Kronski 31.03.2011 15:38

Google verlinkt mich falsch
hallo erstmal,
immer wenn ich in google bei der suche auf einen Link klike komme ich auf eine andere seite als im link beschreiben.
erst beim dritten mal wenn ich den link wähle komme ich auch auf den link.
im anhang ist das logfile fon hijackthis.
leider hab ich in hijackthis schon was gefixt.
danke schon mal im vorraus

HiJackthis Logfile:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:43:50, on 31.03.2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal
Running processes:
C:\Program Files\Norton AntiVirus\Engine\\ccSvcHst.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\\IPS\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s                                                                                                                                                                                                                     
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"                                                                                                                                                                                                         
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime                                                                                                                                                                                                                     
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"                                                                                                                                                                                                                             
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O8 - Extra context menu item: Free YouTube Download - C:\Users\Kobi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
End of file - 7666 bytes

--- --- ---

cosinus 31.03.2011 18:25 Bitte beachten => und

Kronski 31.03.2011 20:26

danke für den hinweis.
hier ist der OTL logfile:
OTL Logfile:

OTL logfile created on: 31.03.2011 21:08:44 - Run 5
OTL by OldTimer - Version    Folder = C:\Users\Kobi\Downloads
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 910,41 Gb Total Space | 332,40 Gb Free Space | 36,51% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 12,05 Gb Free Space | 60,23% Space Free | Partition Type: NTFS
Computer Name: KORBINIAN-PC | User Name: Kobi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Kobi\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\Norton AntiVirus\Engine\\ccsvchst.exe (Symantec Corporation)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Internet Explorer\ielowutil.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\PSIService.exe ()
========== Modules (SafeList) ==========
MOD - C:\Users\Kobi\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (Akamai) -- c:\Programme\Common Files\Akamai\netsession_win_a35e6b9.dll ()
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (NAV) -- C:\Program Files\Norton AntiVirus\Engine\\ccSvcHst.exe (Symantec Corporation)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
========== Driver Services (SafeList) ==========
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110331.003\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110331.003\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110330.001\IDSvix86.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx86.sys (Symantec Corporation)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (SymNetS) -- C:\Windows\System32\Drivers\NAV\1205000.07D\SYMNETS.SYS (Symantec Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation                          )
DRV - (SRTSP) -- C:\Windows\System32\Drivers\NAV\1205000.07D\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\NAV\1205000.07D\SRTSPX.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\NAV\1205000.07D\SYMEFA.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\NAV\1205000.07D\Ironx86.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\system32\drivers\NAV\1205000.07D\SYMDS.SYS (Symantec Corporation)
DRV - (LWMouCon) -- C:\Windows\System32\drivers\lwmoucon.ram ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (s217unic) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM) -- C:\Windows\System32\drivers\s217unic.sys (MCCI)
DRV - (s217mgmt) Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s217mgmt.sys (MCCI Corporation)
DRV - (s217obex) -- C:\Windows\System32\drivers\s217obex.sys (MCCI Corporation)
DRV - (s217nd5) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS) -- C:\Windows\System32\drivers\s217nd5.sys (MCCI Corporation)
DRV - (s217mdm) -- C:\Windows\System32\drivers\s217mdm.sys (MCCI Corporation)
DRV - (s217bus) Sony Ericsson Device 217 driver (WDM) -- C:\Windows\System32\drivers\s217bus.sys (MCCI Corporation)
DRV - (s217mdfl) -- C:\Windows\System32\drivers\s217mdfl.sys (MCCI Corporation)
DRV - (acedrv09) -- C:\Windows\System32\drivers\acedrv09.sys (Protect Software GmbH)
DRV - (acehlp09) -- C:\Windows\System32\drivers\acehlp09.sys (Protect Software GmbH)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp:// [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - "Yahoo"
FF - "chr-greentree_ff&type=302398"
FF - "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {8225d6f0-dfca-11df-85ca-0800200c9a66}:
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.03.20 14:35:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.03.20 14:35:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\ [2011.03.22 22:09:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.27 13:08:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.24 22:33:54 | 000,000,000 | ---D | M]
[2011.03.20 14:52:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kobi\AppData\Roaming\mozilla\Extensions
[2011.03.28 19:34:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kobi\AppData\Roaming\mozilla\Firefox\Profiles\vtkrlqy8.default\extensions
[2011.03.20 14:52:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kobi\AppData\Roaming\mozilla\Firefox\Profiles\vtkrlqy8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.03.20 14:52:50 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Users\Kobi\AppData\Roaming\mozilla\Firefox\Profiles\vtkrlqy8.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2011.03.20 14:52:50 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Kobi\AppData\Roaming\mozilla\Firefox\Profiles\vtkrlqy8.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011.03.27 13:08:23 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.03.20 14:37:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.03.20 14:37:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2011.03.20 14:37:33 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.03.20 14:37:34 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.22 22:09:07 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPLGN
[2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton AntiVirus\Engine\\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube Download - C:\Users\Kobi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp:// (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp:// (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp:// (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp:// (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp:// (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp:// (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp:// (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O27 - HKLM IFEO\AcroRd32.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\excel.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\iastorui.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\infopath.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\itunes.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\msaccess.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\msoxmled.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\mspub.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\mstore.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\onenote.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\outlook.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\phoenixrc.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\phoenixupdateinstaller.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\pictureviewer.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\powerpnt.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\quicktimeplayer.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\sepcsuite.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\winword.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\ [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011.03.28 19:37:21 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.03.28 19:37:06 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011.03.27 14:14:48 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2011.03.27 14:14:40 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2011.03.27 14:14:40 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2011.03.27 14:14:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011
[2011.03.27 14:14:25 | 000,000,000 | ---D | C] -- C:\Programme\TuneUp Utilities 2011
[2011.03.27 11:51:04 | 000,000,000 | ---D | C] -- C:\Programme\HijackThis
[2011.03.27 00:42:14 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011.03.27 00:34:40 | 000,000,000 | ---D | C] -- C:\Users\Kobi\AppData\Local\Sunbelt Software
[2011.03.27 00:32:46 | 000,000,000 | ---D | C] -- C:\Programme\Lavasoft
[2011.03.27 00:32:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011.03.27 00:00:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2011.03.25 21:18:45 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.03.25 20:03:36 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2011.03.25 20:03:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.03.25 19:54:59 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.03.25 18:44:17 | 000,000,000 | ---D | C] -- C:\Users\Kobi\Documents\FIFA 11
[2011.03.25 18:40:58 | 000,000,000 | ---D | C] -- C:\Programme\EA Sports
[2011.03.22 22:07:03 | 000,652,336 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1205000.07D\symefa.sys
[2011.03.22 22:07:03 | 000,340,016 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1205000.07D\symds.sys
[2011.03.22 22:07:03 | 000,295,032 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1205000.07D\symnets.sys
[2011.03.22 22:07:03 | 000,050,168 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1205000.07D\srtspx.sys
[2011.03.22 22:07:02 | 000,509,560 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1205000.07D\srtsp.sys
[2011.03.22 22:07:02 | 000,136,312 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NAV\1205000.07D\ironx86.sys
[2011.03.22 22:06:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV\1205000.07D
[2011.03.22 22:00:05 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011.03.22 22:00:05 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Symantec Shared
[2011.03.22 22:00:05 | 000,000,000 | ---D | C] -- C:\Programme\Symantec
[2011.03.22 21:59:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NAV
[2011.03.22 21:59:31 | 000,000,000 | ---D | C] -- C:\Programme\Norton AntiVirus
[2011.03.22 21:59:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
[2011.03.22 21:59:25 | 000,000,000 | ---D | C] -- C:\Programme\NortonInstaller
[2011.03.22 19:09:03 | 000,240,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011.03.21 21:22:06 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2011.03.21 21:21:30 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2011.03.21 14:50:49 | 000,000,000 | ---D | C] -- C:\Users\Kobi\Documents\O&O
[2011.03.21 14:46:32 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2011.03.21 14:46:31 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011.03.21 14:46:31 | 000,197,632 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll
[2011.03.21 14:46:31 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2011.03.21 14:46:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.03.21 14:46:22 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2011.03.21 14:46:22 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\
[2011.03.21 14:46:21 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011.03.21 14:46:19 | 002,329,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.03.21 14:46:18 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2011.03.21 14:46:18 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2011.03.21 14:46:18 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2011.03.21 14:46:18 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
[2011.03.21 14:46:17 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2011.03.21 14:46:15 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2011.03.21 14:46:01 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011.03.21 14:45:59 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2011.03.21 14:45:59 | 000,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2011.03.21 14:45:59 | 000,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2011.03.21 14:45:53 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2011.03.21 14:45:52 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2011.03.21 14:45:52 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2011.03.21 14:45:51 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.03.21 14:45:51 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.03.21 14:45:44 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2011.03.21 14:45:43 | 000,026,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2011.03.21 14:45:33 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.03.21 14:45:33 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.03.21 14:45:33 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.03.21 14:45:33 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.03.21 14:45:33 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.03.21 14:45:33 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.03.21 14:45:33 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.03.21 14:45:33 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.03.21 14:45:32 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.03.21 14:45:24 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2011.03.21 14:45:21 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2011.03.21 14:45:21 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2011.03.21 14:45:17 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011.03.21 14:45:17 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2011.03.21 14:45:17 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.03.21 14:45:17 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\
[2011.03.21 14:45:15 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2011.03.21 14:45:11 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.03.21 14:45:11 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.03.21 14:45:11 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.03.21 14:45:11 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2011.03.21 14:45:11 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.03.21 14:45:05 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.03.21 14:45:05 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.03.21 14:45:04 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011.03.21 14:45:04 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011.03.21 14:45:04 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.03.21 14:45:04 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011.03.21 14:45:03 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2011.03.21 14:45:03 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2011.03.21 14:45:03 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011.03.21 14:45:03 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011.03.21 14:45:03 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011.03.21 14:45:03 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011.03.21 14:44:52 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnp.dll
[2011.03.21 14:44:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.03.21 14:44:51 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2011.03.21 14:44:51 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2011.03.21 14:44:51 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.03.21 14:44:51 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2011.03.21 14:44:49 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2011.03.21 14:44:49 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2011.03.21 14:44:48 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2011.03.21 14:44:48 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2011.03.21 14:44:48 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2011.03.21 14:44:48 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2011.03.21 14:44:48 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2011.03.21 14:44:48 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2011.03.21 14:44:48 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2011.03.21 14:44:48 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2011.03.21 14:44:44 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011.03.21 14:44:44 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011.03.20 18:12:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.03.20 18:11:37 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2011.03.20 18:11:22 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.03.20 18:11:07 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update
[2011.03.20 18:09:53 | 000,000,000 | ---D | C] -- C:\Users\Kobi\AppData\Roaming\Malwarebytes
[2011.03.20 18:09:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.03.20 15:19:21 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011.03.20 15:19:21 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2011.03.20 15:19:21 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2011.03.20 15:17:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2011.03.20 15:17:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2011.03.20 15:17:01 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien
[2011.03.20 15:17:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2011.03.20 15:17:01 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2011.03.20 15:17:01 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2011.03.20 15:17:01 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2011.03.20 15:17:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2011.03.20 15:17:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2011.03.20 14:33:42 | 000,000,000 | --SD | C] -- C:\Users\Kobi\AppData\Roaming\Microsoft
[2011.03.20 14:33:42 | 000,000,000 | R--D | C] -- C:\Users\Kobi\Videos
[2011.03.20 14:33:42 | 000,000,000 | R--D | C] -- C:\Users\Kobi\Saved Games
[2011.03.20 14:33:42 | 000,000,000 | R--D | C] -- C:\Users\Kobi\Pictures
[2011.03.20 14:33:42 | 000,000,000 | R--D | C] -- C:\Users\Kobi\Music
[2011.03.20 14:33:42 | 000,000,000 | R--D | C] -- C:\Users\Kobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011.03.20 14:33:42 | 000,000,000 | R--D | C] -- C:\Users\Kobi\Links
[2011.03.20 14:33:42 | 000,000,000 | R--D | C] -- C:\Users\Kobi\Favorites
[2011.03.20 14:33:42 | 000,000,000 | R--D | C] -- C:\Users\Kobi\Downloads
[2011.03.20 14:33:42 | 000,000,000 | R--D | C] -- C:\Users\Kobi\Documents
[2011.03.20 14:33:42 | 000,000,000 | R--D | C] -- C:\Users\Kobi\Desktop
[2011.03.20 14:33:42 | 000,000,000 | R--D | C] -- C:\Users\Kobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011.03.20 14:33:42 | 000,000,000 | -HSD | C] -- C:\Users\Kobi\Vorlagen
[2011.03.20 14:33:42 | 000,000,000 | -HSD | C] -- C:\Users\Kobi\AppData\Local\Verlauf
[2011.03.20 14:33:42 | 000,000,000 | -HSD | C] -- C:\Users\Kobi\AppData\Local\Temporary Internet Files
[2011.03.20 14:33:42 | 000,000,000 | -HSD | C] -- C:\Users\Kobi\Startmenü
[2011.03.20 14:33:42 | 000,000,000 | -HSD | C] -- C:\Users\Kobi\SendTo
[2011.03.20 14:33:42 | 000,000,000 | -HSD | C] -- C:\Users\Kobi\Recent
[2011.03.20 14:33:42 | 000,000,000 | -HSD | C] -- C:\Users\Kobi\Netzwerkumgebung
[2011.03.20 14:33:42 | 000,000,000 | -HSD | C] -- C:\Users\Kobi\Lokale Einstellungen
[2011.03.20 14:33:42 | 000,000,000 | -HSD | C] -- C:\Users\Kobi\Documents\Eigene Videos
[2011.03.20 14:33:42 | 000,000,000 | -HSD | C] -- C:\Users\Kobi\Documents\Eigene Musik
[2011.03.20 14:33:42 | 000,000,000 | -HSD | C] -- C:\Users\Kobi\Eigene Dateien
[2011.03.20 14:33:42 | 000,000,000 | -HSD | C] -- C:\Users\Kobi\Documents\Eigene Bilder
[2011.03.20 14:33:42 | 000,000,000 | -HSD | C] -- C:\Users\Kobi\Druckumgebung
[2011.03.20 14:33:42 | 000,000,000 | -HSD | C] -- C:\Users\Kobi\Cookies
[2011.03.20 14:33:42 | 000,000,000 | -HSD | C] -- C:\Users\Kobi\AppData\Local\Anwendungsdaten
[2011.03.20 14:33:42 | 000,000,000 | -HSD | C] -- C:\Users\Kobi\Anwendungsdaten
[2011.03.20 14:33:42 | 000,000,000 | -H-D | C] -- C:\Users\Kobi\AppData
[2011.03.20 14:33:42 | 000,000,000 | ---D | C] -- C:\Users\Kobi\AppData\Local\Temp
[2011.03.20 14:33:42 | 000,000,000 | ---D | C] -- C:\Users\Kobi\AppData\Local\Microsoft
[2011.03.20 14:33:42 | 000,000,000 | ---D | C] -- C:\Users\Kobi\AppData\Roaming\Media Center Programs
[2011.03.20 14:32:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2011.03.20 14:32:42 | 000,000,000 | ---D | C] -- C:\Programme\Realtek
[2011.03.20 14:32:18 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2011.03.20 14:32:10 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011.03.20 14:32:07 | 000,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation
[2011.03.20 14:30:58 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011.03.20 14:28:56 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011.03.20 14:09:15 | 000,000,000 | -H-D | C] -- C:\$WINDOWS.~Q
[2011.03.20 14:03:32 | 000,000,000 | -H-D | C] -- C:\$INPLACE.~TR
[2011.03.19 21:30:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011.03.19 21:28:59 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011.03.14 19:23:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
[2011.03.14 19:20:54 | 000,000,000 | ---D | C] -- C:\Users\Kobi\Documents\Any Video Converter
[2011.03.14 19:20:44 | 000,000,000 | ---D | C] -- C:\Programme\AnvSoft
[2011.03.14 15:47:16 | 000,000,000 | ---D | C] -- C:\Users\Kobi\AppData\Roaming\DVDVideoSoft
[2011.03.13 21:44:53 | 000,000,000 | ---D | C] -- C:\Users\Kobi\Documents\Stardock
[2011.03.13 21:44:45 | 000,000,000 | ---D | C] -- C:\Users\Kobi\AppData\Roaming\Stardock
[2011.03.12 14:48:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Bluefish Media
[2011.03.12 14:48:35 | 000,000,000 | ---D | C] -- C:\Programme\Bluefish Games
[2011.03.10 12:52:18 | 000,000,000 | ---D | C] -- C:\Users\Kobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar
[2011.03.04 17:49:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2011.03.04 16:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft
[2011.03.04 16:32:02 | 000,000,000 | ---D | C] -- C:\Programme\Elaborate Bytes
[2011.03.03 18:49:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\N360_BACKUP
[2011.03.02 17:02:39 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2011.03.02 16:38:14 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[1 C:\Users\Kobi\Desktop\*.tmp files -> C:\Users\Kobi\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011.03.31 21:11:04 | 000,657,438 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.03.31 21:11:04 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.03.31 21:11:04 | 000,130,810 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.03.31 21:11:04 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.03.31 21:04:45 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.03.31 21:04:31 | 000,000,306 | -HS- | M] () -- C:\Windows\tasks\Knpt.job
[2011.03.31 21:04:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.31 18:16:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.03.31 15:29:25 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.31 15:29:25 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.30 15:47:37 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011.03.30 15:45:28 | 001,048,730 | ---- | M] () -- C:\Windows\System32\drivers\NAV\1205000.07D\Cat.DB
[2011.03.27 14:14:39 | 000,002,163 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2011.03.27 14:14:39 | 000,002,143 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
[2011.03.27 12:43:21 | 000,001,404 | ---- | M] () -- C:\Users\Kobi\Desktop\HijackThis - Verknüpfung.lnk
[2011.03.27 00:42:14 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011.03.27 00:03:43 | 000,012,627 | ---- | M] () -- C:\Users\Kobi\Desktop\Windows Mediaplayer.lnk
[2011.03.25 18:42:19 | 000,000,192 | ---- | M] () -- C:\Users\Kobi\Desktop\FIFA 11 Demo.lnk
[2011.03.22 22:08:56 | 000,002,334 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2011.03.22 22:00:05 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011.03.22 22:00:05 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011.03.22 22:00:05 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011.03.22 15:01:35 | 003,842,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.03.21 20:35:58 | 000,281,760 | ---- | M] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.03.21 20:35:58 | 000,025,888 | ---- | M] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011.03.20 18:12:29 | 000,001,757 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.03.20 15:46:42 | 000,000,017 | ---- | M] () -- C:\Users\Kobi\AppData\Local\resmon.resmoncfg
[2011.03.20 15:36:41 | 000,000,668 | ---- | M] () -- C:\Users\Kobi\Desktop\Kobi.lnk
[2011.03.20 15:36:33 | 000,000,355 | ---- | M] () -- C:\Users\Kobi\Desktop\Computer.lnk
[2011.03.20 15:09:37 | 000,052,953 | ---- | M] () -- C:\Windows\System32\license.rtf
[2011.03.20 15:01:42 | 000,021,532 | ---- | M] () -- C:\Windows\System32\emptyregdb.dat
[2011.03.20 14:33:12 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_point32_01009.Wdf
[2011.03.20 14:33:00 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_dc3d_01009.Wdf
[2011.03.20 14:32:03 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011.03.20 13:30:48 | 000,002,544 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011.03.20 13:30:46 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2011.03.19 21:51:56 | 000,155,648 | RHS- | M] () -- C:\Windows\System32\wavemspb.dll
[2011.03.16 16:19:26 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.03.14 19:23:38 | 000,001,202 | ---- | M] () -- C:\Users\Kobi\Desktop\Any Video Converter.lnk
[2011.03.14 15:48:17 | 000,001,205 | ---- | M] () -- C:\Users\Kobi\Desktop\DVDVideoSoft Free Studio.lnk
[1 C:\Users\Kobi\Desktop\*.tmp files -> C:\Users\Kobi\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.03.27 14:14:39 | 000,002,163 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2011.03.27 14:14:38 | 000,002,143 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
[2011.03.27 14:14:34 | 000,002,155 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011.lnk
[2011.03.27 13:08:29 | 000,001,112 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.03.27 12:43:21 | 000,001,404 | ---- | C] () -- C:\Users\Kobi\Desktop\HijackThis - Verknüpfung.lnk
[2011.03.27 00:03:43 | 000,012,627 | ---- | C] () -- C:\Users\Kobi\Desktop\Windows Mediaplayer.lnk
[2011.03.25 18:42:19 | 000,000,192 | ---- | C] () -- C:\Users\Kobi\Desktop\FIFA 11 Demo.lnk
[2011.03.22 22:08:14 | 001,048,730 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\Cat.DB
[2011.03.22 22:07:03 | 000,007,458 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\
[2011.03.22 22:07:03 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\
[2011.03.22 22:07:03 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\
[2011.03.22 22:07:03 | 000,003,374 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\symefa.inf
[2011.03.22 22:07:03 | 000,002,792 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\symds.inf
[2011.03.22 22:07:03 | 000,001,446 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\symnet.inf
[2011.03.22 22:07:02 | 000,007,528 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\
[2011.03.22 22:07:02 | 000,007,454 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\
[2011.03.22 22:07:02 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\
[2011.03.22 22:07:02 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\srtspx.inf
[2011.03.22 22:07:02 | 000,001,383 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\srtsp.inf
[2011.03.22 22:07:02 | 000,000,742 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\iron.inf
[2011.03.22 22:06:58 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NAV\1205000.07D\isolate.ini
[2011.03.22 22:00:05 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011.03.22 22:00:05 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011.03.22 22:00:03 | 000,002,334 | ---- | C] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2011.03.22 19:11:37 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011.03.20 18:12:29 | 000,001,757 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.03.20 15:46:42 | 000,000,017 | ---- | C] () -- C:\Users\Kobi\AppData\Local\resmon.resmoncfg
[2011.03.20 15:36:41 | 000,000,668 | ---- | C] () -- C:\Users\Kobi\Desktop\Kobi.lnk
[2011.03.20 15:36:33 | 000,000,355 | ---- | C] () -- C:\Users\Kobi\Desktop\Computer.lnk
[2011.03.20 15:18:25 | 000,001,417 | ---- | C] () -- C:\Users\Kobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011.03.20 15:01:42 | 000,021,532 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2011.03.20 14:33:28 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011.03.20 14:33:25 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011.03.20 14:33:12 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_point32_01009.Wdf
[2011.03.20 14:33:00 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_dc3d_01009.Wdf
[2011.03.20 14:32:03 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011.03.20 13:30:46 | 000,002,544 | ---- | C] () -- C:\Windows\diagwrn.xml
[2011.03.20 13:30:46 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
[2011.03.19 21:51:57 | 000,000,306 | -HS- | C] () -- C:\Windows\tasks\Knpt.job
[2011.03.19 21:51:56 | 000,155,648 | RHS- | C] () -- C:\Windows\System32\wavemspb.dll
[2011.03.14 19:23:38 | 000,001,202 | ---- | C] () -- C:\Users\Kobi\Desktop\Any Video Converter.lnk
[2011.02.22 16:54:02 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll
[2011.02.22 16:54:02 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll
[2011.01.21 16:05:11 | 000,053,248 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.12.20 18:27:09 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2010.11.26 16:26:34 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.11.26 16:26:26 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.11.26 16:26:21 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.11.04 23:49:19 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010.11.02 15:40:49 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.11.02 12:17:41 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.10.17 20:33:38 | 000,003,764 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2010.10.17 20:33:38 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\4191328E39.sys
[2010.09.07 09:42:03 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.09.04 13:41:51 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.09.04 13:41:51 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.06.24 16:54:57 | 002,163,383 | -HS- | C] () -- C:\Windows\System32\aepics.sys
[2010.06.18 15:26:45 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ACCTRESa.sys
[2010.06.13 09:58:11 | 000,000,609 | ---- | C] () -- C:\Windows\7THLEVEL.INI
[2010.06.13 09:43:55 | 000,000,857 | ---- | C] () -- C:\Windows\XLMSoft.ini
[2010.06.13 08:51:45 | 000,000,604 | ---- | C] () -- C:\Windows\Thps3.INI
[2010.06.12 09:53:50 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2010.06.08 21:27:01 | 000,000,501 | --S- | C] () -- C:\Windows\System32\711303030.dat
[2010.06.06 20:25:51 | 000,000,000 | ---- | C] () -- C:\Windows\musiceditor.INI
[2010.05.20 18:18:52 | 000,180,988 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010.04.21 17:04:22 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2010.04.21 17:04:22 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2010.04.09 20:35:11 | 000,380,928 | ---- | C] () -- C:\Windows\System32\server.dll
[2010.04.09 20:35:11 | 000,022,016 | ---- | C] () -- C:\Windows\System32\setup.exe
[2010.04.09 20:34:44 | 000,000,258 | ---- | C] () -- C:\Windows\System32\dat.bin
[2010.04.09 20:34:43 | 000,720,896 | ---- | C] () -- C:\Windows\System32\EAInstall.dll
[2010.04.09 20:34:35 | 007,577,600 | ---- | C] () -- C:\Windows\System32\nfsc_demo.exe
[2010.04.07 09:36:52 | 000,002,856 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.03.04 17:19:25 | 000,028,672 | ---- | C] () -- C:\Windows\System32\nnr.dll
[2010.02.19 10:57:19 | 000,000,000 | ---- | C] () -- C:\Users\Kobi\AppData\Roaming\wklnhst.dat
[2009.12.03 10:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.11.20 12:16:02 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.11.16 15:24:46 | 000,000,037 | ---- | C] () -- C:\Windows\System32\drivers\VERSION.DAT
[2009.08.03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.07.14 10:47:43 | 000,657,438 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,130,810 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 003,842,904 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,618,714 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,107,034 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.07.14 01:19:28 | 000,009,232 | ---- | C] () -- C:\Windows\System32\amxreadn.dat
[2009.07.14 01:19:28 | 000,009,232 | ---- | C] () -- C:\Windows\System32\ActionCenterCPLr.dat
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007.06.05 14:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe

< End of report >

--- --- ---

cosinus 01.04.2011 11:31


PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\Norton AntiVirus\Engine\\ccsvchst.exe (Symantec Corporation)
Hm, da ist doch einiges an unützem Zeug drauf.

1.) TuneUp ist völlig unnützer Ballast. TuneUp zieht sich - warum auch immer - fast durchgängig durch alle Logs hier, warum weiß ich nicht, denn TuneUp ist eigentlich der letzte Schrott => TuneUp: Wundermittel oder Placebo Reloaded |

2.) Zwei Virenscanner wie Norton und AntiVir gehen garnicht! Deinstalliere einen der beiden!

3.) Was ist mit den anderen Logs? Malwarebytes?

Kronski 02.04.2011 17:01

danke für die schnelle Antwort
hier ist die logdatei von Malwarebytes

Malwarebytes' Anti-Malware

Datenbank Version: 6235

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

01.04.2011 17:23:20
mbam-log-2011-04-01 (17-23-20).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 291923
Laufzeit: 31 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden) 

cosinus 03.04.2011 13:44

Ein Virenscanner ist deinstalliert? TuneUp auch?

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

Kronski 03.04.2011 20:31

ja virenscaner und tuneup sind deaktiviert.
hier ist die andere logdatei von malwarebytes

Malwarebytes' Anti-Malware

Datenbank Version: 6131

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

22.03.2011 14:52:43
mbam-log-2011-03-22 (14-52-43).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 294189
Laufzeit: 39 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\itunes.exe (Security.Hijack) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden) 

cosinus 04.04.2011 09:03


22.03.2011 14:52:43
Der letzte Scan ist aber schon länger her. Bitte updaten und einen Vollscan machen.
Poste alle Logs, die im Reiter Logdateien zu sehen sind.

Kronski 04.04.2011 14:56

hier ist das neueste logfile


Malwarebytes' Anti-Malware

Datenbank Version: 6266

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

04.04.2011 15:32:11
mbam-log-2011-04-04 (15-32-11).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 291795
Laufzeit: 33 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden) 

cosinus 04.04.2011 15:09

Dann bitte jetzt CF ausführen:


Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Kronski 05.04.2011 15:17

hier ist die datei

Combofix Logfile:

ComboFix 11-04-04.02 - Kobi 05.04.2011  14:33:51.1.4 - x86
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.3063.2156 [GMT 2:00]
ausgeführt von:: c:\users\Kobi\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
(((((((((((((((((((((((  Dateien erstellt von 2011-03-05 bis 2011-04-05  ))))))))))))))))))))))))))))))
2011-04-05 12:39 . 2011-04-05 12:39        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-04-05 12:24 . 2011-04-05 12:24        --------        d-----w-        c:\program files\CCleaner
2011-04-01 14:50 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-01 14:50 . 2010-12-20 16:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-03-28 17:37 . 2011-03-28 17:37        --------        d-----w-        c:\program files\ERUNT
2011-03-26 22:42 . 2011-03-26 22:42        98392        ----a-w-        c:\windows\system32\drivers\SBREDrv.sys
2011-03-26 22:32 . 2011-03-27 05:31        --------        d-----w-        c:\programdata\Lavasoft
2011-03-26 22:32 . 2011-03-26 22:32        --------        d-----w-        c:\program files\Lavasoft
2011-03-25 18:03 . 2011-03-25 18:47        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2011-03-25 18:03 . 2011-03-25 18:47        --------        d-----w-        c:\program files\Spybot - Search & Destroy
2011-03-25 17:54 . 2011-04-01 14:50        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-03-25 16:40 . 2011-03-25 16:40        --------        d-----w-        c:\program files\EA Sports
2011-03-22 17:09 . 2010-04-09 07:24        240008        ----a-w-        c:\windows\system32\drivers\netio.sys
2011-03-21 19:26 . 2009-09-10 05:52        257024        ----a-w-        c:\windows\system32\msv1_0.dll
2011-03-21 19:22 . 2010-02-11 07:10        293376        ----a-w-        c:\windows\system32\browserchoice.exe
2011-03-21 19:21 . 2010-03-04 03:57        190976        ----a-w-        c:\windows\system32\drivers\ks.sys
2011-03-21 19:21 . 2010-09-14 06:07        276992        ----a-w-        c:\windows\system32\wcncsvc.dll
2011-03-21 12:45 . 2009-09-03 07:04        1320960        ----a-w-        c:\windows\system32\CertEnroll.dll
2011-03-20 16:11 . 2009-05-18 12:17        26600        ----a-w-        c:\windows\system32\drivers\GEARAspiWDM.sys
2011-03-20 16:11 . 2008-04-17 11:12        107368        ----a-w-        c:\windows\system32\GEARAspi.dll
2011-03-20 16:11 . 2011-03-20 16:11        --------        d-----w-        c:\program files\iPod
2011-03-20 16:11 . 2011-03-20 16:11        --------        d-----w-        c:\program files\Apple Software Update
2011-03-20 16:09 . 2011-03-20 16:09        --------        d-----w-        c:\programdata\Malwarebytes
2011-03-20 13:21 . 2009-12-29 06:55        172032        ----a-w-        c:\windows\system32\wintrust.dll
2011-03-20 13:21 . 2010-01-09 06:52        132608        ----a-w-        c:\windows\system32\cabview.dll
2011-03-20 13:19 . 2009-11-25 11:47        99176        ----a-w-        c:\windows\system32\PresentationHostProxy.dll
2011-03-20 13:19 . 2009-11-25 11:47        49472        ----a-w-        c:\windows\system32\netfxperf.dll
2011-03-20 13:19 . 2009-11-25 11:47        297808        ----a-w-        c:\windows\system32\mscoree.dll
2011-03-20 13:19 . 2009-11-25 11:47        295264        ----a-w-        c:\windows\system32\PresentationHost.exe
2011-03-20 13:19 . 2009-11-25 11:47        1130824        ----a-w-        c:\windows\system32\dfshim.dll
2011-03-20 13:16 . 2011-04-05 12:15        --------        d-----w-        c:\windows\system32\wbem\Performance
2011-03-20 12:56 . 2011-03-20 12:56        --------        d-----w-        c:\users\Default\AppData\Local\Microsoft Help
2011-03-20 12:33 . 2011-03-30 13:03        --------        d-----w-        c:\users\Kobi
2011-03-20 12:32 . 2011-03-20 12:32        --------        d-----w-        c:\windows\system32\RTCOM
2011-03-20 12:32 . 2011-03-20 12:32        --------        d-----w-        c:\program files\Realtek
2011-03-20 12:32 . 2011-03-20 12:32        --------        d-----w-        c:\programdata\NVIDIA
2011-03-20 12:32 . 2011-04-01 14:37        --------        d-sh--w-        c:\windows\Installer
2011-03-20 12:32 . 2011-03-20 12:39        --------        d-----w-        c:\program files\NVIDIA Corporation
2011-03-20 12:28 . 2011-03-20 13:17        --------        d-----w-        c:\windows\Panther
2011-03-20 12:09 . 2011-03-20 13:02        --------        d-----w-        C:\$WINDOWS.~Q
2011-03-20 12:03 . 2011-03-20 12:06        --------        d-----w-        C:\$INPLACE.~TR
2011-03-19 19:51 . 2011-03-19 19:51        155648        --sha-r-        c:\windows\system32\wavemspb.dll
2011-03-19 19:30 . 2011-04-01 14:46        --------        d-----w-        c:\programdata\Norton
2011-03-18 15:37 . 2011-02-11 06:54        5943120        ------w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{E69125E6-EEAD-47E4-89DA-9E9CFEB47D00}\mpengine.dll
2011-03-14 17:20 . 2011-03-20 12:35        --------        d-----w-        c:\program files\AnvSoft
2011-03-12 12:48 . 2011-03-20 12:42        --------        d-----w-        c:\programdata\Bluefish Media
2011-03-12 12:48 . 2011-03-12 13:49        --------        d-----w-        c:\program files\Bluefish Games
2011-03-12 11:28 . 2011-03-12 11:28        103864        ----a-w-        c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-03-12 11:28 . 2011-03-12 11:28        103864        ----a-w-        c:\program files\Internet Explorer\Plugins\nppdf32.dll
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
2011-03-27 09:19 . 2010-05-19 14:50        2300696        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-03-27 09:18 . 2010-05-19 14:50        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-03-27 09:18 . 2010-02-18 08:19        1220416        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-03-21 18:35 . 2010-09-04 11:41        281760        ----a-w-        c:\windows\system32\drivers\atksgt.sys
2011-03-21 18:35 . 2010-09-04 11:41        25888        ----a-w-        c:\windows\system32\drivers\lirsgt.sys
2011-03-21 15:58 . 2010-02-05 14:52        1220416        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-03-16 14:19 . 2011-02-19 21:36        137656        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-01-21 14:05 . 2011-01-21 14:05        53248        ----a-w-        c:\windows\system32\unrar.dll
2011-01-10 13:23 . 2011-02-19 21:36        61960        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2011-01-07 14:55 . 2011-01-07 14:55        40800        ----a-w-        c:\windows\system32\drivers\point32.sys
2011-01-06 18:37 . 2011-01-06 18:37        44416        ----a-w-        c:\windows\system32\drivers\dc3d.sys
2011-01-06 18:37 . 2011-01-06 18:37        1461992        ----a-w-        c:\windows\system32\WdfCoInstaller01009.dll
2011-01-06 16:31 . 2010-11-08 16:34        103424        ----a-w-        c:\windows\system32\PowerUp3_nat.dll
2011-03-18 17:56 . 2011-03-27 11:08        142296        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 1797488]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 14:33        421160        ----a-w-        c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-08-04 15:17        7703072        ----a-w-        c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
R0 sptd;sptd; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-21 135664]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-11-12 66664]
S1 LWMouCon;LWMouCon; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 acedrv09;acedrv09;c:\windows\system32\drivers\acedrv09.sys [2007-06-18 373568]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-01-19 277544]
S2 acehlp09;acehlp09;c:\windows\system32\drivers\acehlp09.sys [2007-05-30 201696]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-01-06 44416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 603240]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai        REG_MULTI_SZ          Akamai
Inhalt des "geplante Tasks" Ordners
2011-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-21 15:01]
2011-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-21 15:01]
------- Zusätzlicher Suchlauf -------
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Kobi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Kobi\AppData\Roaming\Mozilla\Firefox\Profiles\vtkrlqy8.default\
FF - prefs.js: - Google
FF - prefs.js: browser.startup.homepage - hxxp://
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
- - - - Entfernte verwaiste Registrierungseinträge - - - -
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
--------------------- Gesperrte Registrierungsschluessel ---------------------
@Denied: (A 2) (Everyone)
@Denied: (A 2) (Everyone)
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
@Denied: (Full) (Everyone)
Zeit der Fertigstellung: 2011-04-05  14:40:41
ComboFix-quarantined-files.txt  2011-04-05 12:40
Vor Suchlauf: 5 Verzeichnis(se), 354.070.548.480 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 353.977.888.768 Bytes frei
- - End Of File - - D4C6205268B268F2A243CB685EBC04E1

--- --- ---

cosinus 05.04.2011 17:28

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.



AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Kronski 05.04.2011 20:30

hier ist das logfile und danke für die schnellen antworten

Combofix Logfile:

ComboFix 11-04-04.04 - Kobi 05.04.2011  19:56:04.2.4 - x86
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.3063.1675 [GMT 2:00]
ausgeführt von:: c:\users\Kobi\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Kobi\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
(((((((((((((((((((((((  Dateien erstellt von 2011-03-05 bis 2011-04-05  ))))))))))))))))))))))))))))))
2011-04-05 18:09 . 2011-04-05 18:09        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-04-05 14:31 . 2011-02-19 05:33        802304        ----a-w-        c:\windows\system32\FntCache.dll
2011-04-05 14:31 . 2011-02-19 05:32        1074176        ----a-w-        c:\windows\system32\DWrite.dll
2011-04-05 14:31 . 2011-02-19 05:32        739840        ----a-w-        c:\windows\system32\d2d1.dll
2011-04-05 14:22 . 2011-03-15 04:05        6792528        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{CFBEAE47-C6C7-4B33-B0ED-63FBA7C0F493}\mpengine.dll
2011-04-05 12:24 . 2011-04-05 12:24        --------        d-----w-        c:\program files\CCleaner
2011-04-01 14:50 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-01 14:50 . 2010-12-20 16:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-03-28 17:37 . 2011-03-28 17:37        --------        d-----w-        c:\program files\ERUNT
2011-03-26 22:42 . 2011-03-26 22:42        98392        ----a-w-        c:\windows\system32\drivers\SBREDrv.sys
2011-03-26 22:32 . 2011-03-27 05:31        --------        d-----w-        c:\programdata\Lavasoft
2011-03-26 22:32 . 2011-03-26 22:32        --------        d-----w-        c:\program files\Lavasoft
2011-03-25 18:03 . 2011-03-25 18:47        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2011-03-25 18:03 . 2011-03-25 18:47        --------        d-----w-        c:\program files\Spybot - Search & Destroy
2011-03-25 17:54 . 2011-04-01 14:50        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-03-25 16:40 . 2011-03-25 16:40        --------        d-----w-        c:\program files\EA Sports
2011-03-22 17:09 . 2010-04-09 07:24        240008        ----a-w-        c:\windows\system32\drivers\netio.sys
2011-03-21 19:26 . 2009-09-10 05:52        257024        ----a-w-        c:\windows\system32\msv1_0.dll
2011-03-21 19:22 . 2010-02-11 07:10        293376        ----a-w-        c:\windows\system32\browserchoice.exe
2011-03-21 19:21 . 2010-03-04 03:57        190976        ----a-w-        c:\windows\system32\drivers\ks.sys
2011-03-21 19:21 . 2010-09-14 06:07        276992        ----a-w-        c:\windows\system32\wcncsvc.dll
2011-03-21 12:45 . 2009-09-03 07:04        1320960        ----a-w-        c:\windows\system32\CertEnroll.dll
2011-03-20 16:11 . 2009-05-18 12:17        26600        ----a-w-        c:\windows\system32\drivers\GEARAspiWDM.sys
2011-03-20 16:11 . 2008-04-17 11:12        107368        ----a-w-        c:\windows\system32\GEARAspi.dll
2011-03-20 16:11 . 2011-03-20 16:11        --------        d-----w-        c:\program files\iPod
2011-03-20 16:11 . 2011-03-20 16:11        --------        d-----w-        c:\program files\Apple Software Update
2011-03-20 16:09 . 2011-03-20 16:09        --------        d-----w-        c:\programdata\Malwarebytes
2011-03-20 13:21 . 2009-12-29 06:55        172032        ----a-w-        c:\windows\system32\wintrust.dll
2011-03-20 13:21 . 2010-01-09 06:52        132608        ----a-w-        c:\windows\system32\cabview.dll
2011-03-20 13:19 . 2009-11-25 11:47        99176        ----a-w-        c:\windows\system32\PresentationHostProxy.dll
2011-03-20 13:19 . 2009-11-25 11:47        49472        ----a-w-        c:\windows\system32\netfxperf.dll
2011-03-20 13:19 . 2009-11-25 11:47        297808        ----a-w-        c:\windows\system32\mscoree.dll
2011-03-20 13:19 . 2009-11-25 11:47        295264        ----a-w-        c:\windows\system32\PresentationHost.exe
2011-03-20 13:19 . 2009-11-25 11:47        1130824        ----a-w-        c:\windows\system32\dfshim.dll
2011-03-20 13:16 . 2011-04-05 18:14        --------        d-----w-        c:\windows\system32\wbem\Performance
2011-03-20 12:56 . 2011-03-20 12:56        --------        d-----w-        c:\users\Default\AppData\Local\Microsoft Help
2011-03-20 12:33 . 2011-03-30 13:03        --------        d-----w-        c:\users\Kobi
2011-03-20 12:32 . 2011-03-20 12:32        --------        d-----w-        c:\windows\system32\RTCOM
2011-03-20 12:32 . 2011-03-20 12:32        --------        d-----w-        c:\program files\Realtek
2011-03-20 12:32 . 2011-03-20 12:32        --------        d-----w-        c:\programdata\NVIDIA
2011-03-20 12:32 . 2011-04-01 14:37        --------        d-sh--w-        c:\windows\Installer
2011-03-20 12:32 . 2011-03-20 12:39        --------        d-----w-        c:\program files\NVIDIA Corporation
2011-03-20 12:28 . 2011-03-20 13:17        --------        d-----w-        c:\windows\Panther
2011-03-20 12:09 . 2011-03-20 13:02        --------        d-----w-        C:\$WINDOWS.~Q
2011-03-20 12:03 . 2011-03-20 12:06        --------        d-----w-        C:\$INPLACE.~TR
2011-03-19 19:51 . 2011-03-19 19:51        155648        --sha-r-        c:\windows\system32\wavemspb.dll
2011-03-19 19:30 . 2011-04-01 14:46        --------        d-----w-        c:\programdata\Norton
2011-03-14 17:20 . 2011-03-20 12:35        --------        d-----w-        c:\program files\AnvSoft
2011-03-12 12:48 . 2011-03-20 12:42        --------        d-----w-        c:\programdata\Bluefish Media
2011-03-12 12:48 . 2011-03-12 13:49        --------        d-----w-        c:\program files\Bluefish Games
2011-03-12 11:28 . 2011-03-12 11:28        103864        ----a-w-        c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-03-12 11:28 . 2011-03-12 11:28        103864        ----a-w-        c:\program files\Internet Explorer\Plugins\nppdf32.dll
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
2011-03-27 09:19 . 2010-05-19 14:50        2300696        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-03-27 09:18 . 2010-05-19 14:50        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-03-27 09:18 . 2010-02-18 08:19        1220416        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-03-21 18:35 . 2010-09-04 11:41        281760        ----a-w-        c:\windows\system32\drivers\atksgt.sys
2011-03-21 18:35 . 2010-09-04 11:41        25888        ----a-w-        c:\windows\system32\drivers\lirsgt.sys
2011-03-21 15:58 . 2010-02-05 14:52        1220416        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-03-16 14:19 . 2011-02-19 21:36        137656        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-02-02 16:11 . 2009-11-16 10:03        222080        ------w-        c:\windows\system32\MpSigStub.exe
2011-01-21 14:05 . 2011-01-21 14:05        53248        ----a-w-        c:\windows\system32\unrar.dll
2011-01-10 13:23 . 2011-02-19 21:36        61960        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2011-01-07 14:55 . 2011-01-07 14:55        40800        ----a-w-        c:\windows\system32\drivers\point32.sys
2011-01-06 18:37 . 2011-01-06 18:37        44416        ----a-w-        c:\windows\system32\drivers\dc3d.sys
2011-01-06 18:37 . 2011-01-06 18:37        1461992        ----a-w-        c:\windows\system32\WdfCoInstaller01009.dll
2011-01-06 16:31 . 2010-11-08 16:34        103424        ----a-w-        c:\windows\system32\PowerUp3_nat.dll
2011-03-18 17:56 . 2011-03-27 11:08        142296        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 1797488]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 14:33        421160        ----a-w-        c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-08-04 15:17        7703072        ----a-w-        c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
R0 sptd;sptd; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-21 135664]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-11-12 66664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 acedrv09;acedrv09;c:\windows\system32\drivers\acedrv09.sys [2007-06-18 373568]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-01-19 277544]
S2 acehlp09;acehlp09;c:\windows\system32\drivers\acehlp09.sys [2007-05-30 201696]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-01-06 44416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 603240]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai        REG_MULTI_SZ          Akamai
Inhalt des "geplante Tasks" Ordners
2011-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-21 15:01]
2011-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-21 15:01]
------- Zusätzlicher Suchlauf -------
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Kobi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Kobi\AppData\Roaming\Mozilla\Firefox\Profiles\vtkrlqy8.default\
FF - prefs.js: - Google
FF - prefs.js: browser.startup.homepage - hxxp://
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
--------------------- Gesperrte Registrierungsschluessel ---------------------
@Denied: (A 2) (Everyone)
@Denied: (A 2) (Everyone)
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
@Denied: (Full) (Everyone)
------------------------ Weitere laufende Prozesse ------------------------
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
Zeit der Fertigstellung: 2011-04-05  21:25:32 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-04-05 19:25
ComboFix2.txt  2011-04-05 12:40
Vor Suchlauf: 17 Verzeichnis(se), 353.126.141.952 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 352.266.457.088 Bytes frei
- - End Of File - - 6AF1A2C50448B154AE842866DAB62A2F

--- --- ---

cosinus 06.04.2011 08:08

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten =>

Kronski 06.04.2011 13:19

da ist nur ein tool von norman und ein anderes.
also das von norman oder das andere :confused:

