Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Virus autorun.inf auf Festplatte, externer Festplatte und USB (https://www.trojaner-board.de/95578-virus-autorun-inf-festplatte-externer-festplatte-usb.html)

Debs 10.02.2011 18:54
Virus autorun.inf auf Festplatte, externer Festplatte und USB
 
Hallo ihr Lieben,

wie auch schon einige vor mir habe ich auch ein Problem mit autorun.inf - Antivir meldet ca. alle 5 min, dass der Zugriff auf die Datei zu meiner eigenen Sicherheit blockiert wurde, löschen oder so kann ich aber nichts. Ich gehe also davon aus, dass die Datei, die mittlerweile auch auf meiner externen Festplatte ist, infiziert ist.
Ich habe mir schon durchgelesen, was andere daraufhin tun sollten, aber da immer wieder betont wird, dass man dies nicht blind nachmachen sollte, bitte ich hiermit um eure Hilfe. Da ich nächste Woche in den Urlaub fahre und das Problem gerne vorher beseitigt hätte, wäre ich über schnelle Hilfe dankbar. Aber ich warne euch vor, mit mir muss man, was Computer angeht, idiotensicher reden, ich hab da echt gar keine Ahnung =).

Das Ergebnis von dem aktualisierten Malwarebytes (mit angeschlossener externer Festplatte sowie angeschlossenem USB-Stick) poste ich im Folgenden:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5722

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

10.02.11 18:14
mbam-log-2011-02-10 (18-14-08).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|)
Durchsuchte Objekte: 515676
Laufzeit: 2 Stunde(n), 9 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Vielen, vielen Dank, dass ihr euch die Zeit & Geduld nehmt, mir weiter zu helfen!!!

cosinus 10.02.2011 20:11
Hallo und :hallo:

Deaktivier erstmal die automatische Wiedergabe (auch bekannt als Autorun oder Autoplay):
Für Windows Vista und 7: In der Systemsteuerung kann man für alle Datenträger die automatische Wiedergabe deaktivieren.

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle davon posten. Du findest diese im Reiter Logdateien in Malwarebytes.

Debs 12.02.2011 14:28
Hallo,

Danke für die Antwort, ich habe die automatische Wiedergabe deaktiviert aber Antivir meldet sich immer noch - das Problem scheint also noch nicht gelöst...

Hier noch eine ältere Logdatei von Malwarebytes (ohne angeschlossenen Stick und Festplatte), hab die da genannten infizierten Datein etc. aber bereits gelöscht.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5722

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

10.02.11 01:02
mbam-log-2011-02-10 (01-02-24).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Durchsuchte Objekte: 514602
Laufzeit: 2 Stunde(n), 9 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
c:\program files\application updater\applicationupdater.exe (PUP.Dealio) -> 1696 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Application Updater (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\APPLICATION UPDATER\APPLICATIONUPDATER.EXE (PUP.Dealio) -> Value: APPLICATIONUPDATER.EXE -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio) -> Value: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio) -> Value: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files\application updater\applicationupdater.exe (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\iobit toolbar\IE\4.1\iobittoolbarie.dll (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
c:\program files\iobit toolbar\widgihelper.exe (PUP.Dealio) -> Quarantined and deleted successfully.



Wie kann ich jetzt weiter verfahren?

Danke und liebe Grüße!

cosinus 12.02.2011 15:28
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Debs 12.02.2011 16:02
Ok, ich hab alles so gemacht wie vorgeschlagen. Hier die beiden Outputs:OTL Logfile:
Code:
OTL logfile created on: 12.02.2011 15:56:55 - Run 1
OTL by OldTimer - Version 3.2.20.6    Folder = C:\Users\Deborah\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285,47 Gb Total Space | 126,39 Gb Free Space | 44,28% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,01 Gb Free Space | 50,05% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive G: | 7,52 Gb Total Space | 6,66 Gb Free Space | 88,65% Space Free | Partition Type: FAT32
 
Computer Name: DEBORAH-PC | User Name: Deborah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Deborah\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Hotspot Shield\bin\openvpntray.exe ()
PRC - C:\Programme\Hotspot Shield\bin\openvpnas.exe ()
PRC - C:\Programme\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
PRC - C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Programme\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
PRC - C:\Programme\IObit\IObit Security 360\is360srv.exe (IObit)
PRC - C:\Programme\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE (Software 2000 Limited)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Programme\Protector Suite QL\upeksvr.exe (UPEK Inc.)
PRC - C:\Programme\Protector Suite QL\psqltray.exe (UPEK Inc.)
PRC - C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Windows\System32\PSIService.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Deborah\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) --  File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (HssTrayService) -- C:\Programme\Hotspot Shield\bin\HssTrayService.exe ()
SRV - (HotspotShieldService) -- C:\Programme\Hotspot Shield\bin\openvpnas.exe ()
SRV - (HssWd) -- C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
SRV - (HssSrv) -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (SftService) -- C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
SRV - (IS360service) -- C:\Programme\IObit\IObit Security 360\is360srv.exe (IObit)
SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (PCDSRVC{E9D79540-57D5953E-06020101}_0) -- c:\Programme\Dell Support Center\pcdsrvc.pkms (PC-Doctor, Inc.)
DRV - (HssDrv) -- C:\Windows\System32\drivers\HssDrv.sys (AnchorFree Inc.)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (TcUsb) -- C:\Windows\System32\drivers\tcusb.sys (UPEK Inc.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (ss_mdm) -- C:\Windows\System32\drivers\ss_mdm.sys (MCCI Corporation)
DRV - (ss_mdfl) -- C:\Windows\System32\drivers\ss_mdfl.sys (MCCI Corporation)
DRV - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\Windows\System32\drivers\ss_bus.sys (MCCI Corporation)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.scroogle.org/scrapde8.html [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ixquick.com/deu/#
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.ixquick.com/deu/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: passwordbank@upek.com:5.8.2.6158.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: afurladvisor@anchorfree.com:1.0
FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.4.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..keyword.URL: "hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&fl=1&ei=utf-8&vl=lang_tr&type=382950&p="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 18:27:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 18:27:46 | 000,000,000 | ---D | M]
 
[2010.04.18 15:14:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Deborah\AppData\Roaming\mozilla\Extensions
[2011.02.11 16:17:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Deborah\AppData\Roaming\mozilla\Firefox\Profiles\0rshmfc5.default\extensions
[2010.06.11 12:32:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Deborah\AppData\Roaming\mozilla\Firefox\Profiles\0rshmfc5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.31 20:38:20 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Deborah\AppData\Roaming\mozilla\Firefox\Profiles\0rshmfc5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.01.04 17:58:46 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Deborah\AppData\Roaming\mozilla\Firefox\Profiles\0rshmfc5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.05.18 23:40:45 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Deborah\AppData\Roaming\mozilla\Firefox\Profiles\0rshmfc5.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.05.31 20:38:20 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Deborah\AppData\Roaming\mozilla\Firefox\Profiles\0rshmfc5.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2011.01.04 13:14:56 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Deborah\AppData\Roaming\mozilla\Firefox\Profiles\0rshmfc5.default\extensions\firefox@ghostery.com
[2010.05.31 21:11:34 | 000,000,000 | ---D | M] (Password Bank) -- C:\Users\Deborah\AppData\Roaming\mozilla\Firefox\Profiles\0rshmfc5.default\extensions\passwordbank@upek.com
[2010.04.28 10:11:51 | 000,002,433 | ---- | M] () -- C:\Users\Deborah\AppData\Roaming\Mozilla\Firefox\Profiles\0rshmfc5.default\searchplugins\ixquickde-https.xml
[2011.01.07 18:36:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.06.26 19:02:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.14 21:57:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.20 17:22:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.19 23:44:50 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
[2010.06.26 19:02:29 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.14 21:57:22 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.20 17:22:50 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.19 23:44:50 | 000,000,000 | ---D | M] (afurladvisor) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\AFURLADVISOR@ANCHORFREE.COM
[2010.09.15 02:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.04.01 17:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 17:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.01 17:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.01 17:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.01 17:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Programme\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - Startup: C:\Users\Deborah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 124
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Deborah\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} hxxp://support.microsoft.com/mats/DiagWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Users\Deborah\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Deborah\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.05.02 12:17:50 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - Unable to obtain root file information for disk D:\
O33 - MountPoints2\{5c5476de-59d9-11de-9cee-00059a3c7800}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe NAME-2EC8DAE0A9.vbs
O33 - MountPoints2\{5c5476e8-59d9-11de-9cee-00059a3c7800}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe NAME-2EC8DAE0A9.vbs
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.02.12 15:53:16 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Deborah\Desktop\OTL.exe
[2011.02.09 22:15:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Autorun Eater
[2011.02.09 21:54:35 | 000,000,000 | ---D | C] -- C:\Users\Deborah\AppData\Roaming\Malwarebytes
[2011.02.09 21:54:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.02.09 21:54:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.02.09 21:54:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.02.09 21:54:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.02.09 21:54:27 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.02.08 12:49:18 | 000,000,000 | ---D | C] -- C:\Users\Deborah\Desktop\Wohnungsfotos
[2010.11.20 16:20:21 | 001,740,104 | ---- | C] (Dell Inc) -- C:\Programme\aulauncher.exe
[2009.05.22 11:14:54 | 003,176,168 | ---- | C] (TrueCrypt Foundation) -- C:\Programme\TrueCrypt Setup 6.2.exe
[2009.01.25 11:17:40 | 009,717,767 | ---- | C] (g10 Code GmbH) -- C:\ProgramData\gpg4win-1.1.3.exe
[2009.01.15 17:33:32 | 021,252,470 | ---- | C] (Igor Pavlov) -- C:\ProgramData\tor-im-browser-1.1.7_en-US.exe
[2008.12.22 00:29:05 | 001,305,600 | ---- | C] (Irfan Skiljan) -- C:\ProgramData\iview420_setup.exe
[2008.09.03 14:30:24 | 001,513,984 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\EMPIRESX.EXE
[2008.09.03 14:30:22 | 002,404,352 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\SETUPEXP.DLL
[2008.09.03 14:30:22 | 000,282,682 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\Uninstx.Exe
[2008.09.03 14:30:21 | 000,163,840 | ---- | C] (Microsoft Corp.) -- C:\ProgramData\languagex.dll
[2008.07.07 18:20:26 | 002,919,360 | ---- | C] (Piriform Ltd) -- C:\ProgramData\ccsetup209.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.02.12 15:57:47 | 000,639,210 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.02.12 15:57:47 | 000,604,764 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.02.12 15:57:47 | 000,131,024 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.02.12 15:57:47 | 000,108,096 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.02.12 15:56:35 | 000,087,953 | ---- | M] () -- C:\Users\Deborah\AppData\Roaming\nvModes.001
[2011.02.12 15:53:17 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Deborah\Desktop\OTL.exe
[2011.02.12 15:37:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.02.12 14:27:24 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011.02.12 14:00:58 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.02.12 14:00:47 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.12 14:00:47 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.12 14:00:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.02.12 14:00:36 | 3756,064,768 | -HS- | M] () -- C:\hiberfil.sys
[2011.02.11 19:57:28 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.02.10 22:14:59 | 000,003,974 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2011.02.07 19:29:32 | 000,000,294 | ---- | M] () -- C:\Windows\tasks\Defraggler Volume D Task.job
[2011.02.07 19:20:54 | 000,000,294 | ---- | M] () -- C:\Windows\tasks\Defraggler Volume C Task.job
[2011.02.06 22:44:27 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2011.02.06 18:05:30 | 000,002,631 | ---- | M] () -- C:\Users\Deborah\Desktop\Microsoft Office Word 2007.lnk
[2011.01.31 17:55:15 | 000,045,568 | ---- | M] () -- C:\Users\Deborah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.25 01:14:56 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt
[2011.01.24 03:52:19 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.11.18 21:33:27 | 192,354,232 | ---- | C] () -- C:\Programme\DataSafeLocalBackup_Basic.exe
[2010.11.07 17:02:52 | 005,595,832 | ---- | C] () -- C:\ProgramData\HSS-1.52-install-anchorfree-243-ask3.exe
[2010.10.14 16:31:00 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.10.14 16:30:59 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.10.14 16:30:58 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.10.03 18:56:05 | 000,000,095 | ---- | C] () -- C:\Users\Deborah\AppData\Local\fusioncache.dat
[2010.05.21 15:05:54 | 003,099,648 | ---- | C] () -- C:\Programme\openofficeorg32.msi
[2010.05.21 15:02:28 | 145,988,142 | ---- | C] () -- C:\Programme\openofficeorg1.cab
[2010.05.21 14:07:44 | 000,000,290 | ---- | C] () -- C:\Programme\setup.ini
[2010.02.24 00:43:45 | 000,790,528 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.02.24 00:43:45 | 000,134,144 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.02.17 16:12:14 | 000,000,067 | ---- | C] () -- C:\Windows\DVDRegionFreeLite.INI
[2010.01.20 21:45:58 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth2.dll
[2010.01.20 21:45:57 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth1.dll
[2010.01.20 21:45:57 | 000,000,100 | ---- | C] () -- C:\Windows\System32\prsgrc.dll
[2009.11.24 23:04:56 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2009.11.03 15:12:50 | 000,094,261 | ---- | C] () -- C:\Programme\Erinner-Mich.Gadget
[2009.11.03 15:12:02 | 000,057,490 | ---- | C] () -- C:\Programme\recyclebin.gadget
[2009.10.20 18:12:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.03 13:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.06.09 23:50:06 | 001,327,342 | ---- | C] () -- C:\ProgramData\pidgin-otr-3.2.0-1.exe
[2009.05.22 11:13:20 | 014,355,016 | ---- | C] () -- C:\Programme\pidgin-2.5.6.exe
[2009.04.27 22:56:39 | 011,759,104 | ---- | C] () -- C:\ProgramData\vpnclient-win-msi-5.0.04.0300-k9.exe
[2009.02.01 22:41:08 | 141,125,992 | ---- | C] () -- C:\ProgramData\OOo_3.0.1_Win32Intel_install_de.exe
[2009.02.01 17:00:21 | 001,519,800 | ---- | C] () -- C:\ProgramData\dMC-r10.exe
[2009.02.01 16:59:43 | 001,424,292 | ---- | C] () -- C:\ProgramData\Music Converter.zip
[2009.01.28 19:20:05 | 004,768,473 | ---- | C] () -- C:\ProgramData\Mindmap.exe
[2008.12.24 22:48:08 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2008.12.24 22:40:07 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2008.11.09 16:46:41 | 000,000,146 | ---- | C] () -- C:\Windows\WININIT.INI
[2008.11.09 13:52:16 | 000,000,000 | ---- | C] () -- C:\ProgramData\WinDVD8.exe
[2008.10.21 12:00:27 | 010,708,992 | ---- | C] () -- C:\ProgramData\vpnclient-win-msi-5.0.02.0090-k9.exe
[2008.10.16 16:18:43 | 000,291,988 | ---- | C] () -- C:\Users\Deborah\AppData\Roaming\mdbu.bin
[2008.09.03 14:30:25 | 000,026,690 | ---- | C] () -- C:\ProgramData\EULA.RTF
[2008.09.03 14:30:24 | 000,020,992 | ---- | C] () -- C:\ProgramData\UPDATE.DOC
[2008.09.03 14:30:22 | 000,050,159 | ---- | C] () -- C:\ProgramData\Infox.doc
[2008.08.29 12:58:26 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2008.08.16 16:05:33 | 000,007,592 | ---- | C] () -- C:\Users\Deborah\AppData\Local\d3d9caps.dat
[2008.08.04 17:21:43 | 001,440,047 | ---- | C] () -- C:\ProgramData\wrar371d.exe
[2008.06.07 21:43:12 | 000,105,472 | ---- | C] () -- C:\Windows\System32\mtxoci.dll
[2008.06.04 13:25:45 | 015,895,117 | ---- | C] () -- C:\ProgramData\PDFCreator-0_9_5_setup.exe
[2008.05.02 14:11:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.05.02 12:18:46 | 000,003,974 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008.05.02 12:18:46 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\B16563253E.sys
[2008.05.02 12:09:09 | 000,000,000 | ---- | C] () -- C:\Users\Deborah\AppData\Roaming\wklnhst.dat
[2008.05.02 11:50:04 | 000,087,953 | ---- | C] () -- C:\Users\Deborah\AppData\Roaming\nvModes.001
[2008.05.02 10:42:23 | 000,087,953 | ---- | C] () -- C:\Users\Deborah\AppData\Roaming\nvModes.dat
[2008.05.02 09:58:58 | 000,045,568 | ---- | C] () -- C:\Users\Deborah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.03.14 01:59:15 | 000,167,936 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2008.03.14 01:59:14 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008.02.20 21:44:36 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HPPLVS.dll
[2007.07.25 17:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2006.11.03 18:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:29:11 | 000,027,792 | ---- | C] () -- C:\Windows\System32\compobj.dll
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

< End of report >
--- --- ---













OTL Logfile:
Code:
OTL Extras logfile created on: 12.02.2011 15:56:55 - Run 1
OTL by OldTimer - Version 3.2.20.6    Folder = C:\Users\Deborah\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285,47 Gb Total Space | 126,39 Gb Free Space | 44,28% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,01 Gb Free Space | 50,05% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive G: | 7,52 Gb Total Space | 6,66 Gb Free Space | 88,65% Space Free | Partition Type: FAT32
 
Computer Name: DEBORAH-PC | User Name: Deborah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A5E2B07-51E8-42E8-923A-D4EC0B63759D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1C6ED249-669C-4FD3-B468-A401ECE8769C}" = rport=138 | protocol=17 | dir=out | app=system |
"{4078CB51-F0C7-4D65-A8CF-CE209FEAE5FD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4188D3A5-CB05-4FFC-B1A8-27A5B68DACAA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5FAE9CAC-D976-4B71-A0CD-46A8EA50DAA1}" = lport=445 | protocol=6 | dir=in | app=system |
"{A95C8CC5-69EF-418F-BD0E-53A8F8E65B03}" = rport=139 | protocol=6 | dir=out | app=system |
"{C89511A7-E065-4F02-80F4-2EFAFB1D6759}" = lport=138 | protocol=17 | dir=in | app=system |
"{CDAFA82B-725A-4BA8-BBCA-056D563F8F24}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D767B4D1-B0C9-4598-8C21-940799FCD362}" = rport=445 | protocol=6 | dir=out | app=system |
"{DA83BE3C-D91E-447B-8D93-164483AFD7AC}" = lport=139 | protocol=6 | dir=in | app=system |
"{E43D9368-D3C9-4D71-A506-6B75C8BC5490}" = lport=137 | protocol=17 | dir=in | app=system |
"{F8D356CB-1DC4-4898-843C-6DDBD175FF7A}" = rport=137 | protocol=17 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1368893F-66CD-4DC3-8C49-EA000F7C00E0}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{3327076D-25B0-4CA2-A64B-7878921F9ABE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{37028ED3-1BC5-440F-9094-512DC1400C88}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4CAE09C3-7546-45AD-93AD-E43E38FE6FC6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{54A48AA7-1E97-4C18-B0B7-BD66594F60B5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{664DFE21-C50C-4E9E-9382-0715CD42A03B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7ABCFBE1-9836-4CE8-9C21-41BD2DB91691}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{83739FAF-32BD-4973-ABCF-5ECB8648E962}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9950E4AB-F218-486D-8EB8-AB190047A780}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{A07444AD-59EE-4315-8887-AFCDDD4B155A}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{B2D79687-87A0-428C-9A68-6108D783FA13}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"{D13C6BB2-1843-43D3-827A-D1821F05E572}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{EE211991-AEE7-45D2-9289-545AEB451E32}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F04EE998-637F-4F43-ADC2-22849E86B9E2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F36C9475-DD69-4B9B-BBF3-4E018B01CAAC}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |
"TCP Query User{27AD79EF-666C-435E-948C-C3B8580DD82F}C:\program files\intervideo\dvd8\windvd.exe" = protocol=6 | dir=in | app=c:\program files\intervideo\dvd8\windvd.exe |
"TCP Query User{2A9F0308-5759-42DC-A922-6F3DB2EDDC30}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{35450212-AF91-4FB2-A80D-D9183553E282}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{5CB7A006-32AD-40AB-9A8B-237D0606F418}C:\users\deborah\appdata\local\temp\usmt\migwiz.exe" = protocol=6 | dir=in | app=c:\users\deborah\appdata\local\temp\usmt\migwiz.exe |
"TCP Query User{C7DEE26E-A9DD-4E7B-A5B5-16DE7C72B9D9}C:\program files\pidgin\pidgin.exe" = protocol=6 | dir=in | app=c:\program files\pidgin\pidgin.exe |
"TCP Query User{D57E573F-D331-4108-BD17-15BCF1771AAA}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{02994A71-2B05-4AEE-9672-F281CE458060}C:\users\deborah\appdata\local\temp\usmt\migwiz.exe" = protocol=17 | dir=in | app=c:\users\deborah\appdata\local\temp\usmt\migwiz.exe |
"UDP Query User{34762CED-074E-4F1F-916D-09776811ADCF}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{7041C244-5CC6-4BDE-ACF1-A3C9390D7DD0}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{9A890FAC-CCE7-42FD-849F-D89114E6EDF1}C:\program files\intervideo\dvd8\windvd.exe" = protocol=17 | dir=in | app=c:\program files\intervideo\dvd8\windvd.exe |
"UDP Query User{C7E63BA1-CC9C-4492-B27B-10E275C7EE7B}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{FFF15117-E225-4952-AFEC-06A3EF248A03}C:\program files\pidgin\pidgin.exe" = protocol=17 | dir=in | app=c:\program files\pidgin\pidgin.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2CD82D77-8D1E-44FC-9A90-BBA95AC8D6B7}" = Protector Suite QL 5.8
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C569633-C8DE-46E2-BB8F-F65198681C2F}" = Corel Snapfire
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}" = Cisco Systems VPN Client 5.0.04.0300
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = Benutzerhandbuch
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{64367D02-ADA8-4FA0-B348-27F25C60BC7B}" = muvee autoProducer 5.0
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B8BA496-E201-4246-9A8B-687B49145F53}" = IObit Toolbar v4.1
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.5 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3E3F224-704C-4873-BA3E-0B8D3D4C59E8}" = Samsung PC Studio 3
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Dell Handbuch zum Einstieg
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Advanced Video FX Engine" = Advanced Video FX Engine
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Creative OEM002" = Laptop Integrated Webcam Driver (1.03.02.0719) 
"Defraggler" = Defraggler
"Dell Support Center" = Dell Support Center
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"DivX Setup.divx.com" = DivX-Setup
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.3
"Free Audio Converter_is1" = Free Audio Converter version 2.2
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.5
"Game Booster_is1" = Game Booster
"GPG4Win" = GnuPG For Windows
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (nur entfernen)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HotspotShield" = Hotspot Shield 1.56
"HP LaserJet P1000 series" = HP LaserJet P1000 series
"IObit Security 360_is1" = IObit Security 360
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.4.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"NVIDIA Drivers" = NVIDIA Drivers
"Pidgin" = Pidgin
"pidgin-otr" = pidgin-otr 3.2.0-1
"ProInst" = Intel(R) PROSet/Wireless Software
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"ScummVM_is1" = ScummVM 1.0.0
"Smart Defrag_is1" = Smart Defrag
"TrueCrypt" = TrueCrypt
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.07.2010 11:41:57 | Computer Name = Deborah-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 12.07.2010 11:48:54 | Computer Name = Deborah-PC | Source = Windows Backup | ID = 4103
Description =
 
Error - 12.07.2010 12:06:32 | Computer Name = Deborah-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 12.07.2010 16:52:29 | Computer Name = Deborah-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung javaw.exe, Version 6.0.200.2, Zeitstempel 0x4bc398b3,
 fehlerhaftes Modul awt.dll, Version 6.0.200.2, Zeitstempel 0x4bc3c8d8, Ausnahmecode
 0xc0000005, Fehleroffset 0x000a3614,  Prozess-ID 0xa94, Anwendungsstartzeit 01cb2204229dc690.
 
Error - 12.07.2010 17:31:15 | Computer Name = Deborah-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 13.07.2010 04:30:33 | Computer Name = Deborah-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 13.07.2010 04:30:33 | Computer Name = Deborah-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 14.07.2010 09:24:27 | Computer Name = Deborah-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 14.07.2010 09:24:27 | Computer Name = Deborah-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 14.07.2010 09:27:41 | Computer Name = Deborah-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
[ Dell Events ]
Error - 21.11.2010 05:10:29 | Computer Name = Deborah-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 21.11.2010 05:10:29 | Computer Name = Deborah-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 21.11.2010 05:23:01 | Computer Name = Deborah-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 21.11.2010 05:23:01 | Computer Name = Deborah-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 06.12.2010 08:02:34 | Computer Name = Deborah-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 06.12.2010 08:02:34 | Computer Name = Deborah-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 20.12.2010 13:15:33 | Computer Name = Deborah-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 20.12.2010 13:15:33 | Computer Name = Deborah-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 09.02.2011 16:47:53 | Computer Name = Deborah-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
[ OSession Events ]
Error - 04.06.2008 14:53:55 | Computer Name = Deborah-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 127 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 13.01.2009 10:30:18 | Computer Name = Deborah-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 119
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 13.02.2009 15:35:55 | Computer Name = Deborah-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 832
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 11.02.2011 06:16:01 | Computer Name = Deborah-PC | Source = DCOM | ID = 10016
Description =
 
Error - 11.02.2011 06:16:15 | Computer Name = Deborah-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 12.02.2011 09:00:25 | Computer Name = Deborah-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 12.02.2011 09:00:35 | Computer Name = Deborah-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 12.02.2011 09:01:21 | Computer Name = Deborah-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 12.02.2011 09:01:55 | Computer Name = Deborah-PC | Source = DCOM | ID = 10016
Description =
 
Error - 12.02.2011 09:01:57 | Computer Name = Deborah-PC | Source = DCOM | ID = 10016
Description =
 
Error - 12.02.2011 09:08:44 | Computer Name = Deborah-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
 
Error - 12.02.2011 09:08:44 | Computer Name = Deborah-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
 
Error - 12.02.2011 09:08:44 | Computer Name = Deborah-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
 
 
< End of report >
--- --- ---






Was nun?

Dank dir schonmal Arne!

cosinus 12.02.2011 19:03
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O33 - MountPoints2\{5c5476de-59d9-11de-9cee-00059a3c7800}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe NAME-2EC8DAE0A9.vbs
O33 - MountPoints2\{5c5476e8-59d9-11de-9cee-00059a3c7800}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe NAME-2EC8DAE0A9.vbs
[2009.02.01 17:00:21 | 001,519,800 | ---- | C] () -- C:\ProgramData\dMC-r10.exe
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Debs 12.02.2011 19:21
ok, ich glaub ich hab mich beim ersten Mal dumm angestellt und jetzt hab ich es nochmal richtig mit OTL: und so gemacht, hier die Logdatei:

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c5476de-59d9-11de-9cee-00059a3c7800}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c5476de-59d9-11de-9cee-00059a3c7800}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe NAME-2EC8DAE0A9.vbs not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c5476e8-59d9-11de-9cee-00059a3c7800}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5c5476e8-59d9-11de-9cee-00059a3c7800}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe NAME-2EC8DAE0A9.vbs not found.
C:\ProgramData\dMC-r10.exe moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Deborah
->Temp folder emptied: 277939342 bytes
->Temporary Internet Files folder emptied: 256295 bytes
->Java cache emptied: 22520798 bytes
->FireFox cache emptied: 103479829 bytes
->Flash cache emptied: 4633 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18154928 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 403,00 mb


OTL by OldTimer - Version 3.2.20.6 log created on 02122011_192710

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 12.02.2011 19:34
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Debs 12.02.2011 20:24
Voilá:

Combofix Logfile:
Code:
ComboFix 11-02-12.01 - Deborah 12.02.2011  19:57:38.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3581.2432 [GMT 1:00]
ausgeführt von:: c:\users\Deborah\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: IObit Security 360 *Disabled/Updated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\HSS-1.52-install-anchorfree-243-ask3.exe
c:\programdata\OOo_3.0.1_Win32Intel_install_de.exe
c:\programdata\pidgin-otr-3.2.0-1.exe
c:\programdata\vpnclient-win-msi-5.0.02.0090-k9.exe
c:\programdata\vpnclient-win-msi-5.0.04.0300-k9.exe
c:\programdata\wrar371d.exe
c:\windows\system32\twunk_32.exe
D:\AUTORUN.INF

.
(((((((((((((((((((((((  Dateien erstellt von 2011-01-12 bis 2011-02-12  ))))))))))))))))))))))))))))))
.

2011-02-12 18:21 . 2011-02-12 18:21        --------        d-----w-        C:\_OTL
2011-02-11 10:30 . 2011-01-13 09:41        5890896        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{8C748157-DC2A-4698-971C-6240DAD35312}\mpengine.dll
2011-02-09 21:15 . 2011-02-09 21:22        --------        d-----w-        c:\programdata\Autorun Eater
2011-02-09 20:54 . 2011-02-09 20:54        --------        d-----w-        c:\users\Deborah\AppData\Roaming\Malwarebytes
2011-02-09 20:54 . 2010-12-20 17:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-09 20:54 . 2011-02-09 20:54        --------        d-----w-        c:\programdata\Malwarebytes
2011-02-09 20:54 . 2011-02-09 20:54        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-02-09 20:54 . 2010-12-20 17:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-13 06:39 . 2011-01-07 16:40        135096        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2010-12-13 06:39 . 2011-01-07 16:40        61960        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2010-11-20 15:20 . 2010-11-20 15:20        1740104        ----a-w-        c:\program files\aulauncher.exe
2010-11-18 20:44 . 2010-11-18 20:33        192354232        ----a-w-        c:\program files\DataSafeLocalBackup_Basic.exe
2010-05-21 14:05 . 2010-05-21 14:05        3099648        ----a-w-        c:\program files\openofficeorg32.msi
2009-05-22 10:18 . 2009-05-22 10:14        3176168        ----a-w-        c:\program files\TrueCrypt Setup 6.2.exe
2009-05-22 10:13 . 2009-05-22 10:13        14355016        ----a-w-        c:\program files\pidgin-2.5.6.exe
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-15 2515552]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-04-15 10:33        2515552        ----a-w-        c:\program files\DVDVideoSoftTB\tbDVDV.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-15 2515552]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-15 2515552]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-11-14 10:22        3186440        ----a-w-        c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-11-14 10:22        3186440        ----a-w-        c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2007-11-14 49416]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-07-20 165184]

c:\users\Deborah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-11-14 10:07        96008        ----a-w-        c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37        932288        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-24 09:15        40368        ----a-w-        c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2007-09-07 08:50        159744        ----a-w-        c:\program files\DellTPad\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
2007-07-27 16:43        118784        ----a-w-        c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-25 06:03        17920        ----a-w-        c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-03-21 13:00        174872        ----a-w-        c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-12-20 17:08        443728        ----a-w-        c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-09-28 06:24        8497696        ----a-w-        c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
2007-09-28 06:24        81920        ----a-w-        c:\windows\System32\nvhotkey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-09-28 06:24        81920        ----a-w-        c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2007-09-28 06:24        86016        ----a-w-        c:\windows\System32\nvsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
2007-08-28 05:51        36864        ----a-w-        c:\windows\OEM02Mon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-11-01 15:39        189736        ----a-w-        c:\program files\Dell\MediaDirect\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pidgin]
2009-05-19 21:51        45603        ----a-w-        c:\program files\Pidgin\pidgin.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
2010-11-18 09:39        524288        ----a-w-        c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33        202240        ----a-w-        c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R1 pubucxqr;pubucxqr;c:\windows\system32\drivers\pubucxqr.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 135664]
R3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2010-11-18 21744]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-04-11 19968]
R4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\ianvstor.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-12-03 73728]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-12-13 135336]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-10-15 326704]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]
S2 SftService;SoftThinks Agent Service;c:\program files\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]


--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - avgntflt

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs        REG_MULTI_SZ          BthServ
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
getPlusHelper        REG_MULTI_SZ          getPlusHelper
.
Inhalt des "geplante Tasks" Ordners

2011-02-07 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df.exe [2010-02-12 14:39]

2011-02-07 c:\windows\Tasks\Defraggler Volume D Task.job
- c:\program files\Defraggler\df.exe [2010-02-12 14:39]

2011-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 18:05]

2011-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 18:05]

2011-01-24 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]

2011-02-06 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-07-30 15:08]

2011-02-12 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.ixquick.com/deu/#
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to Mp3 Converter - c:\users\Deborah\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Deborah\AppData\Roaming\Mozilla\Firefox\Profiles\0rshmfc5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ixquick.com/deu/
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&fl=1&ei=utf-8&vl=lang_tr&type=382950&p=
FF - Ext: afurladvisor: afurladvisor@anchorfree.com - c:\program files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Ghostery: firefox@ghostery.com - %profile%\extensions\firefox@ghostery.com
FF - Ext: PasswordBank: passwordbank@upek.com - %profile%\extensions\passwordbank@upek.com
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
------- Dateityp-Verknüpfung -------
.
.txt=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-Corel Photo Downloader - c:\program files\Corel\Corel MediaOne\Corel PhotoDownloader.exe
MSConfigStartUp-Device Detection - c:\program files\fotokasten comfort\dd.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-TrojanScanner - c:\program files\Trojan Remover\Trjscan.exe
AddRemove-{F37167DD-4436-4641-90B6-329D60632DDA} - c:\program files\InstallShield Installation Information\{F37167DD-4436-4641-90B6-329D60632DDA}\Setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-02-12 20:14
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(3060)
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infql2.dll
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Protector Suite QL\upeksvr.exe
c:\windows\system32\WLANExt.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\windows\system32\PSIService.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\STacSV.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\program files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
c:\windows\System32\vds.exe
c:\program files\Windows Media Player\wmplayer.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-02-12  20:22:10 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-02-12 19:22

Vor Suchlauf: 16 Verzeichnis(se), 136.153.989.120 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 135.758.729.216 Bytes frei

- - End Of File - - 68C99688ED0EB9CC8E7A3DA2470DA635
--- --- ---

cosinus 12.02.2011 20:35
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
File::
c:\windows\system32\drivers\pubucxqr.sys

Driver::
pubucxqr
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Debs 12.02.2011 22:55
ok, hier die datei:
Combofix Logfile:
Code:
ComboFix 11-02-12.01 - Deborah 12.02.2011  22:29:53.2.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3581.2401 [GMT 1:00]
ausgeführt von:: c:\users\Deborah\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\users\Deborah\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: IObit Security 360 *Disabled/Updated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\drivers\pubucxqr.sys"
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_pubucxqr


(((((((((((((((((((((((  Dateien erstellt von 2011-01-12 bis 2011-02-12  ))))))))))))))))))))))))))))))
.

2011-02-12 21:43 . 2011-02-12 21:45        --------        d-----w-        c:\users\Deborah\AppData\Local\temp
2011-02-12 18:21 . 2011-02-12 18:21        --------        d-----w-        C:\_OTL
2011-02-11 10:30 . 2011-01-13 09:41        5890896        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{8C748157-DC2A-4698-971C-6240DAD35312}\mpengine.dll
2011-02-09 21:15 . 2011-02-09 21:22        --------        d-----w-        c:\programdata\Autorun Eater
2011-02-09 20:54 . 2011-02-09 20:54        --------        d-----w-        c:\users\Deborah\AppData\Roaming\Malwarebytes
2011-02-09 20:54 . 2010-12-20 17:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-09 20:54 . 2011-02-09 20:54        --------        d-----w-        c:\programdata\Malwarebytes
2011-02-09 20:54 . 2011-02-09 20:54        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-02-09 20:54 . 2010-12-20 17:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-13 06:39 . 2011-01-07 16:40        135096        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2010-12-13 06:39 . 2011-01-07 16:40        61960        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2010-11-20 15:20 . 2010-11-20 15:20        1740104        ----a-w-        c:\program files\aulauncher.exe
2010-11-18 20:44 . 2010-11-18 20:33        192354232        ----a-w-        c:\program files\DataSafeLocalBackup_Basic.exe
2010-05-21 14:05 . 2010-05-21 14:05        3099648        ----a-w-        c:\program files\openofficeorg32.msi
2009-05-22 10:18 . 2009-05-22 10:14        3176168        ----a-w-        c:\program files\TrueCrypt Setup 6.2.exe
2009-05-22 10:13 . 2009-05-22 10:13        14355016        ----a-w-        c:\program files\pidgin-2.5.6.exe
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-15 2515552]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-04-15 10:33        2515552        ----a-w-        c:\program files\DVDVideoSoftTB\tbDVDV.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-15 2515552]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-15 2515552]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-11-14 10:22        3186440        ----a-w-        c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-11-14 10:22        3186440        ----a-w-        c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2007-11-14 49416]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-07-20 165184]

c:\users\Deborah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-11-14 10:07        96008        ----a-w-        c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37        932288        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-24 09:15        40368        ----a-w-        c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2007-09-07 08:50        159744        ----a-w-        c:\program files\DellTPad\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
2007-07-27 16:43        118784        ----a-w-        c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-25 06:03        17920        ----a-w-        c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-03-21 13:00        174872        ----a-w-        c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-12-20 17:08        443728        ----a-w-        c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-09-28 06:24        8497696        ----a-w-        c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
2007-09-28 06:24        81920        ----a-w-        c:\windows\System32\nvhotkey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-09-28 06:24        81920        ----a-w-        c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2007-09-28 06:24        86016        ----a-w-        c:\windows\System32\nvsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
2007-08-28 05:51        36864        ----a-w-        c:\windows\OEM02Mon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-11-01 15:39        189736        ----a-w-        c:\program files\Dell\MediaDirect\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pidgin]
2009-05-19 21:51        45603        ----a-w-        c:\program files\Pidgin\pidgin.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
2010-11-18 09:39        524288        ----a-w-        c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33        202240        ----a-w-        c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 135664]
R3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2010-11-18 21744]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-04-11 19968]
R4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\ianvstor.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-12-03 73728]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-12-13 135336]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-10-15 326704]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]
S2 SftService;SoftThinks Agent Service;c:\program files\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]


--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - avgntflt

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs        REG_MULTI_SZ          BthServ
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
getPlusHelper        REG_MULTI_SZ          getPlusHelper
.
Inhalt des "geplante Tasks" Ordners

2011-02-07 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df.exe [2010-02-12 14:39]

2011-02-07 c:\windows\Tasks\Defraggler Volume D Task.job
- c:\program files\Defraggler\df.exe [2010-02-12 14:39]

2011-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 18:05]

2011-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 18:05]

2011-01-24 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]

2011-02-12 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.ixquick.com/deu/#
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to Mp3 Converter - c:\users\Deborah\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Deborah\AppData\Roaming\Mozilla\Firefox\Profiles\0rshmfc5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ixquick.com/deu/
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&fl=1&ei=utf-8&vl=lang_tr&type=382950&p=
FF - Ext: afurladvisor: afurladvisor@anchorfree.com - c:\program files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Ghostery: firefox@ghostery.com - %profile%\extensions\firefox@ghostery.com
FF - Ext: PasswordBank: passwordbank@upek.com - %profile%\extensions\passwordbank@upek.com
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.

**************************************************************************
Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien:

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(2940)
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infql2.dll
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Protector Suite QL\upeksvr.exe
c:\windows\system32\WLANExt.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\windows\system32\PSIService.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\STacSV.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\windows\system32\conime.exe
c:\program files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
c:\windows\System32\vds.exe
c:\program files\Windows Media Player\wmplayer.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-02-12  22:54:06 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-02-12 21:53
ComboFix2.txt  2011-02-12 19:22

Vor Suchlauf: 22 Verzeichnis(se), 135.762.735.104 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 135.622.991.872 Bytes frei

- - End Of File - - 430449FCAE901710EAF52A919656BC4F
--- --- ---

cosinus 13.02.2011 20:26
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur einige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Debs 13.02.2011 23:06
Ok, hier die Ergebnisse:

GMER:
GMER Logfile:
Code:
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-02-13 22:50:49
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 SAMSUNG_ rev.2SS0
Running: tqltez1p.exe; Driver: C:\Users\Deborah\AppData\Local\Temp\uwrdifog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text          C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                                                                section is writeable [0x90006360, 0x359BA2, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text          C:\Windows\system32\SLsvc.exe[1292] ntdll.dll!NtCreateKey                                                                                                774B4414 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\SLsvc.exe[1292] ntdll.dll!NtCreateKey + 4                                                                                            774B4418 2 Bytes  [17, 5F] {POP SS; POP EDI}
.text          C:\Windows\system32\SLsvc.exe[1292] ntdll.dll!NtSetValueKey                                                                                              774B5454 3 Bytes  [FF, 25, 1E]
.text          C:\Windows\system32\SLsvc.exe[1292] ntdll.dll!NtSetValueKey + 4                                                                                          774B5458 2 Bytes  [14, 5F] {ADC AL, 0x5f}
.text          C:\Windows\system32\SLsvc.exe[1292] kernel32.dll!CreateProcessW                                                                                          76571BF3 6 Bytes  JMP 5F0D0F5A
.text          C:\Windows\system32\SLsvc.exe[1292] kernel32.dll!CreateProcessA                                                                                          76571C28 6 Bytes  JMP 5F0A0F5A
.text          C:\Windows\system32\SLsvc.exe[1292] kernel32.dll!LoadLibraryExW                                                                                          76599109 6 Bytes  JMP 5F070F5A
.text          C:\Windows\system32\SLsvc.exe[1292] ADVAPI32.dll!CreateProcessAsUserW                                                                                    75CA1EE9 6 Bytes  JMP 5F100F5A
.text          C:\Windows\system32\SLsvc.exe[1292] ADVAPI32.dll!CreateServiceW                                                                                          75CC9EB4 6 Bytes  JMP 5F1C0F5A
.text          C:\Windows\system32\SLsvc.exe[1292] ADVAPI32.dll!CreateProcessWithLogonW                                                                                75CE80C1 6 Bytes  JMP 5F040F5A
.text          C:\Windows\system32\SLsvc.exe[1292] ADVAPI32.dll!CreateServiceA                                                                                          75D072A1 6 Bytes  JMP 5F190F5A

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                                fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4ce4dd28                                                                             
Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4ce4dd28@00124764245f                                                                0xBD 0x51 0xEA 0x9E ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4ce4dd28@0021d2fd3e3f                                                                0x60 0x7D 0xB7 0x0D ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4ce4dd28@000fdea213f1                                                                0xD7 0x48 0x92 0x05 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e4ce4dd28 (not active ControlSet)                                                         
Reg            HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e4ce4dd28@00124764245f                                                                    0xBD 0x51 0xEA 0x9E ...
Reg            HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e4ce4dd28@0021d2fd3e3f                                                                    0x60 0x7D 0xB7 0x0D ...
Reg            HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e4ce4dd28@000fdea213f1                                                                    0xD7 0x48 0x92 0x05 ...
Reg            HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71AA66D8F45DAB34B9A2CAD90C0879A2@55EEFB3E2E930EB49B6698EF8583221C  C:\ProgramData\SupportSoft\DellSupportCenter\_default\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\d94f00b5-5f6c-4985-9908-e7b2e6c37046.13\d94f00b5-5f6c-4985-9908-e7b2e6c37046.13.xml

---- EOF - GMER 1.0.15 ----
--- --- ---


OSAM:
OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 23:03:35 on 13.02.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.13

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"PCDoctorBackgroundMonitorTask.job" - "PC-Doctor, Inc." - C:\Program Files\Dell Support Center\uaclauncher.exe
"Defraggler Volume C Task.job" - "Piriform Ltd" - C:\Program Files\Defraggler\df.exe
"Defraggler Volume D Task.job" - "Piriform Ltd" - C:\Program Files\Defraggler\df.exe
"SystemToolsDailyTest.job" - "PC-Doctor, Inc." - C:\Program Files\Dell Support Center\pcdrcui.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"iPROSet.cpl" - "Intel Corporation" - C:\Windows\system32\iPROSet.cpl
"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"PROSet Tools" - "Intel Corporation" - C:\Windows\System32\iPROSet.cpl
"ProtectorSuiteInfoPanel" - "UPEK Inc." - C:\Program Files\Protector Suite QL\infopnl.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\cofi\catchme.sys  (File not found)
"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\Windows\system32\Drivers\CVPNDRVA.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver" (PCDSRVC{E9D79540-57D5953E-06020101}_0) - "PC-Doctor, Inc." - c:\program files\dell support center\pcdsrvc.pkms
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)
"truecrypt" (truecrypt) - "TrueCrypt Foundation" - C:\Windows\System32\drivers\truecrypt.sys
"uwrdifog" (uwrdifog) - ? - C:\Users\Deborah\AppData\Local\Temp\uwrdifog.sys  (Hidden registry entry, rootkit activity | File not found)
"WimFltr" (WimFltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimfltr.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{94586423-855F-4EB2-9F6A-D9DA5658DBE3} "Context menu" - ? - C:\PROGRA~1\FREEM4~1\m4a_menu.dll  (File found, but it contains no detailed information)
{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} "dBpowerAMP Music Converter" - ? -  (File not found | COM-object registry key not found)
{FED7043D-346A-414D-ACD7-550D052499A7} "dBpowerAMP Music Converter 1" - ? -  (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{9AFDE8D6-200C-4b41-A5FC-B7251DFD1A8E} "Safearchive ContextMenu Class" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll
{E6D7D89A-2232-446d-8A0F-D0F9B06DB1CA} "Safearchive ExtractIcon Class" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll
{66C99756-1C92-4d3e-BA69-9400A6F731F5} "Safearchive PropertySheetHandler Class" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll
{055EF591-5C38-49a0-9BDA-51B1D69D0BF4} "Safearchive ShellFolder Class" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" - "XSS" - C:\Program Files\Dell DataSafe Local Backup\COMPONENTS\PROTECTRP\Shellvrtf.dll
{52B87208-9CCF-42C9-B88E-069281105805} "Trojan Remover Shell Extension" - ? -  (File not found | COM-object registry key not found)
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{A3256902-51FA-45A0-8A97-FC1143C169D9} "Diagnostics ActiveX WebControl" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\DiagWAPI.dll / hxxp://support.microsoft.com/mats/DiagWebControl.cab
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} "Java Plug-in 1.6.0" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{CA6319C0-31B7-401E-A518-A07C3DB8F777} "CBrowserHelperObject Object" - "Dell Inc." - C:\Program Files\Dell\BAE\BAE.dll
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Sign-in Helper" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -  (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Users\Deborah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"QuickSet.lnk" - "Dell Inc." - C:\Program Files\Dell\QuickSet\quickset.exe  (Shortcut exists | File exists)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"PSQLLauncher" - "UPEK Inc." - "C:\Program Files\Protector Suite QL\launcher.exe" /startup
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce )-----
"Launcher" - "Softthinks" - C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##" (Bonjour Service) - "Apple Computer, Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101" (getPlusHelper) - "NOS Microsystems Ltd." - C:\Program Files\NOS\bin\getPlus_Helper.dll
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Hotspot Shield Monitoring Service" (HssWd) - ? - C:\Program Files\Hotspot Shield\bin\hsswd.exe  (File found, but it contains no detailed information)
"Hotspot Shield Routing Service" (HssSrv) - ? - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
"Hotspot Shield Service" (HotspotShieldService) - ? - C:\Program Files\Hotspot Shield\bin\openvpnas.exe  (File found, but it contains no detailed information)
"Hotspot Shield Tray Service" (HssTrayService) - ? - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE  (File found, but it contains no detailed information)
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel Corporation" - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel Corporation" - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
"IS360service" (IS360service) - "IObit" - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"ProtexisLicensing" (ProtexisLicensing) - ? - C:\Windows\system32\PSIService.exe
"SoftThinks Agent Service" (SftService) - "SoftThinks SAS" - C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE
"SupportSoft Sprocket Service (dellsupportcenter)" (sprtsvc_dellsupportcenter) - ? - C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter  (File not found)

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"GinaDLL" - "UPEK Inc." - C:\Windows\system32\vrlogon.dll
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"psfus" - "UPEK Inc." - C:\Windows\system32\psqlpwd.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Computer, Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru


MBR Check:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: XPS M1530
Logical Drives Mask: 0x0000005c

Kernel Drivers (total 161):
0x82410000 \SystemRoot\system32\ntkrnlpa.exe
0x827C9000 \SystemRoot\system32\hal.dll
0x80400000 \SystemRoot\system32\kdcom.dll
0x80407000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80477000 \SystemRoot\system32\PSHED.dll
0x80488000 \SystemRoot\system32\BOOTVID.dll
0x80490000 \SystemRoot\system32\CLFS.SYS
0x804D1000 \SystemRoot\system32\CI.dll
0x8060D000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80689000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80696000 \SystemRoot\system32\drivers\acpi.sys
0x806DC000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E5000 \SystemRoot\system32\drivers\msisadrv.sys
0x806ED000 \SystemRoot\system32\drivers\pci.sys
0x80714000 \SystemRoot\System32\drivers\partmgr.sys
0x80723000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80726000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80730000 \SystemRoot\system32\drivers\volmgr.sys
0x8073F000 \SystemRoot\System32\drivers\volmgrx.sys
0x80789000 \SystemRoot\system32\DRIVERS\intelide.sys
0x80790000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8079E000 \SystemRoot\system32\drivers\pciide.sys
0x807A5000 \SystemRoot\System32\drivers\mountmgr.sys
0x82A0A000 \SystemRoot\system32\drivers\iastorv.sys
0x82AAA000 \SystemRoot\system32\drivers\iastor.sys
0x82B71000 \SystemRoot\system32\drivers\atapi.sys
0x82B79000 \SystemRoot\system32\drivers\ataport.SYS
0x82B97000 \SystemRoot\system32\drivers\fltmgr.sys
0x82BC9000 \SystemRoot\system32\drivers\fileinfo.sys
0x82BD9000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8BA0E000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8BA7F000 \SystemRoot\system32\drivers\ndis.sys
0x8BB8A000 \SystemRoot\system32\drivers\msrpc.sys
0x8BBB5000 \SystemRoot\system32\drivers\NETIO.SYS
0x8BC04000 \SystemRoot\System32\drivers\tcpip.sys
0x8BCEE000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8BE09000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8BF19000 \SystemRoot\system32\drivers\volsnap.sys
0x8BF52000 \SystemRoot\System32\Drivers\spldr.sys
0x8BF5A000 \SystemRoot\System32\Drivers\mup.sys
0x8BF69000 \SystemRoot\System32\drivers\ecache.sys
0x8BF90000 \SystemRoot\system32\drivers\disk.sys
0x8BFA1000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8BFC2000 \SystemRoot\system32\drivers\crcdisk.sys
0x8BFD8000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8BFE3000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8BFEC000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x90006000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x9074B000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x907EC000 \SystemRoot\System32\drivers\watchdog.sys
0x8BFCB000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8BD09000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8BD47000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8BD56000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x90808000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x90A31000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x90A41000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x90A4F000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x90A69000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x90A78000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x90A8C000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x90ADD000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x90AF0000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x90B1C000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x90B27000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x90B32000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x90B4A000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x90B4E000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x90B57000 \SystemRoot\system32\DRIVERS\dne2000.sys
0x90B75000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x90BA4000 \SystemRoot\system32\DRIVERS\storport.sys
0x90BE5000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x90BF0000 \SystemRoot\system32\DRIVERS\HssDrv.sys
0x8BDE3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8BBF0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x807B5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x82BE2000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x807D8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x805B1000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x90800000 \SystemRoot\system32\DRIVERS\CVirtA.sys
0x907F8000 \SystemRoot\system32\DRIVERS\taphss.sys
0x807EC000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90802000 \SystemRoot\system32\DRIVERS\swenum.sys
0x805C6000 \SystemRoot\system32\DRIVERS\ks.sys
0x8BA00000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x82BF1000 \SystemRoot\system32\DRIVERS\umbus.sys
0x90E05000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x90E3A000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x90E4B000 \SystemRoot\system32\drivers\stwrt.sys
0x90EA0000 \SystemRoot\system32\drivers\portcls.sys
0x90ECD000 \SystemRoot\system32\drivers\drmk.sys
0x90EF2000 \SystemRoot\System32\Drivers\tcusb.sys
0x90EFD000 \SystemRoot\System32\Drivers\USBD.SYS
0x90EFF000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x90F16000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x90F2B000 \SystemRoot\system32\DRIVERS\OEM02Dev.sys
0x90F65000 \SystemRoot\system32\DRIVERS\OEM02Vfx.sys
0x90F67000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x90F70000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x90F80000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x90F87000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x90F90000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x90F99000 \SystemRoot\System32\Drivers\Null.SYS
0x90FA0000 \SystemRoot\System32\Drivers\Beep.SYS
0x90FA7000 \SystemRoot\System32\drivers\vga.sys
0x90FB3000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x90FD4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x90FDC000 \SystemRoot\system32\drivers\rdpencdd.sys
0x90FE4000 \SystemRoot\System32\Drivers\Msfs.SYS
0x90FEF000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8BE00000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x91C0D000 \SystemRoot\system32\DRIVERS\tdx.sys
0x91C23000 \SystemRoot\system32\DRIVERS\smb.sys
0x91C37000 \SystemRoot\system32\drivers\afd.sys
0x91C7F000 \SystemRoot\System32\DRIVERS\netbt.sys
0x91CB1000 \SystemRoot\system32\DRIVERS\pacer.sys
0x91CC7000 \SystemRoot\system32\DRIVERS\netbios.sys
0x91CD5000 \SystemRoot\System32\Drivers\StarOpen.SYS
0x91CDB000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x91CEE000 \SystemRoot\System32\drivers\truecrypt.sys
0x91D22000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x91D2A000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x91D30000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x91D6C000 \SystemRoot\system32\drivers\nsiproxy.sys
0x91D76000 \SystemRoot\System32\Drivers\dfsc.sys
0x91D8D000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x91DB3000 \SystemRoot\System32\Drivers\fastfat.SYS
0x91DDB000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x98A50000 \SystemRoot\System32\win32k.sys
0x91C00000 \SystemRoot\System32\drivers\Dxapi.sys
0x91DF1000 \SystemRoot\system32\DRIVERS\monitor.sys
0x98C70000 \SystemRoot\System32\TSDDD.dll
0x98C90000 \SystemRoot\System32\cdd.dll
0x98CA0000 \SystemRoot\System32\ATMFD.DLL
0x9EE02000 \SystemRoot\system32\drivers\luafv.sys
0x9EE25000 \SystemRoot\system32\drivers\spsys.sys
0x9EED5000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9EEE5000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9EF0F000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9EF19000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9EF2C000 \SystemRoot\system32\drivers\HTTP.sys
0x9EF99000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9EFB6000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9EFCF000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA240B000 \SystemRoot\system32\drivers\mrxdav.sys
0xA242C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA244B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA2484000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA249C000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA24C3000 \SystemRoot\System32\DRIVERS\srv.sys
0xA2529000 \??\C:\Windows\system32\Drivers\CVPNDRVA.sys
0xA25B9000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xA4002000 \SystemRoot\system32\drivers\peauth.sys
0xA40E0000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA40EA000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA40F6000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA410B000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xA411D000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xA413A000 \??\c:\program files\dell support center\pcdsrvc.pkms
0xA4140000 \??\C:\Users\Deborah\AppData\Local\Temp\uwrdifog.sys
0x77450000 \Windows\System32\ntdll.dll

Processes (total 78):
0 System Idle Process
4 System
480 C:\Windows\System32\smss.exe
612 csrss.exe
664 C:\Windows\System32\wininit.exe
672 csrss.exe
708 C:\Windows\System32\services.exe
724 C:\Windows\System32\lsass.exe
732 C:\Windows\System32\lsm.exe
884 C:\Windows\System32\svchost.exe
892 C:\Windows\System32\winlogon.exe
964 C:\Windows\System32\svchost.exe
1000 C:\Windows\System32\svchost.exe
1064 C:\Windows\System32\svchost.exe
1092 C:\Windows\System32\svchost.exe
1108 C:\Windows\System32\svchost.exe
1208 C:\Windows\System32\audiodg.exe
1268 C:\Windows\System32\svchost.exe
1292 C:\Windows\System32\SLsvc.exe
1376 C:\Windows\System32\svchost.exe
1536 C:\Windows\System32\svchost.exe
1592 C:\Program Files\Protector Suite QL\upeksvr.exe
1924 C:\Windows\System32\spoolsv.exe
1944 C:\Windows\System32\wlanext.exe
124 C:\Program Files\Avira\AntiVir Desktop\sched.exe
312 C:\Windows\System32\svchost.exe
1676 C:\Windows\System32\AEstSrv.exe
1788 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1732 C:\Program Files\Bonjour\mDNSResponder.exe
1804 C:\Windows\System32\svchost.exe
1952 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
2040 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
352 C:\Program Files\Hotspot Shield\bin\openvpnas.exe
1472 C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
1672 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2072 C:\Program Files\Hotspot Shield\bin\hsswd.exe
2088 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2140 C:\Program Files\IObit\IObit Security 360\is360srv.exe
2312 C:\Windows\System32\svchost.exe
2472 C:\Windows\System32\PSIService.exe
2492 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
2540 C:\Program Files\Dell DataSafe Local Backup\SftService.exe
2560 C:\Windows\System32\stacsv.exe
2644 C:\Windows\System32\svchost.exe
2680 C:\Windows\System32\svchost.exe
2736 C:\Windows\System32\SearchIndexer.exe
2960 WUDFHost.exe
3708 C:\Windows\System32\taskeng.exe
3728 C:\Windows\System32\dwm.exe
3784 WmiPrvSE.exe
3864 C:\Windows\explorer.exe
3940 C:\Windows\System32\taskeng.exe
3400 HP1006MC.EXE
3452 C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
4008 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
764 C:\Program Files\Windows Sidebar\sidebar.exe
4052 C:\Program Files\Protector Suite QL\psqltray.exe
3876 C:\Windows\ehome\ehtray.exe
3376 C:\Program Files\Windows Media Player\wmpnscfg.exe
2480 C:\Program Files\Windows Media Player\wmpnetwk.exe
1264 C:\Program Files\Dell\QuickSet\quickset.exe
5176 C:\Program Files\Windows Sidebar\sidebar.exe
5232 C:\Windows\ehome\ehmsas.exe
5244 C:\Windows\System32\conime.exe
5408 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
6128 C:\Windows\System32\svchost.exe
5268 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
3052 C:\Windows\System32\mobsync.exe
2712 C:\Windows\System32\sdclt.exe
4788 C:\Users\Deborah\Desktop\tqltez1p.exe
556 C:\Program Files\Mozilla Firefox\firefox.exe
5432 C:\Program Files\Mozilla Firefox\plugin-container.exe
5156 C:\Users\Deborah\Desktop\osam.exe
2860 C:\Windows\System32\SearchProtocolHost.exe
3572 C:\Windows\System32\SearchFilterHost.exe
4012 dllhost.exe
3612 dllhost.exe
5968 C:\Users\Deborah\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`87600000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`07600000 (NTFS)

PhysicalDrive0 Model Number: <error opening>

Size Device Name MBR Status
--------------------------------------------
ERROR Opening: \\.\PhysicalDrive0 (32)


Done!

cosinus 14.02.2011 09:03
Zitat:
ERROR Opening: \\.\PhysicalDrive0 (32)
Hast du MBRCheck als Admin ausgeführt über Rechtsklick?

Debs 14.02.2011 15:13
Ich war der Meinung, dass ich es als Admin ausgeführt habe... Hier auf jeden Fall nochmal die Ergebnisse, dieses Mal garantiert als Admin ausgeführt:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: XPS M1530
Logical Drives Mask: 0x0000005c

Kernel Drivers (total 158):
0x8241E000 \SystemRoot\system32\ntkrnlpa.exe
0x827D7000 \SystemRoot\system32\hal.dll
0x8040D000 \SystemRoot\system32\kdcom.dll
0x80414000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80484000 \SystemRoot\system32\PSHED.dll
0x80495000 \SystemRoot\system32\BOOTVID.dll
0x8049D000 \SystemRoot\system32\CLFS.SYS
0x804DE000 \SystemRoot\system32\CI.dll
0x80605000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80681000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068E000 \SystemRoot\system32\drivers\acpi.sys
0x806D4000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806DD000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E5000 \SystemRoot\system32\drivers\pci.sys
0x8070C000 \SystemRoot\System32\drivers\partmgr.sys
0x8071B000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8071E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80728000 \SystemRoot\system32\drivers\volmgr.sys
0x80737000 \SystemRoot\System32\drivers\volmgrx.sys
0x80781000 \SystemRoot\system32\DRIVERS\intelide.sys
0x80788000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x80796000 \SystemRoot\system32\drivers\pciide.sys
0x8079D000 \SystemRoot\System32\drivers\mountmgr.sys
0x82A0C000 \SystemRoot\system32\drivers\iastorv.sys
0x82AAC000 \SystemRoot\system32\drivers\iastor.sys
0x82B73000 \SystemRoot\system32\drivers\atapi.sys
0x82B7B000 \SystemRoot\system32\drivers\ataport.SYS
0x82B99000 \SystemRoot\system32\drivers\fltmgr.sys
0x82BCB000 \SystemRoot\system32\drivers\fileinfo.sys
0x82BDB000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8BA03000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8BA74000 \SystemRoot\system32\drivers\ndis.sys
0x8BB7F000 \SystemRoot\system32\drivers\msrpc.sys
0x8BBAA000 \SystemRoot\system32\drivers\NETIO.SYS
0x8BC02000 \SystemRoot\System32\drivers\tcpip.sys
0x8BCEC000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8BE0C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8BF1C000 \SystemRoot\system32\drivers\volsnap.sys
0x8BF55000 \SystemRoot\System32\Drivers\spldr.sys
0x8BF5D000 \SystemRoot\System32\Drivers\mup.sys
0x8BF6C000 \SystemRoot\System32\drivers\ecache.sys
0x8BF93000 \SystemRoot\system32\drivers\disk.sys
0x8BFA4000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8BFC5000 \SystemRoot\system32\drivers\crcdisk.sys
0x8BFDB000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8BFE6000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8BFEF000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x90A0F000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x91154000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x90A00000 \SystemRoot\System32\drivers\watchdog.sys
0x911F5000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8BD07000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8BD45000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8BD54000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x91201000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x9142A000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x9143A000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x91448000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x91462000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x91471000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x91485000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x914D6000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x914E9000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x91515000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x91520000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x9152B000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x91543000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x91547000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x91550000 \SystemRoot\system32\DRIVERS\dne2000.sys
0x9156E000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x9159D000 \SystemRoot\system32\DRIVERS\storport.sys
0x915DE000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x915E9000 \SystemRoot\system32\DRIVERS\HssDrv.sys
0x8BDE1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8BE00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x807AD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8BBE5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x82BE4000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x807D0000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x915F9000 \SystemRoot\system32\DRIVERS\CVirtA.sys
0x8BFCE000 \SystemRoot\system32\DRIVERS\taphss.sys
0x807E5000 \SystemRoot\system32\DRIVERS\termdd.sys
0x915FB000 \SystemRoot\system32\DRIVERS\swenum.sys
0x805BE000 \SystemRoot\system32\DRIVERS\ks.sys
0x8BBF4000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x805E8000 \SystemRoot\system32\DRIVERS\umbus.sys
0x91605000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x9163A000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x9164B000 \SystemRoot\system32\drivers\stwrt.sys
0x916A0000 \SystemRoot\system32\drivers\portcls.sys
0x916CD000 \SystemRoot\system32\drivers\drmk.sys
0x916F2000 \SystemRoot\System32\Drivers\tcusb.sys
0x916FD000 \SystemRoot\System32\Drivers\USBD.SYS
0x916FF000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x91716000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x9172B000 \SystemRoot\system32\DRIVERS\OEM02Dev.sys
0x91765000 \SystemRoot\system32\DRIVERS\OEM02Vfx.sys
0x91767000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x91770000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x91779000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x91789000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x91790000 \SystemRoot\System32\Drivers\Null.SYS
0x91797000 \SystemRoot\System32\Drivers\Beep.SYS
0x917A7000 \SystemRoot\System32\drivers\vga.sys
0x917B3000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x917D4000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x917DD000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x917E5000 \SystemRoot\system32\drivers\rdpencdd.sys
0x917ED000 \SystemRoot\System32\Drivers\Msfs.SYS
0x92602000 \SystemRoot\System32\Drivers\Npfs.SYS
0x92610000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x92619000 \SystemRoot\system32\DRIVERS\tdx.sys
0x9262F000 \SystemRoot\system32\DRIVERS\smb.sys
0x92643000 \SystemRoot\system32\drivers\afd.sys
0x9268B000 \SystemRoot\System32\DRIVERS\netbt.sys
0x926BD000 \SystemRoot\system32\DRIVERS\pacer.sys
0x926D3000 \SystemRoot\system32\DRIVERS\netbios.sys
0x926E1000 \SystemRoot\System32\Drivers\StarOpen.SYS
0x926E7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x926FA000 \SystemRoot\System32\drivers\truecrypt.sys
0x9272E000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x92734000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x92770000 \SystemRoot\system32\drivers\nsiproxy.sys
0x9277A000 \SystemRoot\System32\Drivers\dfsc.sys
0x92791000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x927B7000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x927BF000 \SystemRoot\System32\Drivers\fastfat.SYS
0x927E7000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x998B0000 \SystemRoot\System32\win32k.sys
0x82A00000 \SystemRoot\System32\drivers\Dxapi.sys
0x9A406000 \SystemRoot\system32\DRIVERS\monitor.sys
0x99AD0000 \SystemRoot\System32\TSDDD.dll
0x99AF0000 \SystemRoot\System32\ATMFD.DLL
0x99B40000 \SystemRoot\System32\cdd.dll
0x9A415000 \SystemRoot\system32\drivers\luafv.sys
0x9A438000 \SystemRoot\system32\drivers\spsys.sys
0x9A4E8000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9A4F8000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9A522000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9A52C000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9A53F000 \SystemRoot\system32\drivers\HTTP.sys
0x9A5AC000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9A5C9000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9A5E2000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA2005000 \SystemRoot\system32\drivers\mrxdav.sys
0xA2026000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA2045000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA207E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA2096000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA20BD000 \SystemRoot\System32\DRIVERS\srv.sys
0xA2123000 \??\C:\Windows\system32\Drivers\CVPNDRVA.sys
0xA21B3000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xA420D000 \SystemRoot\system32\drivers\peauth.sys
0xA42EB000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA42F5000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA4301000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA4316000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x77C20000 \Windows\System32\ntdll.dll

Processes (total 75):
0 System Idle Process
4 System
500 C:\Windows\System32\smss.exe
632 csrss.exe
684 C:\Windows\System32\wininit.exe
696 csrss.exe
728 C:\Windows\System32\services.exe
740 C:\Windows\System32\lsass.exe
748 C:\Windows\System32\lsm.exe
836 C:\Windows\System32\winlogon.exe
936 C:\Windows\System32\svchost.exe
1000 C:\Windows\System32\svchost.exe
1052 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\svchost.exe
1180 C:\Windows\System32\svchost.exe
1216 C:\Windows\System32\svchost.exe
1308 C:\Windows\System32\audiodg.exe
1336 C:\Windows\System32\svchost.exe
1352 C:\Windows\System32\SLsvc.exe
1380 C:\Windows\System32\svchost.exe
1520 C:\Windows\System32\svchost.exe
1652 C:\Program Files\Protector Suite QL\upeksvr.exe
1908 C:\Windows\System32\wlanext.exe
1916 C:\Windows\System32\spoolsv.exe
1956 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1968 C:\Windows\System32\svchost.exe
1428 C:\Windows\System32\AEstSrv.exe
1700 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1792 C:\Program Files\Bonjour\mDNSResponder.exe
1712 C:\Windows\System32\svchost.exe
1776 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
568 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
576 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
868 C:\Program Files\Hotspot Shield\bin\openvpnas.exe
2208 C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
2272 C:\Program Files\Hotspot Shield\bin\hsswd.exe
2292 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2308 C:\Program Files\IObit\IObit Security 360\is360srv.exe
2412 C:\Windows\System32\svchost.exe
2428 C:\Windows\System32\PSIService.exe
2464 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
2488 C:\Program Files\Dell DataSafe Local Backup\SftService.exe
2516 C:\Windows\System32\stacsv.exe
2624 C:\Windows\System32\svchost.exe
2676 C:\Windows\System32\svchost.exe
2700 C:\Windows\System32\SearchIndexer.exe
2952 WUDFHost.exe
3404 WmiPrvSE.exe
3744 HP1006MC.EXE
2020 C:\Windows\System32\taskeng.exe
2688 C:\Windows\System32\taskeng.exe
724 C:\Windows\System32\dwm.exe
3136 C:\Windows\System32\taskeng.exe
3308 C:\Windows\explorer.exe
2748 C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
3488 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2760 C:\Program Files\Windows Sidebar\sidebar.exe
2552 C:\Windows\ehome\ehtray.exe
3988 C:\Program Files\Protector Suite QL\psqltray.exe
2376 C:\Program Files\Dell\QuickSet\quickset.exe
3316 C:\Program Files\Windows Media Player\wmpnscfg.exe
2848 C:\Program Files\Windows Media Player\wmpnetwk.exe
1684 C:\Windows\ehome\ehmsas.exe
892 C:\Windows\System32\vds.exe
4072 C:\Program Files\Windows Sidebar\sidebar.exe
5788 C:\Program Files\Mozilla Firefox\firefox.exe
4384 C:\Program Files\Hotspot Shield\bin\openvpntray.exe
4784 C:\Program Files\Mozilla Firefox\plugin-container.exe
5012 C:\Windows\System32\mobsync.exe
5060 C:\Program Files\Windows Media Player\wmplayer.exe
5412 C:\Windows\System32\wbem\WMIADAP.exe
4268 dllhost.exe
5692 dllhost.exe
5696 C:\Users\Deborah\Desktop\MBRCheck.exe
4752 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`87600000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`07600000 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHM320JI, Rev: 2SS00_01

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:42 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131