TR/Kasy.mekml.1 - Kritischer Fehler HDD

Moh · 21.04.2011, 22:17

Hallo,
nun war ich an der Reihe.
habe gerade meinen Rechner angemacht und Antivir hat mit gesagt:

Malware in datei C:/ProgramData/28106528.exe (wobei sich die nummer offter ändert)

Programm TR/Kasy.mekml.1 gefungen

desweiteren kommen die fehlermeldungen:

Kritischer Fehler "Beschädigte Festplatte-Cluster"
Kritischer Fehler "bilderschrift" (also nicht lesbar)
Fehler der Festplatte RAM-Speicher Nutzung ist kritisch hoch. Ramspeicher gescheitert.

Malwarebytes läuft schon 18 Minuten und dann hat der Rechner sich neu gestartet.
Dann kam Blachscreen und eine Windowsüberprüfung und der Rechner startete neu.
Versichen einen erneuten scan damit ich an den Log kommen.

Zur Info: ich hatte heute morgen noch einen Treibe für einen CanoniP4600 geladen. An meine daten komme ich nicht mehr ran außer diese die aud der D: Festplatte liegen. Internetexplorer und so sind weg. Mozille geht noch. Der Rechner ist extremlangsam.

Ich habe keine Ahnung wie es nun weiter geht außer das was ich bei anderen schon gelesen habe. Hoffe das ihr mir auch helfen könnt.

vielen Dank

so so der Moh

Hier der Log von OTL.OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 22.04.2011 00:08:49 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\HappyMoh\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,10 Gb Total Space | 78,26 Gb Free Space | 52,84% Space Free | Partition Type: NTFS
Drive D: | 73,07 Gb Total Space | 15,28 Gb Free Space | 20,92% Space Free | Partition Type: NTFS
 
Computer Name: MOH-PC | User Name: HappyMoh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\HappyMoh\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\uvEWQXCeAJwf.exe (WinTrust)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\guardhlp.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - D:\Programme\agent\Bin\NABWatcher.exe (Symantec)
PRC - C:\Programme\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE ()
PRC - C:\Windows\System32\lxdfcoms.exe ( )
PRC - C:\Windows\System32\lxbucoms.exe ( )
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\lxdacoms.exe ( )
PRC - C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Windows\System32\attrib.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\HappyMoh\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.20656_none_463680b8218be5a3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Symantec Core LC) --  File not found
SRV - (CLTNetCnService) --  File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (SymantecAntiBotWatcher) -- D:\Programme\agent\Bin\NABWatcher.exe (Symantec)
SRV - (HerculesDJControlMP3) -- C:\Programme\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (lxdf_device) -- C:\Windows\System32\lxdfcoms.exe ( )
SRV - (lxdfCATSCustConnectService) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdfserv.exe ()
SRV - (lxbu_device) -- C:\Windows\System32\lxbucoms.exe ( )
SRV - (lxda_device) -- C:\Windows\System32\lxdacoms.exe ( )
SRV - (TestHandler) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
SRV - (SentinelProtectionServer) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
DRV - (csr_a2dp) -- C:\Windows\System32\drivers\bthav.sys (CSR, plc)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (HDJMidi) -- C:\Windows\System32\drivers\HDJMidi.sys (© Guillemot R&D, 2009. All rights reserved.)
DRV - (Bulk) -- C:\Windows\System32\drivers\HDJBulk.sys (© Guillemot R&D, 2009. All rights reserved.)
DRV - (BthAvrcp) -- C:\Windows\System32\drivers\BthAvrcp.sys (CSR, plc)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (Sentinel) -- C:\Windows\System32\Drivers\SENTINEL.SYS (SafeNet, Inc.)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (SSIPDDP) -- C:\Windows\System32\drivers\SSIPDDP.SYS ()
DRV - (SNTNLUSB) -- C:\Windows\System32\drivers\SNTNLUSB.SYS (SafeNet, Inc.)
DRV - (FTD2XX) -- C:\Windows\System32\drivers\FTD2XX.sys (FTDI Ltd.)
DRV - (DLPortIO) -- C:\Windows\System32\drivers\dlportio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.01.29 13:44:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.29 13:44:12 | 000,000,000 | ---D | M]
 
[2009.03.15 17:44:35 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\HappyMoh\AppData\Roaming\mozilla\Extensions
[2011.04.21 22:32:30 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\HappyMoh\AppData\Roaming\mozilla\Firefox\Profiles\kedkuml1.default\extensions
[2011.04.21 21:14:36 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\HappyMoh\AppData\Roaming\mozilla\Firefox\Profiles\kedkuml1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.04.21 21:14:37 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\HappyMoh\AppData\Roaming\mozilla\Firefox\Profiles\kedkuml1.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.04.21 21:14:37 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\HappyMoh\AppData\Roaming\mozilla\Firefox\Profiles\kedkuml1.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.04.21 21:14:38 | 000,000,000 | -H-D | M] (DVDVideoSoft Toolbar) -- C:\Users\HappyMoh\AppData\Roaming\mozilla\Firefox\Profiles\kedkuml1.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2011.04.21 21:14:38 | 000,000,000 | -H-D | M] (SweetIM Toolbar for Firefox) -- C:\Users\HappyMoh\AppData\Roaming\mozilla\Firefox\Profiles\kedkuml1.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010.06.27 11:52:36 | 000,000,873 | -H-- | M] () -- C:\Users\HappyMoh\AppData\Roaming\Mozilla\Firefox\Profiles\kedkuml1.default\searchplugins\conduit.xml
[2011.04.04 18:20:05 | 000,000,950 | -H-- | M] () -- C:\Users\HappyMoh\AppData\Roaming\Mozilla\Firefox\Profiles\kedkuml1.default\searchplugins\icqplugin-1.xml
[2010.12.05 17:19:40 | 000,001,056 | -H-- | M] () -- C:\Users\HappyMoh\AppData\Roaming\Mozilla\Firefox\Profiles\kedkuml1.default\searchplugins\icqplugin.xml
[2010.08.21 13:25:07 | 000,003,915 | -H-- | M] () -- C:\Users\HappyMoh\AppData\Roaming\Mozilla\Firefox\Profiles\kedkuml1.default\searchplugins\sweetim.xml
[2010.10.26 20:05:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.03.15 17:44:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org
[2008.08.28 16:37:45 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009.09.02 21:56:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2010.12.06 17:37:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.12.06 17:37:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.12.06 17:37:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.12.06 17:37:29 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.12.06 17:37:29 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.02.11 17:45:32 | 000,000,814 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LXBUCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXBUtime.DLL ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2711294998-2418963050-491248811-1000..\Run: [uvEWQXCeAJwf] C:\ProgramData\uvEWQXCeAJwf.exe (WinTrust)
O4 - Startup: C:\Users\HappyMoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O7 - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\HappyMoh\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\..Trusted Ranges: GD ([http] in Lokales Intranet)
O15 - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} Java Plug-in Technology (Java Plug-in 1.4.2_15)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.237.149.142 217.237.150.205
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\fsc_wallpaper1.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\fsc_wallpaper1.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{28cdc559-0bd9-11dd-9046-00030d8137b6}\Shell\AutoRun\command - "" = F:\
O33 - MountPoints2\{28cdc559-0bd9-11dd-9046-00030d8137b6}\Shell\explore\Command - "" = F:\RECYCLER\INFO.exe
O33 - MountPoints2\{28cdc559-0bd9-11dd-9046-00030d8137b6}\Shell\open\Command - "" = F:\RECYCLER\INFO.exe
O33 - MountPoints2\{a5671296-0bbb-11dd-b68c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a5671296-0bbb-11dd-b68c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\{b1086477-e0d6-11df-9c28-001167829940}\Shell\AutoRun\command - "" = F:\Install.exe
O33 - MountPoints2\{b1086477-e0d6-11df-9c28-001167829940}\Shell\menu1\command - "" = F:\Install.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.22 00:08:18 | 000,580,608 | -H-- | C] (OldTimer Tools) -- C:\Users\HappyMoh\Desktop\OTL.exe
[2011.04.21 21:39:00 | 000,000,000 | -H-D | C] -- C:\Users\HappyMoh\AppData\Roaming\Malwarebytes
[2011.04.21 21:38:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.21 21:38:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.21 21:38:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes
[2011.04.21 21:38:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.04.21 21:38:48 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.04.21 21:28:46 | 000,000,000 | -H-D | C] -- C:\Users\HappyMoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011.04.21 19:03:25 | 000,569,344 | -H-- | C] (WinTrust) -- C:\ProgramData\uvEWQXCeAJwf.exe
[2011.04.21 07:55:03 | 000,230,912 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMLM9A.DLL
[2011.04.04 20:15:38 | 000,000,000 | -H-D | C] -- C:\Users\HappyMoh\AppData\Roaming\Avira
[2011.03.24 21:01:25 | 000,000,000 | -H-D | C] -- C:\Users\HappyMoh\Documents\Tim Nieber
[2010.11.02 20:51:09 | 000,950,272 | ---- | C] ( ) -- C:\Windows\System32\lxdfusb1.dll
[2010.11.02 20:51:09 | 000,434,176 | ---- | C] ( ) -- C:\Windows\System32\lxdfhcp.dll
[2010.11.02 20:51:09 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxdfinpa.dll
[2010.11.02 20:51:09 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdfiesc.dll
[2010.11.02 20:51:08 | 001,200,128 | ---- | C] ( ) -- C:\Windows\System32\lxdfserv.dll
[2010.11.02 20:51:08 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdfpmui.dll
[2010.11.02 20:51:08 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdfprox.dll
[2010.11.02 20:51:07 | 000,565,248 | ---- | C] ( ) -- C:\Windows\System32\lxdflmpm.dll
[2010.11.02 20:51:07 | 000,320,432 | ---- | C] ( ) -- C:\Windows\System32\lxdfih.exe
[2010.11.02 20:51:06 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdfhbn3.dll
[2010.11.02 20:51:06 | 000,598,960 | ---- | C] ( ) -- C:\Windows\System32\lxdfcoms.exe
[2010.11.02 20:51:05 | 000,860,160 | ---- | C] ( ) -- C:\Windows\System32\lxdfcomc.dll
[2010.11.02 20:51:05 | 000,365,488 | ---- | C] ( ) -- C:\Windows\System32\lxdfcfg.exe
[2010.11.02 20:51:05 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdfcomm.dll
[2009.03.24 10:12:13 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxdainpa.dll
[2009.03.24 10:12:13 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxdaiesc.dll
[2009.03.24 10:12:13 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXDAhcp.dll
[2009.03.24 10:12:12 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxdaserv.dll
[2009.03.24 10:12:12 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxdausb1.dll
[2009.03.24 10:12:12 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxdapmui.dll
[2009.03.24 10:12:12 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxdalmpm.dll
[2009.03.24 10:12:12 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxdaprox.dll
[2009.03.24 10:12:12 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxdapplc.dll
[2009.03.24 10:12:11 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxdahbn3.dll
[2009.03.24 10:12:11 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxdacoms.exe
[2009.03.24 10:12:11 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxdaih.exe
[2009.03.24 10:12:10 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxdacomc.dll
[2009.03.24 10:12:10 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxdacomm.dll
[2009.03.24 10:12:10 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxdacfg.exe
[2009.03.15 15:54:55 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbuinpa.dll
[2009.03.15 15:54:55 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbuiesc.dll
[2009.03.15 15:54:55 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBUhcp.dll
[2009.03.15 15:54:54 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbuserv.dll
[2009.03.15 15:54:54 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxbuusb1.dll
[2009.03.15 15:54:54 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbuhbn3.dll
[2009.03.15 15:54:54 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbupmui.dll
[2009.03.15 15:54:54 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbulmpm.dll
[2009.03.15 15:54:54 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxbuih.exe
[2009.03.15 15:54:54 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbuprox.dll
[2009.03.15 15:54:54 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbupplc.dll
[2009.03.15 15:54:53 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbucomc.dll
[2009.03.15 15:54:53 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxbucoms.exe
[2009.03.15 15:54:53 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbucomm.dll
[2009.03.15 15:54:53 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxbucfg.exe
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.22 00:10:01 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8CDDE6C4-EA89-4248-B419-D7CD30AC64D1}.job
[2011.04.22 00:08:22 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\HappyMoh\Desktop\OTL.exe
[2011.04.22 00:00:23 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.22 00:00:13 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.22 00:00:13 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.22 00:00:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.22 00:00:00 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.21 23:09:25 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.04.21 22:56:18 | 000,641,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.21 22:56:18 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.21 22:56:18 | 000,116,706 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.21 22:56:18 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.21 22:48:13 | 260,553,405 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.04.21 22:31:19 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~28106528r
[2011.04.21 22:31:19 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~28106528
[2011.04.21 22:31:03 | 000,000,336 | -H-- | M] () -- C:\ProgramData\28106528
[2011.04.21 22:30:57 | 000,487,424 | -H-- | M] () -- C:\ProgramData\28106528.exe
[2011.04.21 22:26:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.21 21:38:53 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.21 21:31:14 | 000,000,400 | -H-- | M] () -- C:\ProgramData\26205984
[2011.04.21 21:29:02 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~26205984r
[2011.04.21 21:29:02 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~26205984
[2011.04.21 21:28:57 | 000,000,589 | -H-- | M] () -- C:\Users\HappyMoh\Desktop\Windows Recovery.lnk
[2011.04.21 19:03:24 | 000,569,344 | -H-- | M] (WinTrust) -- C:\ProgramData\uvEWQXCeAJwf.exe
[2011.04.20 22:49:14 | 000,001,038 | -H-- | M] () -- C:\Users\HappyMoh\Desktop\DVDVideoSoft Free Studio.lnk
[2011.04.19 18:35:42 | 000,001,269 | -H-- | M] () -- C:\ProgramData\lxdf
[2011.04.19 18:29:02 | 000,951,807 | -H-- | M] () -- C:\Users\HappyMoh\Desktop\Kanalplan Wolfcenter.jpg
[2011.04.06 22:17:00 | 000,004,214 | -H-- | M] () -- C:\Users\HappyMoh\Desktop\APF.jpg
[2011.04.06 18:21:18 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.04.04 19:05:52 | 000,790,510 | -H-- | M] () -- C:\Users\HappyMoh\Desktop\HELLER GESAMT.CFI
[2011.04.04 18:05:08 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011.04.04 17:20:03 | 001,473,803 | -H-- | M] () -- C:\Users\HappyMoh\Desktop\HELLER GESAMT.DXF
[2011.03.26 10:26:41 | 000,001,977 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.21 22:31:19 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~28106528r
[2011.04.21 22:31:19 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~28106528
[2011.04.21 22:31:03 | 000,000,336 | -H-- | C] () -- C:\ProgramData\28106528
[2011.04.21 22:30:57 | 000,487,424 | -H-- | C] () -- C:\ProgramData\28106528.exe
[2011.04.21 21:38:53 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.21 21:29:02 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~26205984r
[2011.04.21 21:29:02 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~26205984
[2011.04.21 21:28:57 | 000,000,589 | -H-- | C] () -- C:\Users\HappyMoh\Desktop\Windows Recovery.lnk
[2011.04.21 21:28:10 | 000,000,400 | -H-- | C] () -- C:\ProgramData\26205984
[2011.04.19 18:29:02 | 000,951,807 | -H-- | C] () -- C:\Users\HappyMoh\Desktop\Kanalplan Wolfcenter.jpg
[2011.04.06 22:12:57 | 000,004,214 | -H-- | C] () -- C:\Users\HappyMoh\Desktop\APF.jpg
[2011.04.04 19:05:52 | 000,790,510 | -H-- | C] () -- C:\Users\HappyMoh\Desktop\HELLER GESAMT.CFI
[2011.04.04 18:05:08 | 000,001,893 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011.04.04 17:20:03 | 001,473,803 | -H-- | C] () -- C:\Users\HappyMoh\Desktop\HELLER GESAMT.DXF
[2011.03.04 19:23:44 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXDFPMON.DLL
[2011.03.04 19:23:44 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXDFFXPU.DLL
[2011.03.04 19:23:24 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdfoem.dll
[2011.01.15 11:34:36 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2010.11.02 20:51:09 | 000,348,160 | ---- | C] () -- C:\Windows\System32\lxdfinst.dll
[2010.11.02 20:51:06 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdfgrd.dll
[2010.08.22 11:25:13 | 000,001,269 | -H-- | C] () -- C:\ProgramData\lxdf
[2010.02.14 14:48:55 | 005,640,880 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2010.02.14 14:48:55 | 000,015,341 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2010.01.15 00:58:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.01.07 12:37:25 | 000,024,206 | -H-- | C] () -- C:\Users\HappyMoh\AppData\Roaming\UserTile.png
[2009.12.03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.09.26 13:39:12 | 000,408,576 | ---- | C] () -- C:\Windows\System32\javai.dll
[2009.09.26 13:39:12 | 000,364,032 | ---- | C] () -- C:\Windows\System32\ha312w32.dll
[2009.09.26 13:39:11 | 000,053,317 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2009.09.26 13:39:09 | 000,256,000 | ---- | C] () -- C:\Windows\System32\iflTIFF0.dll
[2009.09.26 13:39:09 | 000,256,000 | ---- | C] () -- C:\Windows\System32\iflTIFF.dll
[2009.09.26 13:39:09 | 000,104,960 | ---- | C] () -- C:\Windows\System32\iflJFIF0.dll
[2009.09.26 13:39:09 | 000,104,960 | ---- | C] () -- C:\Windows\System32\iflJFIF.dll
[2009.09.26 13:39:09 | 000,102,912 | ---- | C] () -- C:\Windows\System32\ifl0.dll
[2009.09.26 13:39:09 | 000,102,400 | ---- | C] () -- C:\Windows\System32\ifl.dll
[2009.09.26 13:39:09 | 000,086,016 | ---- | C] () -- C:\Windows\System32\iflPNG.dll
[2009.09.26 13:39:09 | 000,026,112 | ---- | C] () -- C:\Windows\System32\iflGIF0.dll
[2009.09.26 13:39:09 | 000,026,112 | ---- | C] () -- C:\Windows\System32\iflGIF.dll
[2009.09.26 13:39:09 | 000,019,456 | ---- | C] () -- C:\Windows\System32\iflBMP0.dll
[2009.09.26 13:39:09 | 000,019,456 | ---- | C] () -- C:\Windows\System32\iflBMP.dll
[2009.09.26 13:39:08 | 000,169,221 | ---- | C] () -- C:\Windows\DDS-StartBit.exe
[2009.09.26 13:39:08 | 000,048,128 | ---- | C] () -- C:\Windows\System32\crexpd32.dll
[2009.06.19 20:47:22 | 000,000,092 | -H-- | C] () -- C:\Users\HappyMoh\AppData\Roaming\wklnhst.dat
[2009.03.24 10:13:50 | 000,000,136 | ---- | C] () -- C:\Windows\Lexstat.ini
[2009.03.24 10:12:13 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxdautil.dll
[2009.03.24 10:12:13 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXDAinst.dll
[2009.03.15 15:54:55 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBUinst.dll
[2008.12.22 13:39:47 | 000,067,584 | ---- | C] () -- C:\Windows\System32\SSIREGI.EXE
[2008.12.22 13:39:47 | 000,054,784 | ---- | C] () -- C:\Windows\System32\SSIPDDP.SYS
[2008.12.22 13:38:59 | 000,000,250 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.12.22 13:38:59 | 000,000,090 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008.07.26 18:57:12 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.06.28 22:03:20 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.06.16 18:16:49 | 000,000,680 | -H-- | C] () -- C:\Users\HappyMoh\AppData\Local\d3d9caps.dat
[2008.06.16 17:05:31 | 000,340,480 | ---- | C] () -- C:\Windows\System32\K8062e.exe
[2008.06.16 17:05:31 | 000,322,048 | ---- | C] () -- C:\Windows\System32\Easylase.dll
[2008.06.16 17:05:31 | 000,301,056 | ---- | C] () -- C:\Windows\System32\usbdmxfs.dll
[2008.06.16 17:05:31 | 000,084,992 | ---- | C] () -- C:\Windows\System32\DMX510Vb.dll
[2008.06.16 17:05:31 | 000,049,152 | ---- | C] () -- C:\Windows\System32\EspionDll.dll
[2008.06.16 17:05:31 | 000,042,496 | ---- | C] () -- C:\Windows\System32\K8062D.dll
[2008.06.16 17:05:31 | 000,032,768 | ---- | C] () -- C:\Windows\System32\MPUSBAPI.DLL
[2008.06.16 17:05:31 | 000,017,920 | ---- | C] () -- C:\Windows\System32\usbdmxsi.dll
[2008.06.16 17:05:31 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FASTTime32.dll
[2008.06.16 17:05:30 | 000,262,144 | ---- | C] () -- C:\Windows\System32\dashard2006.dll
[2008.06.16 17:05:30 | 000,110,592 | ---- | C] () -- C:\Windows\System32\usb_dll.dll
[2008.06.16 17:05:30 | 000,110,592 | ---- | C] () -- C:\Windows\System32\dashard.dll
[2008.06.16 17:05:30 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dashardvb.dll
[2008.06.16 17:05:30 | 000,044,544 | ---- | C] () -- C:\Windows\System32\dmx60.dll
[2008.06.16 17:05:30 | 000,044,544 | ---- | C] () -- C:\Windows\System32\dmx120.dll
[2008.06.16 17:05:30 | 000,037,888 | ---- | C] () -- C:\Windows\System32\LPT_dmx.dll
[2008.06.16 17:05:30 | 000,032,768 | ---- | C] () -- C:\Windows\System32\inpout32.dll
[2008.06.16 17:05:30 | 000,003,584 | ---- | C] () -- C:\Windows\System32\drivers\dlportio.sys
[2008.05.26 18:38:32 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.04.30 20:38:07 | 000,098,304 | -H-- | C] () -- C:\Users\HappyMoh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.04.16 15:59:47 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini
[2008.04.01 09:54:43 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008.04.01 09:54:43 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll
[2008.02.11 20:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008.02.11 20:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008.02.11 20:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008.02.11 20:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2007.08.19 17:18:50 | 000,033,440 | ---- | C] () -- C:\Windows\DdsSysOp.exe
[2007.05.24 17:24:26 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxdfdrs.dll
[2007.05.23 05:39:22 | 000,204,476 | ---- | C] () -- C:\Windows\sendmail.exe
[2007.05.23 05:39:20 | 000,227,995 | ---- | C] () -- C:\Windows\DDS-StartBsp.exe
[2007.05.23 05:39:18 | 000,091,136 | ---- | C] () -- C:\Windows\System32\mscomstf.dll
[2007.05.23 05:39:18 | 000,024,064 | ---- | C] () -- C:\Windows\System32\msshlstf.dll
[2007.05.23 05:39:16 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll
[2007.05.22 11:09:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxdfcaps.dll
[2007.05.03 16:50:10 | 000,348,160 | ---- | C] () -- C:\Windows\System32\lxdfcoin.dll
[2007.04.17 11:17:06 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdfcnv4.dll
[2007.04.12 16:07:48 | 008,056,832 | ---- | C] () -- C:\Windows\System32\Lads76.dll
[2007.04.12 16:07:48 | 001,941,558 | ---- | C] () -- C:\Windows\System32\TKTopAlgo.dll
[2007.04.12 16:07:48 | 001,130,550 | ---- | C] () -- C:\Windows\System32\TKService.dll
[2007.04.12 16:07:46 | 003,567,667 | ---- | C] () -- C:\Windows\System32\TKBool.dll
[2007.04.12 16:07:46 | 003,235,895 | ---- | C] () -- C:\Windows\System32\TKGeomBase.dll
[2007.04.12 16:07:46 | 002,977,842 | ---- | C] () -- C:\Windows\System32\TKV3d.dll
[2007.04.12 16:07:46 | 002,064,436 | ---- | C] () -- C:\Windows\System32\TKernel.dll
[2007.04.12 16:07:46 | 001,744,947 | ---- | C] () -- C:\Windows\System32\TKMath.dll
[2007.04.12 16:07:46 | 001,216,561 | ---- | C] () -- C:\Windows\System32\TKBO.dll
[2007.04.12 16:07:46 | 000,872,448 | ---- | C] () -- C:\Windows\System32\iconv.dll
[2007.04.12 16:07:46 | 000,839,730 | ---- | C] () -- C:\Windows\System32\TKG3d.dll
[2007.04.12 16:07:46 | 000,811,061 | ---- | C] () -- C:\Windows\System32\TKOffset.dll
[2007.04.12 16:07:46 | 000,475,186 | ---- | C] () -- C:\Windows\System32\TKV2d.dll
[2007.04.12 16:07:46 | 000,413,696 | ---- | C] () -- C:\Windows\System32\whiptkw.dll
[2007.04.12 16:07:46 | 000,274,497 | ---- | C] () -- C:\Windows\System32\guisys.dll
[2007.04.12 16:07:46 | 000,090,112 | ---- | C] () -- C:\Windows\System32\ifchttpclient.dll
[2007.04.12 16:07:46 | 000,081,920 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2007.04.12 16:07:46 | 000,053,248 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2007.04.12 16:07:44 | 009,334,850 | ---- | C] () -- C:\Windows\System32\edmikit400.dll
[2007.04.12 16:07:44 | 003,375,159 | ---- | C] () -- C:\Windows\System32\TKGeomAlgo.dll
[2007.04.12 16:07:44 | 001,839,157 | ---- | C] () -- C:\Windows\System32\TKFillet.dll
[2007.04.12 16:07:44 | 000,725,043 | ---- | C] () -- C:\Windows\System32\TKBRep.dll
[2007.04.12 16:07:44 | 000,626,738 | ---- | C] () -- C:\Windows\System32\TKHLR.dll
[2007.04.12 16:07:44 | 000,356,402 | ---- | C] () -- C:\Windows\System32\TKG2d.dll
[2007.04.12 16:07:44 | 000,249,907 | ---- | C] () -- C:\Windows\System32\TKPrim.dll
[2007.02.22 19:32:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbucoin.dll
[2007.01.22 09:49:34 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxdacoin.dll
[2006.11.02 17:33:31 | 000,641,344 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,116,706 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,423,848 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,610,142 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,103,924 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:25 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscld.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 09:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006.11.02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006.08.30 15:05:18 | 000,067,584 | ---- | C] () -- C:\Windows\System32\drivers\SSIREGI.EXE
[2006.08.30 15:05:18 | 000,054,784 | ---- | C] () -- C:\Windows\System32\drivers\SSIPDDP.SYS
[2006.08.11 09:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2006.08.01 02:53:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdfvs.dll
[2006.03.27 12:19:20 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdavs.dll
[2005.12.21 17:57:36 | 000,139,264 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll
[2005.12.21 17:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll
[2005.12.21 17:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll
[2005.08.18 07:26:46 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbuvs.dll
[2005.02.24 18:23:50 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbucnv4.dll
[2004.09.23 07:31:30 | 000,000,071 | ---- | C] () -- C:\Windows\System32\FTD2XXUN.ini
[1999.01.22 20:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
 
< End of report >

--- --- ---

ausversehen 2x gepostet

kira · 22.04.2011, 08:55

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

Zitat:

Wenn ein System kompromittiert wurde, ist das System nicht mehr vertrauenswürdig
Eine Neuinstallation garantiert die rückstandsfreie Entfernung der Infektion - Lesestoff: "Hilfe: Ich wurde das Opfer eines Hackerangriffs. Was soll ich tun?" - Säubern eines gefährdeten Systems

Falls du doch für die Systemreinigung entscheidest - Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst::

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript:

Code:

ATTFilter

:OTL
PRC - C:\ProgramData\uvEWQXCeAJwf.exe (WinTrust)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
[2011.04.21 21:14:38 | 000,000,000 | -H-D | M] (SweetIM Toolbar for Firefox) -- C:\Users\HappyMoh\AppData\Roaming\mozilla\Firefox\Profiles\kedkuml1.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010.06.27 11:52:36 | 000,000,873 | -H-- | M] () -- C:\Users\HappyMoh\AppData\Roaming\Mozilla\Firefox\Profiles\kedkuml1.default\searchplugins\conduit.xml
[2010.08.21 13:25:07 | 000,003,915 | -H-- | M] () -- C:\Users\HappyMoh\AppData\Roaming\Mozilla\Firefox\Profiles\kedkuml1.default\searchplugins\sweetim.xml
[2010.12.06 17:37:29 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
[2011.04.21 19:03:25 | 000,569,344 | -H-- | C] (WinTrust) -- C:\ProgramData\uvEWQXCeAJwf.exe
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKU\S-1-5-21-2711294998-2418963050-491248811-1000..\Run: [uvEWQXCeAJwf] C:\ProgramData\uvEWQXCeAJwf.exe (WinTrust)
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2011.04.21 22:31:19 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~28106528r
[2011.04.21 22:31:19 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~28106528
[2011.04.21 22:31:03 | 000,000,336 | -H-- | M] () -- C:\ProgramData\28106528
[2011.04.21 22:30:57 | 000,487,424 | -H-- | M] () -- C:\ProgramData\28106528.exe
[2011.04.21 21:29:02 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~26205984r
[2011.04.21 21:29:02 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~26205984
[2011.04.21 21:28:10 | 000,000,400 | -H-- | C] () -- C:\ProgramData\26205984

:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Code-Tags in Deinen Thread.

2.
Hast du den Rechner bereits auf Viren überprüft? Folgende Ergebnisse möchte ich noch sehen:

Code:

ATTFilter

Malwarebytes

3.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool Ccleaner herunter
→ Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

4.
** Update Malwarebytes Anti-Malware, lass es nochmal anhand der folgenden Anleitung laufen:

per Doppelklick starten.
den Quarantine-Inhalt löschen
gleich mal die Datenbanken zu aktualisieren - online updaten
Vollständiger Suchlauf wählen (überall Haken setzen)
wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
alle Funde bis auf - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"

eine bebilderte Anleitung findest Du hier: Anleitung

5.
Erneut ein OTL-Log erstellen und posten:-> OTL-Anleitung

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B hjtsanlist o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
Coverflow

Moh · 22.04.2011, 09:40

Code:

ATTFilter

All processes killed
========== OTL ==========
No active process named uvEWQXCeAJwf.exe was found!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2711294998-2418963050-491248811-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_USERS\S-1-5-21-2711294998-2418963050-491248811-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Programme\DVDVideoSoftTB\tbDVDV.dll not found.
Registry value HKEY_USERS\S-1-5-21-2711294998-2418963050-491248811-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\ not found.
File C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll not found.
HKU\S-1-5-21-2711294998-2418963050-491248811-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "hxxp://search.sweetim.com/search.asp?src=2&q=" removed from sweetim.toolbar.previous.keyword.URL
C:\Users\HappyMoh\AppData\Roaming\mozilla\Firefox\Profiles\kedkuml1.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF folder moved successfully.
C:\Users\HappyMoh\AppData\Roaming\mozilla\Firefox\Profiles\kedkuml1.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\components folder moved successfully.
C:\Users\HappyMoh\AppData\Roaming\mozilla\Firefox\Profiles\kedkuml1.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome folder moved successfully.
C:\Users\HappyMoh\AppData\Roaming\mozilla\Firefox\Profiles\kedkuml1.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} folder moved successfully.
C:\Users\HappyMoh\AppData\Roaming\Mozilla\Firefox\Profiles\kedkuml1.default\searchplugins\conduit.xml moved successfully.
C:\Users\HappyMoh\AppData\Roaming\Mozilla\Firefox\Profiles\kedkuml1.default\searchplugins\sweetim.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully.
C:\ProgramData\uvEWQXCeAJwf.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Programme\DVDVideoSoftTB\tbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ deleted successfully.
File C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_USERS\S-1-5-21-2711294998-2418963050-491248811-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
File C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_USERS\S-1-5-21-2711294998-2418963050-491248811-1000\Software\Microsoft\Windows\CurrentVersion\Run\\uvEWQXCeAJwf deleted successfully.
File C:\ProgramData\uvEWQXCeAJwf.exe not found.
C:\ProgramData\SPLFAB1.tmp deleted successfully.
C:\ProgramData\~28106528r moved successfully.
C:\ProgramData\~28106528 moved successfully.
C:\ProgramData\28106528 moved successfully.
C:\ProgramData\28106528.exe moved successfully.
C:\ProgramData\~26205984r moved successfully.
C:\ProgramData\~26205984 moved successfully.
C:\ProgramData\26205984 moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: HappyMoh
->Temp folder emptied: 650074647 bytes
->Temporary Internet Files folder emptied: 550318997 bytes
->Java cache emptied: 6747917 bytes
->FireFox cache emptied: 40063142 bytes
->Google Chrome cache emptied: 15366102 bytes
->Flash cache emptied: 151635 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 144755105 bytes
RecycleBin emptied: 2463674459 bytes
 
Total Files Cleaned = 3.692,00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 04222011_103121

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\spserv.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Ccleaner txt

Code:

ATTFilter

Activation Assistant for the 2007 Microsoft Office suites	Microsoft Corporation	15.04.2008	14,0MB	
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	03.04.2011		10.2.153.1
Adobe Flash Player 10 Plugin	Adobe Systems Incorporated	12.05.2009		10.0.22.87
Adobe Media Player	Adobe Systems Incorporated	27.08.2008	2,95MB	1.1
Adobe Reader 8.1.4 - Deutsch	Adobe Systems Incorporated	21.03.2009	104,3MB	8.1.4
Apple Application Support	Apple Inc.	28.01.2011	52,8MB	1.4.1
Apple Mobile Device Support	Apple Inc.	28.01.2011	21,7MB	3.3.1.3
Apple Software Update	Apple Inc.	02.01.2009	2,16MB	2.1.1.116
Autodesk Architectural Desktop 2006 - Deutsch	Autodesk	09.09.2008	609MB	4.7.265.0
Avira AntiVir Personal - Free Antivirus	Avira GmbH	05.04.2011	73,8MB	10.0.0.635
Biet-O-Matic v2.14.8	BOM Development Team	14.01.2011	4,68MB	Biet-O-Matic v2.14.8
Big Fish Games Center (remove only)		15.04.2008	172,3MB	
Big Fish Games Sudoku (remove only)		15.04.2008	172,3MB	
BlockCAD 3.19	Anders Isaksson	30.03.2009	4,59MB	3.19
Bonjour	Apple Inc.	28.01.2011	0,97MB	2.0.4.0
Canon Utilities My Printer		10.05.2010	4,70MB	
CCleaner	Piriform	21.04.2011	3,60MB	3.05
Compatibility Pack für 2007 Office System	Microsoft Corporation	15.04.2011	56,2MB	12.0.6425.1000
Cradle of Rome (remove only)		15.04.2008	38,8MB	
dBpoweramp Music Converter	Illustrate	13.02.2010	10,0MB	Release 13.3
DDS Artikeldatenbank 6.35		25.09.2009	818MB	
DDS Basis bis 6.35		25.09.2009	817MB	
DDS ElektroPartner 6.35		25.09.2009	818MB	
DDS ElektroPartner bis 6.35		21.12.2008	318MB	
DDS SHK-Partner bis 6.35		21.12.2008	818MB	
DDS SHK-Partner Heizung/Sanitär 6.35		25.09.2009	818MB	
DDS-CAD 6.4	Data Design System GmbH	17.12.2009	669MB	6.4
DDS-SHK Hersteller-ARD 6.35		25.09.2009	818MB	
DMXControl 2.9	PopSoft	01.07.2008	10,8MB	2.9
DVDVideoSoftTB Toolbar		26.06.2010	2,50MB	
FirstSteps Diagnostics	Fujitsu Siemens Computers	31.03.2008	4,67MB	1.00
Franzis 3D-Eisenbahnplaner 10.0	Franzis	14.10.2009	10,6MB	
Free Audio CD Burner version 1.4.7	DVDVideoSoft Limited.	19.04.2011	3,13MB	
Free RAR Extract Frog 1.00	Philipp Winterberg	13.11.2008	1,70MB	1.00
Free YouTube to MP3 Converter version 3.9.35.324	DVDVideoSoft Limited.	19.04.2011	3,38MB	
FreeStyler	Raphaël Wellekens	01.07.2008	228MB	
FSCLounge	Fujitsu Siemens Computers	15.04.2008	8,47MB	1.0.0
FTDI FTD2XX USB Drivers		01.07.2008		
FTP Commander		15.04.2008	1,95MB	
Geberit ProPlanner Light 2009	Geberit International AG	12.05.2009	298MB	2.4.000
Google Chrome	Google Inc.	23.05.2010	346MB	10.0.648.204
Google Desktop	Google	15.04.2008	8,57MB	-
Google Earth	Google	25.09.2010	85,4MB	5.2.1.1588
Google Toolbar for Internet Explorer		31.03.2008	44,7MB	
Hercules DJ Products Series drivers	Hercules	29.11.2010	16,2MB	4.HDJS.2009
ICQ Toolbar	ICQ	25.10.2010	0,48MB	3.0.0
ICQ7.2	ICQ	25.10.2010	66,6MB	7.2
Intel(R) Graphics Media Accelerator Driver		31.03.2008		
IsoBuster 2.4	Smart Projects	22.11.2008	8,92MB	2.4
iTunes	Apple Inc.	28.01.2011	144,7MB	10.1.2.17
Java 2 Runtime Environment, SE v1.4.2_15	Sun Microsystems, Inc.	20.04.2008	131,6MB	1.4.2_15
Java(TM) 6 Update 5	Sun Microsystems, Inc.	02.05.2008	136,2MB	1.6.0.50
Java(TM) 6 Update 7	Sun Microsystems, Inc.	27.08.2008	136,2MB	1.6.0.70
Korean Fonts Support For Adobe Reader 8	Adobe Systems	10.05.2009	10,0MB	8.0.0
Lexmark 6200 Series	Lexmark International, Inc.	14.03.2009	42,1MB	
Lexmark 640 Series	Lexmark International, Inc.	23.03.2009	35,3MB	
Lexmark 6500 Series	Lexmark International, Inc.	01.11.2010	131,3MB	
Luxor Amun Rising (remove only)		15.04.2008	18,1MB	
Magic 3D EasyView	Nicolaudie	01.07.2008	228MB	
Mahjong Towers Eternity EU (remove only)		15.04.2008	15,7MB	
Malwarebytes' Anti-Malware	Malwarebytes Corporation	20.04.2011	4,80MB	
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	12.05.2009	28,1MB	
Microsoft Access 2000 Runtime	Microsoft Corporation	23.02.2009	59,6MB	9.00.2910
Microsoft Foto Designer Pro 7.0	Microsoft Corporation	14.07.2008	605MB	7.0.0.0000
Microsoft Office Home and Student 2007	Microsoft Corporation	28.12.2009	332MB	12.0.6425.1000
Microsoft Office Live Add-in 1.4	Microsoft Corporation	17.01.2010	0,49MB	2.0.3008.0
Microsoft Office PowerPoint Viewer 2007 (German)	Microsoft Corporation	15.04.2011	51,0MB	12.0.6425.1000
Microsoft Silverlight	Microsoft Corporation	21.02.2011	140,0MB	4.0.60129.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	29.11.2010	0,25MB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	29.11.2010	0,41MB	8.0.56336
Microsoft Visual C++ 2005 Redistributable - KB2467175	Microsoft Corporation	15.04.2011	0,29MB	8.0.51011
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	28.07.2009	0,19MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	15.04.2011	0,58MB	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	30.03.2009	0,58MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	03.04.2011	0,58MB	9.0.30729.4148
Microsoft Works	Microsoft Corporation	14.12.2010	377MB	9.7.0621
Motorola SM56 Speakerphone Modem	Motorola Inc	17.01.2010	1,72MB	6.12.25.06
Mozilla Firefox (3.0.19)	Mozilla	05.12.2010	25,1MB	3.0.19 (de)
MSXML 4.0 SP2 (KB941833)	Microsoft Corporation	31.03.2008	1,27MB	4.20.9849.0
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	11.11.2008	1,28MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	24.11.2009	1,34MB	4.20.9876.0
MultiCalc	ConSoft GmbH	23.05.2008	3,34MB	1.3.4
Mystery Case Files - Prime Suspects (remove only)		15.04.2008	39,3MB	
Nero 7 Essentials	Nero AG	31.03.2008	377MB	7.02.5851
Norton AntiBot	Symantec	28.09.2010	15,9MB	3.1.1.851
OVplan 3.1.4		09.02.2009		3.1.4
OVsim 2.0.2	OVENTROP	09.02.2009		2.0.2
OVsol 1.0		09.02.2009		1.0
PDF24 Creator	PDF24.org	02.05.2010	35,2MB	
phonostar-Player Version 2.01.4		04.09.2008	9,73MB	
Picasa 2	Google, Inc.	15.04.2008	26,9MB	2.0
PN Software		23.02.2009	772MB	
Poker Superstars II (remove only)		15.04.2008	30,3MB	
QuickTime	Apple Inc.	28.01.2011	73,7MB	7.69.80.9
RarZilla Free Unrar 2.53	Philipp Winterberg	09.09.2008	1,71MB	2.53
Realtek High Definition Audio Driver		31.03.2008		
Sentinel Protection Installer 7.1.0	SafeNet, Inc.	21.12.2008	2,57MB	7.1.0
Sentinel System Driver		21.12.2008		
Skype web features	Skype Technologies S.A.	13.01.2010	4,34MB	1.0.3971
Skype™ 4.1	Skype Technologies S.A.	13.01.2010	31,1MB	4.1.179
SweetIM for Messenger 3.2	SweetIM Technologies Ltd.	20.08.2010	4,01MB	3.2.0004
SweetIM Toolbar for Internet Explorer 3.9	SweetIM Technologies Ltd.	20.08.2010	3,99MB	3.9.0007
UltraMixer 2.3.6	UltraMixer Digital Audio Solutions	23.02.2009	109,2MB	2.3.6
Uninstall 1.0.0.1		19.04.2011	30,8MB	
ValloFlex PLAN	Heinemann GmbH	20.02.2011	6,32MB	3.0.0
VideoLAN VLC media player 0.8.6f	VideoLAN Team	27.06.2008	32,0MB	0.8.6f
Virtual DJ - Atomix Productions		29.11.2010	16,0MB	
Winamp	Nullsoft, Inc	28.08.2008	27,9MB	5.541 
Windows Live ID-Anmelde-Assistent	Microsoft Corporation	17.01.2010	4,69MB	6.500.3146.0
WinSCP 4.2.5	Martin Prikryl	11.01.2010	8,58MB	4.2.5

Schritt 2+4 kann ich nicht ausführen da sich dann immer der Rechner aufhängt

Moh · 22.04.2011, 10:57

Schritt 5
Erneut ein OTL-Log

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 22.04.2011 00:08:49 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\HappyMoh\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,10 Gb Total Space | 78,26 Gb Free Space | 52,84% Space Free | Partition Type: NTFS
Drive D: | 73,07 Gb Total Space | 15,28 Gb Free Space | 20,92% Space Free | Partition Type: NTFS
 
Computer Name: MOH-PC | User Name: HappyMoh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\HappyMoh\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\uvEWQXCeAJwf.exe (WinTrust)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\guardhlp.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - D:\Programme\agent\Bin\NABWatcher.exe (Symantec)
PRC - C:\Programme\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE ()
PRC - C:\Windows\System32\lxdfcoms.exe ( )
PRC - C:\Windows\System32\lxbucoms.exe ( )
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\lxdacoms.exe ( )
PRC - C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Windows\System32\attrib.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\HappyMoh\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.20656_none_463680b8218be5a3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Symantec Core LC) --  File not found
SRV - (CLTNetCnService) --  File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (SymantecAntiBotWatcher) -- D:\Programme\agent\Bin\NABWatcher.exe (Symantec)
SRV - (HerculesDJControlMP3) -- C:\Programme\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (lxdf_device) -- C:\Windows\System32\lxdfcoms.exe ( )
SRV - (lxdfCATSCustConnectService) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdfserv.exe ()
SRV - (lxbu_device) -- C:\Windows\System32\lxbucoms.exe ( )
SRV - (lxda_device) -- C:\Windows\System32\lxdacoms.exe ( )
SRV - (TestHandler) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
SRV - (SentinelProtectionServer) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
DRV - (csr_a2dp) -- C:\Windows\System32\drivers\bthav.sys (CSR, plc)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (HDJMidi) -- C:\Windows\System32\drivers\HDJMidi.sys (© Guillemot R&D, 2009. All rights reserved.)
DRV - (Bulk) -- C:\Windows\System32\drivers\HDJBulk.sys (© Guillemot R&D, 2009. All rights reserved.)
DRV - (BthAvrcp) -- C:\Windows\System32\drivers\BthAvrcp.sys (CSR, plc)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (Sentinel) -- C:\Windows\System32\Drivers\SENTINEL.SYS (SafeNet, Inc.)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (SSIPDDP) -- C:\Windows\System32\drivers\SSIPDDP.SYS ()
DRV - (SNTNLUSB) -- C:\Windows\System32\drivers\SNTNLUSB.SYS (SafeNet, Inc.)
DRV - (FTD2XX) -- C:\Windows\System32\drivers\FTD2XX.sys (FTDI Ltd.)
DRV - (DLPortIO) -- C:\Windows\System32\drivers\dlportio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.01.29 13:44:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.29 13:44:12 | 000,000,000 | ---D | M]
 
[2009.03.15 17:44:35 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\HappyMoh\AppData\Roaming\mozilla\Extensions
[2011.04.21 22:32:30 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\HappyMoh\AppData\Roaming\mozilla\Firefox\Profiles\kedkuml1.default\extensions
[2011.04.21 21:14:36 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\HappyMoh\AppData\Roaming\mozilla\Firefox\Profiles\kedkuml1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.04.21 21:14:37 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\HappyMoh\AppData\Roaming\mozilla\Firefox\Profiles\kedkuml1.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.04.21 21:14:37 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\HappyMoh\AppData\Roaming\mozilla\Firefox\Profiles\kedkuml1.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.04.21 21:14:38 | 000,000,000 | -H-D | M] (DVDVideoSoft Toolbar) -- C:\Users\HappyMoh\AppData\Roaming\mozilla\Firefox\Profiles\kedkuml1.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2011.04.21 21:14:38 | 000,000,000 | -H-D | M] (SweetIM Toolbar for Firefox) -- C:\Users\HappyMoh\AppData\Roaming\mozilla\Firefox\Profiles\kedkuml1.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010.06.27 11:52:36 | 000,000,873 | -H-- | M] () -- C:\Users\HappyMoh\AppData\Roaming\Mozilla\Firefox\Profiles\kedkuml1.default\searchplugins\conduit.xml
[2011.04.04 18:20:05 | 000,000,950 | -H-- | M] () -- C:\Users\HappyMoh\AppData\Roaming\Mozilla\Firefox\Profiles\kedkuml1.default\searchplugins\icqplugin-1.xml
[2010.12.05 17:19:40 | 000,001,056 | -H-- | M] () -- C:\Users\HappyMoh\AppData\Roaming\Mozilla\Firefox\Profiles\kedkuml1.default\searchplugins\icqplugin.xml
[2010.08.21 13:25:07 | 000,003,915 | -H-- | M] () -- C:\Users\HappyMoh\AppData\Roaming\Mozilla\Firefox\Profiles\kedkuml1.default\searchplugins\sweetim.xml
[2010.10.26 20:05:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.03.15 17:44:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org
[2008.08.28 16:37:45 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009.09.02 21:56:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2010.12.06 17:37:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.12.06 17:37:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.12.06 17:37:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.12.06 17:37:29 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.12.06 17:37:29 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.02.11 17:45:32 | 000,000,814 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LXBUCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXBUtime.DLL ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2711294998-2418963050-491248811-1000..\Run: [uvEWQXCeAJwf] C:\ProgramData\uvEWQXCeAJwf.exe (WinTrust)
O4 - Startup: C:\Users\HappyMoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O7 - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\HappyMoh\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\..Trusted Ranges: GD ([http] in Lokales Intranet)
O15 - HKU\S-1-5-21-2711294998-2418963050-491248811-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_15)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.237.149.142 217.237.150.205
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\fsc_wallpaper1.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\fsc_wallpaper1.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{28cdc559-0bd9-11dd-9046-00030d8137b6}\Shell\AutoRun\command - "" = F:\
O33 - MountPoints2\{28cdc559-0bd9-11dd-9046-00030d8137b6}\Shell\explore\Command - "" = F:\RECYCLER\INFO.exe
O33 - MountPoints2\{28cdc559-0bd9-11dd-9046-00030d8137b6}\Shell\open\Command - "" = F:\RECYCLER\INFO.exe
O33 - MountPoints2\{a5671296-0bbb-11dd-b68c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a5671296-0bbb-11dd-b68c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\{b1086477-e0d6-11df-9c28-001167829940}\Shell\AutoRun\command - "" = F:\Install.exe
O33 - MountPoints2\{b1086477-e0d6-11df-9c28-001167829940}\Shell\menu1\command - "" = F:\Install.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.22 00:08:18 | 000,580,608 | -H-- | C] (OldTimer Tools) -- C:\Users\HappyMoh\Desktop\OTL.exe
[2011.04.21 21:39:00 | 000,000,000 | -H-D | C] -- C:\Users\HappyMoh\AppData\Roaming\Malwarebytes
[2011.04.21 21:38:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.21 21:38:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.21 21:38:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes
[2011.04.21 21:38:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.04.21 21:38:48 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.04.21 21:28:46 | 000,000,000 | -H-D | C] -- C:\Users\HappyMoh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011.04.21 19:03:25 | 000,569,344 | -H-- | C] (WinTrust) -- C:\ProgramData\uvEWQXCeAJwf.exe
[2011.04.21 07:55:03 | 000,230,912 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMLM9A.DLL
[2011.04.04 20:15:38 | 000,000,000 | -H-D | C] -- C:\Users\HappyMoh\AppData\Roaming\Avira
[2011.03.24 21:01:25 | 000,000,000 | -H-D | C] -- C:\Users\HappyMoh\Documents\Tim Nieber
[2010.11.02 20:51:09 | 000,950,272 | ---- | C] ( ) -- C:\Windows\System32\lxdfusb1.dll
[2010.11.02 20:51:09 | 000,434,176 | ---- | C] ( ) -- C:\Windows\System32\lxdfhcp.dll
[2010.11.02 20:51:09 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxdfinpa.dll
[2010.11.02 20:51:09 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdfiesc.dll
[2010.11.02 20:51:08 | 001,200,128 | ---- | C] ( ) -- C:\Windows\System32\lxdfserv.dll
[2010.11.02 20:51:08 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdfpmui.dll
[2010.11.02 20:51:08 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdfprox.dll
[2010.11.02 20:51:07 | 000,565,248 | ---- | C] ( ) -- C:\Windows\System32\lxdflmpm.dll
[2010.11.02 20:51:07 | 000,320,432 | ---- | C] ( ) -- C:\Windows\System32\lxdfih.exe
[2010.11.02 20:51:06 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdfhbn3.dll
[2010.11.02 20:51:06 | 000,598,960 | ---- | C] ( ) -- C:\Windows\System32\lxdfcoms.exe
[2010.11.02 20:51:05 | 000,860,160 | ---- | C] ( ) -- C:\Windows\System32\lxdfcomc.dll
[2010.11.02 20:51:05 | 000,365,488 | ---- | C] ( ) -- C:\Windows\System32\lxdfcfg.exe
[2010.11.02 20:51:05 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdfcomm.dll
[2009.03.24 10:12:13 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxdainpa.dll
[2009.03.24 10:12:13 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxdaiesc.dll
[2009.03.24 10:12:13 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXDAhcp.dll
[2009.03.24 10:12:12 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxdaserv.dll
[2009.03.24 10:12:12 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxdausb1.dll
[2009.03.24 10:12:12 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxdapmui.dll
[2009.03.24 10:12:12 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxdalmpm.dll
[2009.03.24 10:12:12 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxdaprox.dll
[2009.03.24 10:12:12 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxdapplc.dll
[2009.03.24 10:12:11 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxdahbn3.dll
[2009.03.24 10:12:11 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxdacoms.exe
[2009.03.24 10:12:11 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxdaih.exe
[2009.03.24 10:12:10 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxdacomc.dll
[2009.03.24 10:12:10 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxdacomm.dll
[2009.03.24 10:12:10 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxdacfg.exe
[2009.03.15 15:54:55 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbuinpa.dll
[2009.03.15 15:54:55 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbuiesc.dll
[2009.03.15 15:54:55 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBUhcp.dll
[2009.03.15 15:54:54 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbuserv.dll
[2009.03.15 15:54:54 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxbuusb1.dll
[2009.03.15 15:54:54 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbuhbn3.dll
[2009.03.15 15:54:54 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbupmui.dll
[2009.03.15 15:54:54 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbulmpm.dll
[2009.03.15 15:54:54 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxbuih.exe
[2009.03.15 15:54:54 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbuprox.dll
[2009.03.15 15:54:54 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbupplc.dll
[2009.03.15 15:54:53 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbucomc.dll
[2009.03.15 15:54:53 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxbucoms.exe
[2009.03.15 15:54:53 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbucomm.dll
[2009.03.15 15:54:53 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxbucfg.exe
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.22 00:10:01 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8CDDE6C4-EA89-4248-B419-D7CD30AC64D1}.job
[2011.04.22 00:08:22 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\HappyMoh\Desktop\OTL.exe
[2011.04.22 00:00:23 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.22 00:00:13 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.22 00:00:13 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.22 00:00:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.22 00:00:00 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.21 23:09:25 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.04.21 22:56:18 | 000,641,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.21 22:56:18 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.21 22:56:18 | 000,116,706 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.21 22:56:18 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.21 22:48:13 | 260,553,405 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.04.21 22:31:19 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~28106528r
[2011.04.21 22:31:19 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~28106528
[2011.04.21 22:31:03 | 000,000,336 | -H-- | M] () -- C:\ProgramData\28106528
[2011.04.21 22:30:57 | 000,487,424 | -H-- | M] () -- C:\ProgramData\28106528.exe
[2011.04.21 22:26:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.21 21:38:53 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.21 21:31:14 | 000,000,400 | -H-- | M] () -- C:\ProgramData\26205984
[2011.04.21 21:29:02 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~26205984r
[2011.04.21 21:29:02 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~26205984
[2011.04.21 21:28:57 | 000,000,589 | -H-- | M] () -- C:\Users\HappyMoh\Desktop\Windows Recovery.lnk
[2011.04.21 19:03:24 | 000,569,344 | -H-- | M] (WinTrust) -- C:\ProgramData\uvEWQXCeAJwf.exe
[2011.04.20 22:49:14 | 000,001,038 | -H-- | M] () -- C:\Users\HappyMoh\Desktop\DVDVideoSoft Free Studio.lnk
[2011.04.19 18:35:42 | 000,001,269 | -H-- | M] () -- C:\ProgramData\lxdf
[2011.04.19 18:29:02 | 000,951,807 | -H-- | M] () -- C:\Users\HappyMoh\Desktop\Kanalplan Wolfcenter.jpg
[2011.04.06 22:17:00 | 000,004,214 | -H-- | M] () -- C:\Users\HappyMoh\Desktop\APF.jpg
[2011.04.06 18:21:18 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.04.04 19:05:52 | 000,790,510 | -H-- | M] () -- C:\Users\HappyMoh\Desktop\HELLER GESAMT.CFI
[2011.04.04 18:05:08 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011.04.04 17:20:03 | 001,473,803 | -H-- | M] () -- C:\Users\HappyMoh\Desktop\HELLER GESAMT.DXF
[2011.03.26 10:26:41 | 000,001,977 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.21 22:31:19 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~28106528r
[2011.04.21 22:31:19 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~28106528
[2011.04.21 22:31:03 | 000,000,336 | -H-- | C] () -- C:\ProgramData\28106528
[2011.04.21 22:30:57 | 000,487,424 | -H-- | C] () -- C:\ProgramData\28106528.exe
[2011.04.21 21:38:53 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.21 21:29:02 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~26205984r
[2011.04.21 21:29:02 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~26205984
[2011.04.21 21:28:57 | 000,000,589 | -H-- | C] () -- C:\Users\HappyMoh\Desktop\Windows Recovery.lnk
[2011.04.21 21:28:10 | 000,000,400 | -H-- | C] () -- C:\ProgramData\26205984
[2011.04.19 18:29:02 | 000,951,807 | -H-- | C] () -- C:\Users\HappyMoh\Desktop\Kanalplan Wolfcenter.jpg
[2011.04.06 22:12:57 | 000,004,214 | -H-- | C] () -- C:\Users\HappyMoh\Desktop\APF.jpg
[2011.04.04 19:05:52 | 000,790,510 | -H-- | C] () -- C:\Users\HappyMoh\Desktop\HELLER GESAMT.CFI
[2011.04.04 18:05:08 | 000,001,893 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011.04.04 17:20:03 | 001,473,803 | -H-- | C] () -- C:\Users\HappyMoh\Desktop\HELLER GESAMT.DXF
[2011.03.04 19:23:44 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXDFPMON.DLL
[2011.03.04 19:23:44 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXDFFXPU.DLL
[2011.03.04 19:23:24 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdfoem.dll
[2011.01.15 11:34:36 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2010.11.02 20:51:09 | 000,348,160 | ---- | C] () -- C:\Windows\System32\lxdfinst.dll
[2010.11.02 20:51:06 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdfgrd.dll
[2010.08.22 11:25:13 | 000,001,269 | -H-- | C] () -- C:\ProgramData\lxdf
[2010.02.14 14:48:55 | 005,640,880 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2010.02.14 14:48:55 | 000,015,341 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2010.01.15 00:58:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.01.07 12:37:25 | 000,024,206 | -H-- | C] () -- C:\Users\HappyMoh\AppData\Roaming\UserTile.png
[2009.12.03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.09.26 13:39:12 | 000,408,576 | ---- | C] () -- C:\Windows\System32\javai.dll
[2009.09.26 13:39:12 | 000,364,032 | ---- | C] () -- C:\Windows\System32\ha312w32.dll
[2009.09.26 13:39:11 | 000,053,317 | ---- | C] () -- C:\Windows\System32\zlib.dll
[2009.09.26 13:39:09 | 000,256,000 | ---- | C] () -- C:\Windows\System32\iflTIFF0.dll
[2009.09.26 13:39:09 | 000,256,000 | ---- | C] () -- C:\Windows\System32\iflTIFF.dll
[2009.09.26 13:39:09 | 000,104,960 | ---- | C] () -- C:\Windows\System32\iflJFIF0.dll
[2009.09.26 13:39:09 | 000,104,960 | ---- | C] () -- C:\Windows\System32\iflJFIF.dll
[2009.09.26 13:39:09 | 000,102,912 | ---- | C] () -- C:\Windows\System32\ifl0.dll
[2009.09.26 13:39:09 | 000,102,400 | ---- | C] () -- C:\Windows\System32\ifl.dll
[2009.09.26 13:39:09 | 000,086,016 | ---- | C] () -- C:\Windows\System32\iflPNG.dll
[2009.09.26 13:39:09 | 000,026,112 | ---- | C] () -- C:\Windows\System32\iflGIF0.dll
[2009.09.26 13:39:09 | 000,026,112 | ---- | C] () -- C:\Windows\System32\iflGIF.dll
[2009.09.26 13:39:09 | 000,019,456 | ---- | C] () -- C:\Windows\System32\iflBMP0.dll
[2009.09.26 13:39:09 | 000,019,456 | ---- | C] () -- C:\Windows\System32\iflBMP.dll
[2009.09.26 13:39:08 | 000,169,221 | ---- | C] () -- C:\Windows\DDS-StartBit.exe
[2009.09.26 13:39:08 | 000,048,128 | ---- | C] () -- C:\Windows\System32\crexpd32.dll
[2009.06.19 20:47:22 | 000,000,092 | -H-- | C] () -- C:\Users\HappyMoh\AppData\Roaming\wklnhst.dat
[2009.03.24 10:13:50 | 000,000,136 | ---- | C] () -- C:\Windows\Lexstat.ini
[2009.03.24 10:12:13 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxdautil.dll
[2009.03.24 10:12:13 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXDAinst.dll
[2009.03.15 15:54:55 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBUinst.dll
[2008.12.22 13:39:47 | 000,067,584 | ---- | C] () -- C:\Windows\System32\SSIREGI.EXE
[2008.12.22 13:39:47 | 000,054,784 | ---- | C] () -- C:\Windows\System32\SSIPDDP.SYS
[2008.12.22 13:38:59 | 000,000,250 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.12.22 13:38:59 | 000,000,090 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008.07.26 18:57:12 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.06.28 22:03:20 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.06.16 18:16:49 | 000,000,680 | -H-- | C] () -- C:\Users\HappyMoh\AppData\Local\d3d9caps.dat
[2008.06.16 17:05:31 | 000,340,480 | ---- | C] () -- C:\Windows\System32\K8062e.exe
[2008.06.16 17:05:31 | 000,322,048 | ---- | C] () -- C:\Windows\System32\Easylase.dll
[2008.06.16 17:05:31 | 000,301,056 | ---- | C] () -- C:\Windows\System32\usbdmxfs.dll
[2008.06.16 17:05:31 | 000,084,992 | ---- | C] () -- C:\Windows\System32\DMX510Vb.dll
[2008.06.16 17:05:31 | 000,049,152 | ---- | C] () -- C:\Windows\System32\EspionDll.dll
[2008.06.16 17:05:31 | 000,042,496 | ---- | C] () -- C:\Windows\System32\K8062D.dll
[2008.06.16 17:05:31 | 000,032,768 | ---- | C] () -- C:\Windows\System32\MPUSBAPI.DLL
[2008.06.16 17:05:31 | 000,017,920 | ---- | C] () -- C:\Windows\System32\usbdmxsi.dll
[2008.06.16 17:05:31 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FASTTime32.dll
[2008.06.16 17:05:30 | 000,262,144 | ---- | C] () -- C:\Windows\System32\dashard2006.dll
[2008.06.16 17:05:30 | 000,110,592 | ---- | C] () -- C:\Windows\System32\usb_dll.dll
[2008.06.16 17:05:30 | 000,110,592 | ---- | C] () -- C:\Windows\System32\dashard.dll
[2008.06.16 17:05:30 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dashardvb.dll
[2008.06.16 17:05:30 | 000,044,544 | ---- | C] () -- C:\Windows\System32\dmx60.dll
[2008.06.16 17:05:30 | 000,044,544 | ---- | C] () -- C:\Windows\System32\dmx120.dll
[2008.06.16 17:05:30 | 000,037,888 | ---- | C] () -- C:\Windows\System32\LPT_dmx.dll
[2008.06.16 17:05:30 | 000,032,768 | ---- | C] () -- C:\Windows\System32\inpout32.dll
[2008.06.16 17:05:30 | 000,003,584 | ---- | C] () -- C:\Windows\System32\drivers\dlportio.sys
[2008.05.26 18:38:32 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.04.30 20:38:07 | 000,098,304 | -H-- | C] () -- C:\Users\HappyMoh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.04.16 15:59:47 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini
[2008.04.01 09:54:43 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008.04.01 09:54:43 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll
[2008.02.11 20:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008.02.11 20:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008.02.11 20:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008.02.11 20:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2007.08.19 17:18:50 | 000,033,440 | ---- | C] () -- C:\Windows\DdsSysOp.exe
[2007.05.24 17:24:26 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxdfdrs.dll
[2007.05.23 05:39:22 | 000,204,476 | ---- | C] () -- C:\Windows\sendmail.exe
[2007.05.23 05:39:20 | 000,227,995 | ---- | C] () -- C:\Windows\DDS-StartBsp.exe
[2007.05.23 05:39:18 | 000,091,136 | ---- | C] () -- C:\Windows\System32\mscomstf.dll
[2007.05.23 05:39:18 | 000,024,064 | ---- | C] () -- C:\Windows\System32\msshlstf.dll
[2007.05.23 05:39:16 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll
[2007.05.22 11:09:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxdfcaps.dll
[2007.05.03 16:50:10 | 000,348,160 | ---- | C] () -- C:\Windows\System32\lxdfcoin.dll
[2007.04.17 11:17:06 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdfcnv4.dll
[2007.04.12 16:07:48 | 008,056,832 | ---- | C] () -- C:\Windows\System32\Lads76.dll
[2007.04.12 16:07:48 | 001,941,558 | ---- | C] () -- C:\Windows\System32\TKTopAlgo.dll
[2007.04.12 16:07:48 | 001,130,550 | ---- | C] () -- C:\Windows\System32\TKService.dll
[2007.04.12 16:07:46 | 003,567,667 | ---- | C] () -- C:\Windows\System32\TKBool.dll
[2007.04.12 16:07:46 | 003,235,895 | ---- | C] () -- C:\Windows\System32\TKGeomBase.dll
[2007.04.12 16:07:46 | 002,977,842 | ---- | C] () -- C:\Windows\System32\TKV3d.dll
[2007.04.12 16:07:46 | 002,064,436 | ---- | C] () -- C:\Windows\System32\TKernel.dll
[2007.04.12 16:07:46 | 001,744,947 | ---- | C] () -- C:\Windows\System32\TKMath.dll
[2007.04.12 16:07:46 | 001,216,561 | ---- | C] () -- C:\Windows\System32\TKBO.dll
[2007.04.12 16:07:46 | 000,872,448 | ---- | C] () -- C:\Windows\System32\iconv.dll
[2007.04.12 16:07:46 | 000,839,730 | ---- | C] () -- C:\Windows\System32\TKG3d.dll
[2007.04.12 16:07:46 | 000,811,061 | ---- | C] () -- C:\Windows\System32\TKOffset.dll
[2007.04.12 16:07:46 | 000,475,186 | ---- | C] () -- C:\Windows\System32\TKV2d.dll
[2007.04.12 16:07:46 | 000,413,696 | ---- | C] () -- C:\Windows\System32\whiptkw.dll
[2007.04.12 16:07:46 | 000,274,497 | ---- | C] () -- C:\Windows\System32\guisys.dll
[2007.04.12 16:07:46 | 000,090,112 | ---- | C] () -- C:\Windows\System32\ifchttpclient.dll
[2007.04.12 16:07:46 | 000,081,920 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2007.04.12 16:07:46 | 000,053,248 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2007.04.12 16:07:44 | 009,334,850 | ---- | C] () -- C:\Windows\System32\edmikit400.dll
[2007.04.12 16:07:44 | 003,375,159 | ---- | C] () -- C:\Windows\System32\TKGeomAlgo.dll
[2007.04.12 16:07:44 | 001,839,157 | ---- | C] () -- C:\Windows\System32\TKFillet.dll
[2007.04.12 16:07:44 | 000,725,043 | ---- | C] () -- C:\Windows\System32\TKBRep.dll
[2007.04.12 16:07:44 | 000,626,738 | ---- | C] () -- C:\Windows\System32\TKHLR.dll
[2007.04.12 16:07:44 | 000,356,402 | ---- | C] () -- C:\Windows\System32\TKG2d.dll
[2007.04.12 16:07:44 | 000,249,907 | ---- | C] () -- C:\Windows\System32\TKPrim.dll
[2007.02.22 19:32:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbucoin.dll
[2007.01.22 09:49:34 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxdacoin.dll
[2006.11.02 17:33:31 | 000,641,344 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,116,706 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,423,848 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,610,142 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,103,924 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:25 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscld.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 09:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006.11.02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006.08.30 15:05:18 | 000,067,584 | ---- | C] () -- C:\Windows\System32\drivers\SSIREGI.EXE
[2006.08.30 15:05:18 | 000,054,784 | ---- | C] () -- C:\Windows\System32\drivers\SSIPDDP.SYS
[2006.08.11 09:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2006.08.01 02:53:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdfvs.dll
[2006.03.27 12:19:20 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdavs.dll
[2005.12.21 17:57:36 | 000,139,264 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll
[2005.12.21 17:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll
[2005.12.21 17:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll
[2005.08.18 07:26:46 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbuvs.dll
[2005.02.24 18:23:50 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbucnv4.dll
[2004.09.23 07:31:30 | 000,000,071 | ---- | C] () -- C:\Windows\System32\FTD2XXUN.ini
[1999.01.22 20:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
 
< End of report >

--- --- ---

hoffe es geht auch irgendwie ohne schritt 2+4.

Ich will auch ein großes Lob aussprechen ....man fühlt sich gleich besser wenn man solch Hilfe bekommt .

Danke

Malwarebytes ist endlich durchgeleufen ..jippie

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
 
Datenbank Version: 6418
 
Windows 6.0.6000
Internet Explorer 7.0.6000.17037
 
22.04.2011 18:42:15
mbam-log-2011-04-22 (18-42-15).txt
 
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 313006
Laufzeit: 1 Stunde(n), 2 Minute(n), 2 Sekunde(n)
 
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 5
 
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
 
Infizierte Verzeichnisse:
c:\Users\HappyMoh\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully.
 
Infizierte Dateien:
c:\_OTL\movedfiles\04222011_103121\c_programdata\uvewqxceajwf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
d:\Musik\Thomas D\vuze 19.5.09\KEYGEN\autodesk architectural desktop 2006 keymaker.exe (Malware.Gen) -> Quarantined and deleted successfully.
c:\Users\HappyMoh\Desktop\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\HappyMoh\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\HappyMoh\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.

kira · 22.04.2011, 22:34

tja...Keygens & Keymakers

- Du hast ganz offensichtlich ein Key Generator (auch KeyGen, Keygen oder Keymaker) verwendet, um eine kostenpflichtige Software "kostenlos zu erhalten". Vermutlich hast Du damit gleichzeitig einen gefährlichen Wurm (Viren und andere Schädlinge) auf den Computer geholt.
"Solche Programme" enthalten immer besonders viele und gefährliche Schadprogramme, sollte man die Finger davon lassen!
** Du solltest in so einem Fall mal dein Konsummuster überdenken

Weil dein Verhalten damit dem deutschen Recht unterliegt, wird den Supprt an dieser Stelle von unsere Seite aus beendet. Also am besten ist es, Du Sicherst deiner Daten und machst eine komplette Neuinstallation des Rechners, das ist der schnellste und sauberste lösung!
Aber wenigstens hast Du dann nach einer Neuinstallation wieder ein sauberes System und hoffentlich hast Du was draus gelernt und in Zukunft lässt die Finger von...

Zitat:

Sinn & Zweck der Sache - Viren Trojaner Würmer:
Ein Wurm, der fast als "guter Wurm" bezeichnet werden kann, zieht durch
das Netz und verbeitet sich über die File-Sharing Netzwerke BearShare, KaZaA
eMule & Co
Der Wurm besitzt unzählige verschiedene Namen bekannter Cracks oder
Keygeneratoren zur illegalen Benutzung von kommerzieller Software. Wer gezielt
nach solchen Dateien sucht, könnte also durchaus auch auf eine Wurmkopie
treffen.

TR/Kasy.mekml.1 - Kritischer Fehler HDD

Log-Analyse und Auswertung: TR/Kasy.mekml.1 - Kritischer Fehler HDD