 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxeagcfg.dll
[2010.05.30 19:27:15 | 000,069,152 | ---- | C] () -- C:\Windows\System32\lxeaprpr.chm
[2010.05.30 19:27:14 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxeacui.dll
[2010.05.30 19:27:14 | 000,110,592 | ---- | C] () -- C:\Windows\System32\lxeacuir.dll
[2010.05.30 19:27:14 | 000,008,694 | ---- | C] () -- C:\Windows\System32\lxeacommuilogo_rtl.bmp
[2010.05.30 19:27:14 | 000,008,694 | ---- | C] () -- C:\Windows\System32\lxeacommuilogo.bmp
[2010.05.30 19:27:13 | 000,006,055 | ---- | C] () -- C:\ProgramData\lxeascan.log
[2010.05.30 19:24:19 | 000,000,044 | -H-- | C] () -- C:\Windows\System32\lxearwrd.ini
[2010.05.30 19:24:07 | 000,210,584 | ---- | C] () -- C:\Windows\System32\LexFiles.ulf
[2010.05.30 19:24:06 | 000,385,024 | ---- | C] () -- C:\Windows\System32\LXEAinst.dll
[2010.05.30 19:24:06 | 000,323,584 | ---- | C] () -- C:\Windows\System32\lxeains.dll
[2010.05.30 19:24:06 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lxeainsb.dll
[2010.05.30 19:24:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\lxeainsr.dll
[2010.05.30 19:24:06 | 000,057,344 | ---- | C] () -- C:\Windows\System32\lxeajswr.dll
[2010.05.30 19:24:05 | 000,253,952 | ---- | C] () -- C:\Windows\System32\lxeacu.dll
[2010.05.30 19:24:05 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxeagrd.dll
[2010.05.30 19:24:05 | 000,090,112 | ---- | C] () -- C:\Windows\System32\lxeacub.dll
[2010.05.30 19:24:05 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxeacur.dll
[2010.05.30 19:24:05 | 000,002,106 | ---- | C] () -- C:\Windows\System32\lxea.loc
[2010.05.30 19:22:05 | 000,000,000 | ---- | C] () -- C:\ProgramData\LxWbGwLog.log
[2010.05.30 19:22:05 | 000,000,000 | ---- | C] () -- C:\ProgramData\cmn_upld.log
[2010.05.30 19:21:59 | 000,000,000 | ---- | C] () -- C:\ProgramData\UpdaterLog.txt
[2010.05.30 19:21:57 | 000,024,064 | ---- | C] () -- C:\Windows\System32\LXEAsmr.dll
[2010.05.30 19:21:56 | 000,299,008 | ---- | C] () -- C:\Windows\System32\LXEAsm.dll
[2010.05.26 20:38:31 | 000,000,394 | ---- | C] () -- C:\Windows\capture.ini
[2010.05.26 00:04:14 | 002,718,644 | ---- | C] () -- C:\Users\HSG\Desktop\Handballheft_2010.pdf
[2010.05.25 21:49:20 | 3215,572,992 | -HS- | C] () -- C:\hiberfil.sys
[2010.05.25 21:14:43 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.23 00:23:41 | 000,001,049 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\web'n'walk Manager.lnk
[2010.05.23 00:23:41 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\web'n'walk Manager.lnk
[2010.01.28 03:09:54 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.12.17 16:53:33 | 000,000,043 | ---- | C] () -- C:\Windows\SCNDRVU.INI
[2009.12.17 16:46:52 | 000,049,152 | ---- | C] () -- C:\Windows\AutoSet.dll
[2009.08.20 12:16:08 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.20 12:15:50 | 000,292,840 | ---- | C] () -- C:\Windows\System32\drivers\volmgrx.sys
[2009.07.27 11:40:47 | 000,001,588 | ---- | C] () -- C:\Windows\debugrcfile.ini
[2009.07.27 11:40:43 | 000,061,440 | ---- | C] () -- C:\Windows\System32\CIUtils.dll
[2009.06.27 11:34:13 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.05.30 02:37:40 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.05.30 02:31:52 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.10.09 13:17:30 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2008.10.09 13:17:30 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2008.10.09 13:01:00 | 000,002,134 | ---- | C] () -- C:\Windows\HotFixList.ini
[2008.10.09 10:55:55 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.09.12 16:21:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2007.09.04 12:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2002.05.16 01:38:40 | 000,091,136 | ---- | C] () -- C:\Windows\System32\mp4fil32.dll
[2002.05.04 15:19:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\avisynthEx.dll
[2002.04.21 20:30:14 | 000,151,552 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2002.04.19 16:23:26 | 000,106,137 | ---- | C] () -- C:\Windows\System32\libpostproc.dll
[2002.04.19 15:51:04 | 000,211,760 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2002.04.02 00:16:30 | 000,454,656 | ---- | C] () -- C:\Windows\System32\VorbisEnc.dll
[2002.04.02 00:16:14 | 000,118,784 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2002.04.02 00:15:40 | 000,011,264 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2001.11.14 05:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001.06.22 13:06:02 | 000,167,936 | ---- | C] () -- C:\Windows\System32\MPEG2DEC.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >
--- --- ---
BITTE BITTE HELFT MIR!!!
ICH WERDE NOCH ZUM HIRSCH MIT DER DAUERNDEN MELDUNG! :killpc: |
