Festplatte beschädigt Das System hat mit einem oder mehreren installierten...

flirtchecker · 21.04.2011, 18:30

Hallo Leute,

ich bekam vorhin folgende Fehlermeldung:

Ich habe vorhin eine Virenmeldung von antivir gekriegt. Dann habe ich auf Virus entfernen geklickt und nichts passierte. Dann kam die Meldung: "Festplatte beschädigt Das System hat mit einem oder mehreren installierten
IDE/SATA Festplatten erkannt. Es wird empfohlen, das System neu zu starten."

Doch bevor ich den Neustart gemacht habe, hab ich erst mal einen Scan mit "Malwarebytes" gemacht:

Hier der Log:

Zitat:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6414

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

21.04.2011 19:19:29
mbam-log-2011-04-21 (19-19-29).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 153589
Laufzeit: 5 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
c:\Users\Dirk\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\74LHLYZL\about[1].exe (Trojan.FakeAlert) -> 5508 -> Unloaded process successfully.
c:\programdata\uvewqxceajwf.exe (Trojan.FakeAlert) -> 3944 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uvEWQXCeAJwf (Trojan.FakeAlert) -> Value: uvEWQXCeAJwf -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Dirk\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\74LHLYZL\about[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\uvewqxceajwf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Danach einen Systemscan mit OTL.exe durchgeführt.

Hier das Logfile 1 Extra:

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 21.04.2011 19:24:56 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Dirk\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 37,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 62,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,88 Gb Total Space | 64,46 Gb Free Space | 57,62% Space Free | Partition Type: NTFS
Drive D: | 111,00 Gb Total Space | 78,89 Gb Free Space | 71,07% Space Free | Partition Type: NTFS
 
Computer Name: DIRK-PC | User Name: Dirk | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2FA22B8A-3614-4623-98AC-2B25D3E27A01}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{FD9135EE-5285-4DB6-8737-84833004288A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{009C3EAB-FFDA-4E15-AB16-BE8FF09A187F}" = protocol=6 | dir=in | app=c:\program files\brother\bradmin light\bradmlight.exe | 
"{0F74A2AF-B036-4522-8198-BCA5B4768F62}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{266FA905-CF1C-4897-94F9-EE35F8249B70}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{65C61E05-341E-487D-AB93-3A2F1E6659CD}" = protocol=17 | dir=in | app=c:\program files\brother\bradmin light\bradmlight.exe | 
"{AF554E26-FCB4-429F-A906-794A62BC151D}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe | 
"{D0CB004A-659C-4AB8-835F-FF60F6BF6FCE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D958E873-CEF6-4D29-849F-25C2D8D9BF99}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{E2DAEBE4-4209-4FA4-8C35-8B75419850B1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{FC6271C4-8BBE-4DE1-A949-724044D56314}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{28837FD5-7900-46D7-961B-98EBB8E4E59F}C:\homepage maker 7 express\p3appserv\bin\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\homepage maker 7 express\p3appserv\bin\apache\bin\httpd.exe | 
"TCP Query User{5BB9D2F4-91A6-4267-AABD-486A3E046B32}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{684921C1-CBB1-4017-BBF8-9A9B4BACB873}C:\users\dirk\appdata\local\data becker\web to date 7.0\apache\apache.exe" = protocol=6 | dir=in | app=c:\users\dirk\appdata\local\data becker\web to date 7.0\apache\apache.exe | 
"TCP Query User{C95D95E5-A0CE-4716-9BFF-DBE420B2E63B}C:\homepage maker 7 express\p3appserv\bin\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\homepage maker 7 express\p3appserv\bin\mysql\bin\mysqld.exe | 
"UDP Query User{04409905-3773-43A9-B764-4CEE42DF931A}C:\homepage maker 7 express\p3appserv\bin\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\homepage maker 7 express\p3appserv\bin\apache\bin\httpd.exe | 
"UDP Query User{41A0DE4B-A10C-4A95-BA17-2386746F0911}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{B80575CA-11DC-44FF-A08F-6D17A0B82E52}C:\users\dirk\appdata\local\data becker\web to date 7.0\apache\apache.exe" = protocol=17 | dir=in | app=c:\users\dirk\appdata\local\data becker\web to date 7.0\apache\apache.exe | 
"UDP Query User{D292723C-7F51-451F-9465-1701291C1E30}C:\homepage maker 7 express\p3appserv\bin\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\homepage maker 7 express\p3appserv\bin\mysql\bin\mysqld.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5000
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0795AE80-E3AD-C109-D0ED-127454F7947D}" = CCC Help Czech
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09C07EA5-2B33-D6A8-82EE-96E2EFB50933}" = Catalyst Control Center Localization German
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BDD74BD-5919-45DC-8DBD-FD9A7FFBEE7D}" = Catalyst Control Center Localization Czech
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0DA98A0B-E9AA-7D76-9FFB-09666B57B977}" = CCC Help Japanese
"{0E6C1531-9546-4153-9D88-689519385319}" = Haushaltsbuch 5.0
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{113784E4-001C-F3B0-BB12-30301C352D5A}" = CCC Help Chinese Standard
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution II
"{15343122-1A4C-84D1-F14C-19DAD9C3E170}" = Catalyst Control Center Localization Chinese Traditional
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1ABD9408-C1DC-EF1F-40E8-2D9A6531CDA3}" = ATI Catalyst Install Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{230441A3-AEFA-1008-6874-E00CCD863C1B}" = ccc-utility
"{2376F2D7-47F6-7D31-454C-50B3E7B04D79}" = CCC Help English
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{26E0A023-F45C-F529-D820-180FDAFA2CF5}" = Catalyst Control Center Localization French
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39B1744D-0561-20FD-10BC-462349B2CD17}" = Catalyst Control Center Core Implementation
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EA29C6A-F433-2CFA-9343-A30061A31D40}" = Catalyst Control Center Graphics Light
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4818083E-ADDE-37BD-7C86-4B72C7D96692}" = CCC Help Greek
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C4B9522-FD03-D17C-1A00-8EBC02CA5AC2}" = CCC Help French
"{4E271D3B-6105-525A-885D-72330974AABF}" = Catalyst Control Center Localization Spanish
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{535D722D-3CD3-7B2B-0D2A-8205AB81702D}" = Catalyst Control Center Localization Italian
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{583ACB37-3139-562A-6279-0158480F2277}" = Catalyst Control Center Localization Japanese
"{59C4B635-2E5A-1141-C0E5-004FC4D196F4}" = CCC Help Thai
"{5CE3E15C-6E1D-A3FE-2E35-F40E83DDF68D}" = CCC Help German
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5F6A4850-DDBE-DA71-0B73-10170D2A4E55}" = Catalyst Control Center Localization Korean
"{60B08761-8B36-4C10-51DC-C68AEA125612}" = CCC Help Turkish
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{640BBCC1-792B-8FF8-D5FF-EA185F1352BA}" = CCC Help Hungarian
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D69A81D-B087-BFB2-DD8C-EF5FF34FBEC1}" = Catalyst Control Center Localization Norwegian
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E315D6D-0F1C-4C27-920B-807B4F57C8B2}" = Brother MFL-Pro Suite MFC-5890CN
"{6EDE839E-B81A-28F0-5A7D-51A7128A1FD5}" = Catalyst Control Center Localization Greek
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{72F32AF2-2FA3-E6A0-D3D5-047691462436}" = CCC Help Danish
"{733D4DE8-14B8-EF66-CE77-160C0EC92913}" = CCC Help Swedish
"{74641F41-CE39-EA12-CD69-6903FD17544C}" = Catalyst Control Center Localization Turkish
"{74D5CF76-2DA9-7105-0BCB-3ACE774F478A}" = CCC Help Polish
"{76C1FD00-E569-A09E-E128-87B81203F6AA}" = CCC Help Portuguese
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{80574E0C-36A8-7974-0460-8B93A96A601E}" = Catalyst Control Center Graphics Full New
"{81E677EB-392F-FC88-7498-9506248689B4}" = CCC Help Italian
"{82310404-A89C-D870-769F-005031AFFD9B}" = CCC Help Spanish
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{861CD9E0-D0CE-00DA-20F7-DA8869E0954E}" = Catalyst Control Center Graphics Full Existing
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B14B6B8-342F-9556-46CA-D948734245D6}" = Catalyst Control Center Localization Dutch
"{8BF358A1-F53D-FF72-C844-FC4A4CE79B97}" = Catalyst Control Center Localization Hungarian
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90170407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{92C8DAA6-A0FA-DBDE-0464-5BEFAB4AB1B4}" = Catalyst Control Center Localization Chinese Standard
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{997AEC5C-8E66-48A9-5149-E3E03F05710C}" = CCC Help Korean
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A29549FD-65F3-440C-A552-6B8114CF319D}" = Skype Toolbars
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-A70800000002}" = Adobe Reader 7.0.8 - Deutsch
"{AD4CEE8C-0AF0-B4B2-D64B-7CCF70BD60B6}" = Catalyst Control Center Localization Russian
"{AE5906D7-1980-EA3B-711E-4BA92F0B70AA}" = Catalyst Control Center Localization Swedish
"{AF2F91EE-EF88-DB9A-5A0F-6E8B8C8901EA}" = Catalyst Control Center Localization Thai
"{AF97A9E8-155E-25C3-AAC2-377E3C2F8CE1}" = CCC Help Dutch
"{B161098B-279B-399C-63AC-68D1AECA98B8}" = CCC Help Chinese Traditional
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BE52510A-0CC8-EB71-9405-07E2B369526E}" = Catalyst Control Center Localization Portuguese
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C8167567-C053-7355-A2DE-DFD50B5E9F90}" = CCC Help Russian
"{C93F1C40-29E8-1351-3CAB-35DBBA6843F3}" = CCC Help Finnish
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB75941E-30C4-4D97-B000-D17C764B998C}" = Brother BRAdmin Light 1.12
"{DDC49762-9664-28B4-97F3-24DA91618CBC}" = CCC Help Norwegian
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF85F51D-6908-5B09-FA13-5B3376C640E1}" = Skins
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E380FD9E-D9AD-A7FF-2986-6A906836D79E}" = Catalyst Control Center Graphics Previews Vista
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E63BD217-4154-3693-595B-0A6F38C611C1}" = Catalyst Control Center Localization Danish
"{E9EFEA79-C84D-45BA-7037-4DC356790BF8}" = ccc-core-static
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA340E1B-0840-8F61-32CF-7A5A99A2C854}" = Catalyst Control Center Localization Polish
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now
"{FE6D4D2B-154C-1485-81B8-D2F6F5C5CF30}" = Catalyst Control Center Localization Finnish
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"AAA Logo 2009 Business_is1" = AAA Logo 2009 Business Edition 3.0
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"FileZilla Client" = FileZilla Client 3.2.7.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.34.305
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"InstallShield_{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.6.43 (remove only)
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Notepad++" = Notepad++
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"shop to date 7 basic_is1" = DATA BECKER shop to date 7 basic
"SWiSH miniMax4" = SWiSH miniMax4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.18
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 06.04.2011 14:02:05 | Computer Name = Dirk-PC | Source = MsiInstaller | ID = 1024
Description = 
 
Error - 06.04.2011 18:43:41 | Computer Name = Dirk-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 07.04.2011 03:53:08 | Computer Name = Dirk-PC | Source = MsiInstaller | ID = 10005
Description = 
 
Error - 07.04.2011 03:53:08 | Computer Name = Dirk-PC | Source = MsiInstaller | ID = 1024
Description = 
 
Error - 08.04.2011 14:46:24 | Computer Name = Dirk-PC | Source = MsiInstaller | ID = 10005
Description = 
 
Error - 08.04.2011 14:46:24 | Computer Name = Dirk-PC | Source = MsiInstaller | ID = 1024
Description = 
 
Error - 09.04.2011 03:29:06 | Computer Name = Dirk-PC | Source = MsiInstaller | ID = 10005
Description = 
 
Error - 09.04.2011 03:29:06 | Computer Name = Dirk-PC | Source = MsiInstaller | ID = 1024
Description = 
 
Error - 09.04.2011 20:00:19 | Computer Name = Dirk-PC | Source = MsiInstaller | ID = 10005
Description = 
 
Error - 09.04.2011 20:00:19 | Computer Name = Dirk-PC | Source = MsiInstaller | ID = 1024
Description = 
 
[ System Events ]
Error - 19.04.2011 13:39:39 | Computer Name = Dirk-PC | Source = atikmdag | ID = 43034
Description = Unknown EDID version
 
Error - 19.04.2011 13:40:51 | Computer Name = Dirk-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 19.04.2011 13:41:23 | Computer Name = Dirk-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 19.04.2011 13:45:38 | Computer Name = Dirk-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
Error - 19.04.2011 20:02:04 | Computer Name = Dirk-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
Error - 20.04.2011 16:42:44 | Computer Name = Dirk-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 21.04.2011 11:44:24 | Computer Name = Dirk-PC | Source = atikmdag | ID = 43034
Description = Unknown EDID version
 
Error - 21.04.2011 11:45:35 | Computer Name = Dirk-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 21.04.2011 11:46:07 | Computer Name = Dirk-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 21.04.2011 11:50:12 | Computer Name = Dirk-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
 
< End of report >

--- --- ---

und hier Logfile 2 OTL

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 21.04.2011 19:24:56 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Dirk\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 37,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 62,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,88 Gb Total Space | 64,46 Gb Free Space | 57,62% Space Free | Partition Type: NTFS
Drive D: | 111,00 Gb Total Space | 78,89 Gb Free Space | 71,07% Space Free | Partition Type: NTFS
 
Computer Name: DIRK-PC | User Name: Dirk | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Dirk\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
PRC - C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Programme\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics)
PRC - C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Programme\Adobe\Acrobat 7.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Dirk\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (DBService) -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Samsung Update Plus) -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe ()
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (LVUVC) Logitech HD Webcam C270(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (KMWDFILTER) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (NETw2v32) Intel(R) -- C:\Windows\System32\drivers\NETw2v32.sys (Intel® Corporation)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=102869&l=dis&gct=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=MYC-ST&o=102869&locale=de_DE&apn_uid=903e35ca-372e-4b58-a833-a21d8b79efb1&apn_ptnrs=5J&apn_sauid=AEE3FDE9-00A5-4040-8BB1-59E85CA38E3B&apn_dtid=YYYYYYYYDE&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.05 09:49:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.05 09:49:49 | 000,000,000 | ---D | M]
 
[2011.03.13 19:01:16 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Dirk\AppData\Roaming\mozilla\Extensions
[2011.04.20 20:45:53 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions
[2011.04.18 23:52:33 | 000,000,000 | -H-D | M] (Speed Dial) -- C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2011.04.19 19:42:01 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.04.18 23:52:33 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.04.19 19:41:12 | 000,000,000 | -H-D | M] (Adblock Plus) -- C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.04.18 23:52:33 | 000,000,000 | -H-D | M] (Ask Toolbar) -- C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\toolbar@ask.com
[2011.04.01 23:55:07 | 000,002,400 | -H-- | M] () -- C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\95kw893j.default\searchplugins\askcom.xml
[2011.03.13 23:30:17 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.03.13 19:24:03 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.03.13 19:16:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.03.13 23:30:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.03.13 19:16:13 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.03.13 23:30:17 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.03.13 23:13:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.03.03 20:06:04 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.03 20:06:04 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.03 20:06:04 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.03 20:06:04 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.03 20:06:04 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Users\Dirk\Desktop\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Users\Dirk\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoHotStart = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dirk\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Dirk\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Dirk\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.21 19:22:20 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Dirk\Desktop\OTL.exe
[2011.04.21 19:12:19 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Roaming\Malwarebytes
[2011.04.21 19:12:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.21 19:12:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.21 19:12:10 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes
[2011.04.21 19:12:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.04.21 19:12:06 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\Desktop\Malwarebytes' Anti-Malware
[2011.04.20 20:03:17 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Local\{E88AFC47-067F-48A0-AFB7-263FD7B4B687}
[2011.04.19 20:00:28 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Local\{B9136253-0C56-4F7A-982E-64D3E0D345F5}
[2011.04.13 21:33:29 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Local\{053D0404-3485-4441-B6B9-1C655E609D6C}
[2011.04.12 21:22:41 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.04.12 21:22:41 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.04.12 21:22:41 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.12 21:22:40 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.04.12 21:22:40 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.04.12 21:22:40 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.12 21:22:40 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.12 21:22:40 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.04.12 21:22:40 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.04.12 21:22:40 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.04.12 21:22:40 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.04.12 21:22:40 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.04.12 21:22:40 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.04.12 21:22:40 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.04.12 21:22:40 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.04.12 21:22:40 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.04.12 21:22:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.04.12 21:21:13 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.12 21:21:12 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.12 21:03:48 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.12 21:03:47 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.12 21:00:36 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.12 20:59:59 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.12 20:59:21 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.12 20:59:21 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.09 12:46:59 | 000,000,000 | -H-D | C] -- C:\homepage MAKER 7 Express
[2011.04.09 11:52:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DATA BECKER
[2011.04.09 11:52:53 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DATA BECKER Shared
[2011.04.09 11:52:35 | 000,151,552 | ---- | C] (Info-ZIP) -- C:\Windows\System32\w2dzip32.dll
[2011.04.09 11:50:47 | 000,327,680 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\txobj32.dll
[2011.04.09 11:50:47 | 000,290,816 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\Tx4ole.ocx
[2011.04.09 11:50:47 | 000,135,168 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx_htm32.dll
[2011.04.09 11:50:47 | 000,081,920 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\txtls32.dll
[2011.04.09 11:50:47 | 000,069,632 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\ic32.dll
[2011.04.09 11:50:47 | 000,061,440 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\wndtls32.dll
[2011.04.09 11:50:47 | 000,032,768 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx_bmp32.flt
[2011.04.09 11:50:46 | 000,323,584 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx_word.dll
[2011.04.09 11:50:46 | 000,173,304 | ---- | C] (Mabry Software, Inc.) -- C:\Windows\System32\MimeX.dll
[2011.04.09 11:50:46 | 000,152,824 | ---- | C] (Mabry Software, Inc.) -- C:\Windows\System32\EncodeX.dll
[2011.04.09 11:50:46 | 000,148,736 | ---- | C] (Mabry Software, Inc.) -- C:\Windows\System32\FtpX.ocx
[2011.04.09 11:50:46 | 000,144,640 | ---- | C] (Mabry Software, Inc.) -- C:\Windows\System32\PopX.ocx
[2011.04.09 11:50:46 | 000,132,344 | ---- | C] (Mabry Software, Inc.) -- C:\Windows\System32\PopX.dll
[2011.04.09 11:50:46 | 000,131,072 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx_rtf32.dll
[2011.04.09 11:50:46 | 000,099,576 | ---- | C] (Mabry Software, Inc.) -- C:\Windows\System32\MabryObj.dll
[2011.04.09 11:50:46 | 000,045,056 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx_tif32.flt
[2011.04.09 11:50:46 | 000,032,768 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx_wmf32.flt
[2011.04.09 11:50:45 | 000,628,736 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltocx12n.ocx
[2011.04.09 11:50:45 | 000,279,800 | ---- | C] (Mabry Software, Inc.) -- C:\Windows\System32\FtpX.dll
[2011.04.09 11:50:45 | 000,132,360 | ---- | C] (Mabry Software, Inc.) -- C:\Windows\System32\EncodeX.ocx
[2011.04.09 11:50:44 | 000,751,616 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltann12n.dll
[2011.04.09 11:50:44 | 000,406,016 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltkrn12n.dll
[2011.04.09 11:50:44 | 000,328,704 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfcmp12n.dll
[2011.04.09 11:50:44 | 000,259,072 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltdis12n.dll
[2011.04.09 11:50:44 | 000,207,872 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltefx12n.dll
[2011.04.09 11:50:44 | 000,164,864 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltimg12n.dll
[2011.04.09 11:50:44 | 000,132,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinet.ocx
[2011.04.09 11:50:44 | 000,131,072 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltfil12n.DLL
[2011.04.09 11:50:44 | 000,035,840 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lttwn12n.dll
[2011.04.09 11:50:44 | 000,035,328 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfgif12n.dll
[2011.04.09 11:50:44 | 000,030,720 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfbmp12n.dll
[2011.04.09 11:50:44 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetde.dll
[2011.04.09 11:50:43 | 000,647,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscomct2.ocx
[2011.04.09 11:50:43 | 000,260,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msflxgrd.ocx
[2011.04.09 11:50:43 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstdfmt.dll
[2011.04.09 11:50:43 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscc2de.dll
[2011.04.09 11:50:43 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\flxgdde.dll
[2011.04.09 11:50:43 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdlgde.dll
[2011.04.09 11:50:42 | 001,050,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet35.dll
[2011.04.09 11:50:42 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscmcde.dll
[2011.04.09 11:50:41 | 000,415,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl35.dll
[2011.04.09 11:50:41 | 000,252,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd2x35.dll
[2011.04.09 11:50:41 | 000,148,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjint35.dll
[2011.04.09 11:50:41 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vb5db.dll
[2011.04.09 11:50:41 | 000,024,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjter35.dll
[2011.04.09 11:50:20 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\Documents\web to date Projekte
[2011.04.09 11:50:20 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\Documents\Erzeugte Websites
[2011.04.09 11:50:20 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Local\DATA BECKER
[2011.04.09 11:50:20 | 000,000,000 | ---D | C] -- C:\Programme\DATA BECKER
[2011.04.09 11:42:28 | 000,655,872 | -H-- | C] (Nero) -- C:\Users\Dirk\AppData\Local\739290.exe
[2011.04.08 21:00:41 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Local\{9C3F7206-D10A-4E12-8C33-CA2C7721A0CB}
[2011.04.07 22:00:57 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Local\{C2DA3BFA-9DDC-48C5-9602-CD829BBF700D}
[2011.04.07 00:02:54 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Local\{6FEF7AFB-EAEE-40F9-8798-3489C6052EC4}
[2011.04.06 21:08:46 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2011.04.06 21:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2011.04.06 21:08:44 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Roaming\Notepad++
[2011.04.06 21:08:44 | 000,000,000 | ---D | C] -- C:\Programme\Notepad++
[2011.04.05 23:55:36 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Local\{F433E0E4-5820-4818-8083-9956B4F23AE7}
[2011.04.05 00:48:04 | 000,000,000 | -H-D | C] -- C:\TEMP
[2011.04.05 00:44:10 | 000,000,000 | ---D | C] -- C:\Programme\IrfanView
[2011.04.05 00:15:41 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Roaming\SWiSH miniMax4 DEU
[2011.04.05 00:13:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SWiSH miniMax4
[2011.04.05 00:13:31 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\SWiSHzone.com
[2011.04.05 00:13:30 | 000,000,000 | ---D | C] -- C:\Programme\SWiSH miniMax4
[2011.04.03 23:35:26 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Local\{3C6F46B3-7CF9-4354-891B-F319CF37571B}
[2011.04.02 20:58:09 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Local\{7B370B55-88BE-4E3C-9F00-8C29D746403D}
[2011.04.01 19:38:40 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Local\ManyCam
[2011.04.01 19:38:22 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ManyCam
[2011.04.01 19:38:17 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Roaming\ManyCam
[2011.04.01 19:37:55 | 000,000,000 | ---D | C] -- C:\Programme\Ask.com
[2011.04.01 19:37:43 | 000,000,000 | ---D | C] -- C:\Programme\ManyCam
[2011.03.30 22:35:37 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Local\{1053C9CD-F5CD-4798-BE0E-07C9A972E1EA}
[2011.03.30 09:51:08 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\.thumbnails
[2011.03.30 09:48:02 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Roaming\gtk-2.0
[2011.03.30 00:05:51 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\Documents\Haushaltsbuch
[2011.03.30 00:05:51 | 000,000,000 | ---D | C] -- C:\Programme\Euchler Software
[2011.03.29 23:29:54 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Local\{32E4FF1A-82B9-46EE-95BD-CBD87FBAB02C}
[2011.03.28 21:58:32 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\Documents\gegl-0.0
[2011.03.28 21:58:32 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\.gimp-2.6
[2011.03.28 21:58:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP
[2011.03.28 21:57:41 | 000,000,000 | ---D | C] -- C:\Programme\GIMP-2.0
[2011.03.28 21:04:09 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Local\{E621AC36-D6EA-46FB-9E1D-994D9C307D0F}
[2011.03.27 13:10:15 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Local\{BA9FA46B-A7C6-4C01-BE19-FB300B020DFE}
[2011.03.27 01:06:44 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\Documents\Rechnungsdruckerei 2011 PRO
[2011.03.27 00:49:10 | 000,000,000 | -H-D | C] -- C:\ProgramData\DATA BECKER Downloads
[2011.03.27 00:49:07 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Roaming\ProtectDisc
[2011.03.27 00:49:07 | 000,000,000 | ---D | C] -- C:\Programme\ProtectDisc Driver Installer
[2011.03.27 00:48:37 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Rechnungsdruckerei
[2011.03.27 00:48:36 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Software FX Shared
[2011.03.27 00:48:28 | 000,125,712 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6DE.DLL
[2011.03.27 00:11:32 | 000,000,000 | RH-D | C] -- C:\Users\Dirk\AppData\Roaming\Brother
[2011.03.26 23:50:05 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Roaming\PC-FAX TX
[2011.03.26 20:36:52 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Local\{06F3E57E-D860-40CE-B91C-40D5E4240BD9}
[2011.03.25 21:23:41 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Local\{B46AE1EE-4BA7-4FA8-B9D6-3C9DF13E81DD}
[2011.03.24 19:47:19 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Local\{9A8D2082-614A-4AE9-9A3C-8386FCF7CCDC}
[2011.03.24 08:55:32 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Roaming\Adobe Mini Bridge CS5
[2011.03.24 08:55:31 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.03.24 01:17:05 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\Documents\Steuer-Sparbuch
[2011.03.24 00:51:48 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\Documents\Mein Steuer-Sparbuch Heute
[2011.03.24 00:49:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2011
[2011.03.24 00:49:43 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Local\Buhl
[2011.03.24 00:47:35 | 000,000,000 | ---D | C] -- C:\Programme\WISO
[2011.03.24 00:47:08 | 000,000,000 | -H-D | C] -- C:\ProgramData\Buhl Data Service GmbH
[2011.03.24 00:45:51 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Local\Buhl Data Service
[2011.03.24 00:33:56 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Roaming\Nero
[2011.03.24 00:28:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2011.03.24 00:28:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\Nero
[2011.03.24 00:26:30 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Nero
[2011.03.24 00:26:17 | 000,000,000 | ---D | C] -- C:\Programme\Nero
[2011.03.24 00:08:05 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2011.03.24 00:06:22 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2011.03.24 00:04:31 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2011.03.24 00:03:04 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2011.03.24 00:01:28 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2011.03.23 23:59:54 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2011.03.23 21:14:01 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.03.23 21:14:00 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.03.23 21:11:25 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Local\{686738D4-9EC3-4AF8-A314-20E50BB6AD41}
[2011.03.22 23:20:10 | 000,000,000 | -H-D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2011.03.22 23:16:37 | 000,000,000 | ---D | C] -- C:\Programme\Adobe Media Player
[2011.03.22 23:16:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2011.03.22 23:14:58 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe AIR
[2011.03.22 22:14:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AAA Logo 2009
[2011.03.22 22:14:35 | 000,000,000 | ---D | C] -- C:\Programme\AAALOGO2009
[2011.03.22 21:39:01 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Local\{38690457-050D-45EF-BE90-BF9FE9B018F2}
[2006.11.24 07:14:44 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll
[2006.11.24 07:14:44 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.21 19:22:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Dirk\Desktop\OTL.exe
[2011.04.21 19:21:41 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\mcnnhvrj.sys
[2011.04.21 17:44:32 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.21 17:44:32 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.21 17:44:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.21 17:44:23 | 2145,566,720 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.20 22:42:59 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.04.20 22:10:12 | 001,248,479 | -H-- | M] () -- C:\Users\Dirk\Desktop\PICT0798.JPG
[2011.04.18 21:37:01 | 000,000,402 | -H-- | M] () -- C:\Users\Dirk\Desktop\index.htm
[2011.04.18 21:32:44 | 000,166,153 | -H-- | M] () -- C:\Users\Dirk\Desktop\testb1.jpg
[2011.04.17 22:05:56 | 000,146,490 | -H-- | M] () -- C:\Users\Dirk\Desktop\herzle.jpg
[2011.04.17 15:54:04 | 000,000,132 | -H-- | M] () -- C:\Users\Dirk\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.04.17 15:09:08 | 000,000,132 | -H-- | M] () -- C:\Users\Dirk\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011.04.17 15:00:47 | 000,112,780 | -H-- | M] () -- C:\Users\Dirk\Desktop\FF_logo_FFblue.jpg
[2011.04.15 19:54:19 | 000,000,097 | ---- | M] () -- C:\Windows\System32\dmlg.dat
[2011.04.14 23:33:57 | 000,579,384 | -H-- | M] () -- C:\Users\Dirk\Desktop\Darmstadt_Panorama1_72dpi.jpg
[2011.04.14 23:33:57 | 000,307,302 | -H-- | M] () -- C:\Users\Dirk\Desktop\Darmstadt_panorama3_72dpi.jpg
[2011.04.14 23:33:57 | 000,296,683 | -H-- | M] () -- C:\Users\Dirk\Desktop\Darmstadt_Panorama2_72dpi.jpg
[2011.04.14 20:32:39 | 003,786,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.14 00:13:47 | 000,009,741 | -H-- | M] () -- C:\Users\Dirk\.recently-used.xbel
[2011.04.13 22:14:12 | 000,006,656 | -H-- | M] () -- C:\Users\Dirk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.13 21:21:30 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.13 21:21:30 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.13 21:21:30 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.13 21:21:29 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.10 16:41:52 | 000,000,132 | -H-- | M] () -- C:\Users\Dirk\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011.04.10 01:11:12 | 000,026,982 | -H-- | M] () -- C:\Users\Dirk\AppData\Roaming\Dirklog.dat
[2011.04.09 11:42:28 | 000,655,872 | -H-- | M] (Nero) -- C:\Users\Dirk\AppData\Local\739290.exe
[2011.04.05 01:34:15 | 000,001,456 | -H-- | M] () -- C:\Users\Dirk\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011.04.05 01:34:14 | 000,012,048 | -H-- | M] () -- C:\Users\Dirk\Desktop\logo1.gif
[2011.04.05 01:27:33 | 000,077,826 | -H-- | M] () -- C:\Users\Dirk\Desktop\logo1.jpg
[2011.04.05 01:27:14 | 001,271,232 | -H-- | M] () -- C:\Users\Dirk\Desktop\logo1.psd
[2011.04.02 19:08:27 | 026,626,993 | -H-- | M] () -- C:\Users\Dirk\Desktop\IMG_1627.MOV
[2011.03.30 19:35:49 | 000,001,682 | -H-- | M] () -- C:\Users\Dirk\Desktop\iTunes.lnk
[2011.03.28 21:58:25 | 000,000,900 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2011.03.27 01:36:45 | 000,095,542 | -H-- | M] () -- C:\Users\Dirk\Desktop\Unbenannt-1.jpg
[2011.03.27 01:00:35 | 000,033,940 | -H-- | M] () -- C:\Users\Dirk\Desktop\dimendia.jpg
[2011.03.27 00:10:56 | 000,000,425 | -H-- | M] () -- C:\Windows\BRWMARK.INI
[2011.03.27 00:10:56 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI
[2011.03.26 23:50:12 | 000,000,748 | -H-- | M] () -- C:\Windows\Brpfx04a.ini
[2011.03.26 20:53:33 | 002,204,456 | -H-- | M] () -- C:\Users\Dirk\Desktop\IMG_1566sw.jpg
[2011.03.26 20:48:24 | 001,475,432 | -H-- | M] () -- C:\Users\Dirk\Desktop\IMG_1566.JPG
[2011.03.24 00:51:22 | 000,000,080 | ---- | M] () -- C:\Windows\wiso.ini
[2011.03.24 00:51:08 | 000,001,876 | ---- | M] () -- C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2011.lnk
[2011.03.22 22:30:27 | 000,000,656 | -H-- | M] () -- C:\Users\Dirk\Desktop\logo-timo.al8
 
========== Files Created - No Company Name ==========
 
[2011.04.21 19:21:41 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\mcnnhvrj.sys
[2011.04.20 22:09:39 | 001,248,479 | -H-- | C] () -- C:\Users\Dirk\Desktop\PICT0798.JPG
[2011.04.18 21:37:01 | 000,000,402 | -H-- | C] () -- C:\Users\Dirk\Desktop\index.htm
[2011.04.18 21:27:06 | 000,166,153 | -H-- | C] () -- C:\Users\Dirk\Desktop\testb1.jpg
[2011.04.17 22:05:56 | 000,146,490 | -H-- | C] () -- C:\Users\Dirk\Desktop\herzle.jpg
[2011.04.17 15:00:47 | 000,112,780 | -H-- | C] () -- C:\Users\Dirk\Desktop\FF_logo_FFblue.jpg
[2011.04.15 19:54:19 | 000,000,097 | ---- | C] () -- C:\Windows\System32\dmlg.dat
[2011.04.14 23:33:57 | 000,579,384 | -H-- | C] () -- C:\Users\Dirk\Desktop\Darmstadt_Panorama1_72dpi.jpg
[2011.04.14 23:33:57 | 000,307,302 | -H-- | C] () -- C:\Users\Dirk\Desktop\Darmstadt_panorama3_72dpi.jpg
[2011.04.14 23:33:57 | 000,296,683 | -H-- | C] () -- C:\Users\Dirk\Desktop\Darmstadt_Panorama2_72dpi.jpg
[2011.04.14 00:13:47 | 000,009,741 | -H-- | C] () -- C:\Users\Dirk\.recently-used.xbel
[2011.04.10 16:41:52 | 000,000,132 | -H-- | C] () -- C:\Users\Dirk\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011.04.09 11:50:47 | 000,446,464 | ---- | C] () -- C:\Windows\System32\Tx32.dll
[2011.04.09 11:50:47 | 000,000,151 | ---- | C] () -- C:\Windows\System32\ic32.ini
[2011.04.09 11:42:28 | 000,276,992 | -H-- | C] () -- C:\Users\Dirk\AppData\Local\472353.exe
[2011.04.05 01:34:15 | 000,001,456 | -H-- | C] () -- C:\Users\Dirk\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011.04.05 01:34:14 | 000,012,048 | -H-- | C] () -- C:\Users\Dirk\Desktop\logo1.gif
[2011.04.04 10:16:43 | 000,000,132 | -H-- | C] () -- C:\Users\Dirk\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011.04.04 10:01:53 | 000,000,132 | -H-- | C] () -- C:\Users\Dirk\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.04.02 21:39:23 | 026,626,993 | -H-- | C] () -- C:\Users\Dirk\Desktop\IMG_1627.MOV
[2011.03.30 19:35:49 | 000,001,682 | -H-- | C] () -- C:\Users\Dirk\Desktop\iTunes.lnk
[2011.03.30 00:05:53 | 000,001,938 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haushaltsbuch 5.0.lnk
[2011.03.29 23:45:24 | 000,077,826 | -H-- | C] () -- C:\Users\Dirk\Desktop\logo1.jpg
[2011.03.29 23:45:12 | 001,271,232 | -H-- | C] () -- C:\Users\Dirk\Desktop\logo1.psd
[2011.03.28 21:58:25 | 000,000,900 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2011.03.27 01:36:43 | 000,095,542 | -H-- | C] () -- C:\Users\Dirk\Desktop\Unbenannt-1.jpg
[2011.03.27 01:00:35 | 000,033,940 | -H-- | C] () -- C:\Users\Dirk\Desktop\dimendia.jpg
[2011.03.26 20:51:56 | 002,204,456 | -H-- | C] () -- C:\Users\Dirk\Desktop\IMG_1566sw.jpg
[2011.03.26 20:47:21 | 001,475,432 | -H-- | C] () -- C:\Users\Dirk\Desktop\IMG_1566.JPG
[2011.03.24 00:51:19 | 000,000,080 | ---- | C] () -- C:\Windows\wiso.ini
[2011.03.24 00:51:08 | 000,001,876 | ---- | C] () -- C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2011.lnk
[2011.03.24 00:49:33 | 000,006,656 | -H-- | C] () -- C:\Users\Dirk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.22 23:18:52 | 000,001,000 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
[2011.03.22 23:18:02 | 000,000,962 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
[2011.03.22 23:17:39 | 000,001,055 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
[2011.03.22 23:16:04 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
[2011.03.22 23:15:55 | 000,001,308 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2011.03.22 23:15:03 | 000,000,874 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2011.03.22 22:30:26 | 000,000,656 | -H-- | C] () -- C:\Users\Dirk\Desktop\logo-timo.al8
[2011.03.21 21:11:12 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.03.15 00:14:57 | 000,000,748 | -H-- | C] () -- C:\Windows\Brpfx04a.ini
[2011.03.15 00:14:57 | 000,000,093 | -H-- | C] () -- C:\Windows\brpcfx.ini
[2011.03.15 00:14:20 | 000,000,425 | -H-- | C] () -- C:\Windows\BRWMARK.INI
[2011.03.15 00:14:20 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.03.15 00:12:41 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08a.dat
[2011.03.15 00:09:09 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2011.03.15 00:09:09 | 000,000,066 | -H-- | C] () -- C:\Windows\Brfaxrx.ini
[2011.03.15 00:09:08 | 000,000,000 | -H-- | C] () -- C:\Windows\brdfxspd.dat
[2011.03.15 00:03:29 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini
[2011.03.14 10:04:07 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.03.14 10:04:07 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.03.14 10:02:42 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.03.13 19:25:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.11.10 04:45:32 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2010.11.10 04:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010.11.10 04:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010.11.10 04:31:42 | 000,026,286 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010.05.07 19:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2010.05.07 19:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2007.08.08 01:17:39 | 000,221,184 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe
[2007.08.08 00:52:09 | 000,377,856 | ---- | C] () -- C:\Windows\System32\SetAutoConsole.exe
[2007.08.08 00:50:59 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2007.08.08 00:50:59 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2007.08.08 00:32:28 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IhDEV.exe
[2007.08.08 00:32:28 | 000,024,576 | ---- | C] () -- C:\Windows\System32\IhINF.exe
[2007.08.08 00:21:37 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007.08.07 07:13:29 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2007.08.07 07:13:29 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2007.08.07 07:13:29 | 000,126,260 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2007.08.07 07:13:29 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.08.07 07:06:44 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.08.07 07:06:40 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007.08.07 07:06:40 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007.08.07 07:06:40 | 000,144,773 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007.04.24 11:32:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007.02.26 09:49:12 | 006,139,774 | ---- | C] () -- C:\Windows\System32\imagine digital freedom.dat
[2007.02.15 09:51:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll
[2006.11.29 10:00:30 | 000,045,056 | ---- | C] () -- C:\Windows\System32\MAWebControl.exe
[2006.11.29 10:00:28 | 000,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 003,786,784 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.10.09 03:01:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll
[2005.10.10 08:29:46 | 000,026,982 | -H-- | C] () -- C:\Users\Dirk\AppData\Roaming\Dirklog.dat
[2001.11.14 06:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
< End of report >

--- --- ---

Bin für jede Hilfe dankbar....

cosinus · 21.04.2011, 19:30

Zitat:

Art des Suchlaufs: Quick-Scan

Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

flirtchecker · 21.04.2011, 20:37

ok hier der komplette Suchlauf...

Zitat:

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

21.04.2011 21:35:54
mbam-log-2011-04-21 (21-35-54).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 303055
Laufzeit: 55 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus · 22.04.2011, 11:15

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
[2011.04.21 19:21:41 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\mcnnhvrj.sys
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
[2011.04.19 19:42:01 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.04.18 23:52:33 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.04.19 19:41:12 | 000,000,000 | -H-D | M] (Adblock Plus) -- C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.04.18 23:52:33 | 000,000,000 | -H-D | M] (Ask Toolbar) -- C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\toolbar@ask.com
[2011.04.01 23:55:07 | 000,002,400 | -H-- | M] () -- C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\95kw893j.default\searchplugins\askcom.xml
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=MYC-ST&o=102869&locale=de_DE&apn_uid=903e35ca-372e-4b58-a833-a21d8b79efb1&apn_ptnrs=5J&apn_sauid=AEE3FDE9-00A5-4040-8BB1-59E85CA38E3B&apn_dtid=YYYYYYYYDE&q="
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.ask.com?o=102869&l=dis&gct=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

cosinus · 22.04.2011, 11:28

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
[2011.04.21 19:21:41 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\mcnnhvrj.sys
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
[2011.04.19 19:42:01 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.04.18 23:52:33 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.04.19 19:41:12 | 000,000,000 | -H-D | M] (Adblock Plus) -- C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.04.18 23:52:33 | 000,000,000 | -H-D | M] (Ask Toolbar) -- C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\toolbar@ask.com
[2011.04.01 23:55:07 | 000,002,400 | -H-- | M] () -- C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\95kw893j.default\searchplugins\askcom.xml
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=MYC-ST&o=102869&locale=de_DE&apn_uid=903e35ca-372e-4b58-a833-a21d8b79efb1&apn_ptnrs=5J&apn_sauid=AEE3FDE9-00A5-4040-8BB1-59E85CA38E3B&apn_dtid=YYYYYYYYDE&q="
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.ask.com?o=102869&l=dis&gct=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

flirtchecker · 22.04.2011, 15:47

ok hier nun der Log nach dem FIX

Zitat:

All processes killed
========== OTL ==========
File C:\Windows\System32\drivers\mcnnhvrj.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin folder moved successfully.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF folder moved successfully.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\lib folder moved successfully.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults folder moved successfully.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components folder moved successfully.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome folder moved successfully.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} folder moved successfully.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\modules folder moved successfully.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\META-INF folder moved successfully.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\defaults\preferences folder moved successfully.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\defaults folder moved successfully.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\components folder moved successfully.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\chrome folder moved successfully.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} folder moved successfully.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\toolbar@ask.com\logs folder moved successfully.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\toolbar@ask.com\datastore folder moved successfully.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-01-Apr-2011-21-55-06-GMT folder moved successfully.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\toolbar@ask.com folder moved successfully.
C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\95kw893j.default\searchplugins\askcom.xml moved successfully.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ask.com" removed from browser.search.selectedEngine
Prefs.js: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=MYC-ST&o=102869&locale=de_DE&apn_uid=903e35ca-372e-4b58-a833-a21d8b79efb1&apn_ptnrs=5J&apn_sauid=AEE3FDE9-00A5-4040-8BB1-59E85CA38E3B&apn_dtid=YYYYYYYYDE&q=" removed from keyword.URL
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Dirk
->Temp folder emptied: 1277506 bytes
->Temporary Internet Files folder emptied: 16956041 bytes
->Java cache emptied: 33011285 bytes
->FireFox cache emptied: 46100252 bytes
->Flash cache emptied: 6411 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2182040 bytes
RecycleBin emptied: 307737160 bytes

Total Files Cleaned = 388,00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 04222011_162854

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus · 23.04.2011, 14:15

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!

flirtchecker · 23.04.2011, 18:25

ok anbei der Log

Code:

ATTFilter

2011/04/23 19:22:19.0606 3508	ComputerName: DIRK-PC
2011/04/23 19:22:19.0606 3508	UserName: Dirk
2011/04/23 19:22:19.0606 3508	Windows directory: C:\Windows
2011/04/23 19:22:19.0606 3508	System windows directory: C:\Windows
2011/04/23 19:22:19.0606 3508	Processor architecture: Intel x86
2011/04/23 19:22:19.0606 3508	Number of processors: 2
2011/04/23 19:22:19.0606 3508	Page size: 0x1000
2011/04/23 19:22:19.0606 3508	Boot type: Normal boot
2011/04/23 19:22:19.0606 3508	================================================================================
2011/04/23 19:22:20.0058 3508	Initialize success
2011/04/23 19:22:28.0233 2300	================================================================================
2011/04/23 19:22:28.0233 2300	Scan started
2011/04/23 19:22:28.0233 2300	Mode: Manual; 
2011/04/23 19:22:28.0233 2300	================================================================================
2011/04/23 19:22:29.0917 2300	acedrv11        (e6f53d6c0dea3d375362265e175ca638) C:\Windows\system32\drivers\acedrv11.sys
2011/04/23 19:22:30.0120 2300	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/04/23 19:22:30.0838 2300	adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/04/23 19:22:31.0072 2300	adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/04/23 19:22:31.0275 2300	adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/04/23 19:22:31.0540 2300	adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/04/23 19:22:31.0852 2300	AFD             (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/04/23 19:22:32.0086 2300	AgereSoftModem  (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/04/23 19:22:32.0335 2300	agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/04/23 19:22:32.0601 2300	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/23 19:22:32.0928 2300	aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/04/23 19:22:33.0115 2300	amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/04/23 19:22:33.0318 2300	amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/04/23 19:22:33.0412 2300	AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/04/23 19:22:33.0490 2300	AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/04/23 19:22:33.0708 2300	arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/04/23 19:22:34.0005 2300	arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/04/23 19:22:34.0207 2300	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/23 19:22:34.0457 2300	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/04/23 19:22:34.0831 2300	athr            (f32fee7cb2ee32c1f808409bc8019701) C:\Windows\system32\DRIVERS\athr.sys
2011/04/23 19:22:35.0549 2300	atikmdag        (5439b251af73e7efae4b8771d7116159) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/04/23 19:22:35.0845 2300	AtiPcie         (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/04/23 19:22:36.0189 2300	avgntflt        (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/23 19:22:36.0594 2300	avipbb          (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/23 19:22:36.0875 2300	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/23 19:22:37.0733 2300	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/23 19:22:38.0513 2300	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/23 19:22:39.0574 2300	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/23 19:22:40.0198 2300	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/23 19:22:41.0103 2300	BrSerIf         (1a5fc78e41840edf79d65ec16eff2787) C:\Windows\system32\Drivers\BrSerIf.sys
2011/04/23 19:22:41.0727 2300	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/23 19:22:41.0945 2300	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/23 19:22:42.0148 2300	BrUsbSer        (a24c7b39602218f8dbdb2b6704325fc7) C:\Windows\system32\Drivers\BrUsbSer.sys
2011/04/23 19:22:42.0304 2300	BthEnum         (064fbc56921051de1075495d628b815f) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/04/23 19:22:42.0382 2300	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/23 19:22:42.0553 2300	BthPan          (b8c3d9ddf85fd197c3e5f849fef71144) C:\Windows\system32\DRIVERS\bthpan.sys
2011/04/23 19:22:42.0725 2300	BTHPORT         (b24757d9154cca035e1bbd3db92966d7) C:\Windows\system32\Drivers\BTHport.sys
2011/04/23 19:22:42.0928 2300	BTHUSB          (d42cf5f0c7635b3f1578810fe34d9e41) C:\Windows\system32\Drivers\BTHUSB.sys
2011/04/23 19:22:43.0380 2300	btwaudio        (636f45a8500c1438cfa7dee15fc5c184) C:\Windows\system32\drivers\btwaudio.sys
2011/04/23 19:22:43.0583 2300	btwavdt         (bf9256ff01b093a5d90bb7a35ec90410) C:\Windows\system32\drivers\btwavdt.sys
2011/04/23 19:22:43.0833 2300	btwrchid        (0ab8c1ac177afb27309e1072faf34a37) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/04/23 19:22:43.0989 2300	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/23 19:22:44.0098 2300	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/23 19:22:44.0223 2300	circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/04/23 19:22:44.0301 2300	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/04/23 19:22:44.0425 2300	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/23 19:22:44.0503 2300	cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/04/23 19:22:44.0550 2300	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/23 19:22:44.0831 2300	crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/04/23 19:22:45.0159 2300	Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/04/23 19:22:45.0549 2300	DfsC            (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/04/23 19:22:45.0767 2300	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/04/23 19:22:46.0032 2300	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/04/23 19:22:46.0266 2300	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/23 19:22:46.0453 2300	E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/23 19:22:46.0672 2300	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/04/23 19:22:46.0890 2300	elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/04/23 19:22:47.0109 2300	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/04/23 19:22:47.0280 2300	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/04/23 19:22:47.0452 2300	fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/23 19:22:47.0717 2300	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/23 19:22:47.0889 2300	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/23 19:22:48.0076 2300	flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/23 19:22:48.0279 2300	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/04/23 19:22:48.0466 2300	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/23 19:22:48.0653 2300	gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/23 19:22:48.0825 2300	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/23 19:22:49.0121 2300	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/04/23 19:22:49.0324 2300	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/23 19:22:49.0527 2300	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/23 19:22:49.0698 2300	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/23 19:22:49.0932 2300	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/23 19:22:50.0182 2300	HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/04/23 19:22:50.0353 2300	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/04/23 19:22:50.0525 2300	i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/04/23 19:22:50.0728 2300	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/23 19:22:50.0915 2300	iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/04/23 19:22:51.0133 2300	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/23 19:22:51.0414 2300	IntcAzAudAddService (7bd4e0428776d11c8e8e26f9f5508690) C:\Windows\system32\drivers\RTKVHDA.sys
2011/04/23 19:22:51.0601 2300	intelide        (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/04/23 19:22:51.0789 2300	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/23 19:22:52.0054 2300	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/23 19:22:52.0428 2300	IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/23 19:22:52.0584 2300	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/23 19:22:52.0803 2300	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/23 19:22:53.0005 2300	isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/04/23 19:22:53.0302 2300	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/23 19:22:53.0489 2300	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/23 19:22:53.0661 2300	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/23 19:22:53.0910 2300	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/23 19:22:54.0113 2300	kbdhid          (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
2011/04/23 19:22:54.0347 2300	KMDFMEMIO       (ebc507f129df8f0e0ca270dcfc0cf87f) C:\Windows\system32\DRIVERS\kmdfmemio.sys
2011/04/23 19:22:54.0550 2300	KMWDFILTER      (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
2011/04/23 19:22:54.0768 2300	KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/23 19:22:54.0971 2300	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/23 19:22:55.0158 2300	LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/23 19:22:55.0330 2300	LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/23 19:22:55.0517 2300	LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/23 19:22:55.0751 2300	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/23 19:22:55.0954 2300	LVPr2Mon        (8be71d7edb8c7494913722059f760dd0) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
2011/04/23 19:22:56.0203 2300	LVRS            (a1857fbb9b4930eeb2fd92386c45c529) C:\Windows\system32\DRIVERS\lvrs.sys
2011/04/23 19:22:56.0562 2300	LVUVC           (3703406af0726badd24c5e552493e5b1) C:\Windows\system32\DRIVERS\lvuvc.sys
2011/04/23 19:22:56.0905 2300	megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/04/23 19:22:57.0077 2300	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/23 19:22:57.0342 2300	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/23 19:22:57.0748 2300	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/23 19:22:58.0107 2300	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/23 19:22:58.0325 2300	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/23 19:22:58.0980 2300	mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/04/23 19:22:59.0729 2300	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/23 19:23:00.0369 2300	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/23 19:23:00.0868 2300	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/23 19:23:01.0445 2300	mrxsmb          (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/23 19:23:02.0007 2300	mrxsmb10        (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/23 19:23:02.0490 2300	mrxsmb20        (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/23 19:23:03.0005 2300	msahci          (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/04/23 19:23:03.0317 2300	msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/04/23 19:23:03.0723 2300	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/23 19:23:03.0972 2300	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/23 19:23:04.0440 2300	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/23 19:23:04.0783 2300	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/23 19:23:05.0095 2300	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/23 19:23:05.0454 2300	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/04/23 19:23:05.0844 2300	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/23 19:23:06.0234 2300	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/23 19:23:06.0624 2300	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/04/23 19:23:07.0045 2300	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/23 19:23:07.0638 2300	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/04/23 19:23:08.0247 2300	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/23 19:23:08.0699 2300	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/23 19:23:09.0229 2300	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/23 19:23:09.0588 2300	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/23 19:23:09.0916 2300	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/23 19:23:10.0306 2300	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/23 19:23:11.0257 2300	NETw2v32        (6e9edc1020b319e7676387b8cdf2398c) C:\Windows\system32\DRIVERS\NETw2v32.sys
2011/04/23 19:23:12.0724 2300	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/23 19:23:13.0145 2300	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/04/23 19:23:13.0753 2300	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/23 19:23:14.0409 2300	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/04/23 19:23:15.0298 2300	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/23 19:23:15.0657 2300	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/23 19:23:16.0031 2300	nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/04/23 19:23:16.0343 2300	nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/04/23 19:23:16.0827 2300	nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/04/23 19:23:17.0965 2300	ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/23 19:23:18.0433 2300	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/04/23 19:23:18.0995 2300	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/04/23 19:23:19.0338 2300	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/04/23 19:23:19.0947 2300	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/04/23 19:23:20.0477 2300	pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/04/23 19:23:20.0851 2300	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/23 19:23:21.0304 2300	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/23 19:23:21.0928 2300	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/23 19:23:22.0411 2300	Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/04/23 19:23:22.0973 2300	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/23 19:23:23.0925 2300	ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/04/23 19:23:24.0471 2300	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/23 19:23:25.0063 2300	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/23 19:23:26.0389 2300	R300            (5439b251af73e7efae4b8771d7116159) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/04/23 19:23:26.0842 2300	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/23 19:23:27.0232 2300	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/23 19:23:27.0747 2300	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/23 19:23:28.0168 2300	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/23 19:23:28.0714 2300	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/23 19:23:29.0353 2300	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/23 19:23:29.0743 2300	rdpdr           (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/04/23 19:23:30.0071 2300	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/23 19:23:30.0414 2300	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/04/23 19:23:30.0789 2300	RFCOMM          (7ec90c316177ba3f1bce92005264b447) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/04/23 19:23:31.0194 2300	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/23 19:23:31.0662 2300	RTL8023xp       (959ef612d2ccfdb6d9e443f8e3655013) C:\Windows\system32\DRIVERS\Rtnicxp.sys
2011/04/23 19:23:32.0442 2300	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/23 19:23:32.0910 2300	sdbus           (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys
2011/04/23 19:23:33.0331 2300	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/23 19:23:33.0690 2300	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/04/23 19:23:34.0033 2300	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/04/23 19:23:34.0267 2300	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/23 19:23:34.0595 2300	sffdisk         (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/04/23 19:23:35.0032 2300	sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/23 19:23:35.0297 2300	sffp_sd         (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/23 19:23:35.0547 2300	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/23 19:23:36.0124 2300	sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/04/23 19:23:36.0451 2300	SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/04/23 19:23:37.0153 2300	SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/04/23 19:23:38.0058 2300	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/04/23 19:23:38.0557 2300	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/23 19:23:38.0947 2300	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/04/23 19:23:39.0291 2300	srv2            (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/23 19:23:39.0634 2300	srvnet          (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/23 19:23:39.0977 2300	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/04/23 19:23:40.0414 2300	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/23 19:23:40.0804 2300	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/23 19:23:41.0241 2300	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/23 19:23:41.0677 2300	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/23 19:23:42.0192 2300	SynTP           (c1777074592bbb55b1f1a2fbc7a60498) C:\Windows\system32\DRIVERS\SynTP.sys
2011/04/23 19:23:42.0691 2300	Tcpip           (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/04/23 19:23:43.0752 2300	Tcpip6          (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/23 19:23:44.0236 2300	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/23 19:23:44.0454 2300	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/23 19:23:44.0719 2300	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/23 19:23:45.0047 2300	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/23 19:23:45.0390 2300	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/23 19:23:45.0577 2300	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/23 19:23:45.0718 2300	TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
2011/04/23 19:23:46.0045 2300	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/23 19:23:46.0404 2300	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/23 19:23:46.0716 2300	uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/04/23 19:23:47.0153 2300	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/23 19:23:47.0512 2300	uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/23 19:23:47.0933 2300	uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/04/23 19:23:48.0198 2300	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/23 19:23:48.0417 2300	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/23 19:23:48.0682 2300	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/23 19:23:49.0041 2300	USBAAPL         (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/04/23 19:23:49.0384 2300	usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/04/23 19:23:49.0992 2300	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/23 19:23:50.0226 2300	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/23 19:23:50.0928 2300	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/23 19:23:51.0521 2300	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/23 19:23:52.0317 2300	usbohci         (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/23 19:23:53.0003 2300	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/23 19:23:53.0923 2300	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/23 19:23:54.0828 2300	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/23 19:23:55.0905 2300	usbuhci         (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/23 19:23:56.0809 2300	usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/04/23 19:23:57.0558 2300	vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/23 19:23:58.0182 2300	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/23 19:23:58.0401 2300	viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/04/23 19:23:58.0635 2300	ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/04/23 19:23:58.0962 2300	viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/04/23 19:23:59.0259 2300	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/23 19:23:59.0430 2300	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/04/23 19:23:59.0664 2300	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/04/23 19:23:59.0883 2300	vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/04/23 19:24:00.0475 2300	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/23 19:24:00.0819 2300	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/23 19:24:00.0865 2300	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/23 19:24:01.0255 2300	Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/04/23 19:24:02.0004 2300	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/23 19:24:04.0594 2300	WmiAcpi         (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/04/23 19:24:05.0280 2300	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/04/23 19:24:05.0545 2300	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/23 19:24:05.0811 2300	WSDPrintDevice  (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
2011/04/23 19:24:06.0013 2300	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/23 19:24:06.0762 2300	yukonwlh        (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/04/23 19:24:09.0976 2300	================================================================================
2011/04/23 19:24:09.0976 2300	Scan finished
2011/04/23 19:24:09.0976 2300	================================================================================

cosinus · 25.04.2011, 13:31

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

flirtchecker · 25.04.2011, 20:01

Alles klar, alles erledigt und anbei nun der Log

Code:

ATTFilter

ComboFix 11-04-25.01 - Dirk 25.04.2011  20:46:31.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2045.1321 [GMT 2:00]
ausgeführt von:: c:\users\Dirk\Desktop\confi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dirk\AppData\Local\739290.exe
c:\users\Dirk\AppData\Roaming\Dirklog.dat
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-03-25 bis 2011-04-25  ))))))))))))))))))))))))))))))
.
.
2011-04-25 18:36 . 2011-04-25 18:36	--------	d-----w-	c:\program files\CCleaner
2011-04-22 14:28 . 2011-04-22 14:28	--------	d-----w-	C:\_OTL
2011-04-22 14:22 . 2011-04-11 07:04	7071056	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{546416E8-870A-499E-8569-F0FAB068209A}\mpengine.dll
2011-04-21 17:12 . 2011-04-21 17:12	--------	d-----w-	c:\users\Dirk\AppData\Roaming\Malwarebytes
2011-04-21 17:12 . 2010-12-20 16:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-21 17:12 . 2011-04-21 17:12	--------	d-----w-	c:\programdata\Malwarebytes
2011-04-21 17:12 . 2010-12-20 16:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-04-20 18:03 . 2011-04-20 18:03	--------	d-----w-	c:\users\Dirk\AppData\Local\{E88AFC47-067F-48A0-AFB7-263FD7B4B687}
2011-04-19 18:00 . 2011-04-19 18:00	--------	d-----w-	c:\users\Dirk\AppData\Local\{B9136253-0C56-4F7A-982E-64D3E0D345F5}
2011-04-13 19:33 . 2011-04-13 19:33	--------	d-----w-	c:\users\Dirk\AppData\Local\{053D0404-3485-4441-B6B9-1C655E609D6C}
2011-04-12 19:21 . 2011-02-16 14:02	292864	----a-w-	c:\windows\system32\atmfd.dll
2011-04-12 19:21 . 2011-02-16 16:16	34304	----a-w-	c:\windows\system32\atmlib.dll
2011-04-12 19:05 . 2011-02-22 13:24	213504	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-04-12 19:05 . 2011-02-22 13:24	79360	----a-w-	c:\windows\system32\drivers\mrxsmb20.sys
2011-04-12 19:05 . 2011-02-22 13:23	69632	----a-w-	c:\windows\system32\drivers\bowser.sys
2011-04-12 19:05 . 2011-02-22 13:23	106496	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2011-04-12 19:03 . 2011-03-10 17:03	1162240	----a-w-	c:\windows\system32\mfc42u.dll
2011-04-12 19:03 . 2011-03-10 17:03	1136640	----a-w-	c:\windows\system32\mfc42.dll
2011-04-12 19:01 . 2011-02-18 14:03	305152	----a-w-	c:\windows\system32\drivers\srv.sys
2011-04-12 19:01 . 2011-02-18 14:03	146432	----a-w-	c:\windows\system32\drivers\srv2.sys
2011-04-12 19:01 . 2011-02-18 14:03	102400	----a-w-	c:\windows\system32\drivers\srvnet.sys
2011-04-12 19:00 . 2011-03-02 15:44	86528	----a-w-	c:\windows\system32\dnsrslvr.dll
2011-04-12 19:00 . 2009-05-04 09:59	25088	----a-w-	c:\windows\system32\dnscacheugc.exe
2011-04-12 18:59 . 2011-03-03 13:25	2041856	----a-w-	c:\windows\system32\win32k.sys
2011-04-12 18:59 . 2011-03-03 15:42	739328	----a-w-	c:\windows\system32\inetcomm.dll
2011-04-12 18:59 . 2011-02-17 06:23	420864	----a-w-	c:\windows\system32\vbscript.dll
2011-04-12 18:59 . 2011-03-03 10:50	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-04-09 10:46 . 2011-04-18 21:52	--------	d-----w-	C:\homepage MAKER 7 Express
2011-04-09 09:52 . 2011-04-18 21:53	--------	d-----w-	c:\program files\Common Files\DATA BECKER Shared
2011-04-09 09:52 . 2006-07-01 02:25	151552	----a-w-	c:\windows\system32\w2dzip32.dll
2011-04-08 19:00 . 2011-04-08 19:01	--------	d-----w-	c:\users\Dirk\AppData\Local\{9C3F7206-D10A-4E12-8C33-CA2C7721A0CB}
2011-04-07 20:00 . 2011-04-07 20:01	--------	d-----w-	c:\users\Dirk\AppData\Local\{C2DA3BFA-9DDC-48C5-9602-CD829BBF700D}
2011-04-06 22:02 . 2011-04-06 22:03	--------	d-----w-	c:\users\Dirk\AppData\Local\{6FEF7AFB-EAEE-40F9-8798-3489C6052EC4}
2011-04-06 19:08 . 2011-04-18 21:52	--------	d-----w-	c:\users\Dirk\AppData\Roaming\Notepad++
2011-04-06 19:08 . 2011-04-06 19:08	--------	d-----w-	c:\program files\Notepad++
2011-04-05 21:55 . 2011-04-05 21:55	--------	d-----w-	c:\users\Dirk\AppData\Local\{F433E0E4-5820-4818-8083-9956B4F23AE7}
2011-04-04 22:48 . 2011-04-04 22:48	--------	d-----w-	C:\TEMP
2011-04-04 22:44 . 2011-04-04 22:44	--------	d-----w-	c:\program files\IrfanView
2011-04-04 22:15 . 2011-04-04 22:17	--------	d-----w-	c:\users\Dirk\AppData\Roaming\SWiSH miniMax4 DEU
2011-04-04 22:13 . 2011-04-04 22:13	--------	d-----w-	c:\program files\Common Files\SWiSHzone.com
2011-04-04 22:13 . 2011-04-04 22:13	--------	d-----w-	c:\program files\SWiSH miniMax4
2011-04-04 08:39 . 2007-03-22 18:24	26785	----a-w-	c:\users\Dirk\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\STRINGS.JS
2011-04-04 08:39 . 2007-03-22 18:24	23534	----a-w-	c:\users\Dirk\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\PRELOAD.JS
2011-04-04 08:39 . 2007-03-22 18:24	23063	----a-w-	c:\users\Dirk\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\SETTEXT.JS
2011-04-04 08:39 . 2007-03-22 18:24	19244	----a-w-	c:\users\Dirk\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\FPLIB.JS
2011-04-04 08:39 . 2007-03-22 18:24	19856	----a-w-	c:\users\Dirk\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\_PRELOAD.JS
2011-04-04 08:39 . 2007-03-22 18:24	18621	----a-w-	c:\users\Dirk\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\DOM.JS
2011-04-04 08:39 . 2007-03-22 18:24	16836	----a-w-	c:\users\Dirk\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\GETOBJ.JS
2011-04-04 08:39 . 2007-03-22 18:24	16565	----a-w-	c:\users\Dirk\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\_JMPMENU.JS
2011-04-03 21:35 . 2011-04-03 21:35	--------	d-----w-	c:\users\Dirk\AppData\Local\{3C6F46B3-7CF9-4354-891B-F319CF37571B}
2011-04-02 18:58 . 2011-04-02 18:58	--------	d-----w-	c:\users\Dirk\AppData\Local\{7B370B55-88BE-4E3C-9F00-8C29D746403D}
2011-04-01 17:38 . 2011-04-01 22:08	--------	d-----w-	c:\users\Dirk\AppData\Local\ManyCam
2011-04-01 17:38 . 2011-04-01 17:38	--------	d-----w-	c:\users\Dirk\AppData\Roaming\ManyCam
2011-04-01 17:37 . 2011-04-22 14:28	--------	d-----w-	c:\program files\Ask.com
2011-04-01 17:37 . 2011-04-01 17:38	--------	d-----w-	c:\program files\ManyCam
2011-03-30 20:35 . 2011-03-30 20:35	--------	d-----w-	c:\users\Dirk\AppData\Local\{1053C9CD-F5CD-4798-BE0E-07C9A972E1EA}
2011-03-30 07:51 . 2011-03-30 07:51	--------	d-----w-	c:\users\Dirk\.thumbnails
2011-03-30 07:48 . 2011-04-18 21:52	--------	d-----w-	c:\users\Dirk\AppData\Roaming\gtk-2.0
2011-03-29 22:05 . 2011-03-29 22:05	--------	d-----w-	c:\program files\Euchler Software
2011-03-29 21:29 . 2011-03-29 21:30	--------	d-----w-	c:\users\Dirk\AppData\Local\{32E4FF1A-82B9-46EE-95BD-CBD87FBAB02C}
2011-03-28 19:58 . 2011-04-13 22:13	--------	d-----w-	c:\users\Dirk\.gimp-2.6
2011-03-28 19:57 . 2011-03-28 19:57	--------	d-----w-	c:\program files\GIMP-2.0
2011-03-28 19:04 . 2011-03-28 19:04	--------	d-----w-	c:\users\Dirk\AppData\Local\{E621AC36-D6EA-46FB-9E1D-994D9C307D0F}
2011-03-27 11:10 . 2011-03-27 11:10	--------	d-----w-	c:\users\Dirk\AppData\Local\{BA9FA46B-A7C6-4C01-BE19-FB300B020DFE}
2011-03-26 22:49 . 2011-03-26 22:49	--------	d-----w-	c:\programdata\DATA BECKER Downloads
2011-03-26 22:49 . 2011-03-26 22:49	--------	d-----w-	c:\users\Dirk\AppData\Roaming\ProtectDisc
2011-03-26 22:49 . 2011-03-26 22:49	--------	d-----w-	c:\program files\ProtectDisc Driver Installer
2011-03-26 22:48 . 2011-03-26 22:48	--------	d-----w-	c:\program files\Common Files\Rechnungsdruckerei
2011-03-26 22:48 . 2011-03-26 22:48	--------	d-----w-	c:\program files\Common Files\Software FX Shared
2011-03-26 22:48 . 2000-10-02 00:00	125712	----a-w-	c:\windows\system32\VB6DE.DLL
2011-03-26 22:11 . 2011-03-26 22:11	--------	d-----r-	c:\users\Dirk\AppData\Roaming\Brother
2011-03-26 21:50 . 2011-04-18 21:52	--------	d-----w-	c:\users\Dirk\AppData\Roaming\PC-FAX TX
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-16 19:28 . 2011-03-13 17:19	137656	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-03-14 23:47 . 2011-03-14 23:47	53248	----a-r-	c:\users\Dirk\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-03-14 21:30 . 2010-06-24 10:33	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-14 00:33 . 2006-11-02 10:32	101888	----a-w-	c:\windows\system32\ifxcardm.dll
2011-03-14 00:33 . 2006-11-02 10:32	82432	----a-w-	c:\windows\system32\axaltocm.dll
2011-03-13 21:14 . 2011-03-13 21:14	377344	----a-w-	c:\windows\system32\winhttp.dll
2011-03-13 21:12 . 2011-03-13 21:12	45056	----a-w-	c:\windows\system32\drivers\de-DE\http.sys.mui
2011-03-13 20:31 . 2011-03-13 20:31	23552	----a-w-	c:\windows\system32\lpk.dll
2011-03-13 20:31 . 2011-03-13 20:31	10240	----a-w-	c:\windows\system32\dciman32.dll
2011-03-13 20:26 . 2011-03-13 20:26	61440	----a-w-	c:\windows\system32\winipsec.dll
2011-03-13 20:26 . 2011-03-13 20:26	272896	----a-w-	c:\windows\system32\polstore.dll
2011-03-13 20:21 . 2011-03-13 20:21	9728	----a-w-	c:\windows\system32\TCPSVCS.EXE
2011-03-13 20:21 . 2011-03-13 20:21	8704	----a-w-	c:\windows\system32\HOSTNAME.EXE
2011-03-13 20:21 . 2011-03-13 20:21	27136	----a-w-	c:\windows\system32\NETSTAT.EXE
2011-03-13 20:21 . 2011-03-13 20:21	19968	----a-w-	c:\windows\system32\ARP.EXE
2011-03-13 20:21 . 2011-03-13 20:21	17920	----a-w-	c:\windows\system32\ROUTE.EXE
2011-03-13 20:21 . 2011-03-13 20:21	11264	----a-w-	c:\windows\system32\MRINFO.EXE
2011-03-13 20:21 . 2011-03-13 20:21	105984	----a-w-	c:\windows\system32\netiohlp.dll
2011-03-13 20:21 . 2011-03-13 20:21	10240	----a-w-	c:\windows\system32\finger.exe
2011-03-13 20:16 . 2011-03-13 20:16	127488	----a-w-	c:\windows\system32\L2SecHC.dll
2011-03-13 20:16 . 2011-03-13 20:16	65024	----a-w-	c:\windows\system32\wlanapi.dll
2011-03-13 20:16 . 2011-03-13 20:16	68096	----a-w-	c:\windows\system32\wlanhlp.dll
2011-03-13 20:16 . 2011-03-13 20:16	513536	----a-w-	c:\windows\system32\wlansvc.dll
2011-03-13 20:16 . 2011-03-13 20:16	302592	----a-w-	c:\windows\system32\wlansec.dll
2011-03-13 20:16 . 2011-03-13 20:16	293376	----a-w-	c:\windows\system32\wlanmsm.dll
2011-03-13 20:16 . 2011-03-13 20:16	15181	----a-w-	c:\windows\system32\gatherWirelessInfo.vbs
2011-03-13 20:15 . 2011-03-13 20:15	1401856	----a-w-	c:\windows\system32\msxml6.dll
2011-03-13 20:15 . 2011-03-13 20:15	2048	----a-w-	c:\windows\system32\msxml3r.dll
2011-03-13 20:15 . 2011-03-13 20:15	2048	----a-w-	c:\windows\system32\msxml6r.dll
2011-03-13 20:14 . 2011-03-13 20:14	218624	----a-w-	c:\windows\system32\msv1_0.dll
2011-03-13 20:11 . 2011-03-13 20:11	53248	----a-w-	c:\windows\system32\rrinstaller.exe
2011-03-13 20:11 . 2011-03-13 20:11	24576	----a-w-	c:\windows\system32\mfpmp.exe
2011-03-13 20:11 . 2011-03-13 20:11	2048	----a-w-	c:\windows\system32\mferror.dll
2011-03-13 20:03 . 2011-03-13 20:03	71680	----a-w-	c:\windows\system32\atl.dll
2011-03-13 19:56 . 2011-03-13 19:56	160256	----a-w-	c:\windows\system32\wkssvc.dll
2011-03-13 19:55 . 2011-03-13 19:55	53248	----a-w-	c:\windows\system32\tsgqec.dll
2011-03-13 19:55 . 2011-03-13 19:55	136192	----a-w-	c:\windows\system32\aaclient.dll
2011-03-13 19:50 . 2011-03-13 19:50	714240	----a-w-	c:\windows\system32\timedate.cpl
2011-03-13 19:42 . 2011-03-13 19:42	69632	----a-w-	c:\windows\system32\Mpeg2Data.ax
2011-03-13 19:37 . 2011-03-13 19:37	623616	----a-w-	c:\windows\system32\localspl.dll
2011-03-13 19:30 . 2011-03-13 19:30	172032	----a-w-	c:\windows\system32\wintrust.dll
2011-03-13 19:29 . 2011-03-13 19:29	499712	----a-w-	c:\windows\system32\kerberos.dll
2011-03-13 19:29 . 2011-03-13 19:29	439864	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2011-03-13 19:29 . 2011-03-13 19:29	175104	----a-w-	c:\windows\system32\wdigest.dll
2011-03-13 19:29 . 2011-03-13 19:29	9728	----a-w-	c:\windows\system32\lsass.exe
2011-03-13 19:29 . 2011-03-13 19:29	72704	----a-w-	c:\windows\system32\secur32.dll
2011-03-13 19:29 . 2011-03-13 19:29	1259008	----a-w-	c:\windows\system32\lsasrv.dll
2011-03-13 19:26 . 2011-03-13 19:26	1793536	----a-w-	c:\windows\system32\NlsLexicons0045.dll
2011-03-13 19:26 . 2011-03-13 19:26	1808896	----a-w-	c:\windows\system32\NlsLexicons0046.dll
2011-03-13 19:26 . 2011-03-13 19:26	1558016	----a-w-	c:\windows\system32\NlsLexicons0049.dll
2011-03-13 19:26 . 2011-03-13 19:26	1411072	----a-w-	c:\windows\system32\NlsLexicons0047.dll
2011-03-13 19:26 . 2011-03-13 19:25	1236992	----a-w-	c:\windows\system32\NlsLexicons0020.dll
2011-03-13 19:25 . 2011-03-13 19:25	2136064	----a-w-	c:\windows\system32\NlsLexicons0021.dll
2011-03-13 19:25 . 2011-03-13 19:25	1782272	----a-w-	c:\windows\system32\NlsLexicons0039.dll
2011-03-13 19:25 . 2011-03-13 19:25	5499904	----a-w-	c:\windows\system32\NlsLexicons0022.dll
2011-03-13 19:25 . 2011-03-13 19:25	7964672	----a-w-	c:\windows\system32\NlsLexicons0024.dll
2011-03-13 19:25 . 2011-03-13 19:25	6224896	----a-w-	c:\windows\system32\NlsLexicons0027.dll
2011-03-13 19:25 . 2011-03-13 19:25	5791232	----a-w-	c:\windows\system32\NlsLexicons0026.dll
2011-03-13 19:25 . 2011-03-13 19:25	4175872	----a-w-	c:\windows\system32\NlsLexicons0010.dll
2011-03-13 19:25 . 2011-03-13 19:25	2466816	----a-w-	c:\windows\system32\NlsLexicons0011.dll
2011-03-13 19:25 . 2011-03-13 19:25	4981248	----a-w-	c:\windows\system32\NlsLexicons0013.dll
2011-03-13 19:25 . 2011-03-13 19:25	3331072	----a-w-	c:\windows\system32\NlsLexicons0018.dll
2011-03-13 19:25 . 2011-03-13 19:25	6781440	----a-w-	c:\windows\system32\NlsLexicons0019.dll
2011-03-13 19:25 . 2011-03-13 19:25	11722752	----a-w-	c:\windows\system32\NlsLexicons0001.dll
2011-03-13 19:25 . 2011-03-13 19:25	4164096	----a-w-	c:\windows\system32\NlsLexicons0002.dll
2011-03-13 19:25 . 2011-03-13 19:25	1452544	----a-w-	c:\windows\system32\NlsLexicons0003.dll
2011-03-13 19:25 . 2011-03-13 19:25	3419136	----a-w-	c:\windows\system32\NlsLexicons004a.dll
2011-03-13 19:25 . 2011-03-13 19:25	4093440	----a-w-	c:\windows\system32\NlsLexicons004c.dll
2011-03-13 19:25 . 2011-03-13 19:25	1972736	----a-w-	c:\windows\system32\NlsLexicons004e.dll
2011-03-13 19:25 . 2011-03-13 19:25	1702912	----a-w-	c:\windows\system32\NlsLexicons004b.dll
2011-03-13 19:25 . 2011-03-13 19:25	6014976	----a-w-	c:\windows\system32\NlsLexicons001a.dll
2011-03-13 19:25 . 2011-03-13 19:25	4096	----a-w-	c:\windows\system32\NlsLexicons002a.dll
2011-03-13 19:25 . 2011-03-13 19:25	4045824	----a-w-	c:\windows\system32\NlsLexicons003e.dll
2011-03-13 19:25 . 2011-03-13 19:25	6585856	----a-w-	c:\windows\system32\NlsLexicons001b.dll
2011-03-13 19:25 . 2011-03-13 19:25	6346240	----a-w-	c:\windows\system32\NlsLexicons001d.dll
2011-03-13 19:25 . 2011-03-13 19:25	9892864	----a-w-	c:\windows\system32\NlsLexicons000a.dll
2011-03-13 19:25 . 2011-03-13 19:25	6237696	----a-w-	c:\windows\system32\NlsLexicons000c.dll
2011-03-13 19:25 . 2011-03-13 19:25	1722368	----a-w-	c:\windows\system32\NlsLexicons000d.dll
2011-03-13 19:25 . 2011-03-13 19:25	5654528	----a-w-	c:\windows\system32\NlsLexicons000f.dll
2011-03-13 19:25 . 2011-03-13 19:25	5090816	----a-w-	c:\windows\system32\NlsLexicons0416.dll
2011-03-13 19:25 . 2011-03-13 19:25	4616192	----a-w-	c:\windows\system32\NlsLexicons0414.dll
2011-03-13 19:25 . 2011-03-13 19:25	7042560	----a-w-	c:\windows\system32\NlsLexicons081a.dll
2011-03-13 19:25 . 2011-03-13 19:25	5031936	----a-w-	c:\windows\system32\NlsLexicons0816.dll
2011-03-13 19:25 . 2011-03-13 19:25	5071872	----a-w-	c:\windows\system32\NlsModels0011.dll
2011-03-13 19:25 . 2011-03-13 19:25	3104768	----a-w-	c:\windows\system32\NlsData0046.dll
2011-03-13 19:25 . 2011-03-13 19:25	3104768	----a-w-	c:\windows\system32\NlsData0045.dll
2011-03-13 19:25 . 2011-03-13 19:25	3104768	----a-w-	c:\windows\system32\NlsData0047.dll
2011-03-13 19:25 . 2011-03-13 19:25	3104768	----a-w-	c:\windows\system32\NlsData0049.dll
2011-03-13 19:25 . 2011-03-13 19:25	3104768	----a-w-	c:\windows\system32\NlsData0039.dll
2011-03-13 19:25 . 2011-03-13 19:25	3104768	----a-w-	c:\windows\system32\NlsData0020.dll
2011-03-13 19:25 . 2011-03-13 19:25	1801216	----a-w-	c:\windows\system32\NlsData0021.dll
2011-03-13 19:25 . 2011-03-13 19:25	1965056	----a-w-	c:\windows\system32\NlsData0026.dll
2011-03-13 19:25 . 2011-03-13 19:25	1965056	----a-w-	c:\windows\system32\NlsData0024.dll
2011-03-13 19:25 . 2011-03-13 19:25	1801216	----a-w-	c:\windows\system32\NlsData0022.dll
2011-03-13 19:25 . 2011-03-13 19:25	4495360	----a-w-	c:\windows\system32\NlsData0010.dll
2011-03-13 19:25 . 2011-03-13 19:25	2657280	----a-w-	c:\windows\system32\NlsData0011.dll
2011-03-13 19:25 . 2011-03-13 19:25	1966592	----a-w-	c:\windows\system32\NlsData0027.dll
2011-03-13 19:25 . 2011-03-13 19:25	3466752	----a-w-	c:\windows\system32\NlsData0013.dll
2011-03-13 19:25 . 2011-03-13 19:25	1965056	----a-w-	c:\windows\system32\NlsData0018.dll
2011-03-13 19:25 . 2011-03-13 19:25	1523712	----a-w-	c:\windows\system32\NlsData0000.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-23 857648]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 4489216]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"Malwarebytes' Anti-Malware (reboot)"="c:\users\Dirk\Desktop\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoHotStart"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^Dirk^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Dirk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2008-04-11 13:13	1085440	------r-	c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2007-12-21 16:57	86016	------w-	c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2008-07-09 22:05	46368	----a-w-	c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 14:33	421160	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2010-05-07 17:35	165208	----a-w-	c:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2008-07-09 22:07	29984	----a-w-	c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]
2007-08-31 08:01	328992	----a-w-	c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-01-08 13:26	68640	----a-w-	c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 08:03	210472	----a-w-	c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"
"SwitchBoard"=c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"StartCCC"=c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 NETw2v32;Intel(R) PRO/Wireless 2915ABG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 185472]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S2 DBService;DATA BECKER Update Service;c:\program files\Common Files\DATA BECKER Shared\DBService.exe [2010-05-28 2650112]
S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2007-08-07 13312]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-02-18 1517376]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-11-29 10064]
S3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-18 16896]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\Dirk\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\95kw893j.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Speed Dial: {64161300-e22b-11db-8314-0800200c9a66} - %profile%\extensions\{64161300-e22b-11db-8314-0800200c9a66}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-04-25 20:54
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Zeit der Fertigstellung: 2011-04-25  20:58:42
ComboFix-quarantined-files.txt  2011-04-25 18:58
.
Vor Suchlauf: 10 Verzeichnis(se), 68.329.988.096 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 68.262.027.264 Bytes frei
.
- - End Of File - - 2E8456031E77F618BF6F11823D87AB14

cosinus · 25.04.2011, 20:47

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

flirtchecker · 25.04.2011, 21:39

hier der Log von GMER

Code:

ATTFilter

GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-25 22:35:44
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS542525K9A300 rev.BBFOC3EP
Running: r6j3vo8z.exe; Driver: C:\Users\Dirk\AppData\Local\Temp\kxldapoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.vmp2           C:\Windows\system32\drivers\acedrv11.sys                                                         entry point in ".vmp2" section [0x99D3E69D]
?               C:\Windows\system32\Drivers\PROCEXP113.SYS                                                       Das System kann die angegebene Datei nicht finden. !
?               C:\Users\Dirk\AppData\Local\Temp\catchme.sys                                                     Das System kann die angegebene Datei nicht finden. !

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                          Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00027875488f                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00027875abd1                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197ef0e983                      
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00027875488f (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00027875abd1 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00197ef0e983 (not active ControlSet)  

---- EOF - GMER 1.0.15 ----

und hier von MBRcheck

Code:

ATTFilter

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows Vista Home Premium Edition
Windows Information:		Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:	SAMSUNG ELECTRONICS CO., LTD.
BIOS Manufacturer:		Phoenix Technologies LTD
System Manufacturer:		SAMSUNG ELECTRONICS CO., LTD.
System Product Name:		R59P/R60P/R61P
Logical Drives Mask:		0x0000001c

Kernel Drivers (total 147):
  0x82036000 \SystemRoot\system32\ntoskrnl.exe
  0x82003000 \SystemRoot\system32\hal.dll
  0x8780E000 \SystemRoot\system32\kdcom.dll
  0x87815000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x87885000 \SystemRoot\system32\PSHED.dll
  0x87896000 \SystemRoot\system32\BOOTVID.dll
  0x8789E000 \SystemRoot\system32\CLFS.SYS
  0x878DF000 \SystemRoot\system32\CI.dll
  0x879BF000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x87A3B000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x87A48000 \SystemRoot\system32\drivers\acpi.sys
  0x87A8E000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x87A97000 \SystemRoot\system32\drivers\msisadrv.sys
  0x87A9F000 \SystemRoot\system32\drivers\pci.sys
  0x87AC6000 \SystemRoot\System32\drivers\partmgr.sys
  0x87AD5000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x87AD8000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x87AE2000 \SystemRoot\system32\drivers\volmgr.sys
  0x87AF1000 \SystemRoot\System32\drivers\volmgrx.sys
  0x87B3B000 \SystemRoot\system32\drivers\pciide.sys
  0x87B42000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x87B50000 \SystemRoot\System32\drivers\mountmgr.sys
  0x87B60000 \SystemRoot\system32\drivers\atapi.sys
  0x87B68000 \SystemRoot\system32\drivers\ataport.SYS
  0x87B86000 \SystemRoot\system32\drivers\fltmgr.sys
  0x87BB8000 \SystemRoot\system32\drivers\fileinfo.sys
  0x87C00000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x87C71000 \SystemRoot\system32\drivers\ndis.sys
  0x87D7C000 \SystemRoot\system32\drivers\msrpc.sys
  0x87DA7000 \SystemRoot\system32\drivers\NETIO.SYS
  0x87DE2000 \SystemRoot\System32\drivers\tcpip.sys
  0x87ECC000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x87EE7000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x88000000 \SystemRoot\system32\drivers\volsnap.sys
  0x88039000 \SystemRoot\System32\Drivers\spldr.sys
  0x88041000 \SystemRoot\System32\Drivers\mup.sys
  0x88050000 \SystemRoot\System32\drivers\ecache.sys
  0x88077000 \SystemRoot\system32\drivers\disk.sys
  0x88088000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x880A9000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
  0x880B1000 \SystemRoot\system32\drivers\crcdisk.sys
  0x880DA000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x880E5000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x880EE000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x880FD000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x8C404000 \SystemRoot\system32\DRIVERS\atikmdag.sys
  0x8CADC000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8CB7C000 \SystemRoot\System32\drivers\watchdog.sys
  0x88101000 \SystemRoot\system32\DRIVERS\athr.sys
  0x8CB88000 \SystemRoot\system32\DRIVERS\yk60x86.sys
  0x8CBD4000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0x8822A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x8CBDE000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x88268000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8CBED000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x88280000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8830D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x8CBF3000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x88320000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0x8CBFE000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x8834B000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x88356000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x88385000 \SystemRoot\system32\DRIVERS\storport.sys
  0x883C6000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x883D1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x883E8000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x87BC8000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x87BEB000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x8CC06000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8CC1A000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x8CC2F000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8CC3F000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x8CC41000 \SystemRoot\system32\DRIVERS\ks.sys
  0x8CC6B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8CC75000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8CC82000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x8CCB7000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x8CCC8000 \SystemRoot\system32\DRIVERS\AGRSM.sys
  0x8CDE4000 \SystemRoot\system32\drivers\modem.sys
  0x8CDF1000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x8CFA4000 \SystemRoot\system32\drivers\portcls.sys
  0x8CFD1000 \SystemRoot\system32\drivers\drmk.sys
  0x8CFF6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x883F3000 \SystemRoot\System32\Drivers\Null.SYS
  0x87FF7000 \SystemRoot\System32\Drivers\Beep.SYS
  0x87800000 \SystemRoot\System32\drivers\vga.sys
  0x8D00E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8D02F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8D037000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8D03F000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8D04A000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8D058000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x8D061000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x8D077000 \SystemRoot\system32\DRIVERS\smb.sys
  0x8D08B000 \SystemRoot\system32\drivers\afd.sys
  0x8D0D3000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x8D105000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x8D11B000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x8D129000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x8D13C000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x8D142000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x8D17E000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x8D188000 \SystemRoot\System32\Drivers\dfsc.sys
  0x8D19F000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x8D1C5000 \SystemRoot\system32\DRIVERS\KMWDFILTER.sys
  0x8D1CE000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x8D1D7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x8D1E7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x8D1EE000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x8D1F6000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x8D203000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x8D20E000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x95440000 \SystemRoot\System32\win32k.sys
  0x8D216000 \SystemRoot\System32\drivers\Dxapi.sys
  0x8D220000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x95660000 \SystemRoot\System32\TSDDD.dll
  0x95680000 \SystemRoot\System32\cdd.dll
  0x95690000 \SystemRoot\System32\ATMFD.DLL
  0x8D22F000 \SystemRoot\system32\drivers\luafv.sys
  0x8D24A000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x8D25F000 \SystemRoot\system32\DRIVERS\kmdfmemio.sys
  0x8D26F000 \SystemRoot\system32\drivers\spsys.sys
  0x8D31F000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x8D32F000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x8D359000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x8D363000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x8D376000 \SystemRoot\system32\drivers\HTTP.sys
  0x8D3E3000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x880BA000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x99C03000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x99C18000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x99C37000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x99C70000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x99C88000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x99CB0000 \SystemRoot\System32\DRIVERS\srv.sys
  0x99D17000 \??\C:\Windows\system32\drivers\acedrv11.sys
  0x99D43000 \SystemRoot\system32\drivers\peauth.sys
  0x99E21000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x99E2B000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x99E37000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
  0x99E3C000 \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
  0x99E3D000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x99E53000 \SystemRoot\system32\DRIVERS\WSDPrint.sys
  0x99E5D000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
  0x99E5F000 \??\C:\Users\Dirk\AppData\Local\Temp\catchme.sys
  0x99E6E000 \??\C:\Users\Dirk\AppData\Local\Temp\kxldapoc.sys
  0x77CD0000 \Windows\System32\ntdll.dll

Processes (total 55):
       0 System Idle Process
       4 System
     456 C:\Windows\System32\smss.exe
     560 csrss.exe
     612 C:\Windows\System32\wininit.exe
     620 csrss.exe
     656 C:\Windows\System32\services.exe
     672 C:\Windows\System32\lsass.exe
     680 C:\Windows\System32\lsm.exe
     720 C:\Windows\System32\winlogon.exe
     868 C:\Windows\System32\svchost.exe
     948 C:\Windows\System32\svchost.exe
     988 C:\Windows\System32\svchost.exe
    1080 C:\Windows\System32\Ati2evxx.exe
    1096 C:\Windows\System32\svchost.exe
    1132 C:\Windows\System32\svchost.exe
    1172 C:\Windows\System32\svchost.exe
    1276 C:\Windows\System32\audiodg.exe
    1304 C:\Windows\System32\svchost.exe
    1324 C:\Windows\System32\SLsvc.exe
    1368 C:\Windows\System32\svchost.exe
    1484 C:\Windows\System32\Ati2evxx.exe
    1584 C:\Windows\System32\svchost.exe
    1864 C:\Windows\System32\spoolsv.exe
    1892 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1908 C:\Windows\System32\svchost.exe
     308 C:\Windows\System32\taskeng.exe
     528 C:\Windows\System32\dwm.exe
     932 C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
     996 C:\Windows\System32\taskeng.exe
    2052 C:\Windows\System32\taskeng.exe
    2268 C:\Program Files\Windows Defender\MSASCui.exe
    2400 C:\Windows\System32\agrsmsvc.exe
    2436 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    2456 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    2488 C:\Program Files\Bonjour\mDNSResponder.exe
    2500 C:\Windows\System32\svchost.exe
    2512 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    2532 C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe
    2720 C:\Windows\System32\svchost.exe
    2732 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    2780 C:\Windows\System32\svchost.exe
    2820 C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
    2880 C:\Windows\System32\svchost.exe
    3040 C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
    3068 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    3204 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    3684 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    3696 C:\Windows\RtHDVCpl.exe
    3712 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    3852 C:\Windows\System32\svchost.exe
    4348 C:\Windows\System32\wuauclt.exe
    3920 C:\Windows\explorer.exe
    4692 taskeng.exe
    4756 C:\Users\Dirk\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80100000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001e`78b00000  (NTFS)

PhysicalDrive0 Model Number: HitachiHTS542525K9A300, Rev: BBFOC3EP

      Size  Device Name          MBR Status
  --------------------------------------------
    232 GB  \\.\PhysicalDrive0   Unknown MBR code
            SHA1: 898F3CF28E8EC7228D29035E39B672E205D702F2


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: 

Done!

cosinus · 26.04.2011, 10:00

Was ist mit OSAM?

flirtchecker · 26.04.2011, 19:41

sorry anbei der Log von OSAM

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:39:57 on 26.04.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.16

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"acedrv11" (acedrv11) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv11.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\Dirk\AppData\Local\Temp\catchme.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll
{F764812A-132C-4013-9960-5CBBEB408A0E} "NeroShellExt Class" - "Nero AG" - C:\Program Files\Common Files\Nero\NeroShellExt\NeroShellExt.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Dirk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Users\Dirk\Desktop\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"DATA BECKER Update Service" (DBService) - "DATA BECKER GmbH & Co KG" - C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
"Samsung Update Plus" (Samsung Update Plus) - ? - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe  (File found, but it contains no detailed information)
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"SwitchBoard" (SwitchBoard) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

cosinus · 27.04.2011, 09:14

Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

26.04.2011, 10:00	#13
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Was ist mit OSAM? __________________ Logfiles bitte immer in CODE-Tags posten

27.04.2011, 09:14	#15
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

Festplatte beschädigt Das System hat mit einem oder mehreren installierten...

Log-Analyse und Auswertung: Festplatte beschädigt Das System hat mit einem oder mehreren installierten...