Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
VIRUS ? Ordner und Dateien plötzlich versteckt, Windows Fehlermeldungen zu Festplatte

VIRUS ? Ordner und Dateien plötzlich versteckt, Windows Fehlermeldungen zu Festplatte


Plagegeister aller Art und deren Bekämpfung: VIRUS ? Ordner und Dateien plötzlich versteckt, Windows Fehlermeldungen zu Festplatte

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 22.11.2011, 17:55   #16
rlw
 
VIRUS ? Ordner und Dateien plötzlich versteckt, Windows Fehlermeldungen zu Festplatte - Standard

VIRUS ? Ordner und Dateien plötzlich versteckt, Windows Fehlermeldungen zu Festplatte


Hallo,

danke für die Aufmunterung "sieht gut aus"

Aber ne blöde Frage : Scan oder Fix ???

Ich hab mal scan gedrückt.

Code:
ATTFilter
OTL logfile created on: 22.11.2011 17:49:53 - Run 4
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\KerstinundRudi\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 59,01% Memory free
16,67 Gb Paging File | 15,27 Gb Available in Paging File | 91,60% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 873,76 Gb Total Space | 629,27 Gb Free Space | 72,02% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 109,84 Gb Free Space | 36,85% Space Free | Partition Type: NTFS
Drive E: | 57,70 Gb Total Space | 51,63 Gb Free Space | 89,49% Space Free | Partition Type: FAT32
Drive L: | 967,17 Mb Total Space | 2,06 Mb Free Space | 0,21% Space Free | Partition Type: FAT
Drive W: | 911,50 Gb Total Space | 914,43 Gb Free Space | 100,32% Space Free | Partition Type: NTFS
Drive X: | 911,50 Gb Total Space | 914,43 Gb Free Space | 100,32% Space Free | Partition Type: NTFS
Drive Y: | 911,50 Gb Total Space | 914,43 Gb Free Space | 100,32% Space Free | Partition Type: NTFS
Drive Z: | 911,50 Gb Total Space | 914,43 Gb Free Space | 100,32% Space Free | Partition Type: NTFS
 
Computer Name: KUR-PC | User Name: KerstinundRudi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\KerstinundRudi\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Home Server\LightsOutClientService.exe (AxoNet Software GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Home Server\WHSConnector.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Home Server\esClient.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Program Files\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (nosGetPlusHelper) getPlus(R) --  File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (PEVSystemStart) -- C:\ComboFix\pev.3XE ()
SRV - (LoClntService) -- C:\Program Files\Windows Home Server\LightsOutClientService.exe (AxoNet Software GmbH)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (arXfrSvc) -- C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe (Microsoft Corporation)
SRV - (WHSConnector) -- C:\Program Files\Windows Home Server\WHSConnector.exe (Microsoft Corporation)
SRV - (esClient) -- C:\Program Files\Windows Home Server\esClient.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (afcdpsrv) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (MWAgent) -- C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE (MicroWorld Technologies Inc.)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (SecretDriveService) -- C:\Program Files\Eterlogic.com\SecretDrive\SecretDriveSrv.exe (Eterlogic.com)
SRV - (FirebirdGuardianDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe (Firebird Project)
SRV - (FirebirdServerDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe (Firebird Project)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (de_serv) -- C:\Program Files\Common Files\AVM\De_serv.exe (AVM Berlin)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (x10nets) -- C:\Program Files\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO)
DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdGuard.sys (COMODO)
DRV - (ACEDRV08) -- C:\Windows\System32\drivers\ACEDRV08.sys (Protect Software GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avmaudio) -- C:\Windows\System32\drivers\avmaudio.sys (AVM Berlin)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (MirayVirtualDisk) -- C:\Windows\System32\drivers\mvd.sys (Miray)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (androidusb) -- C:\Windows\System32\drivers\androidusb.sys (Google Inc)
DRV - (SndTAudio) -- C:\Windows\System32\drivers\SndTAudio.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (vmm) -- C:\Windows\System32\drivers\VMM.sys (Microsoft Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Sun Microsystems, Inc.)
DRV - (VBoxDrv) -- C:\Windows\System32\drivers\VBoxDrv.sys (Sun Microsystems, Inc.)
DRV - (VBoxNetFlt) -- C:\Windows\System32\drivers\VBoxNetFlt.sys (Sun Microsystems, Inc.)
DRV - (VBoxUSBMon) -- C:\Windows\System32\drivers\VBoxUSBMon.sys (Sun Microsystems, Inc.)
DRV - (VBoxUSB) -- C:\Windows\System32\drivers\VBoxUSB.sys (Sun Microsystems, Inc.)
DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis)
DRV - (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251) -- C:\Windows\system32\DRIVERS\tdrpm251.sys (Acronis)
DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis)
DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis)
DRV - (auusb) -- C:\Windows\System32\drivers\auusb.sys (Auerswald GmbH & Co.KG                         )
DRV - (bdfsfltr) -- C:\Windows\System32\drivers\bdfsfltr.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (Ph6xIB32) -- C:\Windows\System32\drivers\Ph6xIB32.sys (NXP Semiconductors GmbH)
DRV - (FXUSBASE) -- C:\Windows\System32\drivers\fxusbase.sys (AVM Berlin)
DRV - (AVMCOWAN) -- C:\Windows\System32\drivers\avmcowan.sys (AVM GmbH)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (cpuz132) -- C:\Windows\System32\drivers\cpuz132_x32.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (SecretDriveKrnl) -- C:\Program Files\Eterlogic.com\SecretDrive\Drv\sd32.sys ()
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\Windows\System32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (PAC7302) -- C:\Windows\System32\drivers\PAC7302.SYS (PixArt Imaging Inc.)
DRV - (NETFRITZ) -- C:\Windows\System32\drivers\Netfritz.sys (AVM Berlin)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (MarvinBus) -- C:\Windows\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 44 B7 44 F5 3E CB 01  [binary data]
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010.10.23 12:12:23 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\KerstinundRudi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.01.29 12:10:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.01.29 12:10:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.08 23:44:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.01 14:07:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.04.29 21:43:56 | 000,000,000 | ---D | M]
 
[2011.01.06 20:34:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KerstinundRudi\AppData\Roaming\mozilla\Extensions
[2011.01.06 20:34:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KerstinundRudi\AppData\Roaming\mozilla\Extensions\ideskbrowser@haufe.de
[2011.11.21 18:17:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KerstinundRudi\AppData\Roaming\mozilla\Firefox\Profiles\jio8zatg.default\extensions
[2010.03.26 15:53:24 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\KerstinundRudi\AppData\Roaming\mozilla\Firefox\Profiles\jio8zatg.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2011.07.17 08:04:08 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\KerstinundRudi\AppData\Roaming\mozilla\Firefox\Profiles\jio8zatg.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011.11.05 09:01:59 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\KerstinundRudi\AppData\Roaming\mozilla\Firefox\Profiles\jio8zatg.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2011.07.10 07:35:34 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\KerstinundRudi\AppData\Roaming\mozilla\Firefox\Profiles\jio8zatg.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2011.06.04 07:15:55 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\KerstinundRudi\AppData\Roaming\mozilla\Firefox\Profiles\jio8zatg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.11.21 18:17:36 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\KerstinundRudi\AppData\Roaming\mozilla\Firefox\Profiles\jio8zatg.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2011.11.19 09:07:19 | 000,000,000 | ---D | M] (WOT) -- C:\Users\KerstinundRudi\AppData\Roaming\mozilla\Firefox\Profiles\jio8zatg.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.08.23 19:22:13 | 000,000,000 | ---D | M] ("DHL Packstation Bestellhelfer") -- C:\Users\KerstinundRudi\AppData\Roaming\mozilla\Firefox\Profiles\jio8zatg.default\extensions\{b8cbd8e0-e642-11dd-ba2f-0800200c9a66}
[2011.11.16 23:03:22 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\KerstinundRudi\AppData\Roaming\mozilla\Firefox\Profiles\jio8zatg.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.07.29 18:51:33 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\KerstinundRudi\AppData\Roaming\mozilla\Firefox\Profiles\jio8zatg.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011.11.16 23:03:24 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\KerstinundRudi\AppData\Roaming\mozilla\Firefox\Profiles\jio8zatg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.07.14 07:30:15 | 000,000,000 | ---D | M] ("Wolfram Toolbar") -- C:\Users\KerstinundRudi\AppData\Roaming\mozilla\Firefox\Profiles\jio8zatg.default\extensions\support@wolfram.com
[2011.11.08 23:44:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.11.08 23:44:25 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.01.06 19:36:06 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.20 16:21:40 | 000,106,192 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npstrlnk.dll
[2011.09.23 02:52:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.23 02:46:24 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.23 02:52:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.23 02:52:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.23 02:52:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.23 02:52:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.05.12 20:22:30 | 000,000,872 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 192.168.178.20  KURSERVER  #Windows Home Server#
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (BrowserHelper Class) - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SystemTray] C:\Windows\System32\systray.exe (Microsoft Corporation)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [Directory Opus Desktop Dblclk] C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe (GP Software)
O4 - HKCU..\Run: [iPhone PC Suite] C:\Program Files\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe /start File not found
O4 - HKCU..\Run: [VistaStartMenu] C:\Program Files\Vista Start Menu\VistaStartMenu.exe (OrdinarySoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: An vorhandene PDF-Datei anhängen - C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Linkinhalt an vorhandene PDF-Datei anhängen - C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: PDF-Datei aus Linkinhalt erstellen - C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: PDF-Datei erstellen - C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: PDF-Dateien aus den ausgewählten Links erstellen - C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\KerstinundRudi\Desktop\PartyPoker.lnk ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\KerstinundRudi\Desktop\PartyPoker.lnk ()
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} https://my.wcrx.com/dwa85W.cab (IBM Lotus iNotes 8.5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{448BAFC6-34D5-4DEC-8866-DF10777BC811}: NameServer = 192.168.120.252,192.168.120.253
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA2F00FC-5097-42E5-86F1-96544669735A}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\haufereader - No CLSID value found
O20 - AppInit_DLLs: (C:\Windows\System32\acaptuser32.dll) -C:\Windows\System32\acaptuser32.dll (Adobe Systems Incorporated)
O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) -C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\AutorunsDisabled: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.09.14 01:18:39 | 000,000,087 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.06.15 09:48:22 | 000,000,034 | ---- | M] () - L:\autorun.inf -- [ FAT ]
O32 - AutoRun File - [2011.05.15 20:43:14 | 012,341,641 | ---- | M] () - Y:\AutoGordianKnot.2.55.Setup.exe -- [ NTFS ]
O32 - AutoRun File - [2008.02.03 00:47:34 | 000,152,889 | ---- | M] () - Y:\automove18.zip -- [ NTFS ]
O32 - AutoRun File - [2008.03.16 22:24:40 | 000,000,100 | ---- | M] () - Y:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009.05.07 19:09:34 | 000,578,183 | ---- | M] () - Y:\Autoruns.zip -- [ NTFS ]
O32 - AutoRun File - [2009.01.24 20:29:04 | 000,577,363 | ---- | M] () - Y:\Autoruns_Jan09.zip -- [ NTFS ]
O32 - AutoRun File - [2008.01.14 22:32:08 | 000,542,582 | ---- | M] () - Y:\Autoruns_PFW.zip -- [ NTFS ]
O32 - AutoRun File - [2006.04.28 22:14:22 | 000,031,232 | ---- | M] () - Z:\Auto (2).doc -- [ NTFS ]
O32 - AutoRun File - [2006.05.07 23:15:02 | 000,095,744 | ---- | M] () - Z:\auto-email (2).doc -- [ NTFS ]
O32 - AutoRun File - [2006.05.07 23:15:02 | 000,095,744 | ---- | M] () - Z:\auto-email.doc -- [ NTFS ]
O32 - AutoRun File - [2006.04.28 22:14:22 | 000,031,232 | ---- | M] () - Z:\Auto.doc -- [ NTFS ]
O32 - AutoRun File - [2009.09.07 17:38:16 | 000,119,489 | ---- | M] () - Z:\Autokredit Vergleich - Ergebnis - So finden Sie den richtigen Autokredit!_1252341492035.png -- [ NTFS ]
O32 - AutoRun File - [2009.09.07 17:37:48 | 000,162,678 | ---- | M] () - Z:\Autokredit – Jetzt Autokredite online berechnen mit finanzen.de_1252341463919.png -- [ NTFS ]
O32 - AutoRun File - [2011.10.15 22:07:51 | 000,020,632 | ---- | M] () - Z:\Autos.xlsx -- [ NTFS ]
O33 - MountPoints2\{23f6ad5c-cfac-11e0-a769-00218561b7ef}\Shell - "" = AutoRun
O33 - MountPoints2\{23f6ad5c-cfac-11e0-a769-00218561b7ef}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL M:\Start.hta
O33 - MountPoints2\{23f6adee-cfac-11e0-a769-00218561b7ef}\Shell - "" = AutoRun
O33 - MountPoints2\{23f6adee-cfac-11e0-a769-00218561b7ef}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL M:\Start.hta
O33 - MountPoints2\{da4dfe40-012e-11df-aba5-bbf637f61b23}\Shell - "" = AutoRun
O33 - MountPoints2\{da4dfe40-012e-11df-aba5-bbf637f61b23}\Shell\AutoRun\command - "" = "M:\WD SmartWare.exe" autoplay=true
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.22 17:30:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.11.22 17:28:59 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\KerstinundRudi\Desktop\OTL.exe
[2011.11.21 23:27:50 | 000,000,000 | ---D | C] -- C:\Windows Home Server-Treiber für Wiederherstellung
[2011.11.21 21:22:56 | 000,000,000 | ---D | C] -- C:\Users\KerstinundRudi\AppData\Roaming\Malwarebytes
[2011.11.21 21:22:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.11.21 21:22:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.11.21 21:22:25 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.11.21 21:22:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.11.21 20:37:08 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011.11.21 19:26:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.11.21 19:26:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.11.21 19:26:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.11.21 19:25:47 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.11.21 19:25:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.11.21 19:24:13 | 004,303,424 | R--- | C] (Swearware) -- C:\Users\KerstinundRudi\Desktop\ComboFix.exe
[2011.11.20 01:28:23 | 000,000,000 | -HSD | C] -- C:\found.000
[2011.11.20 00:44:47 | 000,000,000 | ---D | C] -- C:\Users\KerstinundRudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iPhoneBrowser
[2011.11.20 00:44:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPhoneBrowser
[2011.11.20 00:38:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\NetDragon
[2011.11.20 00:38:42 | 000,000,000 | ---D | C] -- C:\Users\KerstinundRudi\AppData\Local\NetDragon
[2011.11.20 00:38:28 | 000,000,000 | ---D | C] -- C:\Users\KerstinundRudi\Documents\91 Mobile
[2011.11.20 00:37:46 | 000,000,000 | ---D | C] -- C:\Program Files\NetDragon
[2011.11.19 23:36:14 | 000,000,000 | ---D | C] -- C:\Users\KerstinundRudi\Documents\Tansee
[2011.11.19 23:36:10 | 000,000,000 | ---D | C] -- C:\Program Files\Tansee iPhone Transfer SMS
[2011.11.19 22:56:45 | 000,000,000 | ---D | C] -- C:\Users\KerstinundRudi\AppData\Roaming\Moka
[2011.11.19 22:56:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTwin
[2011.11.19 22:56:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTwin
[2011.11.19 22:13:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.11.19 22:12:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.11.19 22:12:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.11.13 13:07:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vista Start Menu
[2011.11.09 17:32:23 | 002,341,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.11.01 14:06:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.11.01 14:06:39 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011.10.24 14:29:02 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2011.10.24 14:29:02 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2009.12.26 10:46:00 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\KerstinundRudi\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.22 17:42:45 | 000,014,944 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.22 17:42:45 | 000,014,944 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.22 17:35:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.22 17:35:03 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.22 17:29:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\KerstinundRudi\Desktop\OTL.exe
[2011.11.21 21:22:30 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.21 19:24:43 | 004,303,424 | R--- | M] (Swearware) -- C:\Users\KerstinundRudi\Desktop\ComboFix.exe
[2011.11.21 17:13:23 | 000,661,396 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.21 17:13:23 | 000,621,670 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.21 17:13:23 | 000,132,958 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.21 17:13:23 | 000,109,140 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.21 17:03:50 | 000,684,297 | ---- | M] () -- C:\Users\KerstinundRudi\Desktop\unhide.exe
[2011.11.20 05:34:38 | 000,003,664 | ---- | M] () -- C:\bootsqm.dat
[2011.11.20 00:41:22 | 000,002,776 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011.11.19 22:56:41 | 000,000,885 | ---- | M] () -- C:\Users\KerstinundRudi\Desktop\iTwin.lnk
[2011.11.19 22:13:55 | 000,001,713 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.11.15 22:48:10 | 000,000,138 | ---- | M] () -- C:\Users\KerstinundRudi\AppData\Roaming\default.rss
[2011.11.09 18:50:36 | 000,418,053 | ---- | M] () -- C:\Users\KerstinundRudi\Documents\Unbenannt (2).wma
[2011.11.09 18:48:16 | 000,157,633 | ---- | M] () -- C:\Users\KerstinundRudi\Documents\Unbenannt.wma
[2011.11.09 18:18:08 | 001,892,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.10.24 14:29:02 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2011.10.24 14:29:02 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
 
========== Files Created - No Company Name ==========
 
[2011.11.21 21:22:30 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.21 19:26:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.11.21 19:26:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.11.21 19:26:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.11.21 19:26:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.11.21 19:26:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.11.21 18:06:11 | 000,002,675 | ---- | C] () -- C:\Users\Public\Desktop\QuickSteuer Deluxe 2011.lnk
[2011.11.21 18:06:11 | 000,001,813 | ---- | C] () -- C:\Users\Public\Desktop\Tfa_Nexus.lnk
[2011.11.21 18:06:11 | 000,001,046 | ---- | C] () -- C:\Users\Public\Desktop\Quick Font Review.lnk
[2011.11.21 18:06:11 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\Tunebite 7.lnk
[2011.11.21 18:06:11 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\WISO Mein Geld 2010.lnk
[2011.11.21 18:06:10 | 000,002,787 | ---- | C] () -- C:\Users\Public\Desktop\Dragon NaturallySpeaking 10.0.lnk
[2011.11.21 18:06:10 | 000,002,523 | ---- | C] () -- C:\Users\Public\Desktop\IKEA Home Planner.lnk
[2011.11.21 18:06:10 | 000,002,267 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Harmony Remote Software 7.lnk
[2011.11.21 18:06:10 | 000,002,264 | ---- | C] () -- C:\Users\Public\Desktop\Corel Paint Shop Pro Photo X2.lnk
[2011.11.21 18:06:10 | 000,002,206 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.11.21 18:06:10 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Freigegebene Ordner auf Server.lnk
[2011.11.21 18:06:10 | 000,001,991 | ---- | C] () -- C:\Users\Public\Desktop\COMlist 2.5.2.lnk
[2011.11.21 18:06:10 | 000,001,976 | ---- | C] () -- C:\Users\Public\Desktop\DHL Verkaufsmanager.lnk
[2011.11.21 18:06:10 | 000,001,959 | ---- | C] () -- C:\Users\Public\Desktop\COMset 2.7.2.lnk
[2011.11.21 18:06:10 | 000,001,945 | ---- | C] () -- C:\Users\Public\Desktop\COMtools 2.3.2.lnk
[2011.11.21 18:06:10 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2011.11.21 18:06:10 | 000,001,752 | ---- | C] () -- C:\Users\Public\Desktop\HDClone.lnk
[2011.11.21 18:06:10 | 000,001,713 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.11.21 18:06:10 | 000,001,539 | ---- | C] () -- C:\Users\Public\Desktop\Lillifee.lnk
[2011.11.21 18:06:10 | 000,001,123 | ---- | C] () -- C:\Users\Public\Desktop\CloneDVDmobile.lnk
[2011.11.21 18:06:10 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.1.lnk
[2011.11.21 18:06:10 | 000,001,060 | ---- | C] () -- C:\Users\Public\Desktop\MailStore Home.lnk
[2011.11.21 18:06:10 | 000,001,047 | ---- | C] () -- C:\Users\Public\Desktop\CPUID HWMonitor.lnk
[2011.11.21 18:06:10 | 000,001,046 | ---- | C] () -- C:\Users\Public\Desktop\Belegschnellerfassung.lnk
[2011.11.21 18:06:10 | 000,001,017 | ---- | C] () -- C:\Users\Public\Desktop\Biet-O-Matic.lnk
[2011.11.21 18:06:10 | 000,001,015 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.net.lnk
[2011.11.21 18:06:10 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\Full Tilt Poker.lnk
[2011.11.21 18:06:10 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\Personal Backup 5.lnk
[2011.11.21 18:06:10 | 000,000,929 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.11.21 18:06:10 | 000,000,873 | ---- | C] () -- C:\Users\Public\Desktop\GSAK.lnk
[2011.11.21 18:06:09 | 000,002,171 | ---- | C] () -- C:\Users\Public\Desktop\Acronis One-Click Backup.lnk
[2011.11.21 18:06:09 | 000,001,097 | ---- | C] () -- C:\Users\Public\Desktop\Acronis True Image Home 2010.lnk
[2011.11.21 18:06:09 | 000,001,023 | ---- | C] () -- C:\Users\Public\Desktop\AnyDVD.lnk
[2011.11.21 18:06:05 | 000,002,529 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Home Server.lnk
[2011.11.21 18:06:05 | 000,002,002 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2011.11.21 18:06:05 | 000,000,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LightsOut.lnk
[2011.11.21 18:05:48 | 000,002,745 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Center-Connector.lnk
[2011.11.21 18:05:48 | 000,002,559 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Home Server-Konsole.lnk
[2011.11.21 18:05:48 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011.11.21 18:05:48 | 000,002,471 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 9 Pro Extended.lnk
[2011.11.21 18:05:48 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 9.lnk
[2011.11.21 18:05:48 | 000,002,419 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk
[2011.11.21 18:05:48 | 000,002,198 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe 3D Reviewer.lnk
[2011.11.21 18:05:48 | 000,002,101 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle Designer ES 8.2.lnk
[2011.11.21 18:05:48 | 000,002,044 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing Maps 3D.lnk
[2011.11.21 18:05:48 | 000,001,807 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Virtual PC.lnk
[2011.11.21 18:05:48 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2011.11.21 18:05:48 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2011.11.21 18:05:48 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011.11.21 18:05:48 | 000,001,298 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2011.11.21 18:05:48 | 000,001,266 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Update.lnk
[2011.11.21 18:05:48 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2011.11.21 18:05:48 | 000,001,068 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.11.21 17:37:05 | 000,684,297 | ---- | C] () -- C:\Users\KerstinundRudi\Desktop\unhide.exe
[2011.11.20 05:34:38 | 000,003,664 | ---- | C] () -- C:\bootsqm.dat
[2011.11.19 22:56:41 | 000,000,885 | ---- | C] () -- C:\Users\KerstinundRudi\Desktop\iTwin.lnk
[2011.11.09 18:50:35 | 000,418,053 | ---- | C] () -- C:\Users\KerstinundRudi\Documents\Unbenannt (2).wma
[2011.11.09 18:48:16 | 000,157,633 | ---- | C] () -- C:\Users\KerstinundRudi\Documents\Unbenannt.wma
[2011.09.24 16:41:08 | 000,000,151 | ---- | C] () -- C:\Windows\Lilli.ini
[2011.09.24 16:41:08 | 000,000,000 | ---- | C] () -- C:\Windows\Lcorn.ini
[2011.09.20 23:55:16 | 000,000,080 | ---- | C] () -- C:\Users\KerstinundRudi\AppData\Local\X-Plane Installer.prf
[2011.08.26 16:23:44 | 000,315,444 | ---- | C] () -- C:\Windows\System32\isdnapi32.dll
[2011.08.26 16:23:44 | 000,049,152 | ---- | C] () -- C:\Windows\System32\AuerCapiJNINative.dll
[2011.05.15 20:47:47 | 000,000,551 | ---- | C] () -- C:\Users\KerstinundRudi\AppData\Roaming\AutoGK.ini
[2010.10.23 13:17:57 | 000,001,032 | ---- | C] () -- C:\Users\KerstinundRudi\AppData\Roaming\mdbu.bin
[2010.10.14 14:19:32 | 000,208,896 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll
[2010.10.14 14:18:40 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll
[2010.10.14 14:17:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll
[2010.10.14 14:16:40 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll
[2010.07.21 10:40:51 | 000,002,091 | ---- | C] () -- C:\Windows\disney.ini
[2010.07.19 20:32:56 | 000,000,138 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010.06.29 19:14:08 | 000,000,291 | ---- | C] () -- C:\Windows\System32\Remover.ini
[2010.06.29 19:14:02 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP7302.ini
[2010.03.27 22:58:00 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.03.07 14:35:06 | 000,007,603 | ---- | C] () -- C:\Users\KerstinundRudi\AppData\Local\Resmon.ResmonCfg
[2010.03.07 11:15:14 | 000,000,231 | ---- | C] () -- C:\Windows\hegames.ini
[2010.02.08 23:40:49 | 000,003,474 | ---- | C] () -- C:\Users\KerstinundRudi\AppData\Roaming\SAS7_000.DAT
[2009.12.28 11:20:55 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.12.28 10:59:42 | 000,000,391 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009.12.26 10:46:00 | 000,087,608 | ---- | C] () -- C:\Users\KerstinundRudi\AppData\Roaming\inst.exe
[2009.12.26 10:46:00 | 000,007,887 | ---- | C] () -- C:\Users\KerstinundRudi\AppData\Roaming\pcouffin.cat
[2009.12.26 10:46:00 | 000,001,144 | ---- | C] () -- C:\Users\KerstinundRudi\AppData\Roaming\pcouffin.inf
[2009.12.24 19:37:23 | 000,000,193 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.12.12 22:39:03 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.12.08 17:46:30 | 000,074,240 | ---- | C] () -- C:\Windows\AKDeInstall.exe
[2009.12.04 22:17:18 | 000,198,341 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.12.02 01:29:53 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2009.12.02 01:29:53 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2009.11.28 09:38:29 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2009.11.28 09:38:29 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009.11.25 12:40:50 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.11.12 22:35:19 | 000,000,008 | RHS- | C] () -- C:\ProgramData\4675E324A8.sys
[2009.11.08 22:16:44 | 000,004,528 | ---- | C] () -- C:\Windows\System32\SETBROWS.EXE
[2009.11.08 21:47:47 | 000,000,020 | ---- | C] () -- C:\Windows\Ulead32.ini
[2009.11.07 22:39:43 | 000,000,138 | ---- | C] () -- C:\Users\KerstinundRudi\AppData\Roaming\default.rss
[2009.11.07 21:31:49 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.11.07 05:38:26 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.11.07 00:27:21 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009.11.07 00:27:18 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.11.07 00:27:18 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.11.06 23:50:11 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll
[2009.11.06 23:50:11 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll
[2009.11.06 22:07:22 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2009.11.06 00:57:35 | 000,028,672 | ---- | C] () -- C:\Windows\System32\nnr.dll
[2009.11.06 00:47:45 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2009.11.05 23:33:48 | 000,002,776 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009.11.05 23:33:48 | 000,000,008 | RHS- | C] () -- C:\ProgramData\CEB7182B63.sys
[2009.11.05 23:25:01 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009.11.05 23:01:41 | 000,000,040 | -HS- | C] () -- C:\Users\KerstinundRudi\AppData\Roaming\.zreglib
[2009.11.05 22:48:58 | 000,007,680 | ---- | C] () -- C:\Windows\System32\CNMVS64.DLL
[2009.11.05 11:03:03 | 000,135,936 | ---- | C] () -- C:\Windows\System32\ZIPDLL.DLL
[2009.11.05 11:03:03 | 000,130,816 | ---- | C] () -- C:\Windows\System32\UNZDLL.DLL
[2009.11.05 07:47:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.10.26 20:06:06 | 000,001,035 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2009.07.14 09:47:43 | 000,661,396 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,132,958 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 001,892,032 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,621,670 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,109,140 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.02.18 17:55:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009.02.03 20:52:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008.07.09 17:23:54 | 000,024,376 | ---- | C] () -- C:\Windows\System32\TALDM32A.dll
[2008.07.09 17:23:52 | 000,052,536 | ---- | C] () -- C:\Windows\System32\TAL12832.DLL
[2008.07.09 17:23:52 | 000,022,832 | ---- | C] () -- C:\Windows\System32\TALDM32.DLL
[2008.07.09 17:23:10 | 000,042,296 | ---- | C] () -- C:\Windows\System32\SBSPAINT.DLL
[2008.07.09 17:23:08 | 000,255,288 | ---- | C] () -- C:\Windows\System32\SBSPAIN3.DLL
[2008.07.09 17:23:06 | 000,050,488 | ---- | C] () -- C:\Windows\System32\SBSPAIN2.DLL
[2008.07.09 17:22:28 | 000,075,576 | ---- | C] () -- C:\Windows\System32\ENCODE32.DLL
[2006.11.06 20:30:38 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2006.04.21 10:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\System32\HtmlHelp.dll
[2002.10.15 23:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll
 
========== Custom Scans ==========
 
 
< :OTL >
 
< :Files >
 
< :Commands >
 
< [purity] >
 
< [EMPTYFLASH]  >
 
< [emptytemp] >
 
< [Reboot] >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 152 bytes -> C:\Program Files\Windows Home Server:{4D006700-7700-7900-7200-460069007300}
@Alternate Data Stream - 143 bytes -> C:\Users\KerstinundRudi\AppData\Roaming\default.rss:OECustomProperty
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:9B013599
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:FED912DB
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:F35A93AD
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A24211BA

< End of report >


Rudi

 

Themen zu VIRUS ? Ordner und Dateien plötzlich versteckt, Windows Fehlermeldungen zu Festplatte
chip.de, dateien, defekte festplatte, desktop, festplatte, icons, neustart, nicht möglich, ordner, rückgängig, starten, system, virus ?, windows 7 home, windows 7 home premium


« System Fix, wirklich entfernt? | Firefox Proxyservereinstellung wird durch Trojaner verändert. »


Ähnliche Themen: VIRUS ? Ordner und Dateien plötzlich versteckt, Windows Fehlermeldungen zu Festplatte


  1. Windows 7: Dateien und Ordner sind halb versteckt
    Log-Analyse und Auswertung - 08.09.2015 (22)
  2. Windows 7: USB-Stick erstellt verknüpfungen zu jedem File/Ordner und versteckt die echten Files/Ordner
    Log-Analyse und Auswertung - 14.01.2014 (23)
  3. USB-Stick: Ordner auf einmal versteckt & teilweise .exe Dateien
    Plagegeister aller Art und deren Bekämpfung - 18.11.2013 (17)
  4. Virus "versteckt" Ordner und Dateien auf USB-Stick!
    Plagegeister aller Art und deren Bekämpfung - 13.11.2013 (7)
  5. Win 7 - AVG entdeckt Virus - *.sys dateien im windows ordner- Nach Löschung entstehen neue befallene Dateien
    Plagegeister aller Art und deren Bekämpfung - 14.09.2013 (13)
  6. Trojaner versteckt Dateien auf externer Festplatte
    Plagegeister aller Art und deren Bekämpfung - 21.05.2012 (1)
  7. S.M.A.R.T. HDD: Schwarz Desktop, Start-Menü leer, Ordner/Dateien versteckt
    Log-Analyse und Auswertung - 10.04.2012 (15)
  8. SMART Repair Virus (Fake HDD Fehlermeldungen, Taskmanager deaktiviert, Dateien versteckt)
    Log-Analyse und Auswertung - 05.04.2012 (22)
  9. Ordner der Externen Festplatte sind plötzlich Verknüpfungen
    Plagegeister aller Art und deren Bekämpfung - 04.02.2012 (26)
  10. Hdd angeblich beschädigt, alle Dateien/Ordner versteckt, Hintergrund schwarz
    Plagegeister aller Art und deren Bekämpfung - 16.11.2011 (11)
  11. Virus versteckt dateien auf Externer Festplatte
    Plagegeister aller Art und deren Bekämpfung - 04.09.2011 (1)
  12. Dateien versteckt, angeblich Festplattenfehler, Umleitung Internetseiten, plötzlich Sound-Output
    Plagegeister aller Art und deren Bekämpfung - 30.05.2011 (11)
  13. Dateien versteckt, angeblich Festplattenfehler, Umleitung Internetseiten, plötzlich Sound-Output
    Mülltonne - 20.05.2011 (0)
  14. Dateien versteckt, angeblich Festplattenfehler, Umleitung Internetseiten, plötzlich Sound-Output
    Mülltonne - 20.05.2011 (0)
  15. Virus versteckt Dateien - Windows Recovery Wurm
    Plagegeister aller Art und deren Bekämpfung - 04.05.2011 (14)
  16. Dateien und Ordner waren verschwunden und wurden versteckt?
    Mülltonne - 24.04.2011 (1)
  17. Virus versteckt Dateien evtl Windows Recovery Wurm
    Plagegeister aller Art und deren Bekämpfung - 20.04.2011 (41)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema VIRUS ? Ordner und Dateien plötzlich versteckt, Windows Fehlermeldungen zu Festplatte - Hallo, danke für die Aufmunterung "sieht gut aus" Aber ne blöde Frage : Scan oder Fix ??? Ich hab mal scan gedrückt. Code: Alles auswählen Aufklappen ATTFilter OTL logfile created - VIRUS ? Ordner und Dateien plötzlich versteckt, Windows Fehlermeldungen zu Festplatte...
Archiv
Du betrachtest: VIRUS ? Ordner und Dateien plötzlich versteckt, Windows Fehlermeldungen zu Festplatte auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131