Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   TR/Kasy.mekml.1 - Kritischer Fehler HDD (https://www.trojaner-board.de/97862-tr-kasy-mekml-1-kritischer-fehler-hdd.html)

Moh 21.04.2011 22:17
TR/Kasy.mekml.1 - Kritischer Fehler HDD
 
Hallo,
nun war ich an der Reihe.
habe gerade meinen Rechner angemacht und Antivir hat mit gesagt:

Malware in datei C:/ProgramData/28106528.exe (wobei sich die nummer offter ändert)

Programm TR/Kasy.mekml.1 gefungen



desweiteren kommen die fehlermeldungen:

Kritischer Fehler "Beschädigte Festplatte-Cluster"
Kritischer Fehler "bilderschrift" (also nicht lesbar)
Fehler der Festplatte RAM-Speicher Nutzung ist kritisch hoch. Ramspeicher gescheitert.

Malwarebytes läuft schon 18 Minuten und dann hat der Rechner sich neu gestartet.
Dann kam Blachscreen und eine Windowsüberprüfung und der Rechner startete neu.
Versichen einen erneuten scan damit ich an den Log kommen.

Zur Info: ich hatte heute morgen noch einen Treibe für einen CanoniP4600 geladen. An meine daten komme ich nicht mehr ran außer diese die aud der D: Festplatte liegen. Internetexplorer und so sind weg. Mozille geht noch. Der Rechner ist extremlangsam.


Ich habe keine Ahnung wie es nun weiter geht außer das was ich bei anderen schon gelesen habe. Hoffe das ihr mir auch helfen könnt.

vielen Dank

so so der Moh

Hier der Log von OTL.OTL Logfile:
Code:
OTL logfile created on: 22.04.2011 00:08:49 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\HappyMoh\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,10 Gb Total Space | 78,26 Gb Free Space | 52,84% Space Free | Partition Type: NTFS
Drive D: | 73,07 Gb Total Space | 15,28 Gb Free Space | 20,92% Space Free | Partition Type: NTFS
 
Computer Name: MOH-PC | User Name: HappyMoh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\HappyMoh\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\uvEWQXCeAJwf.exe (WinTrust)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\guardhlp.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - D:\Programme\agent\Bin\NABWatcher.exe (Symantec)
PRC - C:\Programme\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE ()
PRC - C:\Windows\System32\lxdfcoms.exe ( )
PRC - C:\Windows\System32\lxbucoms.exe ( )
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\lxdacoms.exe ( )
PRC - C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Windows\System32\attrib.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\HappyMoh\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.20656_none_463680b8218be5a3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Symantec Core LC) --  File not found
SRV - (CLTNetCnService) --  File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (SymantecAntiBotWatcher) -- D:\Programme\agent\Bin\NABWatcher.exe (Symantec)
SRV - (HerculesDJControlMP3) -- C:\Programme\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (lxdf_device) -- C:\Windows\System32\lxdfcoms.exe ( )
SRV - (lxdfCATSCustConnectService) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdfserv.exe ()
SRV - (lxbu_device) -- C:\Windows\System32\lxbucoms.exe ( )
SRV - (lxda_device) -- C:\Windows\System32\lxdacoms.exe ( )
SRV - (TestHandler) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
SRV - (SentinelProtectionServer) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
DRV - (csr_a2dp) -- C:\Windows\System32\drivers\bthav.sys (CSR, plc)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (HDJMidi) -- C:\Windows\System32\drivers\HDJMidi.sys (© Guillemot R&D, 2009. All rights reserved.)
DRV - (Bulk) -- C:\Windows\System32\drivers\HDJBulk.sys (© Guillemot R&D, 2009. All rights reserved.)
DRV - (BthAvrcp) -- C:\Windows\System32\drivers\BthAvrcp.sys (CSR, plc)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (Sentinel) -- C:\Windows\System32\Drivers\SENTINEL.SYS (SafeNet, Inc.)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (SSIPDDP) -- C:\Windows\System32\drivers\SSIPDDP.SYS ()
DRV - (SNTNLUSB) -- C:\Windows\System32\drivers\SNTNLUSB.SYS (SafeNet, Inc.)
DRV - (FTD2XX) -- C:\Windows\System32\drivers\FTD2XX.sys (FTDI Ltd.)
DRV - (DLPortIO) -- C:\Windows\System32\drivers\dlportio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.01.29 13:44:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.29 13:44:12 | 000,000,000 | ---D | M]
 
[2009.03.15 17:44:35 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\HappyMoh\AppData\Roaming\mozilla\Extensions
[2011.04.21 22:32:30 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\HappyMoh\AppData\Roaming\mozilla\Firefox\Profiles\kedkuml1.default\extensions
[2011.04.21 21:14:36 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\HappyMoh\AppData\Roaming\mozilla\Firefox\Profiles\kedkuml1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.04.21 21:14:37 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\HappyMoh\AppData\Roaming\mozilla\Firefox\Profiles\kedkuml1.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.04.21 21:14:37 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\HappyMoh\AppData\Roaming\mozilla\Firefox\Profiles\kedkuml1.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.04.21 21:14:38 | 000,000,000 | -H-D | M] (DVDVideoSoft Toolbar) -- C:\Users\HappyMoh\AppData\Roaming\mozilla\Firefox\Profiles\kedkuml1.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2011.04.21 21:14:38 | 000,000,000 | -H-D | M] (SweetIM Toolbar for Firefox) -- C:\Users\HappyMoh\AppData\Roaming\mozilla\Firefox\Profiles\kedkuml1.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010.06.27 11:52:36 | 000,000,873 | -H-- | M] () -- C:\Users\HappyMoh\AppData\Roaming\Mozilla\Firefox\Profiles\kedkuml1.default\searchplugins\conduit.xml
[2011.04.04 18:20:05 | 000,000,950 | -H-- | M] () -- C:\Users\HappyMoh\AppData\Roaming\Mozilla\Firefox\Profiles\kedkuml1.default\searchplugins\icqplugin-1.xml
[2010.12.05 17:19:40 | 000,001,056 | -H-- | M] () -- C:\Users\HappyMoh\AppData\Roaming\Mozilla\Firefox\Profiles\kedkuml1.default\searchplugins\icqplugin.xml
[2010.08.21 13:25:07 | 000,003,915 | -H-- | M] () -- C:\Users\HappyMoh\AppData\Roaming\Mozilla\Firefox\Profiles\kedkuml1.default\searchplugins\sweetim.xml
[2010.10.26 20:05:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.03.15 17:44:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org
[2008.08.28 16:37:45 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009.09.02 21:56:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2010.12.06 17:37:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.12.06 17:37:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.12.06 17:37:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.12.06 17:37:29 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.12.06 17:37:29 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.02.11 17:45:32 | 000,000,814 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LXBUCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXBUtime.DLL ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2711294998-2418963050-491248811-1000..\Run: [uvEWQXCeAJwf] C:\ProgramData\uvEWQXCeAJwf.exe (WinTrust)
O4 - Startup: C:\Users\HappyMoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O7 - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\HappyMoh\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\..Trusted Ranges: GD ([http] in Lokales Intranet)
O15 - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} Java Plug-in Technology (Java Plug-in 1.4.2_15)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.237.149.142 217.237.150.205
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\fsc_wallpaper1.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\fsc_wallpaper1.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{28cdc559-0bd9-11dd-9046-00030d8137b6}\Shell\AutoRun\command - "" = F:\
O33 - MountPoints2\{28cdc559-0bd9-11dd-9046-00030d8137b6}\Shell\explore\Command - "" = F:\RECYCLER\INFO.exe
O33 - MountPoints2\{28cdc559-0bd9-11dd-9046-00030d8137b6}\Shell\open\Command - "" = F:\RECYCLER\INFO.exe
O33 - MountPoints2\{a5671296-0bbb-11dd-b68c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a5671296-0bbb-11dd-b68c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\{b1086477-e0d6-11df-9c28-001167829940}\Shell\AutoRun\command - "" = F:\Install.exe
O33 - MountPoints2\{b1086477-e0d6-11df-9c28-001167829940}\Shell\menu1\command - "" = F:\Install.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.22 00:08:18 | 000,580,608 | -H-- | C] (OldTimer Tools) -- C:\Users\HappyMoh\Desktop\OTL.exe
[2011.04.21 21:39:00 | 000,000,000 | -H-D | C] -- C:\Users\HappyMoh\AppData\Roaming\Malwarebytes
[2011.04.21 21:38:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.21 21:38:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.21 21:38:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes
[2011.04.21 21:38:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.04.21 21:38:48 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.04.21 21:28:46 | 000,000,000 | -H-D | C] -- C:\Users\HappyMoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011.04.21 19:03:25 | 000,569,344 | -H-- | C] (WinTrust) -- C:\ProgramData\uvEWQXCeAJwf.exe
[2011.04.21 07:55:03 | 000,230,912 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMLM9A.DLL
[2011.04.04 20:15:38 | 000,000,000 | -H-D | C] -- C:\Users\HappyMoh\AppData\Roaming\Avira
[2011.03.24 21:01:25 | 000,000,000 | -H-D | C] -- C:\Users\HappyMoh\Documents\Tim Nieber
[2010.11.02 20:51:09 | 000,950,272 | ---- | C] ( ) -- C:\Windows\System32\lxdfusb1.dll
[2010.11.02 20:51:09 | 000,434,176 | ---- | C] ( ) -- C:\Windows\System32\lxdfhcp.dll
[2010.11.02 20:51:09 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxdfinpa.dll
[2010.11.02 20:51:09 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdfiesc.dll
[2010.11.02 20:51:08 | 001,200,128 | ---- | C] ( ) -- C:\Windows\System32\lxdfserv.dll
[2010.11.02 20:51:08 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdfpmui.dll
[2010.11.02 20:51:08 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdfprox.dll
[2010.11.02 20:51:07 | 000,565,248 | ---- | C] ( ) -- C:\Windows\System32\lxdflmpm.dll
[2010.11.02 20:51:07 | 000,320,432 | ---- | C] ( ) -- C:\Windows\System32\lxdfih.exe
[2010.11.02 20:51:06 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdfhbn3.dll
[2010.11.02 20:51:06 | 000,598,960 | ---- | C] ( ) -- C:\Windows\System32\lxdfcoms.exe
[2010.11.02 20:51:05 | 000,860,160 | ---- | C] ( ) -- C:\Windows\System32\lxdfcomc.dll
[2010.11.02 20:51:05 | 000,365,488 | ---- | C] ( ) -- C:\Windows\System32\lxdfcfg.exe
[2010.11.02 20:51:05 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdfcomm.dll
[2009.03.24 10:12:13 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxdainpa.dll
[2009.03.24 10:12:13 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxdaiesc.dll
[2009.03.24 10:12:13 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXDAhcp.dll
[2009.03.24 10:12:12 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxdaserv.dll
[2009.03.24 10:12:12 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxdausb1.dll
[2009.03.24 10:12:12 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxdapmui.dll
[2009.03.24 10:12:12 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxdalmpm.dll
[2009.03.24 10:12:12 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxdaprox.dll
[2009.03.24 10:12:12 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxdapplc.dll
[2009.03.24 10:12:11 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxdahbn3.dll
[2009.03.24 10:12:11 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxdacoms.exe
[2009.03.24 10:12:11 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxdaih.exe
[2009.03.24 10:12:10 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxdacomc.dll
[2009.03.24 10:12:10 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxdacomm.dll
[2009.03.24 10:12:10 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxdacfg.exe
[2009.03.15 15:54:55 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbuinpa.dll
[2009.03.15 15:54:55 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbuiesc.dll
[2009.03.15 15:54:55 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBUhcp.dll
[2009.03.15 15:54:54 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbuserv.dll
[2009.03.15 15:54:54 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxbuusb1.dll
[2009.03.15 15:54:54 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbuhbn3.dll
[2009.03.15 15:54:54 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbupmui.dll
[2009.03.15 15:54:54 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbulmpm.dll
[2009.03.15 15:54:54 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxbuih.exe
[2009.03.15 15:54:54 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbuprox.dll
[2009.03.15 15:54:54 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbupplc.dll
[2009.03.15 15:54:53 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbucomc.dll
[2009.03.15 15:54:53 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxbucoms.exe
[2009.03.15 15:54:53 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbucomm.dll
[2009.03.15 15:54:53 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxbucfg.exe
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.22 00:10:01 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8CDDE6C4-EA89-4248-B419-D7CD30AC64D1}.job
[2011.04.22 00:08:22 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\HappyMoh\Desktop\OTL.exe
[2011.04.22 00:00:23 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.22 00:00:13 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.22 00:00:13 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.22 00:00:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.22 00:00:00 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.21 23:09:25 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.04.21 22:56:18 | 000,641,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.21 22:56:18 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.21 22:56:18 | 000,116,706 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.21 22:56:18 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.21 22:48:13 | 260,553,405 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.04.21 22:31:19 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~28106528r
[2011.04.21 22:31:19 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~28106528
[2011.04.21 22:31:03 | 000,000,336 | -H-- | M] () -- C:\ProgramData\28106528
[2011.04.21 22:30:57 | 000,487,424 | -H-- | M] () -- C:\ProgramData\28106528.exe
[2011.04.21 22:26:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.21 21:38:53 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.21 21:31:14 | 000,000,400 | -H-- | M] () -- C:\ProgramData\26205984
[2011.04.21 21:29:02 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~26205984r
[2011.04.21 21:29:02 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~26205984
[2011.04.21 21:28:57 | 000,000,589 | -H-- | M] () -- C:\Users\HappyMoh\Desktop\Windows Recovery.lnk
[2011.04.21 19:03:24 | 000,569,344 | -H-- | M] (WinTrust) -- C:\ProgramData\uvEWQXCeAJwf.exe
[2011.04.20 22:49:14 | 000,001,038 | -H-- | M] () -- C:\Users\HappyMoh\Desktop\DVDVideoSoft Free Studio.lnk
[2011.04.19 18:35:42 | 000,001,269 | -H-- | M] () -- C:\ProgramData\lxdf
[2011.04.19 18:29:02 | 000,951,807 | -H-- | M] () -- C:\Users\HappyMoh\Desktop\Kanalplan Wolfcenter.jpg
[2011.04.06 22:17:00 | 000,004,214 | -H-- | M] () -- C:\Users\HappyMoh\Desktop\APF.jpg
[2011.04.06 18:21:18 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.04.04 19:05:52 | 000,790,510 | -H-- | M] () -- C:\Users\HappyMoh\Desktop\HELLER GESAMT.CFI
[2011.04.04 18:05:08 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011.04.04 17:20:03 | 001,473,803 | -H-- | M] () -- C:\Users\HappyMoh\Desktop\HELLER GESAMT.DXF
[2011.03.26 10:26:41 | 000,001,977 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.21 22:31:19 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~28106528r
[2011.04.21 22:31:19 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~28106528
[2011.04.21 22:31:03 | 000,000,336 | -H-- | C] () -- C:\ProgramData\28106528
[2011.04.21 22:30:57 | 000,487,424 | -H-- | C] () -- C:\ProgramData\28106528.exe
[2011.04.21 21:38:53 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.21 21:29:02 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~26205984r
[2011.04.21 21:29:02 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~26205984
[2011.04.21 21:28:57 | 000,000,589 | -H-- | C] () -- C:\Users\HappyMoh\Desktop\Windows Recovery.lnk
[2011.04.21 21:28:10 | 000,000,400 | -H-- | C] () -- C:\ProgramData\26205984
[2011.04.19 18:29:02 | 000,951,807 | -H-- | C] () -- C:\Users\HappyMoh\Desktop\Kanalplan Wolfcenter.jpg
[2011.04.06 22:12:57 | 000,004,214 | -H-- | C] () -- C:\Users\HappyMoh\Desktop\APF.jpg
[2011.04.04 19:05:52 | 000,790,510 | -H-- | C] () -- C:\Users\HappyMoh\Desktop\HELLER GESAMT.CFI
[2011.04.04 18:05:08 | 000,001,893 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011.04.04 17:20:03 | 001,473,803 | -H-- | C] () -- C:\Users\HappyMoh\Desktop\HELLER GESAMT.DXF
[2011.03.04 19:23:44 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXDFPMON.DLL
[2011.03.04 19:23:44 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXDFFXPU.DLL
[2011.03.04 19:23:24 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdfoem.dll
[2011.01.15 11:34:36 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2010.11.02 20:51:09 | 000,348,160 | ---- | C] () -- C:\Windows\System32\lxdfinst.dll
[2010.11.02 20:51:06 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdfgrd.dll
[2010.08.22 11:25:13 | 000,001,269 | -H-- | C] () -- C:\ProgramData\lxdf
[2010.02.14 14:48:55 | 005,640,880 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2010.02.14 14:48:55 | 000,015,341 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2010.01.15 00:58:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.01.07 12:37:25 | 000,024,206 | -H-- | C] () -- C:\Users\HappyMoh\AppData\Roaming\UserTile.png
[2009.12.03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.09.26 13:39:12 | 000,408,576 | ---- | C] () -- C:\Windows\System32\javai.dll
[2009.09.26 13:39:12 | 000,364,032 | ---- | C] () -- C:\Windows\System32\ha312w32.dll
[2009.09.26 13:39:11 | 000,053,317 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2009.09.26 13:39:09 | 000,256,000 | ---- | C] () -- C:\Windows\System32\iflTIFF0.dll
[2009.09.26 13:39:09 | 000,256,000 | ---- | C] () -- C:\Windows\System32\iflTIFF.dll
[2009.09.26 13:39:09 | 000,104,960 | ---- | C] () -- C:\Windows\System32\iflJFIF0.dll
[2009.09.26 13:39:09 | 000,104,960 | ---- | C] () -- C:\Windows\System32\iflJFIF.dll
[2009.09.26 13:39:09 | 000,102,912 | ---- | C] () -- C:\Windows\System32\ifl0.dll
[2009.09.26 13:39:09 | 000,102,400 | ---- | C] () -- C:\Windows\System32\ifl.dll
[2009.09.26 13:39:09 | 000,086,016 | ---- | C] () -- C:\Windows\System32\iflPNG.dll
[2009.09.26 13:39:09 | 000,026,112 | ---- | C] () -- C:\Windows\System32\iflGIF0.dll
[2009.09.26 13:39:09 | 000,026,112 | ---- | C] () -- C:\Windows\System32\iflGIF.dll
[2009.09.26 13:39:09 | 000,019,456 | ---- | C] () -- C:\Windows\System32\iflBMP0.dll
[2009.09.26 13:39:09 | 000,019,456 | ---- | C] () -- C:\Windows\System32\iflBMP.dll
[2009.09.26 13:39:08 | 000,169,221 | ---- | C] () -- C:\Windows\DDS-StartBit.exe
[2009.09.26 13:39:08 | 000,048,128 | ---- | C] () -- C:\Windows\System32\crexpd32.dll
[2009.06.19 20:47:22 | 000,000,092 | -H-- | C] () -- C:\Users\HappyMoh\AppData\Roaming\wklnhst.dat
[2009.03.24 10:13:50 | 000,000,136 | ---- | C] () -- C:\Windows\Lexstat.ini
[2009.03.24 10:12:13 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxdautil.dll
[2009.03.24 10:12:13 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXDAinst.dll
[2009.03.15 15:54:55 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBUinst.dll
[2008.12.22 13:39:47 | 000,067,584 | ---- | C] () -- C:\Windows\System32\SSIREGI.EXE
[2008.12.22 13:39:47 | 000,054,784 | ---- | C] () -- C:\Windows\System32\SSIPDDP.SYS
[2008.12.22 13:38:59 | 000,000,250 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.12.22 13:38:59 | 000,000,090 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008.07.26 18:57:12 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.06.28 22:03:20 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.06.16 18:16:49 | 000,000,680 | -H-- | C] () -- C:\Users\HappyMoh\AppData\Local\d3d9caps.dat
[2008.06.16 17:05:31 | 000,340,480 | ---- | C] () -- C:\Windows\System32\K8062e.exe
[2008.06.16 17:05:31 | 000,322,048 | ---- | C] () -- C:\Windows\System32\Easylase.dll
[2008.06.16 17:05:31 | 000,301,056 | ---- | C] () -- C:\Windows\System32\usbdmxfs.dll
[2008.06.16 17:05:31 | 000,084,992 | ---- | C] () -- C:\Windows\System32\DMX510Vb.dll
[2008.06.16 17:05:31 | 000,049,152 | ---- | C] () -- C:\Windows\System32\EspionDll.dll
[2008.06.16 17:05:31 | 000,042,496 | ---- | C] () -- C:\Windows\System32\K8062D.dll
[2008.06.16 17:05:31 | 000,032,768 | ---- | C] () -- C:\Windows\System32\MPUSBAPI.DLL
[2008.06.16 17:05:31 | 000,017,920 | ---- | C] () -- C:\Windows\System32\usbdmxsi.dll
[2008.06.16 17:05:31 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FASTTime32.dll
[2008.06.16 17:05:30 | 000,262,144 | ---- | C] () -- C:\Windows\System32\dashard2006.dll
[2008.06.16 17:05:30 | 000,110,592 | ---- | C] () -- C:\Windows\System32\usb_dll.dll
[2008.06.16 17:05:30 | 000,110,592 | ---- | C] () -- C:\Windows\System32\dashard.dll
[2008.06.16 17:05:30 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dashardvb.dll
[2008.06.16 17:05:30 | 000,044,544 | ---- | C] () -- C:\Windows\System32\dmx60.dll
[2008.06.16 17:05:30 | 000,044,544 | ---- | C] () -- C:\Windows\System32\dmx120.dll
[2008.06.16 17:05:30 | 000,037,888 | ---- | C] () -- C:\Windows\System32\LPT_dmx.dll
[2008.06.16 17:05:30 | 000,032,768 | ---- | C] () -- C:\Windows\System32\inpout32.dll
[2008.06.16 17:05:30 | 000,003,584 | ---- | C] () -- C:\Windows\System32\drivers\dlportio.sys
[2008.05.26 18:38:32 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.04.30 20:38:07 | 000,098,304 | -H-- | C] () -- C:\Users\HappyMoh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.04.16 15:59:47 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini
[2008.04.01 09:54:43 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008.04.01 09:54:43 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll
[2008.02.11 20:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008.02.11 20:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008.02.11 20:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008.02.11 20:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2007.08.19 17:18:50 | 000,033,440 | ---- | C] () -- C:\Windows\DdsSysOp.exe
[2007.05.24 17:24:26 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxdfdrs.dll
[2007.05.23 05:39:22 | 000,204,476 | ---- | C] () -- C:\Windows\sendmail.exe
[2007.05.23 05:39:20 | 000,227,995 | ---- | C] () -- C:\Windows\DDS-StartBsp.exe
[2007.05.23 05:39:18 | 000,091,136 | ---- | C] () -- C:\Windows\System32\mscomstf.dll
[2007.05.23 05:39:18 | 000,024,064 | ---- | C] () -- C:\Windows\System32\msshlstf.dll
[2007.05.23 05:39:16 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll
[2007.05.22 11:09:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxdfcaps.dll
[2007.05.03 16:50:10 | 000,348,160 | ---- | C] () -- C:\Windows\System32\lxdfcoin.dll
[2007.04.17 11:17:06 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdfcnv4.dll
[2007.04.12 16:07:48 | 008,056,832 | ---- | C] () -- C:\Windows\System32\Lads76.dll
[2007.04.12 16:07:48 | 001,941,558 | ---- | C] () -- C:\Windows\System32\TKTopAlgo.dll
[2007.04.12 16:07:48 | 001,130,550 | ---- | C] () -- C:\Windows\System32\TKService.dll
[2007.04.12 16:07:46 | 003,567,667 | ---- | C] () -- C:\Windows\System32\TKBool.dll
[2007.04.12 16:07:46 | 003,235,895 | ---- | C] () -- C:\Windows\System32\TKGeomBase.dll
[2007.04.12 16:07:46 | 002,977,842 | ---- | C] () -- C:\Windows\System32\TKV3d.dll
[2007.04.12 16:07:46 | 002,064,436 | ---- | C] () -- C:\Windows\System32\TKernel.dll
[2007.04.12 16:07:46 | 001,744,947 | ---- | C] () -- C:\Windows\System32\TKMath.dll
[2007.04.12 16:07:46 | 001,216,561 | ---- | C] () -- C:\Windows\System32\TKBO.dll
[2007.04.12 16:07:46 | 000,872,448 | ---- | C] () -- C:\Windows\System32\iconv.dll
[2007.04.12 16:07:46 | 000,839,730 | ---- | C] () -- C:\Windows\System32\TKG3d.dll
[2007.04.12 16:07:46 | 000,811,061 | ---- | C] () -- C:\Windows\System32\TKOffset.dll
[2007.04.12 16:07:46 | 000,475,186 | ---- | C] () -- C:\Windows\System32\TKV2d.dll
[2007.04.12 16:07:46 | 000,413,696 | ---- | C] () -- C:\Windows\System32\whiptkw.dll
[2007.04.12 16:07:46 | 000,274,497 | ---- | C] () -- C:\Windows\System32\guisys.dll
[2007.04.12 16:07:46 | 000,090,112 | ---- | C] () -- C:\Windows\System32\ifchttpclient.dll
[2007.04.12 16:07:46 | 000,081,920 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2007.04.12 16:07:46 | 000,053,248 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2007.04.12 16:07:44 | 009,334,850 | ---- | C] () -- C:\Windows\System32\edmikit400.dll
[2007.04.12 16:07:44 | 003,375,159 | ---- | C] () -- C:\Windows\System32\TKGeomAlgo.dll
[2007.04.12 16:07:44 | 001,839,157 | ---- | C] () -- C:\Windows\System32\TKFillet.dll
[2007.04.12 16:07:44 | 000,725,043 | ---- | C] () -- C:\Windows\System32\TKBRep.dll
[2007.04.12 16:07:44 | 000,626,738 | ---- | C] () -- C:\Windows\System32\TKHLR.dll
[2007.04.12 16:07:44 | 000,356,402 | ---- | C] () -- C:\Windows\System32\TKG2d.dll
[2007.04.12 16:07:44 | 000,249,907 | ---- | C] () -- C:\Windows\System32\TKPrim.dll
[2007.02.22 19:32:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbucoin.dll
[2007.01.22 09:49:34 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxdacoin.dll
[2006.11.02 17:33:31 | 000,641,344 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,116,706 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,423,848 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,610,142 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,103,924 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:25 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscld.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 09:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006.11.02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006.08.30 15:05:18 | 000,067,584 | ---- | C] () -- C:\Windows\System32\drivers\SSIREGI.EXE
[2006.08.30 15:05:18 | 000,054,784 | ---- | C] () -- C:\Windows\System32\drivers\SSIPDDP.SYS
[2006.08.11 09:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2006.08.01 02:53:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdfvs.dll
[2006.03.27 12:19:20 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdavs.dll
[2005.12.21 17:57:36 | 000,139,264 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll
[2005.12.21 17:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll
[2005.12.21 17:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll
[2005.08.18 07:26:46 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbuvs.dll
[2005.02.24 18:23:50 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbucnv4.dll
[2004.09.23 07:31:30 | 000,000,071 | ---- | C] () -- C:\Windows\System32\FTD2XXUN.ini
[1999.01.22 20:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
 
< End of report >
--- --- ---


ausversehen 2x gepostet ;)

kira 22.04.2011 08:55
Hallo und Herzlich Willkommen! :)

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen:)

Zitat:
Wenn ein System kompromittiert wurde, ist das System nicht mehr vertrauenswürdig
Eine Neuinstallation garantiert die rückstandsfreie Entfernung der Infektion - Lesestoff: "Hilfe: Ich wurde das Opfer eines Hackerangriffs. Was soll ich tun?" - Säubern eines gefährdeten Systems
Falls du doch für die Systemreinigung entscheidest - Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst::

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
:OTL
PRC - C:\ProgramData\uvEWQXCeAJwf.exe (WinTrust)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
[2011.04.21 21:14:38 | 000,000,000 | -H-D | M] (SweetIM Toolbar for Firefox) -- C:\Users\HappyMoh\AppData\Roaming\mozilla\Firefox\Profiles\kedkuml1.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010.06.27 11:52:36 | 000,000,873 | -H-- | M] () -- C:\Users\HappyMoh\AppData\Roaming\Mozilla\Firefox\Profiles\kedkuml1.default\searchplugins\conduit.xml
[2010.08.21 13:25:07 | 000,003,915 | -H-- | M] () -- C:\Users\HappyMoh\AppData\Roaming\Mozilla\Firefox\Profiles\kedkuml1.default\searchplugins\sweetim.xml
[2010.12.06 17:37:29 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
[2011.04.21 19:03:25 | 000,569,344 | -H-- | C] (WinTrust) -- C:\ProgramData\uvEWQXCeAJwf.exe
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKU\S-1-5-21-2711294998-2418963050-491248811-1000..\Run: [uvEWQXCeAJwf] C:\ProgramData\uvEWQXCeAJwf.exe (WinTrust)
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2011.04.21 22:31:19 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~28106528r
[2011.04.21 22:31:19 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~28106528
[2011.04.21 22:31:03 | 000,000,336 | -H-- | M] () -- C:\ProgramData\28106528
[2011.04.21 22:30:57 | 000,487,424 | -H-- | M] () -- C:\ProgramData\28106528.exe
[2011.04.21 21:29:02 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~26205984r
[2011.04.21 21:29:02 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~26205984
[2011.04.21 21:28:10 | 000,000,400 | -H-- | C] () -- C:\ProgramData\26205984

:Commands
[purity]
[emptytemp]

2.
Hast du den Rechner bereits auf Viren überprüft? Folgende Ergebnisse möchte ich noch sehen:
Code:
Malwarebytes
3.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool Ccleaner herunter
Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

4.
** Update Malwarebytes Anti-Malware, lass es nochmal anhand der folgenden Anleitung laufen:
  • per Doppelklick starten.
  • den Quarantine-Inhalt löschen
  • gleich mal die Datenbanken zu aktualisieren - online updaten
  • Vollständiger Suchlauf wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • alle Funde bis auf - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

5.
Erneut ein OTL-Log erstellen und posten:-> OTL-Anleitung

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B hjtsanlist o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
Coverflow

Moh 22.04.2011 09:40
Code:
All processes killed
========== OTL ==========
No active process named uvEWQXCeAJwf.exe was found!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2711294998-2418963050-491248811-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_USERS\S-1-5-21-2711294998-2418963050-491248811-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Programme\DVDVideoSoftTB\tbDVDV.dll not found.
Registry value HKEY_USERS\S-1-5-21-2711294998-2418963050-491248811-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\ not found.
File C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll not found.
HKU\S-1-5-21-2711294998-2418963050-491248811-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "hxxp://search.sweetim.com/search.asp?src=2&q=" removed from sweetim.toolbar.previous.keyword.URL
C:\Users\HappyMoh\AppData\Roaming\mozilla\Firefox\Profiles\kedkuml1.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF folder moved successfully.
C:\Users\HappyMoh\AppData\Roaming\mozilla\Firefox\Profiles\kedkuml1.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\components folder moved successfully.
C:\Users\HappyMoh\AppData\Roaming\mozilla\Firefox\Profiles\kedkuml1.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome folder moved successfully.
C:\Users\HappyMoh\AppData\Roaming\mozilla\Firefox\Profiles\kedkuml1.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} folder moved successfully.
C:\Users\HappyMoh\AppData\Roaming\Mozilla\Firefox\Profiles\kedkuml1.default\searchplugins\conduit.xml moved successfully.
C:\Users\HappyMoh\AppData\Roaming\Mozilla\Firefox\Profiles\kedkuml1.default\searchplugins\sweetim.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully.
C:\ProgramData\uvEWQXCeAJwf.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Programme\DVDVideoSoftTB\tbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ deleted successfully.
File C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_USERS\S-1-5-21-2711294998-2418963050-491248811-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
File C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_USERS\S-1-5-21-2711294998-2418963050-491248811-1000\Software\Microsoft\Windows\CurrentVersion\Run\\uvEWQXCeAJwf deleted successfully.
File C:\ProgramData\uvEWQXCeAJwf.exe not found.
C:\ProgramData\SPLFAB1.tmp deleted successfully.
C:\ProgramData\~28106528r moved successfully.
C:\ProgramData\~28106528 moved successfully.
C:\ProgramData\28106528 moved successfully.
C:\ProgramData\28106528.exe moved successfully.
C:\ProgramData\~26205984r moved successfully.
C:\ProgramData\~26205984 moved successfully.
C:\ProgramData\26205984 moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: HappyMoh
->Temp folder emptied: 650074647 bytes
->Temporary Internet Files folder emptied: 550318997 bytes
->Java cache emptied: 6747917 bytes
->FireFox cache emptied: 40063142 bytes
->Google Chrome cache emptied: 15366102 bytes
->Flash cache emptied: 151635 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 144755105 bytes
RecycleBin emptied: 2463674459 bytes
 
Total Files Cleaned = 3.692,00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 04222011_103121

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\spserv.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Ccleaner txt
Code:
Activation Assistant for the 2007 Microsoft Office suites        Microsoft Corporation        15.04.2008        14,0MB       
Adobe Flash Player 10 ActiveX        Adobe Systems Incorporated        03.04.2011                10.2.153.1
Adobe Flash Player 10 Plugin        Adobe Systems Incorporated        12.05.2009                10.0.22.87
Adobe Media Player        Adobe Systems Incorporated        27.08.2008        2,95MB        1.1
Adobe Reader 8.1.4 - Deutsch        Adobe Systems Incorporated        21.03.2009        104,3MB        8.1.4
Apple Application Support        Apple Inc.        28.01.2011        52,8MB        1.4.1
Apple Mobile Device Support        Apple Inc.        28.01.2011        21,7MB        3.3.1.3
Apple Software Update        Apple Inc.        02.01.2009        2,16MB        2.1.1.116
Autodesk Architectural Desktop 2006 - Deutsch        Autodesk        09.09.2008        609MB        4.7.265.0
Avira AntiVir Personal - Free Antivirus        Avira GmbH        05.04.2011        73,8MB        10.0.0.635
Biet-O-Matic v2.14.8        BOM Development Team        14.01.2011        4,68MB        Biet-O-Matic v2.14.8
Big Fish Games Center (remove only)                15.04.2008        172,3MB       
Big Fish Games Sudoku (remove only)                15.04.2008        172,3MB       
BlockCAD 3.19        Anders Isaksson        30.03.2009        4,59MB        3.19
Bonjour        Apple Inc.        28.01.2011        0,97MB        2.0.4.0
Canon Utilities My Printer                10.05.2010        4,70MB       
CCleaner        Piriform        21.04.2011        3,60MB        3.05
Compatibility Pack für 2007 Office System        Microsoft Corporation        15.04.2011        56,2MB        12.0.6425.1000
Cradle of Rome (remove only)                15.04.2008        38,8MB       
dBpoweramp Music Converter        Illustrate        13.02.2010        10,0MB        Release 13.3
DDS Artikeldatenbank 6.35                25.09.2009        818MB       
DDS Basis bis 6.35                25.09.2009        817MB       
DDS ElektroPartner 6.35                25.09.2009        818MB       
DDS ElektroPartner bis 6.35                21.12.2008        318MB       
DDS SHK-Partner bis 6.35                21.12.2008        818MB       
DDS SHK-Partner Heizung/Sanitär 6.35                25.09.2009        818MB       
DDS-CAD 6.4        Data Design System GmbH        17.12.2009        669MB        6.4
DDS-SHK Hersteller-ARD 6.35                25.09.2009        818MB       
DMXControl 2.9        PopSoft        01.07.2008        10,8MB        2.9
DVDVideoSoftTB Toolbar                26.06.2010        2,50MB       
FirstSteps Diagnostics        Fujitsu Siemens Computers        31.03.2008        4,67MB        1.00
Franzis 3D-Eisenbahnplaner 10.0        Franzis        14.10.2009        10,6MB       
Free Audio CD Burner version 1.4.7        DVDVideoSoft Limited.        19.04.2011        3,13MB       
Free RAR Extract Frog 1.00        Philipp Winterberg        13.11.2008        1,70MB        1.00
Free YouTube to MP3 Converter version 3.9.35.324        DVDVideoSoft Limited.        19.04.2011        3,38MB       
FreeStyler        Raphaël Wellekens        01.07.2008        228MB       
FSCLounge        Fujitsu Siemens Computers        15.04.2008        8,47MB        1.0.0
FTDI FTD2XX USB Drivers                01.07.2008               
FTP Commander                15.04.2008        1,95MB       
Geberit ProPlanner Light 2009        Geberit International AG        12.05.2009        298MB        2.4.000
Google Chrome        Google Inc.        23.05.2010        346MB        10.0.648.204
Google Desktop        Google        15.04.2008        8,57MB        -
Google Earth        Google        25.09.2010        85,4MB        5.2.1.1588
Google Toolbar for Internet Explorer                31.03.2008        44,7MB       
Hercules DJ Products Series drivers        Hercules        29.11.2010        16,2MB        4.HDJS.2009
ICQ Toolbar        ICQ        25.10.2010        0,48MB        3.0.0
ICQ7.2        ICQ        25.10.2010        66,6MB        7.2
Intel(R) Graphics Media Accelerator Driver                31.03.2008               
IsoBuster 2.4        Smart Projects        22.11.2008        8,92MB        2.4
iTunes        Apple Inc.        28.01.2011        144,7MB        10.1.2.17
Java 2 Runtime Environment, SE v1.4.2_15        Sun Microsystems, Inc.        20.04.2008        131,6MB        1.4.2_15
Java(TM) 6 Update 5        Sun Microsystems, Inc.        02.05.2008        136,2MB        1.6.0.50
Java(TM) 6 Update 7        Sun Microsystems, Inc.        27.08.2008        136,2MB        1.6.0.70
Korean Fonts Support For Adobe Reader 8        Adobe Systems        10.05.2009        10,0MB        8.0.0
Lexmark 6200 Series        Lexmark International, Inc.        14.03.2009        42,1MB       
Lexmark 640 Series        Lexmark International, Inc.        23.03.2009        35,3MB       
Lexmark 6500 Series        Lexmark International, Inc.        01.11.2010        131,3MB       
Luxor Amun Rising (remove only)                15.04.2008        18,1MB       
Magic 3D EasyView        Nicolaudie        01.07.2008        228MB       
Mahjong Towers Eternity EU (remove only)                15.04.2008        15,7MB       
Malwarebytes' Anti-Malware        Malwarebytes Corporation        20.04.2011        4,80MB       
Microsoft .NET Framework 3.5 SP1        Microsoft Corporation        12.05.2009        28,1MB       
Microsoft Access 2000 Runtime        Microsoft Corporation        23.02.2009        59,6MB        9.00.2910
Microsoft Foto Designer Pro 7.0        Microsoft Corporation        14.07.2008        605MB        7.0.0.0000
Microsoft Office Home and Student 2007        Microsoft Corporation        28.12.2009        332MB        12.0.6425.1000
Microsoft Office Live Add-in 1.4        Microsoft Corporation        17.01.2010        0,49MB        2.0.3008.0
Microsoft Office PowerPoint Viewer 2007 (German)        Microsoft Corporation        15.04.2011        51,0MB        12.0.6425.1000
Microsoft Silverlight        Microsoft Corporation        21.02.2011        140,0MB        4.0.60129.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053        Microsoft Corporation        29.11.2010        0,25MB        8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        29.11.2010        0,41MB        8.0.56336
Microsoft Visual C++ 2005 Redistributable - KB2467175        Microsoft Corporation        15.04.2011        0,29MB        8.0.51011
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148        Microsoft Corporation        28.07.2009        0,19MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570        Microsoft Corporation        15.04.2011        0,58MB        9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        30.03.2009        0,58MB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        03.04.2011        0,58MB        9.0.30729.4148
Microsoft Works        Microsoft Corporation        14.12.2010        377MB        9.7.0621
Motorola SM56 Speakerphone Modem        Motorola Inc        17.01.2010        1,72MB        6.12.25.06
Mozilla Firefox (3.0.19)        Mozilla        05.12.2010        25,1MB        3.0.19 (de)
MSXML 4.0 SP2 (KB941833)        Microsoft Corporation        31.03.2008        1,27MB        4.20.9849.0
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        11.11.2008        1,28MB        4.20.9870.0
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        24.11.2009        1,34MB        4.20.9876.0
MultiCalc        ConSoft GmbH        23.05.2008        3,34MB        1.3.4
Mystery Case Files - Prime Suspects (remove only)                15.04.2008        39,3MB       
Nero 7 Essentials        Nero AG        31.03.2008        377MB        7.02.5851
Norton AntiBot        Symantec        28.09.2010        15,9MB        3.1.1.851
OVplan 3.1.4                09.02.2009                3.1.4
OVsim 2.0.2        OVENTROP        09.02.2009                2.0.2
OVsol 1.0                09.02.2009                1.0
PDF24 Creator        PDF24.org        02.05.2010        35,2MB       
phonostar-Player Version 2.01.4                04.09.2008        9,73MB       
Picasa 2        Google, Inc.        15.04.2008        26,9MB        2.0
PN Software                23.02.2009        772MB       
Poker Superstars II (remove only)                15.04.2008        30,3MB       
QuickTime        Apple Inc.        28.01.2011        73,7MB        7.69.80.9
RarZilla Free Unrar 2.53        Philipp Winterberg        09.09.2008        1,71MB        2.53
Realtek High Definition Audio Driver                31.03.2008               
Sentinel Protection Installer 7.1.0        SafeNet, Inc.        21.12.2008        2,57MB        7.1.0
Sentinel System Driver                21.12.2008               
Skype web features        Skype Technologies S.A.        13.01.2010        4,34MB        1.0.3971
Skype™ 4.1        Skype Technologies S.A.        13.01.2010        31,1MB        4.1.179
SweetIM for Messenger 3.2        SweetIM Technologies Ltd.        20.08.2010        4,01MB        3.2.0004
SweetIM Toolbar for Internet Explorer 3.9        SweetIM Technologies Ltd.        20.08.2010        3,99MB        3.9.0007
UltraMixer 2.3.6        UltraMixer Digital Audio Solutions        23.02.2009        109,2MB        2.3.6
Uninstall 1.0.0.1                19.04.2011        30,8MB       
ValloFlex PLAN        Heinemann GmbH        20.02.2011        6,32MB        3.0.0
VideoLAN VLC media player 0.8.6f        VideoLAN Team        27.06.2008        32,0MB        0.8.6f
Virtual DJ - Atomix Productions                29.11.2010        16,0MB       
Winamp        Nullsoft, Inc        28.08.2008        27,9MB        5.541
Windows Live ID-Anmelde-Assistent        Microsoft Corporation        17.01.2010        4,69MB        6.500.3146.0
WinSCP 4.2.5        Martin Prikryl        11.01.2010        8,58MB        4.2.5

Schritt 2+4 kann ich nicht ausführen da sich dann immer der Rechner aufhängt

Moh 22.04.2011 10:57
TR/Kasy.mekml.1 - Kritischer Fehler HDD
 
Schritt 5
Erneut ein OTL-Log

OTL Logfile:
Code:
OTL logfile created on: 22.04.2011 00:08:49 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\HappyMoh\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,10 Gb Total Space | 78,26 Gb Free Space | 52,84% Space Free | Partition Type: NTFS
Drive D: | 73,07 Gb Total Space | 15,28 Gb Free Space | 20,92% Space Free | Partition Type: NTFS
 
Computer Name: MOH-PC | User Name: HappyMoh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\HappyMoh\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\uvEWQXCeAJwf.exe (WinTrust)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\guardhlp.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - D:\Programme\agent\Bin\NABWatcher.exe (Symantec)
PRC - C:\Programme\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE ()
PRC - C:\Windows\System32\lxdfcoms.exe ( )
PRC - C:\Windows\System32\lxbucoms.exe ( )
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\lxdacoms.exe ( )
PRC - C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Windows\System32\attrib.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\HappyMoh\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.20656_none_463680b8218be5a3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Symantec Core LC) --  File not found
SRV - (CLTNetCnService) --  File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (SymantecAntiBotWatcher) -- D:\Programme\agent\Bin\NABWatcher.exe (Symantec)
SRV - (HerculesDJControlMP3) -- C:\Programme\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (lxdf_device) -- C:\Windows\System32\lxdfcoms.exe ( )
SRV - (lxdfCATSCustConnectService) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdfserv.exe ()
SRV - (lxbu_device) -- C:\Windows\System32\lxbucoms.exe ( )
SRV - (lxda_device) -- C:\Windows\System32\lxdacoms.exe ( )
SRV - (TestHandler) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
SRV - (SentinelProtectionServer) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
DRV - (csr_a2dp) -- C:\Windows\System32\drivers\bthav.sys (CSR, plc)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (HDJMidi) -- C:\Windows\System32\drivers\HDJMidi.sys (© Guillemot R&D, 2009. All rights reserved.)
DRV - (Bulk) -- C:\Windows\System32\drivers\HDJBulk.sys (© Guillemot R&D, 2009. All rights reserved.)
DRV - (BthAvrcp) -- C:\Windows\System32\drivers\BthAvrcp.sys (CSR, plc)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (Sentinel) -- C:\Windows\System32\Drivers\SENTINEL.SYS (SafeNet, Inc.)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (SSIPDDP) -- C:\Windows\System32\drivers\SSIPDDP.SYS ()
DRV - (SNTNLUSB) -- C:\Windows\System32\drivers\SNTNLUSB.SYS (SafeNet, Inc.)
DRV - (FTD2XX) -- C:\Windows\System32\drivers\FTD2XX.sys (FTDI Ltd.)
DRV - (DLPortIO) -- C:\Windows\System32\drivers\dlportio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.01.29 13:44:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.29 13:44:12 | 000,000,000 | ---D | M]
 
[2009.03.15 17:44:35 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\HappyMoh\AppData\Roaming\mozilla\Extensions
[2011.04.21 22:32:30 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\HappyMoh\AppData\Roaming\mozilla\Firefox\Profiles\kedkuml1.default\extensions
[2011.04.21 21:14:36 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\HappyMoh\AppData\Roaming\mozilla\Firefox\Profiles\kedkuml1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.04.21 21:14:37 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\HappyMoh\AppData\Roaming\mozilla\Firefox\Profiles\kedkuml1.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.04.21 21:14:37 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\HappyMoh\AppData\Roaming\mozilla\Firefox\Profiles\kedkuml1.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.04.21 21:14:38 | 000,000,000 | -H-D | M] (DVDVideoSoft Toolbar) -- C:\Users\HappyMoh\AppData\Roaming\mozilla\Firefox\Profiles\kedkuml1.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2011.04.21 21:14:38 | 000,000,000 | -H-D | M] (SweetIM Toolbar for Firefox) -- C:\Users\HappyMoh\AppData\Roaming\mozilla\Firefox\Profiles\kedkuml1.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010.06.27 11:52:36 | 000,000,873 | -H-- | M] () -- C:\Users\HappyMoh\AppData\Roaming\Mozilla\Firefox\Profiles\kedkuml1.default\searchplugins\conduit.xml
[2011.04.04 18:20:05 | 000,000,950 | -H-- | M] () -- C:\Users\HappyMoh\AppData\Roaming\Mozilla\Firefox\Profiles\kedkuml1.default\searchplugins\icqplugin-1.xml
[2010.12.05 17:19:40 | 000,001,056 | -H-- | M] () -- C:\Users\HappyMoh\AppData\Roaming\Mozilla\Firefox\Profiles\kedkuml1.default\searchplugins\icqplugin.xml
[2010.08.21 13:25:07 | 000,003,915 | -H-- | M] () -- C:\Users\HappyMoh\AppData\Roaming\Mozilla\Firefox\Profiles\kedkuml1.default\searchplugins\sweetim.xml
[2010.10.26 20:05:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.03.15 17:44:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org
[2008.08.28 16:37:45 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009.09.02 21:56:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2010.12.06 17:37:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.12.06 17:37:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.12.06 17:37:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.12.06 17:37:29 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.12.06 17:37:29 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.02.11 17:45:32 | 000,000,814 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LXBUCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXBUtime.DLL ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2711294998-2418963050-491248811-1000..\Run: [uvEWQXCeAJwf] C:\ProgramData\uvEWQXCeAJwf.exe (WinTrust)
O4 - Startup: C:\Users\HappyMoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O7 - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\HappyMoh\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\..Trusted Ranges: GD ([http] in Lokales Intranet)
O15 - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_15)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.237.149.142 217.237.150.205
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\fsc_wallpaper1.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\fsc_wallpaper1.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{28cdc559-0bd9-11dd-9046-00030d8137b6}\Shell\AutoRun\command - "" = F:\
O33 - MountPoints2\{28cdc559-0bd9-11dd-9046-00030d8137b6}\Shell\explore\Command - "" = F:\RECYCLER\INFO.exe
O33 - MountPoints2\{28cdc559-0bd9-11dd-9046-00030d8137b6}\Shell\open\Command - "" = F:\RECYCLER\INFO.exe
O33 - MountPoints2\{a5671296-0bbb-11dd-b68c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a5671296-0bbb-11dd-b68c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\{b1086477-e0d6-11df-9c28-001167829940}\Shell\AutoRun\command - "" = F:\Install.exe
O33 - MountPoints2\{b1086477-e0d6-11df-9c28-001167829940}\Shell\menu1\command - "" = F:\Install.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.22 00:08:18 | 000,580,608 | -H-- | C] (OldTimer Tools) -- C:\Users\HappyMoh\Desktop\OTL.exe
[2011.04.21 21:39:00 | 000,000,000 | -H-D | C] -- C:\Users\HappyMoh\AppData\Roaming\Malwarebytes
[2011.04.21 21:38:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.21 21:38:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.21 21:38:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes
[2011.04.21 21:38:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.04.21 21:38:48 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.04.21 21:28:46 | 000,000,000 | -H-D | C] -- C:\Users\HappyMoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011.04.21 19:03:25 | 000,569,344 | -H-- | C] (WinTrust) -- C:\ProgramData\uvEWQXCeAJwf.exe
[2011.04.21 07:55:03 | 000,230,912 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMLM9A.DLL
[2011.04.04 20:15:38 | 000,000,000 | -H-D | C] -- C:\Users\HappyMoh\AppData\Roaming\Avira
[2011.03.24 21:01:25 | 000,000,000 | -H-D | C] -- C:\Users\HappyMoh\Documents\Tim Nieber
[2010.11.02 20:51:09 | 000,950,272 | ---- | C] ( ) -- C:\Windows\System32\lxdfusb1.dll
[2010.11.02 20:51:09 | 000,434,176 | ---- | C] ( ) -- C:\Windows\System32\lxdfhcp.dll
[2010.11.02 20:51:09 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxdfinpa.dll
[2010.11.02 20:51:09 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdfiesc.dll
[2010.11.02 20:51:08 | 001,200,128 | ---- | C] ( ) -- C:\Windows\System32\lxdfserv.dll
[2010.11.02 20:51:08 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdfpmui.dll
[2010.11.02 20:51:08 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdfprox.dll
[2010.11.02 20:51:07 | 000,565,248 | ---- | C] ( ) -- C:\Windows\System32\lxdflmpm.dll
[2010.11.02 20:51:07 | 000,320,432 | ---- | C] ( ) -- C:\Windows\System32\lxdfih.exe
[2010.11.02 20:51:06 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdfhbn3.dll
[2010.11.02 20:51:06 | 000,598,960 | ---- | C] ( ) -- C:\Windows\System32\lxdfcoms.exe
[2010.11.02 20:51:05 | 000,860,160 | ---- | C] ( ) -- C:\Windows\System32\lxdfcomc.dll
[2010.11.02 20:51:05 | 000,365,488 | ---- | C] ( ) -- C:\Windows\System32\lxdfcfg.exe
[2010.11.02 20:51:05 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdfcomm.dll
[2009.03.24 10:12:13 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxdainpa.dll
[2009.03.24 10:12:13 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxdaiesc.dll
[2009.03.24 10:12:13 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXDAhcp.dll
[2009.03.24 10:12:12 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxdaserv.dll
[2009.03.24 10:12:12 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxdausb1.dll
[2009.03.24 10:12:12 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxdapmui.dll
[2009.03.24 10:12:12 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxdalmpm.dll
[2009.03.24 10:12:12 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxdaprox.dll
[2009.03.24 10:12:12 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxdapplc.dll
[2009.03.24 10:12:11 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxdahbn3.dll
[2009.03.24 10:12:11 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxdacoms.exe
[2009.03.24 10:12:11 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxdaih.exe
[2009.03.24 10:12:10 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxdacomc.dll
[2009.03.24 10:12:10 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxdacomm.dll
[2009.03.24 10:12:10 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxdacfg.exe
[2009.03.15 15:54:55 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbuinpa.dll
[2009.03.15 15:54:55 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbuiesc.dll
[2009.03.15 15:54:55 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBUhcp.dll
[2009.03.15 15:54:54 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbuserv.dll
[2009.03.15 15:54:54 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxbuusb1.dll
[2009.03.15 15:54:54 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbuhbn3.dll
[2009.03.15 15:54:54 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbupmui.dll
[2009.03.15 15:54:54 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbulmpm.dll
[2009.03.15 15:54:54 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxbuih.exe
[2009.03.15 15:54:54 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbuprox.dll
[2009.03.15 15:54:54 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbupplc.dll
[2009.03.15 15:54:53 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbucomc.dll
[2009.03.15 15:54:53 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxbucoms.exe
[2009.03.15 15:54:53 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbucomm.dll
[2009.03.15 15:54:53 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxbucfg.exe
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.22 00:10:01 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8CDDE6C4-EA89-4248-B419-D7CD30AC64D1}.job
[2011.04.22 00:08:22 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\HappyMoh\Desktop\OTL.exe
[2011.04.22 00:00:23 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.22 00:00:13 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.22 00:00:13 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.22 00:00:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.22 00:00:00 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.21 23:09:25 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.04.21 22:56:18 | 000,641,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.21 22:56:18 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.21 22:56:18 | 000,116,706 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.21 22:56:18 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.21 22:48:13 | 260,553,405 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.04.21 22:31:19 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~28106528r
[2011.04.21 22:31:19 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~28106528
[2011.04.21 22:31:03 | 000,000,336 | -H-- | M] () -- C:\ProgramData\28106528
[2011.04.21 22:30:57 | 000,487,424 | -H-- | M] () -- C:\ProgramData\28106528.exe
[2011.04.21 22:26:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.21 21:38:53 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.21 21:31:14 | 000,000,400 | -H-- | M] () -- C:\ProgramData\26205984
[2011.04.21 21:29:02 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~26205984r
[2011.04.21 21:29:02 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~26205984
[2011.04.21 21:28:57 | 000,000,589 | -H-- | M] () -- C:\Users\HappyMoh\Desktop\Windows Recovery.lnk
[2011.04.21 19:03:24 | 000,569,344 | -H-- | M] (WinTrust) -- C:\ProgramData\uvEWQXCeAJwf.exe
[2011.04.20 22:49:14 | 000,001,038 | -H-- | M] () -- C:\Users\HappyMoh\Desktop\DVDVideoSoft Free Studio.lnk
[2011.04.19 18:35:42 | 000,001,269 | -H-- | M] () -- C:\ProgramData\lxdf
[2011.04.19 18:29:02 | 000,951,807 | -H-- | M] () -- C:\Users\HappyMoh\Desktop\Kanalplan Wolfcenter.jpg
[2011.04.06 22:17:00 | 000,004,214 | -H-- | M] () -- C:\Users\HappyMoh\Desktop\APF.jpg
[2011.04.06 18:21:18 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.04.04 19:05:52 | 000,790,510 | -H-- | M] () -- C:\Users\HappyMoh\Desktop\HELLER GESAMT.CFI
[2011.04.04 18:05:08 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011.04.04 17:20:03 | 001,473,803 | -H-- | M] () -- C:\Users\HappyMoh\Desktop\HELLER GESAMT.DXF
[2011.03.26 10:26:41 | 000,001,977 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.21 22:31:19 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~28106528r
[2011.04.21 22:31:19 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~28106528
[2011.04.21 22:31:03 | 000,000,336 | -H-- | C] () -- C:\ProgramData\28106528
[2011.04.21 22:30:57 | 000,487,424 | -H-- | C] () -- C:\ProgramData\28106528.exe
[2011.04.21 21:38:53 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.21 21:29:02 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~26205984r
[2011.04.21 21:29:02 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~26205984
[2011.04.21 21:28:57 | 000,000,589 | -H-- | C] () -- C:\Users\HappyMoh\Desktop\Windows Recovery.lnk
[2011.04.21 21:28:10 | 000,000,400 | -H-- | C] () -- C:\ProgramData\26205984
[2011.04.19 18:29:02 | 000,951,807 | -H-- | C] () -- C:\Users\HappyMoh\Desktop\Kanalplan Wolfcenter.jpg
[2011.04.06 22:12:57 | 000,004,214 | -H-- | C] () -- C:\Users\HappyMoh\Desktop\APF.jpg
[2011.04.04 19:05:52 | 000,790,510 | -H-- | C] () -- C:\Users\HappyMoh\Desktop\HELLER GESAMT.CFI
[2011.04.04 18:05:08 | 000,001,893 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011.04.04 17:20:03 | 001,473,803 | -H-- | C] () -- C:\Users\HappyMoh\Desktop\HELLER GESAMT.DXF
[2011.03.04 19:23:44 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXDFPMON.DLL
[2011.03.04 19:23:44 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXDFFXPU.DLL
[2011.03.04 19:23:24 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdfoem.dll
[2011.01.15 11:34:36 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2010.11.02 20:51:09 | 000,348,160 | ---- | C] () -- C:\Windows\System32\lxdfinst.dll
[2010.11.02 20:51:06 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdfgrd.dll
[2010.08.22 11:25:13 | 000,001,269 | -H-- | C] () -- C:\ProgramData\lxdf
[2010.02.14 14:48:55 | 005,640,880 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2010.02.14 14:48:55 | 000,015,341 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2010.01.15 00:58:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.01.07 12:37:25 | 000,024,206 | -H-- | C] () -- C:\Users\HappyMoh\AppData\Roaming\UserTile.png
[2009.12.03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.09.26 13:39:12 | 000,408,576 | ---- | C] () -- C:\Windows\System32\javai.dll
[2009.09.26 13:39:12 | 000,364,032 | ---- | C] () -- C:\Windows\System32\ha312w32.dll
[2009.09.26 13:39:11 | 000,053,317 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2009.09.26 13:39:09 | 000,256,000 | ---- | C] () -- C:\Windows\System32\iflTIFF0.dll
[2009.09.26 13:39:09 | 000,256,000 | ---- | C] () -- C:\Windows\System32\iflTIFF.dll
[2009.09.26 13:39:09 | 000,104,960 | ---- | C] () -- C:\Windows\System32\iflJFIF0.dll
[2009.09.26 13:39:09 | 000,104,960 | ---- | C] () -- C:\Windows\System32\iflJFIF.dll
[2009.09.26 13:39:09 | 000,102,912 | ---- | C] () -- C:\Windows\System32\ifl0.dll
[2009.09.26 13:39:09 | 000,102,400 | ---- | C] () -- C:\Windows\System32\ifl.dll
[2009.09.26 13:39:09 | 000,086,016 | ---- | C] () -- C:\Windows\System32\iflPNG.dll
[2009.09.26 13:39:09 | 000,026,112 | ---- | C] () -- C:\Windows\System32\iflGIF0.dll
[2009.09.26 13:39:09 | 000,026,112 | ---- | C] () -- C:\Windows\System32\iflGIF.dll
[2009.09.26 13:39:09 | 000,019,456 | ---- | C] () -- C:\Windows\System32\iflBMP0.dll
[2009.09.26 13:39:09 | 000,019,456 | ---- | C] () -- C:\Windows\System32\iflBMP.dll
[2009.09.26 13:39:08 | 000,169,221 | ---- | C] () -- C:\Windows\DDS-StartBit.exe
[2009.09.26 13:39:08 | 000,048,128 | ---- | C] () -- C:\Windows\System32\crexpd32.dll
[2009.06.19 20:47:22 | 000,000,092 | -H-- | C] () -- C:\Users\HappyMoh\AppData\Roaming\wklnhst.dat
[2009.03.24 10:13:50 | 000,000,136 | ---- | C] () -- C:\Windows\Lexstat.ini
[2009.03.24 10:12:13 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxdautil.dll
[2009.03.24 10:12:13 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXDAinst.dll
[2009.03.15 15:54:55 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBUinst.dll
[2008.12.22 13:39:47 | 000,067,584 | ---- | C] () -- C:\Windows\System32\SSIREGI.EXE
[2008.12.22 13:39:47 | 000,054,784 | ---- | C] () -- C:\Windows\System32\SSIPDDP.SYS
[2008.12.22 13:38:59 | 000,000,250 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.12.22 13:38:59 | 000,000,090 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008.07.26 18:57:12 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.06.28 22:03:20 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.06.16 18:16:49 | 000,000,680 | -H-- | C] () -- C:\Users\HappyMoh\AppData\Local\d3d9caps.dat
[2008.06.16 17:05:31 | 000,340,480 | ---- | C] () -- C:\Windows\System32\K8062e.exe
[2008.06.16 17:05:31 | 000,322,048 | ---- | C] () -- C:\Windows\System32\Easylase.dll
[2008.06.16 17:05:31 | 000,301,056 | ---- | C] () -- C:\Windows\System32\usbdmxfs.dll
[2008.06.16 17:05:31 | 000,084,992 | ---- | C] () -- C:\Windows\System32\DMX510Vb.dll
[2008.06.16 17:05:31 | 000,049,152 | ---- | C] () -- C:\Windows\System32\EspionDll.dll
[2008.06.16 17:05:31 | 000,042,496 | ---- | C] () -- C:\Windows\System32\K8062D.dll
[2008.06.16 17:05:31 | 000,032,768 | ---- | C] () -- C:\Windows\System32\MPUSBAPI.DLL
[2008.06.16 17:05:31 | 000,017,920 | ---- | C] () -- C:\Windows\System32\usbdmxsi.dll
[2008.06.16 17:05:31 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FASTTime32.dll
[2008.06.16 17:05:30 | 000,262,144 | ---- | C] () -- C:\Windows\System32\dashard2006.dll
[2008.06.16 17:05:30 | 000,110,592 | ---- | C] () -- C:\Windows\System32\usb_dll.dll
[2008.06.16 17:05:30 | 000,110,592 | ---- | C] () -- C:\Windows\System32\dashard.dll
[2008.06.16 17:05:30 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dashardvb.dll
[2008.06.16 17:05:30 | 000,044,544 | ---- | C] () -- C:\Windows\System32\dmx60.dll
[2008.06.16 17:05:30 | 000,044,544 | ---- | C] () -- C:\Windows\System32\dmx120.dll
[2008.06.16 17:05:30 | 000,037,888 | ---- | C] () -- C:\Windows\System32\LPT_dmx.dll
[2008.06.16 17:05:30 | 000,032,768 | ---- | C] () -- C:\Windows\System32\inpout32.dll
[2008.06.16 17:05:30 | 000,003,584 | ---- | C] () -- C:\Windows\System32\drivers\dlportio.sys
[2008.05.26 18:38:32 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.04.30 20:38:07 | 000,098,304 | -H-- | C] () -- C:\Users\HappyMoh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.04.16 15:59:47 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini
[2008.04.01 09:54:43 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008.04.01 09:54:43 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll
[2008.02.11 20:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008.02.11 20:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008.02.11 20:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008.02.11 20:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2007.08.19 17:18:50 | 000,033,440 | ---- | C] () -- C:\Windows\DdsSysOp.exe
[2007.05.24 17:24:26 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxdfdrs.dll
[2007.05.23 05:39:22 | 000,204,476 | ---- | C] () -- C:\Windows\sendmail.exe
[2007.05.23 05:39:20 | 000,227,995 | ---- | C] () -- C:\Windows\DDS-StartBsp.exe
[2007.05.23 05:39:18 | 000,091,136 | ---- | C] () -- C:\Windows\System32\mscomstf.dll
[2007.05.23 05:39:18 | 000,024,064 | ---- | C] () -- C:\Windows\System32\msshlstf.dll
[2007.05.23 05:39:16 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll
[2007.05.22 11:09:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxdfcaps.dll
[2007.05.03 16:50:10 | 000,348,160 | ---- | C] () -- C:\Windows\System32\lxdfcoin.dll
[2007.04.17 11:17:06 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdfcnv4.dll
[2007.04.12 16:07:48 | 008,056,832 | ---- | C] () -- C:\Windows\System32\Lads76.dll
[2007.04.12 16:07:48 | 001,941,558 | ---- | C] () -- C:\Windows\System32\TKTopAlgo.dll
[2007.04.12 16:07:48 | 001,130,550 | ---- | C] () -- C:\Windows\System32\TKService.dll
[2007.04.12 16:07:46 | 003,567,667 | ---- | C] () -- C:\Windows\System32\TKBool.dll
[2007.04.12 16:07:46 | 003,235,895 | ---- | C] () -- C:\Windows\System32\TKGeomBase.dll
[2007.04.12 16:07:46 | 002,977,842 | ---- | C] () -- C:\Windows\System32\TKV3d.dll
[2007.04.12 16:07:46 | 002,064,436 | ---- | C] () -- C:\Windows\System32\TKernel.dll
[2007.04.12 16:07:46 | 001,744,947 | ---- | C] () -- C:\Windows\System32\TKMath.dll
[2007.04.12 16:07:46 | 001,216,561 | ---- | C] () -- C:\Windows\System32\TKBO.dll
[2007.04.12 16:07:46 | 000,872,448 | ---- | C] () -- C:\Windows\System32\iconv.dll
[2007.04.12 16:07:46 | 000,839,730 | ---- | C] () -- C:\Windows\System32\TKG3d.dll
[2007.04.12 16:07:46 | 000,811,061 | ---- | C] () -- C:\Windows\System32\TKOffset.dll
[2007.04.12 16:07:46 | 000,475,186 | ---- | C] () -- C:\Windows\System32\TKV2d.dll
[2007.04.12 16:07:46 | 000,413,696 | ---- | C] () -- C:\Windows\System32\whiptkw.dll
[2007.04.12 16:07:46 | 000,274,497 | ---- | C] () -- C:\Windows\System32\guisys.dll
[2007.04.12 16:07:46 | 000,090,112 | ---- | C] () -- C:\Windows\System32\ifchttpclient.dll
[2007.04.12 16:07:46 | 000,081,920 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2007.04.12 16:07:46 | 000,053,248 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2007.04.12 16:07:44 | 009,334,850 | ---- | C] () -- C:\Windows\System32\edmikit400.dll
[2007.04.12 16:07:44 | 003,375,159 | ---- | C] () -- C:\Windows\System32\TKGeomAlgo.dll
[2007.04.12 16:07:44 | 001,839,157 | ---- | C] () -- C:\Windows\System32\TKFillet.dll
[2007.04.12 16:07:44 | 000,725,043 | ---- | C] () -- C:\Windows\System32\TKBRep.dll
[2007.04.12 16:07:44 | 000,626,738 | ---- | C] () -- C:\Windows\System32\TKHLR.dll
[2007.04.12 16:07:44 | 000,356,402 | ---- | C] () -- C:\Windows\System32\TKG2d.dll
[2007.04.12 16:07:44 | 000,249,907 | ---- | C] () -- C:\Windows\System32\TKPrim.dll
[2007.02.22 19:32:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbucoin.dll
[2007.01.22 09:49:34 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxdacoin.dll
[2006.11.02 17:33:31 | 000,641,344 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,116,706 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,423,848 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,610,142 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,103,924 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:25 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscld.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 09:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006.11.02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006.08.30 15:05:18 | 000,067,584 | ---- | C] () -- C:\Windows\System32\drivers\SSIREGI.EXE
[2006.08.30 15:05:18 | 000,054,784 | ---- | C] () -- C:\Windows\System32\drivers\SSIPDDP.SYS
[2006.08.11 09:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2006.08.01 02:53:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdfvs.dll
[2006.03.27 12:19:20 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdavs.dll
[2005.12.21 17:57:36 | 000,139,264 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll
[2005.12.21 17:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll
[2005.12.21 17:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll
[2005.08.18 07:26:46 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbuvs.dll
[2005.02.24 18:23:50 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbucnv4.dll
[2004.09.23 07:31:30 | 000,000,071 | ---- | C] () -- C:\Windows\System32\FTD2XXUN.ini
[1999.01.22 20:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
 
< End of report >
--- --- ---



hoffe es geht auch irgendwie ohne schritt 2+4.


Ich will auch ein großes Lob aussprechen ....man fühlt sich gleich besser wenn man solch Hilfe bekommt .

Danke

Malwarebytes ist endlich durchgeleufen ..jippie
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
 
Datenbank Version: 6418
 
Windows 6.0.6000
Internet Explorer 7.0.6000.17037
 
22.04.2011 18:42:15
mbam-log-2011-04-22 (18-42-15).txt
 
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 313006
Laufzeit: 1 Stunde(n), 2 Minute(n), 2 Sekunde(n)
 
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 5
 
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
 
Infizierte Verzeichnisse:
c:\Users\HappyMoh\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully.
 
Infizierte Dateien:
c:\_OTL\movedfiles\04222011_103121\c_programdata\uvewqxceajwf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
d:\Musik\Thomas D\vuze 19.5.09\KEYGEN\autodesk architectural desktop 2006 keymaker.exe (Malware.Gen) -> Quarantined and deleted successfully.
c:\Users\HappyMoh\Desktop\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\HappyMoh\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\HappyMoh\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.

kira 22.04.2011 22:34
tja...Keygens & Keymakers:rolleyes:

- Du hast ganz offensichtlich ein Key Generator (auch KeyGen, Keygen oder Keymaker) verwendet, um eine kostenpflichtige Software "kostenlos zu erhalten". Vermutlich hast Du damit gleichzeitig einen gefährlichen Wurm (Viren und andere Schädlinge) auf den Computer geholt.
"Solche Programme" enthalten immer besonders viele und gefährliche Schadprogramme, sollte man die Finger davon lassen!
** Du solltest in so einem Fall mal dein Konsummuster überdenken:twak:
Weil dein Verhalten damit dem deutschen Recht unterliegt, wird den Supprt an dieser Stelle von unsere Seite aus beendet. Also am besten ist es, Du Sicherst deiner Daten und machst eine komplette Neuinstallation des Rechners, das ist der schnellste und sauberste lösung!
Aber wenigstens hast Du dann nach einer Neuinstallation wieder ein sauberes System und hoffentlich hast Du was draus gelernt und in Zukunft lässt die Finger von...

Zitat:
Sinn & Zweck der Sache - Viren Trojaner Würmer:
Ein Wurm, der fast als "guter Wurm" bezeichnet werden kann, zieht durch
das Netz und verbeitet sich über die File-Sharing Netzwerke BearShare, KaZaA
eMule & Co
Der Wurm besitzt unzählige verschiedene Namen bekannter Cracks oder
Keygeneratoren zur illegalen Benutzung von kommerzieller Software. Wer gezielt
nach solchen Dateien sucht, könnte also durchaus auch auf eine Wurmkopie
treffen.
http://www.world-of-smilies.com/wos_...eschlossen.gif


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:42 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19