Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Festplatte beschädigt Das System hat mit einem oder mehreren installierten... (https://www.trojaner-board.de/97844-festplatte-beschaedigt-system-hat-mehreren-installierten.html)

flirtchecker 21.04.2011 18:30
Festplatte beschädigt Das System hat mit einem oder mehreren installierten...
 
Hallo Leute,

ich bekam vorhin folgende Fehlermeldung:

Ich habe vorhin eine Virenmeldung von antivir gekriegt. Dann habe ich auf Virus entfernen geklickt und nichts passierte. Dann kam die Meldung: "Festplatte beschädigt Das System hat mit einem oder mehreren installierten
IDE/SATA Festplatten erkannt. Es wird empfohlen, das System neu zu starten."

Doch bevor ich den Neustart gemacht habe, hab ich erst mal einen Scan mit "Malwarebytes" gemacht:

Hier der Log:
Zitat:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6414

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

21.04.2011 19:19:29
mbam-log-2011-04-21 (19-19-29).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 153589
Laufzeit: 5 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
c:\Users\Dirk\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\74LHLYZL\about[1].exe (Trojan.FakeAlert) -> 5508 -> Unloaded process successfully.
c:\programdata\uvewqxceajwf.exe (Trojan.FakeAlert) -> 3944 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uvEWQXCeAJwf (Trojan.FakeAlert) -> Value: uvEWQXCeAJwf -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Dirk\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\74LHLYZL\about[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\uvewqxceajwf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Danach einen Systemscan mit OTL.exe durchgeführt.

Hier das Logfile 1 Extra:

OTL Logfile:
Code:
OTL Extras logfile created on: 21.04.2011 19:24:56 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Dirk\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 37,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 62,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,88 Gb Total Space | 64,46 Gb Free Space | 57,62% Space Free | Partition Type: NTFS
Drive D: | 111,00 Gb Total Space | 78,89 Gb Free Space | 71,07% Space Free | Partition Type: NTFS
 
Computer Name: DIRK-PC | User Name: Dirk | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2FA22B8A-3614-4623-98AC-2B25D3E27A01}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FD9135EE-5285-4DB6-8737-84833004288A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{009C3EAB-FFDA-4E15-AB16-BE8FF09A187F}" = protocol=6 | dir=in | app=c:\program files\brother\bradmin light\bradmlight.exe |
"{0F74A2AF-B036-4522-8198-BCA5B4768F62}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{266FA905-CF1C-4897-94F9-EE35F8249B70}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{65C61E05-341E-487D-AB93-3A2F1E6659CD}" = protocol=17 | dir=in | app=c:\program files\brother\bradmin light\bradmlight.exe |
"{AF554E26-FCB4-429F-A906-794A62BC151D}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{D0CB004A-659C-4AB8-835F-FF60F6BF6FCE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D958E873-CEF6-4D29-849F-25C2D8D9BF99}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{E2DAEBE4-4209-4FA4-8C35-8B75419850B1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{FC6271C4-8BBE-4DE1-A949-724044D56314}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{28837FD5-7900-46D7-961B-98EBB8E4E59F}C:\homepage maker 7 express\p3appserv\bin\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\homepage maker 7 express\p3appserv\bin\apache\bin\httpd.exe |
"TCP Query User{5BB9D2F4-91A6-4267-AABD-486A3E046B32}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{684921C1-CBB1-4017-BBF8-9A9B4BACB873}C:\users\dirk\appdata\local\data becker\web to date 7.0\apache\apache.exe" = protocol=6 | dir=in | app=c:\users\dirk\appdata\local\data becker\web to date 7.0\apache\apache.exe |
"TCP Query User{C95D95E5-A0CE-4716-9BFF-DBE420B2E63B}C:\homepage maker 7 express\p3appserv\bin\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\homepage maker 7 express\p3appserv\bin\mysql\bin\mysqld.exe |
"UDP Query User{04409905-3773-43A9-B764-4CEE42DF931A}C:\homepage maker 7 express\p3appserv\bin\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\homepage maker 7 express\p3appserv\bin\apache\bin\httpd.exe |
"UDP Query User{41A0DE4B-A10C-4A95-BA17-2386746F0911}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{B80575CA-11DC-44FF-A08F-6D17A0B82E52}C:\users\dirk\appdata\local\data becker\web to date 7.0\apache\apache.exe" = protocol=17 | dir=in | app=c:\users\dirk\appdata\local\data becker\web to date 7.0\apache\apache.exe |
"UDP Query User{D292723C-7F51-451F-9465-1701291C1E30}C:\homepage maker 7 express\p3appserv\bin\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\homepage maker 7 express\p3appserv\bin\mysql\bin\mysqld.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5000
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0795AE80-E3AD-C109-D0ED-127454F7947D}" = CCC Help Czech
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09C07EA5-2B33-D6A8-82EE-96E2EFB50933}" = Catalyst Control Center Localization German
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BDD74BD-5919-45DC-8DBD-FD9A7FFBEE7D}" = Catalyst Control Center Localization Czech
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0DA98A0B-E9AA-7D76-9FFB-09666B57B977}" = CCC Help Japanese
"{0E6C1531-9546-4153-9D88-689519385319}" = Haushaltsbuch 5.0
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{113784E4-001C-F3B0-BB12-30301C352D5A}" = CCC Help Chinese Standard
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution II
"{15343122-1A4C-84D1-F14C-19DAD9C3E170}" = Catalyst Control Center Localization Chinese Traditional
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1ABD9408-C1DC-EF1F-40E8-2D9A6531CDA3}" = ATI Catalyst Install Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{230441A3-AEFA-1008-6874-E00CCD863C1B}" = ccc-utility
"{2376F2D7-47F6-7D31-454C-50B3E7B04D79}" = CCC Help English
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{26E0A023-F45C-F529-D820-180FDAFA2CF5}" = Catalyst Control Center Localization French
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39B1744D-0561-20FD-10BC-462349B2CD17}" = Catalyst Control Center Core Implementation
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EA29C6A-F433-2CFA-9343-A30061A31D40}" = Catalyst Control Center Graphics Light
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4818083E-ADDE-37BD-7C86-4B72C7D96692}" = CCC Help Greek
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C4B9522-FD03-D17C-1A00-8EBC02CA5AC2}" = CCC Help French
"{4E271D3B-6105-525A-885D-72330974AABF}" = Catalyst Control Center Localization Spanish
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{535D722D-3CD3-7B2B-0D2A-8205AB81702D}" = Catalyst Control Center Localization Italian
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{583ACB37-3139-562A-6279-0158480F2277}" = Catalyst Control Center Localization Japanese
"{59C4B635-2E5A-1141-C0E5-004FC4D196F4}" = CCC Help Thai
"{5CE3E15C-6E1D-A3FE-2E35-F40E83DDF68D}" = CCC Help German
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5F6A4850-DDBE-DA71-0B73-10170D2A4E55}" = Catalyst Control Center Localization Korean
"{60B08761-8B36-4C10-51DC-C68AEA125612}" = CCC Help Turkish
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{640BBCC1-792B-8FF8-D5FF-EA185F1352BA}" = CCC Help Hungarian
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D69A81D-B087-BFB2-DD8C-EF5FF34FBEC1}" = Catalyst Control Center Localization Norwegian
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E315D6D-0F1C-4C27-920B-807B4F57C8B2}" = Brother MFL-Pro Suite MFC-5890CN
"{6EDE839E-B81A-28F0-5A7D-51A7128A1FD5}" = Catalyst Control Center Localization Greek
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{72F32AF2-2FA3-E6A0-D3D5-047691462436}" = CCC Help Danish
"{733D4DE8-14B8-EF66-CE77-160C0EC92913}" = CCC Help Swedish
"{74641F41-CE39-EA12-CD69-6903FD17544C}" = Catalyst Control Center Localization Turkish
"{74D5CF76-2DA9-7105-0BCB-3ACE774F478A}" = CCC Help Polish
"{76C1FD00-E569-A09E-E128-87B81203F6AA}" = CCC Help Portuguese
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{80574E0C-36A8-7974-0460-8B93A96A601E}" = Catalyst Control Center Graphics Full New
"{81E677EB-392F-FC88-7498-9506248689B4}" = CCC Help Italian
"{82310404-A89C-D870-769F-005031AFFD9B}" = CCC Help Spanish
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{861CD9E0-D0CE-00DA-20F7-DA8869E0954E}" = Catalyst Control Center Graphics Full Existing
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B14B6B8-342F-9556-46CA-D948734245D6}" = Catalyst Control Center Localization Dutch
"{8BF358A1-F53D-FF72-C844-FC4A4CE79B97}" = Catalyst Control Center Localization Hungarian
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90170407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{92C8DAA6-A0FA-DBDE-0464-5BEFAB4AB1B4}" = Catalyst Control Center Localization Chinese Standard
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{997AEC5C-8E66-48A9-5149-E3E03F05710C}" = CCC Help Korean
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A29549FD-65F3-440C-A552-6B8114CF319D}" = Skype Toolbars
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-A70800000002}" = Adobe Reader 7.0.8 - Deutsch
"{AD4CEE8C-0AF0-B4B2-D64B-7CCF70BD60B6}" = Catalyst Control Center Localization Russian
"{AE5906D7-1980-EA3B-711E-4BA92F0B70AA}" = Catalyst Control Center Localization Swedish
"{AF2F91EE-EF88-DB9A-5A0F-6E8B8C8901EA}" = Catalyst Control Center Localization Thai
"{AF97A9E8-155E-25C3-AAC2-377E3C2F8CE1}" = CCC Help Dutch
"{B161098B-279B-399C-63AC-68D1AECA98B8}" = CCC Help Chinese Traditional
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BE52510A-0CC8-EB71-9405-07E2B369526E}" = Catalyst Control Center Localization Portuguese
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C8167567-C053-7355-A2DE-DFD50B5E9F90}" = CCC Help Russian
"{C93F1C40-29E8-1351-3CAB-35DBBA6843F3}" = CCC Help Finnish
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB75941E-30C4-4D97-B000-D17C764B998C}" = Brother BRAdmin Light 1.12
"{DDC49762-9664-28B4-97F3-24DA91618CBC}" = CCC Help Norwegian
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF85F51D-6908-5B09-FA13-5B3376C640E1}" = Skins
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E380FD9E-D9AD-A7FF-2986-6A906836D79E}" = Catalyst Control Center Graphics Previews Vista
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E63BD217-4154-3693-595B-0A6F38C611C1}" = Catalyst Control Center Localization Danish
"{E9EFEA79-C84D-45BA-7037-4DC356790BF8}" = ccc-core-static
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA340E1B-0840-8F61-32CF-7A5A99A2C854}" = Catalyst Control Center Localization Polish
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now
"{FE6D4D2B-154C-1485-81B8-D2F6F5C5CF30}" = Catalyst Control Center Localization Finnish
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"AAA Logo 2009 Business_is1" = AAA Logo 2009 Business Edition 3.0
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"FileZilla Client" = FileZilla Client 3.2.7.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.34.305
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"InstallShield_{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.6.43 (remove only)
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Notepad++" = Notepad++
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"shop to date 7 basic_is1" = DATA BECKER shop to date 7 basic
"SWiSH miniMax4" = SWiSH miniMax4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.18
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 06.04.2011 14:02:05 | Computer Name = Dirk-PC | Source = MsiInstaller | ID = 1024
Description =
 
Error - 06.04.2011 18:43:41 | Computer Name = Dirk-PC | Source = EventSystem | ID = 4621
Description =
 
Error - 07.04.2011 03:53:08 | Computer Name = Dirk-PC | Source = MsiInstaller | ID = 10005
Description =
 
Error - 07.04.2011 03:53:08 | Computer Name = Dirk-PC | Source = MsiInstaller | ID = 1024
Description =
 
Error - 08.04.2011 14:46:24 | Computer Name = Dirk-PC | Source = MsiInstaller | ID = 10005
Description =
 
Error - 08.04.2011 14:46:24 | Computer Name = Dirk-PC | Source = MsiInstaller | ID = 1024
Description =
 
Error - 09.04.2011 03:29:06 | Computer Name = Dirk-PC | Source = MsiInstaller | ID = 10005
Description =
 
Error - 09.04.2011 03:29:06 | Computer Name = Dirk-PC | Source = MsiInstaller | ID = 1024
Description =
 
Error - 09.04.2011 20:00:19 | Computer Name = Dirk-PC | Source = MsiInstaller | ID = 10005
Description =
 
Error - 09.04.2011 20:00:19 | Computer Name = Dirk-PC | Source = MsiInstaller | ID = 1024
Description =
 
[ System Events ]
Error - 19.04.2011 13:39:39 | Computer Name = Dirk-PC | Source = atikmdag | ID = 43034
Description = Unknown EDID version
 
Error - 19.04.2011 13:40:51 | Computer Name = Dirk-PC | Source = DCOM | ID = 10016
Description =
 
Error - 19.04.2011 13:41:23 | Computer Name = Dirk-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 19.04.2011 13:45:38 | Computer Name = Dirk-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
 
Error - 19.04.2011 20:02:04 | Computer Name = Dirk-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
 
Error - 20.04.2011 16:42:44 | Computer Name = Dirk-PC | Source = DCOM | ID = 10010
Description =
 
Error - 21.04.2011 11:44:24 | Computer Name = Dirk-PC | Source = atikmdag | ID = 43034
Description = Unknown EDID version
 
Error - 21.04.2011 11:45:35 | Computer Name = Dirk-PC | Source = DCOM | ID = 10016
Description =
 
Error - 21.04.2011 11:46:07 | Computer Name = Dirk-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 21.04.2011 11:50:12 | Computer Name = Dirk-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
 
 
< End of report >
--- --- ---


und hier Logfile 2 OTL

OTL Logfile:
Code:
OTL logfile created on: 21.04.2011 19:24:56 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Dirk\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 37,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 62,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,88 Gb Total Space | 64,46 Gb Free Space | 57,62% Space Free | Partition Type: NTFS
Drive D: | 111,00 Gb Total Space | 78,89 Gb Free Space | 71,07% Space Free | Partition Type: NTFS
 
Computer Name: DIRK-PC | User Name: Dirk | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Dirk\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
PRC - C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Programme\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics)
PRC - C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Programme\Adobe\Acrobat 7.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Dirk\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (DBService) -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Samsung Update Plus) -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe ()
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (LVUVC) Logitech HD Webcam C270(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (KMWDFILTER) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (NETw2v32) Intel(R) -- C:\Windows\System32\drivers\NETw2v32.sys (Intel® Corporation)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=102869&l=dis&gct=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=MYC-ST&o=102869&locale=de_DE&apn_uid=903e35ca-372e-4b58-a833-a21d8b79efb1&apn_ptnrs=5J&apn_sauid=AEE3FDE9-00A5-4040-8BB1-59E85CA38E3B&apn_dtid=YYYYYYYYDE&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.05 09:49:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.05 09:49:49 | 000,000,000 | ---D | M]
 
[2011.03.13 19:01:16 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Dirk\AppData\Roaming\mozilla\Extensions
[2011.04.20 20:45:53 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions
[2011.04.18 23:52:33 | 000,000,000 | -H-D | M] (Speed Dial) -- C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2011.04.19 19:42:01 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.04.18 23:52:33 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.04.19 19:41:12 | 000,000,000 | -H-D | M] (Adblock Plus) -- C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.04.18 23:52:33 | 000,000,000 | -H-D | M] (Ask Toolbar) -- C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\toolbar@ask.com
[2011.04.01 23:55:07 | 000,002,400 | -H-- | M] () -- C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\95kw893j.default\searchplugins\askcom.xml
[2011.03.13 23:30:17 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.03.13 19:24:03 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.03.13 19:16:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.03.13 23:30:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.03.13 19:16:13 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.03.13 23:30:17 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.03.13 23:13:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.03.03 20:06:04 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.03 20:06:04 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.03 20:06:04 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.03 20:06:04 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.03 20:06:04 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Users\Dirk\Desktop\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Users\Dirk\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoHotStart = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Dirk\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Dirk\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Dirk\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.21 19:22:20 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Dirk\Desktop\OTL.exe
[2011.04.21 19:12:19 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Roaming\Malwarebytes
[2011.04.21 19:12:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.21 19:12:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.21 19:12:10 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes
[2011.04.21 19:12:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.04.21 19:12:06 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\Desktop\Malwarebytes' Anti-Malware
[2011.04.20 20:03:17 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Local\{E88AFC47-067F-48A0-AFB7-263FD7B4B687}
[2011.04.19 20:00:28 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Local\{B9136253-0C56-4F7A-982E-64D3E0D345F5}
[2011.04.13 21:33:29 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Local\{053D0404-3485-4441-B6B9-1C655E609D6C}
[2011.04.12 21:22:41 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.04.12 21:22:41 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.04.12 21:22:41 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.12 21:22:40 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.04.12 21:22:40 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.04.12 21:22:40 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.12 21:22:40 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.12 21:22:40 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.04.12 21:22:40 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.04.12 21:22:40 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.04.12 21:22:40 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.04.12 21:22:40 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.04.12 21:22:40 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.04.12 21:22:40 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.04.12 21:22:40 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.04.12 21:22:40 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.04.12 21:22:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.04.12 21:21:13 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.12 21:21:12 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.12 21:03:48 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.12 21:03:47 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.12 21:00:36 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.12 20:59:59 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.12 20:59:21 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.12 20:59:21 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.09 12:46:59 | 000,000,000 | -H-D | C] -- C:\homepage MAKER 7 Express
[2011.04.09 11:52:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DATA BECKER
[2011.04.09 11:52:53 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DATA BECKER Shared
[2011.04.09 11:52:35 | 000,151,552 | ---- | C] (Info-ZIP) -- C:\Windows\System32\w2dzip32.dll
[2011.04.09 11:50:47 | 000,327,680 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\txobj32.dll
[2011.04.09 11:50:47 | 000,290,816 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\Tx4ole.ocx
[2011.04.09 11:50:47 | 000,135,168 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx_htm32.dll
[2011.04.09 11:50:47 | 000,081,920 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\txtls32.dll
[2011.04.09 11:50:47 | 000,069,632 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\ic32.dll
[2011.04.09 11:50:47 | 000,061,440 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\wndtls32.dll
[2011.04.09 11:50:47 | 000,032,768 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx_bmp32.flt
[2011.04.09 11:50:46 | 000,323,584 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx_word.dll
[2011.04.09 11:50:46 | 000,173,304 | ---- | C] (Mabry Software, Inc.) -- C:\Windows\System32\MimeX.dll
[2011.04.09 11:50:46 | 000,152,824 | ---- | C] (Mabry Software, Inc.) -- C:\Windows\System32\EncodeX.dll
[2011.04.09 11:50:46 | 000,148,736 | ---- | C] (Mabry Software, Inc.) -- C:\Windows\System32\FtpX.ocx
[2011.04.09 11:50:46 | 000,144,640 | ---- | C] (Mabry Software, Inc.) -- C:\Windows\System32\PopX.ocx
[2011.04.09 11:50:46 | 000,132,344 | ---- | C] (Mabry Software, Inc.) -- C:\Windows\System32\PopX.dll
[2011.04.09 11:50:46 | 000,131,072 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx_rtf32.dll
[2011.04.09 11:50:46 | 000,099,576 | ---- | C] (Mabry Software, Inc.) -- C:\Windows\System32\MabryObj.dll
[2011.04.09 11:50:46 | 000,045,056 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx_tif32.flt
[2011.04.09 11:50:46 | 000,032,768 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\System32\tx_wmf32.flt
[2011.04.09 11:50:45 | 000,628,736 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltocx12n.ocx
[2011.04.09 11:50:45 | 000,279,800 | ---- | C] (Mabry Software, Inc.) -- C:\Windows\System32\FtpX.dll
[2011.04.09 11:50:45 | 000,132,360 | ---- | C] (Mabry Software, Inc.) -- C:\Windows\System32\EncodeX.ocx
[2011.04.09 11:50:44 | 000,751,616 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltann12n.dll
[2011.04.09 11:50:44 | 000,406,016 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltkrn12n.dll
[2011.04.09 11:50:44 | 000,328,704 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfcmp12n.dll
[2011.04.09 11:50:44 | 000,259,072 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltdis12n.dll
[2011.04.09 11:50:44 | 000,207,872 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltefx12n.dll
[2011.04.09 11:50:44 | 000,164,864 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltimg12n.dll
[2011.04.09 11:50:44 | 000,132,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinet.ocx
[2011.04.09 11:50:44 | 000,131,072 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltfil12n.DLL
[2011.04.09 11:50:44 | 000,035,840 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lttwn12n.dll
[2011.04.09 11:50:44 | 000,035,328 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfgif12n.dll
[2011.04.09 11:50:44 | 000,030,720 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfbmp12n.dll
[2011.04.09 11:50:44 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetde.dll
[2011.04.09 11:50:43 | 000,647,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscomct2.ocx
[2011.04.09 11:50:43 | 000,260,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msflxgrd.ocx
[2011.04.09 11:50:43 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstdfmt.dll
[2011.04.09 11:50:43 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscc2de.dll
[2011.04.09 11:50:43 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\flxgdde.dll
[2011.04.09 11:50:43 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdlgde.dll
[2011.04.09 11:50:42 | 001,050,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet35.dll
[2011.04.09 11:50:42 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscmcde.dll
[2011.04.09 11:50:41 | 000,415,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl35.dll
[2011.04.09 11:50:41 | 000,252,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd2x35.dll
[2011.04.09 11:50:41 | 000,148,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjint35.dll
[2011.04.09 11:50:41 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vb5db.dll
[2011.04.09 11:50:41 | 000,024,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjter35.dll
[2011.04.09 11:50:20 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\Documents\web to date Projekte
[2011.04.09 11:50:20 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\Documents\Erzeugte Websites
[2011.04.09 11:50:20 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Local\DATA BECKER
[2011.04.09 11:50:20 | 000,000,000 | ---D | C] -- C:\Programme\DATA BECKER
[2011.04.09 11:42:28 | 000,655,872 | -H-- | C] (Nero) -- C:\Users\Dirk\AppData\Local\739290.exe
[2011.04.08 21:00:41 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Local\{9C3F7206-D10A-4E12-8C33-CA2C7721A0CB}
[2011.04.07 22:00:57 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Local\{C2DA3BFA-9DDC-48C5-9602-CD829BBF700D}
[2011.04.07 00:02:54 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Local\{6FEF7AFB-EAEE-40F9-8798-3489C6052EC4}
[2011.04.06 21:08:46 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2011.04.06 21:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2011.04.06 21:08:44 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Roaming\Notepad++
[2011.04.06 21:08:44 | 000,000,000 | ---D | C] -- C:\Programme\Notepad++
[2011.04.05 23:55:36 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Local\{F433E0E4-5820-4818-8083-9956B4F23AE7}
[2011.04.05 00:48:04 | 000,000,000 | -H-D | C] -- C:\TEMP
[2011.04.05 00:44:10 | 000,000,000 | ---D | C] -- C:\Programme\IrfanView
[2011.04.05 00:15:41 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Roaming\SWiSH miniMax4 DEU
[2011.04.05 00:13:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SWiSH miniMax4
[2011.04.05 00:13:31 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\SWiSHzone.com
[2011.04.05 00:13:30 | 000,000,000 | ---D | C] -- C:\Programme\SWiSH miniMax4
[2011.04.03 23:35:26 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Local\{3C6F46B3-7CF9-4354-891B-F319CF37571B}
[2011.04.02 20:58:09 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Local\{7B370B55-88BE-4E3C-9F00-8C29D746403D}
[2011.04.01 19:38:40 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Local\ManyCam
[2011.04.01 19:38:22 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ManyCam
[2011.04.01 19:38:17 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Roaming\ManyCam
[2011.04.01 19:37:55 | 000,000,000 | ---D | C] -- C:\Programme\Ask.com
[2011.04.01 19:37:43 | 000,000,000 | ---D | C] -- C:\Programme\ManyCam
[2011.03.30 22:35:37 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Local\{1053C9CD-F5CD-4798-BE0E-07C9A972E1EA}
[2011.03.30 09:51:08 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\.thumbnails
[2011.03.30 09:48:02 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Roaming\gtk-2.0
[2011.03.30 00:05:51 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\Documents\Haushaltsbuch
[2011.03.30 00:05:51 | 000,000,000 | ---D | C] -- C:\Programme\Euchler Software
[2011.03.29 23:29:54 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Local\{32E4FF1A-82B9-46EE-95BD-CBD87FBAB02C}
[2011.03.28 21:58:32 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\Documents\gegl-0.0
[2011.03.28 21:58:32 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\.gimp-2.6
[2011.03.28 21:58:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP
[2011.03.28 21:57:41 | 000,000,000 | ---D | C] -- C:\Programme\GIMP-2.0
[2011.03.28 21:04:09 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Local\{E621AC36-D6EA-46FB-9E1D-994D9C307D0F}
[2011.03.27 13:10:15 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Local\{BA9FA46B-A7C6-4C01-BE19-FB300B020DFE}
[2011.03.27 01:06:44 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\Documents\Rechnungsdruckerei 2011 PRO
[2011.03.27 00:49:10 | 000,000,000 | -H-D | C] -- C:\ProgramData\DATA BECKER Downloads
[2011.03.27 00:49:07 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Roaming\ProtectDisc
[2011.03.27 00:49:07 | 000,000,000 | ---D | C] -- C:\Programme\ProtectDisc Driver Installer
[2011.03.27 00:48:37 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Rechnungsdruckerei
[2011.03.27 00:48:36 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Software FX Shared
[2011.03.27 00:48:28 | 000,125,712 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6DE.DLL
[2011.03.27 00:11:32 | 000,000,000 | RH-D | C] -- C:\Users\Dirk\AppData\Roaming\Brother
[2011.03.26 23:50:05 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Roaming\PC-FAX TX
[2011.03.26 20:36:52 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Local\{06F3E57E-D860-40CE-B91C-40D5E4240BD9}
[2011.03.25 21:23:41 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Local\{B46AE1EE-4BA7-4FA8-B9D6-3C9DF13E81DD}
[2011.03.24 19:47:19 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Local\{9A8D2082-614A-4AE9-9A3C-8386FCF7CCDC}
[2011.03.24 08:55:32 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Roaming\Adobe Mini Bridge CS5
[2011.03.24 08:55:31 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.03.24 01:17:05 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\Documents\Steuer-Sparbuch
[2011.03.24 00:51:48 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\Documents\Mein Steuer-Sparbuch Heute
[2011.03.24 00:49:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2011
[2011.03.24 00:49:43 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Local\Buhl
[2011.03.24 00:47:35 | 000,000,000 | ---D | C] -- C:\Programme\WISO
[2011.03.24 00:47:08 | 000,000,000 | -H-D | C] -- C:\ProgramData\Buhl Data Service GmbH
[2011.03.24 00:45:51 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Local\Buhl Data Service
[2011.03.24 00:33:56 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Roaming\Nero
[2011.03.24 00:28:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2011.03.24 00:28:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\Nero
[2011.03.24 00:26:30 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Nero
[2011.03.24 00:26:17 | 000,000,000 | ---D | C] -- C:\Programme\Nero
[2011.03.24 00:08:05 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2011.03.24 00:06:22 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2011.03.24 00:04:31 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2011.03.24 00:03:04 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2011.03.24 00:01:28 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2011.03.23 23:59:54 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2011.03.23 21:14:01 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.03.23 21:14:00 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.03.23 21:11:25 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Local\{686738D4-9EC3-4AF8-A314-20E50BB6AD41}
[2011.03.22 23:20:10 | 000,000,000 | -H-D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2011.03.22 23:16:37 | 000,000,000 | ---D | C] -- C:\Programme\Adobe Media Player
[2011.03.22 23:16:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2011.03.22 23:14:58 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe AIR
[2011.03.22 22:14:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AAA Logo 2009
[2011.03.22 22:14:35 | 000,000,000 | ---D | C] -- C:\Programme\AAALOGO2009
[2011.03.22 21:39:01 | 000,000,000 | -H-D | C] -- C:\Users\Dirk\AppData\Local\{38690457-050D-45EF-BE90-BF9FE9B018F2}
[2006.11.24 07:14:44 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll
[2006.11.24 07:14:44 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.21 19:22:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Dirk\Desktop\OTL.exe
[2011.04.21 19:21:41 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\mcnnhvrj.sys
[2011.04.21 17:44:32 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.21 17:44:32 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.21 17:44:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.21 17:44:23 | 2145,566,720 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.20 22:42:59 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.04.20 22:10:12 | 001,248,479 | -H-- | M] () -- C:\Users\Dirk\Desktop\PICT0798.JPG
[2011.04.18 21:37:01 | 000,000,402 | -H-- | M] () -- C:\Users\Dirk\Desktop\index.htm
[2011.04.18 21:32:44 | 000,166,153 | -H-- | M] () -- C:\Users\Dirk\Desktop\testb1.jpg
[2011.04.17 22:05:56 | 000,146,490 | -H-- | M] () -- C:\Users\Dirk\Desktop\herzle.jpg
[2011.04.17 15:54:04 | 000,000,132 | -H-- | M] () -- C:\Users\Dirk\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.04.17 15:09:08 | 000,000,132 | -H-- | M] () -- C:\Users\Dirk\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011.04.17 15:00:47 | 000,112,780 | -H-- | M] () -- C:\Users\Dirk\Desktop\FF_logo_FFblue.jpg
[2011.04.15 19:54:19 | 000,000,097 | ---- | M] () -- C:\Windows\System32\dmlg.dat
[2011.04.14 23:33:57 | 000,579,384 | -H-- | M] () -- C:\Users\Dirk\Desktop\Darmstadt_Panorama1_72dpi.jpg
[2011.04.14 23:33:57 | 000,307,302 | -H-- | M] () -- C:\Users\Dirk\Desktop\Darmstadt_panorama3_72dpi.jpg
[2011.04.14 23:33:57 | 000,296,683 | -H-- | M] () -- C:\Users\Dirk\Desktop\Darmstadt_Panorama2_72dpi.jpg
[2011.04.14 20:32:39 | 003,786,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.14 00:13:47 | 000,009,741 | -H-- | M] () -- C:\Users\Dirk\.recently-used.xbel
[2011.04.13 22:14:12 | 000,006,656 | -H-- | M] () -- C:\Users\Dirk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.13 21:21:30 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.13 21:21:30 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.13 21:21:30 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.13 21:21:29 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.10 16:41:52 | 000,000,132 | -H-- | M] () -- C:\Users\Dirk\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011.04.10 01:11:12 | 000,026,982 | -H-- | M] () -- C:\Users\Dirk\AppData\Roaming\Dirklog.dat
[2011.04.09 11:42:28 | 000,655,872 | -H-- | M] (Nero) -- C:\Users\Dirk\AppData\Local\739290.exe
[2011.04.05 01:34:15 | 000,001,456 | -H-- | M] () -- C:\Users\Dirk\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011.04.05 01:34:14 | 000,012,048 | -H-- | M] () -- C:\Users\Dirk\Desktop\logo1.gif
[2011.04.05 01:27:33 | 000,077,826 | -H-- | M] () -- C:\Users\Dirk\Desktop\logo1.jpg
[2011.04.05 01:27:14 | 001,271,232 | -H-- | M] () -- C:\Users\Dirk\Desktop\logo1.psd
[2011.04.02 19:08:27 | 026,626,993 | -H-- | M] () -- C:\Users\Dirk\Desktop\IMG_1627.MOV
[2011.03.30 19:35:49 | 000,001,682 | -H-- | M] () -- C:\Users\Dirk\Desktop\iTunes.lnk
[2011.03.28 21:58:25 | 000,000,900 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2011.03.27 01:36:45 | 000,095,542 | -H-- | M] () -- C:\Users\Dirk\Desktop\Unbenannt-1.jpg
[2011.03.27 01:00:35 | 000,033,940 | -H-- | M] () -- C:\Users\Dirk\Desktop\dimendia.jpg
[2011.03.27 00:10:56 | 000,000,425 | -H-- | M] () -- C:\Windows\BRWMARK.INI
[2011.03.27 00:10:56 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI
[2011.03.26 23:50:12 | 000,000,748 | -H-- | M] () -- C:\Windows\Brpfx04a.ini
[2011.03.26 20:53:33 | 002,204,456 | -H-- | M] () -- C:\Users\Dirk\Desktop\IMG_1566sw.jpg
[2011.03.26 20:48:24 | 001,475,432 | -H-- | M] () -- C:\Users\Dirk\Desktop\IMG_1566.JPG
[2011.03.24 00:51:22 | 000,000,080 | ---- | M] () -- C:\Windows\wiso.ini
[2011.03.24 00:51:08 | 000,001,876 | ---- | M] () -- C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2011.lnk
[2011.03.22 22:30:27 | 000,000,656 | -H-- | M] () -- C:\Users\Dirk\Desktop\logo-timo.al8
 
========== Files Created - No Company Name ==========
 
[2011.04.21 19:21:41 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\mcnnhvrj.sys
[2011.04.20 22:09:39 | 001,248,479 | -H-- | C] () -- C:\Users\Dirk\Desktop\PICT0798.JPG
[2011.04.18 21:37:01 | 000,000,402 | -H-- | C] () -- C:\Users\Dirk\Desktop\index.htm
[2011.04.18 21:27:06 | 000,166,153 | -H-- | C] () -- C:\Users\Dirk\Desktop\testb1.jpg
[2011.04.17 22:05:56 | 000,146,490 | -H-- | C] () -- C:\Users\Dirk\Desktop\herzle.jpg
[2011.04.17 15:00:47 | 000,112,780 | -H-- | C] () -- C:\Users\Dirk\Desktop\FF_logo_FFblue.jpg
[2011.04.15 19:54:19 | 000,000,097 | ---- | C] () -- C:\Windows\System32\dmlg.dat
[2011.04.14 23:33:57 | 000,579,384 | -H-- | C] () -- C:\Users\Dirk\Desktop\Darmstadt_Panorama1_72dpi.jpg
[2011.04.14 23:33:57 | 000,307,302 | -H-- | C] () -- C:\Users\Dirk\Desktop\Darmstadt_panorama3_72dpi.jpg
[2011.04.14 23:33:57 | 000,296,683 | -H-- | C] () -- C:\Users\Dirk\Desktop\Darmstadt_Panorama2_72dpi.jpg
[2011.04.14 00:13:47 | 000,009,741 | -H-- | C] () -- C:\Users\Dirk\.recently-used.xbel
[2011.04.10 16:41:52 | 000,000,132 | -H-- | C] () -- C:\Users\Dirk\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011.04.09 11:50:47 | 000,446,464 | ---- | C] () -- C:\Windows\System32\Tx32.dll
[2011.04.09 11:50:47 | 000,000,151 | ---- | C] () -- C:\Windows\System32\ic32.ini
[2011.04.09 11:42:28 | 000,276,992 | -H-- | C] () -- C:\Users\Dirk\AppData\Local\472353.exe
[2011.04.05 01:34:15 | 000,001,456 | -H-- | C] () -- C:\Users\Dirk\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011.04.05 01:34:14 | 000,012,048 | -H-- | C] () -- C:\Users\Dirk\Desktop\logo1.gif
[2011.04.04 10:16:43 | 000,000,132 | -H-- | C] () -- C:\Users\Dirk\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011.04.04 10:01:53 | 000,000,132 | -H-- | C] () -- C:\Users\Dirk\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.04.02 21:39:23 | 026,626,993 | -H-- | C] () -- C:\Users\Dirk\Desktop\IMG_1627.MOV
[2011.03.30 19:35:49 | 000,001,682 | -H-- | C] () -- C:\Users\Dirk\Desktop\iTunes.lnk
[2011.03.30 00:05:53 | 000,001,938 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haushaltsbuch 5.0.lnk
[2011.03.29 23:45:24 | 000,077,826 | -H-- | C] () -- C:\Users\Dirk\Desktop\logo1.jpg
[2011.03.29 23:45:12 | 001,271,232 | -H-- | C] () -- C:\Users\Dirk\Desktop\logo1.psd
[2011.03.28 21:58:25 | 000,000,900 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2011.03.27 01:36:43 | 000,095,542 | -H-- | C] () -- C:\Users\Dirk\Desktop\Unbenannt-1.jpg
[2011.03.27 01:00:35 | 000,033,940 | -H-- | C] () -- C:\Users\Dirk\Desktop\dimendia.jpg
[2011.03.26 20:51:56 | 002,204,456 | -H-- | C] () -- C:\Users\Dirk\Desktop\IMG_1566sw.jpg
[2011.03.26 20:47:21 | 001,475,432 | -H-- | C] () -- C:\Users\Dirk\Desktop\IMG_1566.JPG
[2011.03.24 00:51:19 | 000,000,080 | ---- | C] () -- C:\Windows\wiso.ini
[2011.03.24 00:51:08 | 000,001,876 | ---- | C] () -- C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2011.lnk
[2011.03.24 00:49:33 | 000,006,656 | -H-- | C] () -- C:\Users\Dirk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.22 23:18:52 | 000,001,000 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
[2011.03.22 23:18:02 | 000,000,962 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
[2011.03.22 23:17:39 | 000,001,055 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
[2011.03.22 23:16:04 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
[2011.03.22 23:15:55 | 000,001,308 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2011.03.22 23:15:03 | 000,000,874 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2011.03.22 22:30:26 | 000,000,656 | -H-- | C] () -- C:\Users\Dirk\Desktop\logo-timo.al8
[2011.03.21 21:11:12 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.03.15 00:14:57 | 000,000,748 | -H-- | C] () -- C:\Windows\Brpfx04a.ini
[2011.03.15 00:14:57 | 000,000,093 | -H-- | C] () -- C:\Windows\brpcfx.ini
[2011.03.15 00:14:20 | 000,000,425 | -H-- | C] () -- C:\Windows\BRWMARK.INI
[2011.03.15 00:14:20 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.03.15 00:12:41 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08a.dat
[2011.03.15 00:09:09 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2011.03.15 00:09:09 | 000,000,066 | -H-- | C] () -- C:\Windows\Brfaxrx.ini
[2011.03.15 00:09:08 | 000,000,000 | -H-- | C] () -- C:\Windows\brdfxspd.dat
[2011.03.15 00:03:29 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini
[2011.03.14 10:04:07 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.03.14 10:04:07 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.03.14 10:02:42 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.03.13 19:25:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.11.10 04:45:32 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2010.11.10 04:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010.11.10 04:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010.11.10 04:31:42 | 000,026,286 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010.05.07 19:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2010.05.07 19:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2007.08.08 01:17:39 | 000,221,184 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe
[2007.08.08 00:52:09 | 000,377,856 | ---- | C] () -- C:\Windows\System32\SetAutoConsole.exe
[2007.08.08 00:50:59 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2007.08.08 00:50:59 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2007.08.08 00:32:28 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IhDEV.exe
[2007.08.08 00:32:28 | 000,024,576 | ---- | C] () -- C:\Windows\System32\IhINF.exe
[2007.08.08 00:21:37 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007.08.07 07:13:29 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2007.08.07 07:13:29 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2007.08.07 07:13:29 | 000,126,260 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2007.08.07 07:13:29 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.08.07 07:06:44 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.08.07 07:06:40 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007.08.07 07:06:40 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007.08.07 07:06:40 | 000,144,773 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007.04.24 11:32:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007.02.26 09:49:12 | 006,139,774 | ---- | C] () -- C:\Windows\System32\imagine digital freedom.dat
[2007.02.15 09:51:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll
[2006.11.29 10:00:30 | 000,045,056 | ---- | C] () -- C:\Windows\System32\MAWebControl.exe
[2006.11.29 10:00:28 | 000,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 003,786,784 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.10.09 03:01:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll
[2005.10.10 08:29:46 | 000,026,982 | -H-- | C] () -- C:\Users\Dirk\AppData\Roaming\Dirklog.dat
[2001.11.14 06:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
< End of report >
--- --- ---


Bin für jede Hilfe dankbar.... :confused:

cosinus 21.04.2011 19:30
Zitat:
Art des Suchlaufs: Quick-Scan
Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

flirtchecker 21.04.2011 20:37
ok hier der komplette Suchlauf...

Zitat:
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

21.04.2011 21:35:54
mbam-log-2011-04-21 (21-35-54).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 303055
Laufzeit: 55 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 22.04.2011 11:15
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
[2011.04.21 19:21:41 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\mcnnhvrj.sys
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
[2011.04.19 19:42:01 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.04.18 23:52:33 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.04.19 19:41:12 | 000,000,000 | -H-D | M] (Adblock Plus) -- C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.04.18 23:52:33 | 000,000,000 | -H-D | M] (Ask Toolbar) -- C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\toolbar@ask.com
[2011.04.01 23:55:07 | 000,002,400 | -H-- | M] () -- C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\95kw893j.default\searchplugins\askcom.xml
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=MYC-ST&o=102869&locale=de_DE&apn_uid=903e35ca-372e-4b58-a833-a21d8b79efb1&apn_ptnrs=5J&apn_sauid=AEE3FDE9-00A5-4040-8BB1-59E85CA38E3B&apn_dtid=YYYYYYYYDE&q="
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.ask.com?o=102869&l=dis&gct=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

cosinus 22.04.2011 11:28
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
[2011.04.21 19:21:41 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\mcnnhvrj.sys
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
[2011.04.19 19:42:01 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.04.18 23:52:33 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.04.19 19:41:12 | 000,000,000 | -H-D | M] (Adblock Plus) -- C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.04.18 23:52:33 | 000,000,000 | -H-D | M] (Ask Toolbar) -- C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\toolbar@ask.com
[2011.04.01 23:55:07 | 000,002,400 | -H-- | M] () -- C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\95kw893j.default\searchplugins\askcom.xml
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=MYC-ST&o=102869&locale=de_DE&apn_uid=903e35ca-372e-4b58-a833-a21d8b79efb1&apn_ptnrs=5J&apn_sauid=AEE3FDE9-00A5-4040-8BB1-59E85CA38E3B&apn_dtid=YYYYYYYYDE&q="
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.ask.com?o=102869&l=dis&gct=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

flirtchecker 22.04.2011 15:47
ok hier nun der Log nach dem FIX

Zitat:
All processes killed
========== OTL ==========
File C:\Windows\System32\drivers\mcnnhvrj.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin folder moved successfully.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF folder moved successfully.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\lib folder moved successfully.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults folder moved successfully.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components folder moved successfully.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome folder moved successfully.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} folder moved successfully.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\modules folder moved successfully.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\META-INF folder moved successfully.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\defaults\preferences folder moved successfully.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\defaults folder moved successfully.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\components folder moved successfully.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\chrome folder moved successfully.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} folder moved successfully.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\toolbar@ask.com\logs folder moved successfully.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\toolbar@ask.com\datastore folder moved successfully.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-01-Apr-2011-21-55-06-GMT folder moved successfully.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Users\Dirk\AppData\Roaming\mozilla\Firefox\Profiles\95kw893j.default\extensions\toolbar@ask.com folder moved successfully.
C:\Users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\95kw893j.default\searchplugins\askcom.xml moved successfully.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ask.com" removed from browser.search.selectedEngine
Prefs.js: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=MYC-ST&o=102869&locale=de_DE&apn_uid=903e35ca-372e-4b58-a833-a21d8b79efb1&apn_ptnrs=5J&apn_sauid=AEE3FDE9-00A5-4040-8BB1-59E85CA38E3B&apn_dtid=YYYYYYYYDE&q=" removed from keyword.URL
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Dirk
->Temp folder emptied: 1277506 bytes
->Temporary Internet Files folder emptied: 16956041 bytes
->Java cache emptied: 33011285 bytes
->FireFox cache emptied: 46100252 bytes
->Flash cache emptied: 6411 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2182040 bytes
RecycleBin emptied: 307737160 bytes

Total Files Cleaned = 388,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04222011_162854

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 23.04.2011 14:15
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

flirtchecker 23.04.2011 18:25
ok anbei der Log

Code:
2011/04/23 19:22:19.0606 3508        ComputerName: DIRK-PC
2011/04/23 19:22:19.0606 3508        UserName: Dirk
2011/04/23 19:22:19.0606 3508        Windows directory: C:\Windows
2011/04/23 19:22:19.0606 3508        System windows directory: C:\Windows
2011/04/23 19:22:19.0606 3508        Processor architecture: Intel x86
2011/04/23 19:22:19.0606 3508        Number of processors: 2
2011/04/23 19:22:19.0606 3508        Page size: 0x1000
2011/04/23 19:22:19.0606 3508        Boot type: Normal boot
2011/04/23 19:22:19.0606 3508        ================================================================================
2011/04/23 19:22:20.0058 3508        Initialize success
2011/04/23 19:22:28.0233 2300        ================================================================================
2011/04/23 19:22:28.0233 2300        Scan started
2011/04/23 19:22:28.0233 2300        Mode: Manual;
2011/04/23 19:22:28.0233 2300        ================================================================================
2011/04/23 19:22:29.0917 2300        acedrv11        (e6f53d6c0dea3d375362265e175ca638) C:\Windows\system32\drivers\acedrv11.sys
2011/04/23 19:22:30.0120 2300        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/04/23 19:22:30.0838 2300        adp94xx        (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/04/23 19:22:31.0072 2300        adpahci        (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/04/23 19:22:31.0275 2300        adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/04/23 19:22:31.0540 2300        adpu320        (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/04/23 19:22:31.0852 2300        AFD            (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/04/23 19:22:32.0086 2300        AgereSoftModem  (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/04/23 19:22:32.0335 2300        agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/04/23 19:22:32.0601 2300        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/23 19:22:32.0928 2300        aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/04/23 19:22:33.0115 2300        amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/04/23 19:22:33.0318 2300        amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/04/23 19:22:33.0412 2300        AmdK7          (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/04/23 19:22:33.0490 2300        AmdK8          (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/04/23 19:22:33.0708 2300        arc            (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/04/23 19:22:34.0005 2300        arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/04/23 19:22:34.0207 2300        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/23 19:22:34.0457 2300        atapi          (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/04/23 19:22:34.0831 2300        athr            (f32fee7cb2ee32c1f808409bc8019701) C:\Windows\system32\DRIVERS\athr.sys
2011/04/23 19:22:35.0549 2300        atikmdag        (5439b251af73e7efae4b8771d7116159) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/04/23 19:22:35.0845 2300        AtiPcie        (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/04/23 19:22:36.0189 2300        avgntflt        (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/23 19:22:36.0594 2300        avipbb          (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/23 19:22:36.0875 2300        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/23 19:22:37.0733 2300        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/23 19:22:38.0513 2300        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/23 19:22:39.0574 2300        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/23 19:22:40.0198 2300        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/23 19:22:41.0103 2300        BrSerIf        (1a5fc78e41840edf79d65ec16eff2787) C:\Windows\system32\Drivers\BrSerIf.sys
2011/04/23 19:22:41.0727 2300        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/23 19:22:41.0945 2300        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/23 19:22:42.0148 2300        BrUsbSer        (a24c7b39602218f8dbdb2b6704325fc7) C:\Windows\system32\Drivers\BrUsbSer.sys
2011/04/23 19:22:42.0304 2300        BthEnum        (064fbc56921051de1075495d628b815f) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/04/23 19:22:42.0382 2300        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/23 19:22:42.0553 2300        BthPan          (b8c3d9ddf85fd197c3e5f849fef71144) C:\Windows\system32\DRIVERS\bthpan.sys
2011/04/23 19:22:42.0725 2300        BTHPORT        (b24757d9154cca035e1bbd3db92966d7) C:\Windows\system32\Drivers\BTHport.sys
2011/04/23 19:22:42.0928 2300        BTHUSB          (d42cf5f0c7635b3f1578810fe34d9e41) C:\Windows\system32\Drivers\BTHUSB.sys
2011/04/23 19:22:43.0380 2300        btwaudio        (636f45a8500c1438cfa7dee15fc5c184) C:\Windows\system32\drivers\btwaudio.sys
2011/04/23 19:22:43.0583 2300        btwavdt        (bf9256ff01b093a5d90bb7a35ec90410) C:\Windows\system32\drivers\btwavdt.sys
2011/04/23 19:22:43.0833 2300        btwrchid        (0ab8c1ac177afb27309e1072faf34a37) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/04/23 19:22:43.0989 2300        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/23 19:22:44.0098 2300        cdrom          (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/23 19:22:44.0223 2300        circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/04/23 19:22:44.0301 2300        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/04/23 19:22:44.0425 2300        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/23 19:22:44.0503 2300        cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/04/23 19:22:44.0550 2300        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/23 19:22:44.0831 2300        crcdisk        (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/04/23 19:22:45.0159 2300        Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/04/23 19:22:45.0549 2300        DfsC            (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/04/23 19:22:45.0767 2300        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/04/23 19:22:46.0032 2300        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/04/23 19:22:46.0266 2300        DXGKrnl        (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/23 19:22:46.0453 2300        E1G60          (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/23 19:22:46.0672 2300        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/04/23 19:22:46.0890 2300        elxstor        (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/04/23 19:22:47.0109 2300        exfat          (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/04/23 19:22:47.0280 2300        fastfat        (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/04/23 19:22:47.0452 2300        fdc            (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/23 19:22:47.0717 2300        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/23 19:22:47.0889 2300        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/23 19:22:48.0076 2300        flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/23 19:22:48.0279 2300        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/04/23 19:22:48.0466 2300        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/23 19:22:48.0653 2300        gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/23 19:22:48.0825 2300        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/23 19:22:49.0121 2300        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/04/23 19:22:49.0324 2300        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/23 19:22:49.0527 2300        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/23 19:22:49.0698 2300        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/23 19:22:49.0932 2300        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/23 19:22:50.0182 2300        HpCISSs        (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/04/23 19:22:50.0353 2300        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/04/23 19:22:50.0525 2300        i2omp          (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/04/23 19:22:50.0728 2300        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/23 19:22:50.0915 2300        iaStorV        (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/04/23 19:22:51.0133 2300        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/23 19:22:51.0414 2300        IntcAzAudAddService (7bd4e0428776d11c8e8e26f9f5508690) C:\Windows\system32\drivers\RTKVHDA.sys
2011/04/23 19:22:51.0601 2300        intelide        (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/04/23 19:22:51.0789 2300        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/23 19:22:52.0054 2300        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/23 19:22:52.0428 2300        IPMIDRV        (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/23 19:22:52.0584 2300        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/23 19:22:52.0803 2300        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/23 19:22:53.0005 2300        isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/04/23 19:22:53.0302 2300        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/23 19:22:53.0489 2300        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/23 19:22:53.0661 2300        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/23 19:22:53.0910 2300        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/23 19:22:54.0113 2300        kbdhid          (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
2011/04/23 19:22:54.0347 2300        KMDFMEMIO      (ebc507f129df8f0e0ca270dcfc0cf87f) C:\Windows\system32\DRIVERS\kmdfmemio.sys
2011/04/23 19:22:54.0550 2300        KMWDFILTER      (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
2011/04/23 19:22:54.0768 2300        KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/23 19:22:54.0971 2300        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/23 19:22:55.0158 2300        LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/23 19:22:55.0330 2300        LSI_SAS        (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/23 19:22:55.0517 2300        LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/23 19:22:55.0751 2300        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/23 19:22:55.0954 2300        LVPr2Mon        (8be71d7edb8c7494913722059f760dd0) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
2011/04/23 19:22:56.0203 2300        LVRS            (a1857fbb9b4930eeb2fd92386c45c529) C:\Windows\system32\DRIVERS\lvrs.sys
2011/04/23 19:22:56.0562 2300        LVUVC          (3703406af0726badd24c5e552493e5b1) C:\Windows\system32\DRIVERS\lvuvc.sys
2011/04/23 19:22:56.0905 2300        megasas        (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/04/23 19:22:57.0077 2300        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/23 19:22:57.0342 2300        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/23 19:22:57.0748 2300        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/23 19:22:58.0107 2300        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/23 19:22:58.0325 2300        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/23 19:22:58.0980 2300        mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/04/23 19:22:59.0729 2300        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/23 19:23:00.0369 2300        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/23 19:23:00.0868 2300        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/23 19:23:01.0445 2300        mrxsmb          (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/23 19:23:02.0007 2300        mrxsmb10        (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/23 19:23:02.0490 2300        mrxsmb20        (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/23 19:23:03.0005 2300        msahci          (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/04/23 19:23:03.0317 2300        msdsm          (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/04/23 19:23:03.0723 2300        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/23 19:23:03.0972 2300        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/23 19:23:04.0440 2300        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/23 19:23:04.0783 2300        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/23 19:23:05.0095 2300        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/23 19:23:05.0454 2300        MsRPC          (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/04/23 19:23:05.0844 2300        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/23 19:23:06.0234 2300        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/23 19:23:06.0624 2300        Mup            (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/04/23 19:23:07.0045 2300        NativeWifiP    (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/23 19:23:07.0638 2300        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/04/23 19:23:08.0247 2300        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/23 19:23:08.0699 2300        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/23 19:23:09.0229 2300        NdisWan        (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/23 19:23:09.0588 2300        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/23 19:23:09.0916 2300        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/23 19:23:10.0306 2300        netbt          (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/23 19:23:11.0257 2300        NETw2v32        (6e9edc1020b319e7676387b8cdf2398c) C:\Windows\system32\DRIVERS\NETw2v32.sys
2011/04/23 19:23:12.0724 2300        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/23 19:23:13.0145 2300        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/04/23 19:23:13.0753 2300        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/23 19:23:14.0409 2300        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/04/23 19:23:15.0298 2300        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/23 19:23:15.0657 2300        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/23 19:23:16.0031 2300        nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/04/23 19:23:16.0343 2300        nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/04/23 19:23:16.0827 2300        nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/04/23 19:23:17.0965 2300        ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/23 19:23:18.0433 2300        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/04/23 19:23:18.0995 2300        partmgr        (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/04/23 19:23:19.0338 2300        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/04/23 19:23:19.0947 2300        pci            (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/04/23 19:23:20.0477 2300        pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/04/23 19:23:20.0851 2300        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/23 19:23:21.0304 2300        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/23 19:23:21.0928 2300        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/23 19:23:22.0411 2300        Processor      (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/04/23 19:23:22.0973 2300        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/23 19:23:23.0925 2300        ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/04/23 19:23:24.0471 2300        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/23 19:23:25.0063 2300        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/23 19:23:26.0389 2300        R300            (5439b251af73e7efae4b8771d7116159) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/04/23 19:23:26.0842 2300        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/23 19:23:27.0232 2300        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/23 19:23:27.0747 2300        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/23 19:23:28.0168 2300        RasSstp        (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/23 19:23:28.0714 2300        rdbss          (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/23 19:23:29.0353 2300        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/23 19:23:29.0743 2300        rdpdr          (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/04/23 19:23:30.0071 2300        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/23 19:23:30.0414 2300        RDPWD          (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/04/23 19:23:30.0789 2300        RFCOMM          (7ec90c316177ba3f1bce92005264b447) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/04/23 19:23:31.0194 2300        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/23 19:23:31.0662 2300        RTL8023xp      (959ef612d2ccfdb6d9e443f8e3655013) C:\Windows\system32\DRIVERS\Rtnicxp.sys
2011/04/23 19:23:32.0442 2300        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/23 19:23:32.0910 2300        sdbus          (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys
2011/04/23 19:23:33.0331 2300        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/23 19:23:33.0690 2300        Serenum        (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/04/23 19:23:34.0033 2300        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/04/23 19:23:34.0267 2300        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/23 19:23:34.0595 2300        sffdisk        (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/04/23 19:23:35.0032 2300        sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/23 19:23:35.0297 2300        sffp_sd        (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/23 19:23:35.0547 2300        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/23 19:23:36.0124 2300        sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/04/23 19:23:36.0451 2300        SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/04/23 19:23:37.0153 2300        SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/04/23 19:23:38.0058 2300        Smb            (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/04/23 19:23:38.0557 2300        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/23 19:23:38.0947 2300        srv            (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/04/23 19:23:39.0291 2300        srv2            (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/23 19:23:39.0634 2300        srvnet          (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/23 19:23:39.0977 2300        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/04/23 19:23:40.0414 2300        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/23 19:23:40.0804 2300        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/23 19:23:41.0241 2300        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/23 19:23:41.0677 2300        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/23 19:23:42.0192 2300        SynTP          (c1777074592bbb55b1f1a2fbc7a60498) C:\Windows\system32\DRIVERS\SynTP.sys
2011/04/23 19:23:42.0691 2300        Tcpip          (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/04/23 19:23:43.0752 2300        Tcpip6          (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/23 19:23:44.0236 2300        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/23 19:23:44.0454 2300        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/23 19:23:44.0719 2300        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/23 19:23:45.0047 2300        tdx            (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/23 19:23:45.0390 2300        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/23 19:23:45.0577 2300        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/23 19:23:45.0718 2300        TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
2011/04/23 19:23:46.0045 2300        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/23 19:23:46.0404 2300        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/23 19:23:46.0716 2300        uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/04/23 19:23:47.0153 2300        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/23 19:23:47.0512 2300        uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/23 19:23:47.0933 2300        uliahci        (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/04/23 19:23:48.0198 2300        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/23 19:23:48.0417 2300        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/23 19:23:48.0682 2300        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/23 19:23:49.0041 2300        USBAAPL        (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/04/23 19:23:49.0384 2300        usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/04/23 19:23:49.0992 2300        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/23 19:23:50.0226 2300        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/23 19:23:50.0928 2300        usbehci        (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/23 19:23:51.0521 2300        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/23 19:23:52.0317 2300        usbohci        (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/23 19:23:53.0003 2300        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/23 19:23:53.0923 2300        usbscan        (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/23 19:23:54.0828 2300        USBSTOR        (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/23 19:23:55.0905 2300        usbuhci        (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/23 19:23:56.0809 2300        usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/04/23 19:23:57.0558 2300        vga            (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/23 19:23:58.0182 2300        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/23 19:23:58.0401 2300        viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/04/23 19:23:58.0635 2300        ViaC7          (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/04/23 19:23:58.0962 2300        viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/04/23 19:23:59.0259 2300        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/23 19:23:59.0430 2300        volmgrx        (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/04/23 19:23:59.0664 2300        volsnap        (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/04/23 19:23:59.0883 2300        vsmraid        (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/04/23 19:24:00.0475 2300        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/23 19:24:00.0819 2300        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/23 19:24:00.0865 2300        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/23 19:24:01.0255 2300        Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/04/23 19:24:02.0004 2300        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/23 19:24:04.0594 2300        WmiAcpi        (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/04/23 19:24:05.0280 2300        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/04/23 19:24:05.0545 2300        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/23 19:24:05.0811 2300        WSDPrintDevice  (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
2011/04/23 19:24:06.0013 2300        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/23 19:24:06.0762 2300        yukonwlh        (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/04/23 19:24:09.0976 2300        ================================================================================
2011/04/23 19:24:09.0976 2300        Scan finished
2011/04/23 19:24:09.0976 2300        ================================================================================

cosinus 25.04.2011 13:31
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

flirtchecker 25.04.2011 20:01
Alles klar, alles erledigt und anbei nun der Log

Code:
ComboFix 11-04-25.01 - Dirk 25.04.2011  20:46:31.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.2045.1321 [GMT 2:00]
ausgeführt von:: c:\users\Dirk\Desktop\confi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dirk\AppData\Local\739290.exe
c:\users\Dirk\AppData\Roaming\Dirklog.dat
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-03-25 bis 2011-04-25  ))))))))))))))))))))))))))))))
.
.
2011-04-25 18:36 . 2011-04-25 18:36        --------        d-----w-        c:\program files\CCleaner
2011-04-22 14:28 . 2011-04-22 14:28        --------        d-----w-        C:\_OTL
2011-04-22 14:22 . 2011-04-11 07:04        7071056        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{546416E8-870A-499E-8569-F0FAB068209A}\mpengine.dll
2011-04-21 17:12 . 2011-04-21 17:12        --------        d-----w-        c:\users\Dirk\AppData\Roaming\Malwarebytes
2011-04-21 17:12 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-21 17:12 . 2011-04-21 17:12        --------        d-----w-        c:\programdata\Malwarebytes
2011-04-21 17:12 . 2010-12-20 16:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-04-20 18:03 . 2011-04-20 18:03        --------        d-----w-        c:\users\Dirk\AppData\Local\{E88AFC47-067F-48A0-AFB7-263FD7B4B687}
2011-04-19 18:00 . 2011-04-19 18:00        --------        d-----w-        c:\users\Dirk\AppData\Local\{B9136253-0C56-4F7A-982E-64D3E0D345F5}
2011-04-13 19:33 . 2011-04-13 19:33        --------        d-----w-        c:\users\Dirk\AppData\Local\{053D0404-3485-4441-B6B9-1C655E609D6C}
2011-04-12 19:21 . 2011-02-16 14:02        292864        ----a-w-        c:\windows\system32\atmfd.dll
2011-04-12 19:21 . 2011-02-16 16:16        34304        ----a-w-        c:\windows\system32\atmlib.dll
2011-04-12 19:05 . 2011-02-22 13:24        213504        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys
2011-04-12 19:05 . 2011-02-22 13:24        79360        ----a-w-        c:\windows\system32\drivers\mrxsmb20.sys
2011-04-12 19:05 . 2011-02-22 13:23        69632        ----a-w-        c:\windows\system32\drivers\bowser.sys
2011-04-12 19:05 . 2011-02-22 13:23        106496        ----a-w-        c:\windows\system32\drivers\mrxsmb.sys
2011-04-12 19:03 . 2011-03-10 17:03        1162240        ----a-w-        c:\windows\system32\mfc42u.dll
2011-04-12 19:03 . 2011-03-10 17:03        1136640        ----a-w-        c:\windows\system32\mfc42.dll
2011-04-12 19:01 . 2011-02-18 14:03        305152        ----a-w-        c:\windows\system32\drivers\srv.sys
2011-04-12 19:01 . 2011-02-18 14:03        146432        ----a-w-        c:\windows\system32\drivers\srv2.sys
2011-04-12 19:01 . 2011-02-18 14:03        102400        ----a-w-        c:\windows\system32\drivers\srvnet.sys
2011-04-12 19:00 . 2011-03-02 15:44        86528        ----a-w-        c:\windows\system32\dnsrslvr.dll
2011-04-12 19:00 . 2009-05-04 09:59        25088        ----a-w-        c:\windows\system32\dnscacheugc.exe
2011-04-12 18:59 . 2011-03-03 13:25        2041856        ----a-w-        c:\windows\system32\win32k.sys
2011-04-12 18:59 . 2011-03-03 15:42        739328        ----a-w-        c:\windows\system32\inetcomm.dll
2011-04-12 18:59 . 2011-02-17 06:23        420864        ----a-w-        c:\windows\system32\vbscript.dll
2011-04-12 18:59 . 2011-03-03 10:50        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2011-04-09 10:46 . 2011-04-18 21:52        --------        d-----w-        C:\homepage MAKER 7 Express
2011-04-09 09:52 . 2011-04-18 21:53        --------        d-----w-        c:\program files\Common Files\DATA BECKER Shared
2011-04-09 09:52 . 2006-07-01 02:25        151552        ----a-w-        c:\windows\system32\w2dzip32.dll
2011-04-08 19:00 . 2011-04-08 19:01        --------        d-----w-        c:\users\Dirk\AppData\Local\{9C3F7206-D10A-4E12-8C33-CA2C7721A0CB}
2011-04-07 20:00 . 2011-04-07 20:01        --------        d-----w-        c:\users\Dirk\AppData\Local\{C2DA3BFA-9DDC-48C5-9602-CD829BBF700D}
2011-04-06 22:02 . 2011-04-06 22:03        --------        d-----w-        c:\users\Dirk\AppData\Local\{6FEF7AFB-EAEE-40F9-8798-3489C6052EC4}
2011-04-06 19:08 . 2011-04-18 21:52        --------        d-----w-        c:\users\Dirk\AppData\Roaming\Notepad++
2011-04-06 19:08 . 2011-04-06 19:08        --------        d-----w-        c:\program files\Notepad++
2011-04-05 21:55 . 2011-04-05 21:55        --------        d-----w-        c:\users\Dirk\AppData\Local\{F433E0E4-5820-4818-8083-9956B4F23AE7}
2011-04-04 22:48 . 2011-04-04 22:48        --------        d-----w-        C:\TEMP
2011-04-04 22:44 . 2011-04-04 22:44        --------        d-----w-        c:\program files\IrfanView
2011-04-04 22:15 . 2011-04-04 22:17        --------        d-----w-        c:\users\Dirk\AppData\Roaming\SWiSH miniMax4 DEU
2011-04-04 22:13 . 2011-04-04 22:13        --------        d-----w-        c:\program files\Common Files\SWiSHzone.com
2011-04-04 22:13 . 2011-04-04 22:13        --------        d-----w-        c:\program files\SWiSH miniMax4
2011-04-04 08:39 . 2007-03-22 18:24        26785        ----a-w-        c:\users\Dirk\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\STRINGS.JS
2011-04-04 08:39 . 2007-03-22 18:24        23534        ----a-w-        c:\users\Dirk\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\PRELOAD.JS
2011-04-04 08:39 . 2007-03-22 18:24        23063        ----a-w-        c:\users\Dirk\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\SETTEXT.JS
2011-04-04 08:39 . 2007-03-22 18:24        19244        ----a-w-        c:\users\Dirk\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\FPLIB.JS
2011-04-04 08:39 . 2007-03-22 18:24        19856        ----a-w-        c:\users\Dirk\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\_PRELOAD.JS
2011-04-04 08:39 . 2007-03-22 18:24        18621        ----a-w-        c:\users\Dirk\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\DOM.JS
2011-04-04 08:39 . 2007-03-22 18:24        16836        ----a-w-        c:\users\Dirk\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\GETOBJ.JS
2011-04-04 08:39 . 2007-03-22 18:24        16565        ----a-w-        c:\users\Dirk\AppData\Roaming\Microsoft\FrontPage\Behaviors\Actions\_JMPMENU.JS
2011-04-03 21:35 . 2011-04-03 21:35        --------        d-----w-        c:\users\Dirk\AppData\Local\{3C6F46B3-7CF9-4354-891B-F319CF37571B}
2011-04-02 18:58 . 2011-04-02 18:58        --------        d-----w-        c:\users\Dirk\AppData\Local\{7B370B55-88BE-4E3C-9F00-8C29D746403D}
2011-04-01 17:38 . 2011-04-01 22:08        --------        d-----w-        c:\users\Dirk\AppData\Local\ManyCam
2011-04-01 17:38 . 2011-04-01 17:38        --------        d-----w-        c:\users\Dirk\AppData\Roaming\ManyCam
2011-04-01 17:37 . 2011-04-22 14:28        --------        d-----w-        c:\program files\Ask.com
2011-04-01 17:37 . 2011-04-01 17:38        --------        d-----w-        c:\program files\ManyCam
2011-03-30 20:35 . 2011-03-30 20:35        --------        d-----w-        c:\users\Dirk\AppData\Local\{1053C9CD-F5CD-4798-BE0E-07C9A972E1EA}
2011-03-30 07:51 . 2011-03-30 07:51        --------        d-----w-        c:\users\Dirk\.thumbnails
2011-03-30 07:48 . 2011-04-18 21:52        --------        d-----w-        c:\users\Dirk\AppData\Roaming\gtk-2.0
2011-03-29 22:05 . 2011-03-29 22:05        --------        d-----w-        c:\program files\Euchler Software
2011-03-29 21:29 . 2011-03-29 21:30        --------        d-----w-        c:\users\Dirk\AppData\Local\{32E4FF1A-82B9-46EE-95BD-CBD87FBAB02C}
2011-03-28 19:58 . 2011-04-13 22:13        --------        d-----w-        c:\users\Dirk\.gimp-2.6
2011-03-28 19:57 . 2011-03-28 19:57        --------        d-----w-        c:\program files\GIMP-2.0
2011-03-28 19:04 . 2011-03-28 19:04        --------        d-----w-        c:\users\Dirk\AppData\Local\{E621AC36-D6EA-46FB-9E1D-994D9C307D0F}
2011-03-27 11:10 . 2011-03-27 11:10        --------        d-----w-        c:\users\Dirk\AppData\Local\{BA9FA46B-A7C6-4C01-BE19-FB300B020DFE}
2011-03-26 22:49 . 2011-03-26 22:49        --------        d-----w-        c:\programdata\DATA BECKER Downloads
2011-03-26 22:49 . 2011-03-26 22:49        --------        d-----w-        c:\users\Dirk\AppData\Roaming\ProtectDisc
2011-03-26 22:49 . 2011-03-26 22:49        --------        d-----w-        c:\program files\ProtectDisc Driver Installer
2011-03-26 22:48 . 2011-03-26 22:48        --------        d-----w-        c:\program files\Common Files\Rechnungsdruckerei
2011-03-26 22:48 . 2011-03-26 22:48        --------        d-----w-        c:\program files\Common Files\Software FX Shared
2011-03-26 22:48 . 2000-10-02 00:00        125712        ----a-w-        c:\windows\system32\VB6DE.DLL
2011-03-26 22:11 . 2011-03-26 22:11        --------        d-----r-        c:\users\Dirk\AppData\Roaming\Brother
2011-03-26 21:50 . 2011-04-18 21:52        --------        d-----w-        c:\users\Dirk\AppData\Roaming\PC-FAX TX
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-16 19:28 . 2011-03-13 17:19        137656        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-03-14 23:47 . 2011-03-14 23:47        53248        ----a-r-        c:\users\Dirk\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-03-14 21:30 . 2010-06-24 10:33        18328        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-14 00:33 . 2006-11-02 10:32        101888        ----a-w-        c:\windows\system32\ifxcardm.dll
2011-03-14 00:33 . 2006-11-02 10:32        82432        ----a-w-        c:\windows\system32\axaltocm.dll
2011-03-13 21:14 . 2011-03-13 21:14        377344        ----a-w-        c:\windows\system32\winhttp.dll
2011-03-13 21:12 . 2011-03-13 21:12        45056        ----a-w-        c:\windows\system32\drivers\de-DE\http.sys.mui
2011-03-13 20:31 . 2011-03-13 20:31        23552        ----a-w-        c:\windows\system32\lpk.dll
2011-03-13 20:31 . 2011-03-13 20:31        10240        ----a-w-        c:\windows\system32\dciman32.dll
2011-03-13 20:26 . 2011-03-13 20:26        61440        ----a-w-        c:\windows\system32\winipsec.dll
2011-03-13 20:26 . 2011-03-13 20:26        272896        ----a-w-        c:\windows\system32\polstore.dll
2011-03-13 20:21 . 2011-03-13 20:21        9728        ----a-w-        c:\windows\system32\TCPSVCS.EXE
2011-03-13 20:21 . 2011-03-13 20:21        8704        ----a-w-        c:\windows\system32\HOSTNAME.EXE
2011-03-13 20:21 . 2011-03-13 20:21        27136        ----a-w-        c:\windows\system32\NETSTAT.EXE
2011-03-13 20:21 . 2011-03-13 20:21        19968        ----a-w-        c:\windows\system32\ARP.EXE
2011-03-13 20:21 . 2011-03-13 20:21        17920        ----a-w-        c:\windows\system32\ROUTE.EXE
2011-03-13 20:21 . 2011-03-13 20:21        11264        ----a-w-        c:\windows\system32\MRINFO.EXE
2011-03-13 20:21 . 2011-03-13 20:21        105984        ----a-w-        c:\windows\system32\netiohlp.dll
2011-03-13 20:21 . 2011-03-13 20:21        10240        ----a-w-        c:\windows\system32\finger.exe
2011-03-13 20:16 . 2011-03-13 20:16        127488        ----a-w-        c:\windows\system32\L2SecHC.dll
2011-03-13 20:16 . 2011-03-13 20:16        65024        ----a-w-        c:\windows\system32\wlanapi.dll
2011-03-13 20:16 . 2011-03-13 20:16        68096        ----a-w-        c:\windows\system32\wlanhlp.dll
2011-03-13 20:16 . 2011-03-13 20:16        513536        ----a-w-        c:\windows\system32\wlansvc.dll
2011-03-13 20:16 . 2011-03-13 20:16        302592        ----a-w-        c:\windows\system32\wlansec.dll
2011-03-13 20:16 . 2011-03-13 20:16        293376        ----a-w-        c:\windows\system32\wlanmsm.dll
2011-03-13 20:16 . 2011-03-13 20:16        15181        ----a-w-        c:\windows\system32\gatherWirelessInfo.vbs
2011-03-13 20:15 . 2011-03-13 20:15        1401856        ----a-w-        c:\windows\system32\msxml6.dll
2011-03-13 20:15 . 2011-03-13 20:15        2048        ----a-w-        c:\windows\system32\msxml3r.dll
2011-03-13 20:15 . 2011-03-13 20:15        2048        ----a-w-        c:\windows\system32\msxml6r.dll
2011-03-13 20:14 . 2011-03-13 20:14        218624        ----a-w-        c:\windows\system32\msv1_0.dll
2011-03-13 20:11 . 2011-03-13 20:11        53248        ----a-w-        c:\windows\system32\rrinstaller.exe
2011-03-13 20:11 . 2011-03-13 20:11        24576        ----a-w-        c:\windows\system32\mfpmp.exe
2011-03-13 20:11 . 2011-03-13 20:11        2048        ----a-w-        c:\windows\system32\mferror.dll
2011-03-13 20:03 . 2011-03-13 20:03        71680        ----a-w-        c:\windows\system32\atl.dll
2011-03-13 19:56 . 2011-03-13 19:56        160256        ----a-w-        c:\windows\system32\wkssvc.dll
2011-03-13 19:55 . 2011-03-13 19:55        53248        ----a-w-        c:\windows\system32\tsgqec.dll
2011-03-13 19:55 . 2011-03-13 19:55        136192        ----a-w-        c:\windows\system32\aaclient.dll
2011-03-13 19:50 . 2011-03-13 19:50        714240        ----a-w-        c:\windows\system32\timedate.cpl
2011-03-13 19:42 . 2011-03-13 19:42        69632        ----a-w-        c:\windows\system32\Mpeg2Data.ax
2011-03-13 19:37 . 2011-03-13 19:37        623616        ----a-w-        c:\windows\system32\localspl.dll
2011-03-13 19:30 . 2011-03-13 19:30        172032        ----a-w-        c:\windows\system32\wintrust.dll
2011-03-13 19:29 . 2011-03-13 19:29        499712        ----a-w-        c:\windows\system32\kerberos.dll
2011-03-13 19:29 . 2011-03-13 19:29        439864        ----a-w-        c:\windows\system32\drivers\ksecdd.sys
2011-03-13 19:29 . 2011-03-13 19:29        175104        ----a-w-        c:\windows\system32\wdigest.dll
2011-03-13 19:29 . 2011-03-13 19:29        9728        ----a-w-        c:\windows\system32\lsass.exe
2011-03-13 19:29 . 2011-03-13 19:29        72704        ----a-w-        c:\windows\system32\secur32.dll
2011-03-13 19:29 . 2011-03-13 19:29        1259008        ----a-w-        c:\windows\system32\lsasrv.dll
2011-03-13 19:26 . 2011-03-13 19:26        1793536        ----a-w-        c:\windows\system32\NlsLexicons0045.dll
2011-03-13 19:26 . 2011-03-13 19:26        1808896        ----a-w-        c:\windows\system32\NlsLexicons0046.dll
2011-03-13 19:26 . 2011-03-13 19:26        1558016        ----a-w-        c:\windows\system32\NlsLexicons0049.dll
2011-03-13 19:26 . 2011-03-13 19:26        1411072        ----a-w-        c:\windows\system32\NlsLexicons0047.dll
2011-03-13 19:26 . 2011-03-13 19:25        1236992        ----a-w-        c:\windows\system32\NlsLexicons0020.dll
2011-03-13 19:25 . 2011-03-13 19:25        2136064        ----a-w-        c:\windows\system32\NlsLexicons0021.dll
2011-03-13 19:25 . 2011-03-13 19:25        1782272        ----a-w-        c:\windows\system32\NlsLexicons0039.dll
2011-03-13 19:25 . 2011-03-13 19:25        5499904        ----a-w-        c:\windows\system32\NlsLexicons0022.dll
2011-03-13 19:25 . 2011-03-13 19:25        7964672        ----a-w-        c:\windows\system32\NlsLexicons0024.dll
2011-03-13 19:25 . 2011-03-13 19:25        6224896        ----a-w-        c:\windows\system32\NlsLexicons0027.dll
2011-03-13 19:25 . 2011-03-13 19:25        5791232        ----a-w-        c:\windows\system32\NlsLexicons0026.dll
2011-03-13 19:25 . 2011-03-13 19:25        4175872        ----a-w-        c:\windows\system32\NlsLexicons0010.dll
2011-03-13 19:25 . 2011-03-13 19:25        2466816        ----a-w-        c:\windows\system32\NlsLexicons0011.dll
2011-03-13 19:25 . 2011-03-13 19:25        4981248        ----a-w-        c:\windows\system32\NlsLexicons0013.dll
2011-03-13 19:25 . 2011-03-13 19:25        3331072        ----a-w-        c:\windows\system32\NlsLexicons0018.dll
2011-03-13 19:25 . 2011-03-13 19:25        6781440        ----a-w-        c:\windows\system32\NlsLexicons0019.dll
2011-03-13 19:25 . 2011-03-13 19:25        11722752        ----a-w-        c:\windows\system32\NlsLexicons0001.dll
2011-03-13 19:25 . 2011-03-13 19:25        4164096        ----a-w-        c:\windows\system32\NlsLexicons0002.dll
2011-03-13 19:25 . 2011-03-13 19:25        1452544        ----a-w-        c:\windows\system32\NlsLexicons0003.dll
2011-03-13 19:25 . 2011-03-13 19:25        3419136        ----a-w-        c:\windows\system32\NlsLexicons004a.dll
2011-03-13 19:25 . 2011-03-13 19:25        4093440        ----a-w-        c:\windows\system32\NlsLexicons004c.dll
2011-03-13 19:25 . 2011-03-13 19:25        1972736        ----a-w-        c:\windows\system32\NlsLexicons004e.dll
2011-03-13 19:25 . 2011-03-13 19:25        1702912        ----a-w-        c:\windows\system32\NlsLexicons004b.dll
2011-03-13 19:25 . 2011-03-13 19:25        6014976        ----a-w-        c:\windows\system32\NlsLexicons001a.dll
2011-03-13 19:25 . 2011-03-13 19:25        4096        ----a-w-        c:\windows\system32\NlsLexicons002a.dll
2011-03-13 19:25 . 2011-03-13 19:25        4045824        ----a-w-        c:\windows\system32\NlsLexicons003e.dll
2011-03-13 19:25 . 2011-03-13 19:25        6585856        ----a-w-        c:\windows\system32\NlsLexicons001b.dll
2011-03-13 19:25 . 2011-03-13 19:25        6346240        ----a-w-        c:\windows\system32\NlsLexicons001d.dll
2011-03-13 19:25 . 2011-03-13 19:25        9892864        ----a-w-        c:\windows\system32\NlsLexicons000a.dll
2011-03-13 19:25 . 2011-03-13 19:25        6237696        ----a-w-        c:\windows\system32\NlsLexicons000c.dll
2011-03-13 19:25 . 2011-03-13 19:25        1722368        ----a-w-        c:\windows\system32\NlsLexicons000d.dll
2011-03-13 19:25 . 2011-03-13 19:25        5654528        ----a-w-        c:\windows\system32\NlsLexicons000f.dll
2011-03-13 19:25 . 2011-03-13 19:25        5090816        ----a-w-        c:\windows\system32\NlsLexicons0416.dll
2011-03-13 19:25 . 2011-03-13 19:25        4616192        ----a-w-        c:\windows\system32\NlsLexicons0414.dll
2011-03-13 19:25 . 2011-03-13 19:25        7042560        ----a-w-        c:\windows\system32\NlsLexicons081a.dll
2011-03-13 19:25 . 2011-03-13 19:25        5031936        ----a-w-        c:\windows\system32\NlsLexicons0816.dll
2011-03-13 19:25 . 2011-03-13 19:25        5071872        ----a-w-        c:\windows\system32\NlsModels0011.dll
2011-03-13 19:25 . 2011-03-13 19:25        3104768        ----a-w-        c:\windows\system32\NlsData0046.dll
2011-03-13 19:25 . 2011-03-13 19:25        3104768        ----a-w-        c:\windows\system32\NlsData0045.dll
2011-03-13 19:25 . 2011-03-13 19:25        3104768        ----a-w-        c:\windows\system32\NlsData0047.dll
2011-03-13 19:25 . 2011-03-13 19:25        3104768        ----a-w-        c:\windows\system32\NlsData0049.dll
2011-03-13 19:25 . 2011-03-13 19:25        3104768        ----a-w-        c:\windows\system32\NlsData0039.dll
2011-03-13 19:25 . 2011-03-13 19:25        3104768        ----a-w-        c:\windows\system32\NlsData0020.dll
2011-03-13 19:25 . 2011-03-13 19:25        1801216        ----a-w-        c:\windows\system32\NlsData0021.dll
2011-03-13 19:25 . 2011-03-13 19:25        1965056        ----a-w-        c:\windows\system32\NlsData0026.dll
2011-03-13 19:25 . 2011-03-13 19:25        1965056        ----a-w-        c:\windows\system32\NlsData0024.dll
2011-03-13 19:25 . 2011-03-13 19:25        1801216        ----a-w-        c:\windows\system32\NlsData0022.dll
2011-03-13 19:25 . 2011-03-13 19:25        4495360        ----a-w-        c:\windows\system32\NlsData0010.dll
2011-03-13 19:25 . 2011-03-13 19:25        2657280        ----a-w-        c:\windows\system32\NlsData0011.dll
2011-03-13 19:25 . 2011-03-13 19:25        1966592        ----a-w-        c:\windows\system32\NlsData0027.dll
2011-03-13 19:25 . 2011-03-13 19:25        3466752        ----a-w-        c:\windows\system32\NlsData0013.dll
2011-03-13 19:25 . 2011-03-13 19:25        1965056        ----a-w-        c:\windows\system32\NlsData0018.dll
2011-03-13 19:25 . 2011-03-13 19:25        1523712        ----a-w-        c:\windows\system32\NlsData0000.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-23 857648]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 4489216]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"Malwarebytes' Anti-Malware (reboot)"="c:\users\Dirk\Desktop\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoHotStart"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^Dirk^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Dirk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2008-04-11 13:13        1085440        ------r-        c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2007-12-21 16:57        86016        ------w-        c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2008-07-09 22:05        46368        ----a-w-        c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 14:33        421160        ----a-w-        c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2010-05-07 17:35        165208        ----a-w-        c:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2008-07-09 22:07        29984        ----a-w-        c:\program files\ScanSoft\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]
2007-08-31 08:01        328992        ----a-w-        c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-01-08 13:26        68640        ----a-w-        c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 08:03        210472        ----a-w-        c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"
"SwitchBoard"=c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"StartCCC"=c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 NETw2v32;Intel(R) PRO/Wireless 2915ABG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 185472]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S2 DBService;DATA BECKER Update Service;c:\program files\Common Files\DATA BECKER Shared\DBService.exe [2010-05-28 2650112]
S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2007-08-07 13312]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-02-18 1517376]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-11-29 10064]
S3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-18 16896]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs        REG_MULTI_SZ          BthServ
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\Dirk\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\95kw893j.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Speed Dial: {64161300-e22b-11db-8314-0800200c9a66} - %profile%\extensions\{64161300-e22b-11db-8314-0800200c9a66}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-04-25 20:54
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Zeit der Fertigstellung: 2011-04-25  20:58:42
ComboFix-quarantined-files.txt  2011-04-25 18:58
.
Vor Suchlauf: 10 Verzeichnis(se), 68.329.988.096 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 68.262.027.264 Bytes frei
.
- - End Of File - - 2E8456031E77F618BF6F11823D87AB14

cosinus 25.04.2011 20:47
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

flirtchecker 25.04.2011 21:39
hier der Log von GMER

Code:
GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-25 22:35:44
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS542525K9A300 rev.BBFOC3EP
Running: r6j3vo8z.exe; Driver: C:\Users\Dirk\AppData\Local\Temp\kxldapoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.vmp2          C:\Windows\system32\drivers\acedrv11.sys                                                        entry point in ".vmp2" section [0x99D3E69D]
?              C:\Windows\system32\Drivers\PROCEXP113.SYS                                                      Das System kann die angegebene Datei nicht finden. !
?              C:\Users\Dirk\AppData\Local\Temp\catchme.sys                                                    Das System kann die angegebene Datei nicht finden. !

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                          Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00027875488f                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00027875abd1                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197ef0e983                     
Reg            HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00027875488f (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00027875abd1 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00197ef0e983 (not active ControlSet) 

---- EOF - GMER 1.0.15 ----
und hier von MBRcheck

Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows Vista Home Premium Edition
Windows Information:                Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:        SAMSUNG ELECTRONICS CO., LTD.
BIOS Manufacturer:                Phoenix Technologies LTD
System Manufacturer:                SAMSUNG ELECTRONICS CO., LTD.
System Product Name:                R59P/R60P/R61P
Logical Drives Mask:                0x0000001c

Kernel Drivers (total 147):
  0x82036000 \SystemRoot\system32\ntoskrnl.exe
  0x82003000 \SystemRoot\system32\hal.dll
  0x8780E000 \SystemRoot\system32\kdcom.dll
  0x87815000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x87885000 \SystemRoot\system32\PSHED.dll
  0x87896000 \SystemRoot\system32\BOOTVID.dll
  0x8789E000 \SystemRoot\system32\CLFS.SYS
  0x878DF000 \SystemRoot\system32\CI.dll
  0x879BF000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x87A3B000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x87A48000 \SystemRoot\system32\drivers\acpi.sys
  0x87A8E000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x87A97000 \SystemRoot\system32\drivers\msisadrv.sys
  0x87A9F000 \SystemRoot\system32\drivers\pci.sys
  0x87AC6000 \SystemRoot\System32\drivers\partmgr.sys
  0x87AD5000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x87AD8000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x87AE2000 \SystemRoot\system32\drivers\volmgr.sys
  0x87AF1000 \SystemRoot\System32\drivers\volmgrx.sys
  0x87B3B000 \SystemRoot\system32\drivers\pciide.sys
  0x87B42000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x87B50000 \SystemRoot\System32\drivers\mountmgr.sys
  0x87B60000 \SystemRoot\system32\drivers\atapi.sys
  0x87B68000 \SystemRoot\system32\drivers\ataport.SYS
  0x87B86000 \SystemRoot\system32\drivers\fltmgr.sys
  0x87BB8000 \SystemRoot\system32\drivers\fileinfo.sys
  0x87C00000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x87C71000 \SystemRoot\system32\drivers\ndis.sys
  0x87D7C000 \SystemRoot\system32\drivers\msrpc.sys
  0x87DA7000 \SystemRoot\system32\drivers\NETIO.SYS
  0x87DE2000 \SystemRoot\System32\drivers\tcpip.sys
  0x87ECC000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x87EE7000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x88000000 \SystemRoot\system32\drivers\volsnap.sys
  0x88039000 \SystemRoot\System32\Drivers\spldr.sys
  0x88041000 \SystemRoot\System32\Drivers\mup.sys
  0x88050000 \SystemRoot\System32\drivers\ecache.sys
  0x88077000 \SystemRoot\system32\drivers\disk.sys
  0x88088000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x880A9000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
  0x880B1000 \SystemRoot\system32\drivers\crcdisk.sys
  0x880DA000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x880E5000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x880EE000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x880FD000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x8C404000 \SystemRoot\system32\DRIVERS\atikmdag.sys
  0x8CADC000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8CB7C000 \SystemRoot\System32\drivers\watchdog.sys
  0x88101000 \SystemRoot\system32\DRIVERS\athr.sys
  0x8CB88000 \SystemRoot\system32\DRIVERS\yk60x86.sys
  0x8CBD4000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0x8822A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x8CBDE000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x88268000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8CBED000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x88280000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8830D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x8CBF3000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x88320000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0x8CBFE000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x8834B000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x88356000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x88385000 \SystemRoot\system32\DRIVERS\storport.sys
  0x883C6000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x883D1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x883E8000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x87BC8000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x87BEB000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x8CC06000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8CC1A000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x8CC2F000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8CC3F000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x8CC41000 \SystemRoot\system32\DRIVERS\ks.sys
  0x8CC6B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8CC75000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8CC82000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x8CCB7000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x8CCC8000 \SystemRoot\system32\DRIVERS\AGRSM.sys
  0x8CDE4000 \SystemRoot\system32\drivers\modem.sys
  0x8CDF1000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x8CFA4000 \SystemRoot\system32\drivers\portcls.sys
  0x8CFD1000 \SystemRoot\system32\drivers\drmk.sys
  0x8CFF6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x883F3000 \SystemRoot\System32\Drivers\Null.SYS
  0x87FF7000 \SystemRoot\System32\Drivers\Beep.SYS
  0x87800000 \SystemRoot\System32\drivers\vga.sys
  0x8D00E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8D02F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8D037000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8D03F000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8D04A000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8D058000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x8D061000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x8D077000 \SystemRoot\system32\DRIVERS\smb.sys
  0x8D08B000 \SystemRoot\system32\drivers\afd.sys
  0x8D0D3000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x8D105000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x8D11B000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x8D129000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x8D13C000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x8D142000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x8D17E000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x8D188000 \SystemRoot\System32\Drivers\dfsc.sys
  0x8D19F000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x8D1C5000 \SystemRoot\system32\DRIVERS\KMWDFILTER.sys
  0x8D1CE000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x8D1D7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x8D1E7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x8D1EE000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x8D1F6000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x8D203000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x8D20E000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x95440000 \SystemRoot\System32\win32k.sys
  0x8D216000 \SystemRoot\System32\drivers\Dxapi.sys
  0x8D220000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x95660000 \SystemRoot\System32\TSDDD.dll
  0x95680000 \SystemRoot\System32\cdd.dll
  0x95690000 \SystemRoot\System32\ATMFD.DLL
  0x8D22F000 \SystemRoot\system32\drivers\luafv.sys
  0x8D24A000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x8D25F000 \SystemRoot\system32\DRIVERS\kmdfmemio.sys
  0x8D26F000 \SystemRoot\system32\drivers\spsys.sys
  0x8D31F000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x8D32F000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x8D359000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x8D363000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x8D376000 \SystemRoot\system32\drivers\HTTP.sys
  0x8D3E3000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x880BA000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x99C03000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x99C18000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x99C37000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x99C70000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x99C88000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x99CB0000 \SystemRoot\System32\DRIVERS\srv.sys
  0x99D17000 \??\C:\Windows\system32\drivers\acedrv11.sys
  0x99D43000 \SystemRoot\system32\drivers\peauth.sys
  0x99E21000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x99E2B000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x99E37000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
  0x99E3C000 \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
  0x99E3D000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x99E53000 \SystemRoot\system32\DRIVERS\WSDPrint.sys
  0x99E5D000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
  0x99E5F000 \??\C:\Users\Dirk\AppData\Local\Temp\catchme.sys
  0x99E6E000 \??\C:\Users\Dirk\AppData\Local\Temp\kxldapoc.sys
  0x77CD0000 \Windows\System32\ntdll.dll

Processes (total 55):
      0 System Idle Process
      4 System
    456 C:\Windows\System32\smss.exe
    560 csrss.exe
    612 C:\Windows\System32\wininit.exe
    620 csrss.exe
    656 C:\Windows\System32\services.exe
    672 C:\Windows\System32\lsass.exe
    680 C:\Windows\System32\lsm.exe
    720 C:\Windows\System32\winlogon.exe
    868 C:\Windows\System32\svchost.exe
    948 C:\Windows\System32\svchost.exe
    988 C:\Windows\System32\svchost.exe
    1080 C:\Windows\System32\Ati2evxx.exe
    1096 C:\Windows\System32\svchost.exe
    1132 C:\Windows\System32\svchost.exe
    1172 C:\Windows\System32\svchost.exe
    1276 C:\Windows\System32\audiodg.exe
    1304 C:\Windows\System32\svchost.exe
    1324 C:\Windows\System32\SLsvc.exe
    1368 C:\Windows\System32\svchost.exe
    1484 C:\Windows\System32\Ati2evxx.exe
    1584 C:\Windows\System32\svchost.exe
    1864 C:\Windows\System32\spoolsv.exe
    1892 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1908 C:\Windows\System32\svchost.exe
    308 C:\Windows\System32\taskeng.exe
    528 C:\Windows\System32\dwm.exe
    932 C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
    996 C:\Windows\System32\taskeng.exe
    2052 C:\Windows\System32\taskeng.exe
    2268 C:\Program Files\Windows Defender\MSASCui.exe
    2400 C:\Windows\System32\agrsmsvc.exe
    2436 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    2456 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    2488 C:\Program Files\Bonjour\mDNSResponder.exe
    2500 C:\Windows\System32\svchost.exe
    2512 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    2532 C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe
    2720 C:\Windows\System32\svchost.exe
    2732 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    2780 C:\Windows\System32\svchost.exe
    2820 C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
    2880 C:\Windows\System32\svchost.exe
    3040 C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
    3068 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    3204 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    3684 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    3696 C:\Windows\RtHDVCpl.exe
    3712 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    3852 C:\Windows\System32\svchost.exe
    4348 C:\Windows\System32\wuauclt.exe
    3920 C:\Windows\explorer.exe
    4692 taskeng.exe
    4756 C:\Users\Dirk\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80100000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001e`78b00000  (NTFS)

PhysicalDrive0 Model Number: HitachiHTS542525K9A300, Rev: BBFOC3EP

      Size  Device Name          MBR Status
  --------------------------------------------
    232 GB  \\.\PhysicalDrive0  Unknown MBR code
            SHA1: 898F3CF28E8EC7228D29035E39B672E205D702F2


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

cosinus 26.04.2011 10:00
Was ist mit OSAM?

flirtchecker 26.04.2011 19:41
sorry anbei der Log von OSAM

Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:39:57 on 26.04.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.16

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"acedrv11" (acedrv11) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv11.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\Dirk\AppData\Local\Temp\catchme.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll
{F764812A-132C-4013-9960-5CBBEB408A0E} "NeroShellExt Class" - "Nero AG" - C:\Program Files\Common Files\Nero\NeroShellExt\NeroShellExt.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Dirk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Users\Dirk\Desktop\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"DATA BECKER Update Service" (DBService) - "DATA BECKER GmbH & Co KG" - C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
"Samsung Update Plus" (Samsung Update Plus) - ? - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe  (File found, but it contains no detailed information)
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"SwitchBoard" (SwitchBoard) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

cosinus 27.04.2011 09:14
Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:11 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131