Virus/ Trojaner: Achtung, aus Sicherheitsgründen wurde ihr System wurde Blockiert!

00Levo · 10.02.2012, 13:11

hi, ok. Schau doch mal bitte oben im ersten Post, den hatte ich nochmal editiert.
Hab hab da die extras.txt und die OTL.txt gepostet, hab die mit den einstellungen benutze Safelist, lop Prüfung, Purityprüfung und Minimal-Ausgabe versehen und bin dann auf scan.

00Levo · 10.02.2012, 13:32

Sooo, jetzt habe ich einen Quickscan ohne script gemacht, Otl lieferte mir aber nur eine OTL.txt :OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 10.02.2012 13:17:54 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\***\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,38 Gb Available Physical Memory | 79,35% Memory free
5,99 Gb Paging File | 5,56 Gb Available in Paging File | 92,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 208,67 Gb Total Space | 83,61 Gb Free Space | 40,07% Space Free | Partition Type: NTFS
Drive D: | 8,96 Gb Total Space | 1,64 Gb Free Space | 18,33% Space Free | Partition Type: NTFS
Drive F: | 80,46 Gb Total Space | 0,01 Gb Free Space | 0,01% Space Free | Partition Type: NTFS
 
Computer Name: LEVENT-PC | User Name: **** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Lavasoft\Ad-Aware\AWSC.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\WinRAR\RarExt.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (PassThru Service) -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe (IDT, Inc.)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe (Andrea Electronics Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (hpdskflt) -- C:\Windows\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Company)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (htcnprot) -- C:\Windows\System32\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (NETw5s32) Intel(R) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation)
DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (iscFlash) -- C:\SwSetup\sp45138\iscflash.sys (Insyde Software)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3A 9D 9E 1C C8 79 CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: optout@google.com:1.2
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.91
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.07.24 23:49:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.07 11:17:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.30 14:46:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.10.05 13:52:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.07.24 23:49:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Levent\AppData\Roaming\5049 [2011.11.24 22:01:09 | 000,000,000 | ---D | M]
 
[2009.11.01 03:19:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Levent\AppData\Roaming\mozilla\Extensions
[2012.02.02 11:37:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Levent\AppData\Roaming\mozilla\Firefox\Profiles\w326u7lg.default\extensions
[2010.07.29 11:14:41 | 000,000,000 | ---D | M] (Vista-aero) -- C:\Users\Levent\AppData\Roaming\mozilla\Firefox\Profiles\w326u7lg.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2011.05.11 15:14:04 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Levent\AppData\Roaming\mozilla\Firefox\Profiles\w326u7lg.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.07.29 11:14:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Levent\AppData\Roaming\mozilla\Firefox\Profiles\w326u7lg.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\extensions
[2009.12.14 19:44:24 | 000,000,881 | ---- | M] () -- C:\Users\Levent\AppData\Roaming\Mozilla\Firefox\Profiles\w326u7lg.default\searchplugins\conduit.xml
[2011.11.28 09:59:19 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.02.07 11:17:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.01.25 12:31:01 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.25 12:31:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.01.25 12:31:01 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.25 12:31:01 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.25 12:31:01 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.25 12:31:01 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BirdieSync] C:\Program Files\BirdieSync\BirdieSync.exe -minimized File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [ffdwnd] C:\Users\Levent\AppData\Local\Mozilla\Firefox\firefox.exe (3M Touch Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Levent\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0476C070-8C54-4BA1-BC8A-01B5239D1834}: DhcpNameServer = 83.169.185.33 83.169.185.97
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE645EF4-62CF-4BFA-87D9-F4B8368AADE2}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5F57D52-58C4-4398-99F5-0F7033875227}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{03d7ff4b-c689-11de-b3b9-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{03d7ff4b-c689-11de-b3b9-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.10 11:40:37 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Levent\Desktop\OTL.exe
[2012.02.10 10:45:41 | 000,607,260 | ---- | C] (Swearware) -- C:\Users\Levent\Desktop\dds.com
[2012.02.08 23:01:49 | 000,000,000 | ---D | C] -- C:\Users\Levent\AppData\Roaming\Malwarebytes
[2012.02.08 23:00:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.08 23:00:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.08 23:00:57 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.02.08 23:00:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.02.08 22:59:46 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Levent\Desktop\mbam-setup-1.60.1.1000.exe
[2012.02.08 22:30:44 | 000,000,000 | ---D | C] -- C:\Users\Levent\AppData\Roaming\Avira
[2012.02.08 22:25:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.02.08 22:25:37 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.02.08 22:25:36 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.02.08 22:25:36 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.02.08 22:25:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.02.08 22:25:34 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.02.01 17:10:47 | 000,000,000 | ---D | C] -- C:\Users\Levent\AppData\Roaming\BirdieSync
[2012.02.01 17:10:22 | 000,000,000 | ---D | C] -- C:\Program Files\BirdieSync
[2012.02.01 17:09:50 | 022,903,477 | ---- | C] (Callicia) -- C:\Users\Levent\Desktop\BirdieSyncSetup.exe
[2012.02.01 15:33:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.02.01 15:32:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.02.01 15:32:27 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.01.24 14:38:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012.01.24 14:37:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012.01.24 14:34:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2012.01.24 14:34:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012.01.15 13:11:20 | 000,000,000 | ---D | C] -- C:\Users\Levent\Desktop\104_PANA
[1 C:\Users\Levent\AppData\Roaming\*.tmp files -> C:\Users\Levent\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.10 12:29:07 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.02.10 12:28:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.10 12:28:54 | 2413,719,552 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.10 11:40:39 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Levent\Desktop\OTL.exe
[2012.02.10 10:45:43 | 000,607,260 | ---- | M] (Swearware) -- C:\Users\Levent\Desktop\dds.com
[2012.02.10 10:42:12 | 000,000,000 | ---- | M] () -- C:\Users\Levent\defogger_reenable
[2012.02.10 10:40:16 | 000,050,477 | ---- | M] () -- C:\Users\Levent\Desktop\Defogger.exe
[2012.02.08 23:25:34 | 000,013,536 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.08 23:25:34 | 000,013,536 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.08 23:00:59 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.08 22:59:51 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Levent\Desktop\mbam-setup-1.60.1.1000.exe
[2012.02.08 22:37:31 | 012,410,880 | ---- | M] () -- C:\Users\Levent\Desktop\Ad-Aware96Install.msi
[2012.02.08 22:25:51 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.02.08 22:17:39 | 087,262,320 | ---- | M] () -- C:\Users\Levent\Desktop\avira_free_antivirus_de.exe
[2012.02.07 23:51:55 | 289,795,796 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.02.02 11:13:42 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012.02.02 11:13:42 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012.02.01 17:09:59 | 022,903,477 | ---- | M] (Callicia) -- C:\Users\Levent\Desktop\BirdieSyncSetup.exe
[2012.02.01 15:33:06 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.02.01 15:30:46 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.01 15:30:46 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.01 15:30:46 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.01 15:30:46 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.30 14:46:57 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.01.25 10:16:04 | 000,430,560 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.01.24 16:17:47 | 002,779,126 | ---- | M] () -- C:\Users\Levent\Desktop\Bewerbung Levent Tümkaya.pdf
[1 C:\Users\Levent\AppData\Roaming\*.tmp files -> C:\Users\Levent\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.10 10:42:12 | 000,000,000 | ---- | C] () -- C:\Users\Levent\defogger_reenable
[2012.02.10 10:40:15 | 000,050,477 | ---- | C] () -- C:\Users\Levent\Desktop\Defogger.exe
[2012.02.10 10:21:17 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.02.08 23:00:59 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.08 22:37:07 | 012,410,880 | ---- | C] () -- C:\Users\Levent\Desktop\Ad-Aware96Install.msi
[2012.02.08 22:25:51 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.02.08 22:16:32 | 087,262,320 | ---- | C] () -- C:\Users\Levent\Desktop\avira_free_antivirus_de.exe
[2012.02.08 22:10:39 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2012.02.01 15:33:06 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.01.30 14:46:57 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012.01.30 14:46:57 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.01.24 16:13:13 | 002,779,126 | ---- | C] () -- C:\Users\Levent\Desktop\Bewerbung Levent Tümkaya.pdf
[2011.09.06 23:21:54 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.09.06 23:21:54 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011.07.29 12:51:21 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
[2011.07.24 23:45:24 | 000,245,199 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011.07.24 23:45:24 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2010.08.07 11:39:25 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2009.07.14 09:47:43 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,430,560 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.03.09 08:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
 
========== LOP Check ==========
 
[2011.11.24 22:01:09 | 000,000,000 | ---D | M] -- C:\Users\Levent\AppData\Roaming\5049
[2012.02.01 17:17:28 | 000,000,000 | ---D | M] -- C:\Users\Levent\AppData\Roaming\BirdieSync
[2011.09.04 11:42:27 | 000,000,000 | ---D | M] -- C:\Users\Levent\AppData\Roaming\DVDVideoSoft
[2011.04.14 13:51:38 | 000,000,000 | ---D | M] -- C:\Users\Levent\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.03.16 23:05:09 | 000,000,000 | ---D | M] -- C:\Users\Levent\AppData\Roaming\FreeFLVConverter
[2011.10.05 14:33:46 | 000,000,000 | ---D | M] -- C:\Users\Levent\AppData\Roaming\HTC
[2011.01.13 20:41:59 | 000,000,000 | ---D | M] -- C:\Users\Levent\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011.09.15 23:40:13 | 000,000,000 | ---D | M] -- C:\Users\Levent\AppData\Roaming\ICQ
[2011.11.24 22:00:40 | 000,000,000 | ---D | M] -- C:\Users\Levent\AppData\Roaming\kock
[2009.11.24 00:14:05 | 000,000,000 | ---D | M] -- C:\Users\Levent\AppData\Roaming\OpenOffice.org
[2011.10.05 14:42:45 | 000,000,000 | ---D | M] -- C:\Users\Levent\AppData\Roaming\Outlook
[2011.10.05 13:52:25 | 000,000,000 | ---D | M] -- C:\Users\Levent\AppData\Roaming\Thunderbird
[2010.01.24 22:37:46 | 000,000,000 | ---D | M] -- C:\Users\Levent\AppData\Roaming\TS3Client
[2011.11.24 22:06:10 | 000,000,000 | ---D | M] -- C:\Users\Levent\AppData\Roaming\UAs
[2011.07.21 22:55:00 | 000,000,000 | ---D | M] -- C:\Users\Levent\AppData\Roaming\Windows Live Writer
[2011.11.24 22:06:51 | 000,000,000 | ---D | M] -- C:\Users\Levent\AppData\Roaming\xmldm
[2012.02.10 12:29:07 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2012.01.30 13:34:56 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

00Levo · 14.02.2012, 13:06

Hallo, kann ich vielleicht auch einfach den Rechner platt machen und Windows neu installieren ? Die frage dabei ist nur ob ich wichtige exel und word Dokumente, ein paar Bilder und Musik vom abgesicherten Modus aus auf dvds brennen kann ohne das ich den trojaner damit weiter gebe ?
Vielen Dank !

Virus/ Trojaner: Achtung, aus Sicherheitsgründen wurde ihr System wurde Blockiert!

Plagegeister aller Art und deren Bekämpfung: Virus/ Trojaner: Achtung, aus Sicherheitsgründen wurde ihr System wurde Blockiert!