Trojaner beim Online-Banking

Alke_1981 · 14.08.2010, 15:54

Hi Markus,

hast eine PN.

markusg · 14.08.2010, 16:10

jo hat geklappt, danke.

Alke_1981 · 14.08.2010, 16:47

Hallo Daniel,

hier nun endlich Schritt 3.

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15281 - h**p://www.gmer.net
Rootkit scan 2010-08-14 17:43:29
Windows 6.0.6002 Service Pack 2
Running: pxyfv7if.exe; Driver: C:\Users\***AppData\Local\Temp\awtoauoc.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0  Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1  Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

--- --- ---

Warte dann auf weitere Anweisungen.

Lg Alke

Larusso · 14.08.2010, 23:51

Starte bitte OTL und drücke den Quickscan button. Poste mir bitte die Logfile

Alke_1981 · 15.08.2010, 00:07

Hi,

hier der gewünschte Logfile.

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 15.08.2010 00:55:28 - Run 2
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 65,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 109,88 Gb Total Space | 69,60 Gb Free Space | 63,34% Space Free | Partition Type: NTFS
Drive D: | 110,00 Gb Total Space | 21,33 Gb Free Space | 19,39% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***-PC
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.08.14 17:50:25 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.08.13 21:50:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2010.08.09 15:27:06 | 000,836,464 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2010.08.03 15:33:41 | 012,746,928 | ---- | M] (Mozilla Messaging) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2010.03.02 10:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.04.17 04:50:00 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.08.13 21:50:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
MOD - [2009.04.11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008.01.21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - File not found [Auto | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2010.08.14 17:50:25 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.09.25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\wdcsam.sys -- (WDC_SAM)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VMC326.sys -- (VMC326)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VMC302.sys -- (VMC302)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010.03.01 09:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.12.17 16:02:20 | 001,203,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.11 06:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2008.08.05 05:02:22 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008.08.05 05:02:22 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2008.07.22 08:33:02 | 000,319,000 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008.04.17 09:31:00 | 002,098,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.01.21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2008.01.21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.12.28 03:51:00 | 000,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007.10.26 07:39:08 | 000,193,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007.05.23 10:13:10 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p:\\www.samsungcomputer.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://search.conduit.com?SearchSource=10&ctid=CT2431245
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy1.ewetel.net:8080
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.11 17:56:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.12 23:48:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird 3 Beta 2\components
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird 3 Beta 2\plugins [2010.08.11 17:50:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.08.11 17:18:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.08.12 17:07:02 | 000,000,000 | ---D | M]
 
[2010.08.12 18:20:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.08.12 18:20:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.08.12 17:28:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ag6sai08.default\extensions
[2010.02.12 22:32:35 | 000,000,261 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\ag6sai08.default\searchplugins\Search.xml
[2010.08.12 23:43:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.08.12 23:43:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.08.12 23:42:43 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{ED0B4B8D-3966-B24A-F69A-984CA48C147A}] C:\Users\***\AppData\Roaming\Sium\opun.exe File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} h**p://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} h**p://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} h**p://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} h**p://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{60b801ca-a6d6-11df-bb07-001377985cdf}\Shell - "" = AutoRun
O33 - MountPoints2\{60b801ca-a6d6-11df-bb07-001377985cdf}\Shell\AutoRun\command - "" = H:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.08.14 17:48:25 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.08.14 17:48:24 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.08.14 17:48:24 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.08.14 17:48:24 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.08.14 17:48:24 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.08.14 17:48:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.08.14 17:48:24 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010.08.14 12:56:54 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.08.14 00:09:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.08.13 23:49:58 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Neuer Ordner
[2010.08.13 23:02:10 | 000,072,704 | ---- | C] (GravityGripp) -- C:\Users\***\Desktop\ZipIt2.exe
[2010.08.13 21:50:36 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.08.13 20:18:16 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.08.13 20:18:15 | 000,000,000 | ---D | C] -- C:\rsit
[2010.08.13 19:55:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.08.13 19:54:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.13 19:54:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.13 19:54:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.08.13 19:54:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.13 19:17:16 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Simply Super Software
[2010.08.13 19:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2010.08.13 19:07:37 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2010.08.13 16:29:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Western Digital
[2010.08.13 16:28:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Western Digital
[2010.08.13 16:27:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Western Digital
[2010.08.13 00:30:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Opera
[2010.08.13 00:30:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Opera
[2010.08.13 00:30:31 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2010.08.12 23:39:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2010.08.12 23:24:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Uniblue
[2010.08.12 19:26:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\NetSpeedMonitor
[2010.08.12 01:00:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\QuickScan
[2010.08.11 22:49:34 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.08.11 20:10:49 | 016,299,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\ProgramData\jre-6u21-windows-i586-s.exe
[2010.08.11 19:55:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010.08.11 19:53:52 | 000,875,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\ProgramData\jre-6u21-windows-i586-iftw-rv.exe
[2010.08.11 17:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010.08.11 17:50:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010.08.11 17:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010.08.11 17:49:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010.08.11 17:49:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010.08.11 17:41:02 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2010.08.11 17:40:54 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2010.08.11 17:40:27 | 000,000,000 | ---D | C] -- C:\Program Files\readmes
[2010.08.11 17:40:26 | 000,000,000 | ---D | C] -- C:\Program Files\redist
[2010.08.11 17:40:26 | 000,000,000 | ---D | C] -- C:\Program Files\licenses
[2010.08.11 17:38:30 | 000,000,000 | ---D | C] -- C:\Program Files\Mp3tag
[2010.08.11 17:33:54 | 000,000,000 | ---D | C] -- C:\Program Files\ElsterFormular
[2010.08.11 17:33:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010.08.11 17:29:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird 3 Beta 2
[2010.08.11 17:29:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2010.08.11 17:29:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010.08.11 17:18:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2010.08.11 16:54:16 | 000,000,000 | R--D | C] -- C:\Users\***\Documents\Notes
[2010.08.11 16:34:26 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010.08.11 16:34:19 | 000,000,000 | ---D | C] -- C:\Program Files\softonic-de3
[2010.08.11 16:33:52 | 000,000,000 | ---D | C] -- C:\ProgramData\VistaCodecs
[2010.08.08 15:45:47 | 000,241,664 | ---- | C] (TODO: <Company name>) -- C:\Windows\System32\TFTPClientAX.dll
[2010.06.05 12:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010.06.05 12:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010.06.05 12:17:28 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
 
========== Files - Modified Within 90 Days ==========
 
[2010.08.15 00:55:29 | 003,145,728 | -HS- | M] () -- C:\Users\***\NTUSER.DAT
[2010.08.15 00:50:22 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EDBA682A-4CCF-4440-A406-FC63B1CDC3AF}.job
[2010.08.15 00:33:15 | 000,000,438 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2010.08.15 00:33:07 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\SupBackGroundTask.job
[2010.08.15 00:33:05 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.15 00:33:05 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.15 00:32:58 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.15 00:32:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.14 19:35:12 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.08.14 19:35:12 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.14 19:35:09 | 003,087,722 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010.08.14 17:48:31 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.08.14 16:49:45 | 000,134,966 | ---- | M] () -- C:\Users\***\Desktop\MovedFiles.rar
[2010.08.14 16:20:09 | 000,000,022 | ---- | M] () -- C:\Users\***\Desktop\***.zip
[2010.08.14 13:39:08 | 000,293,376 | ---- | M] () -- C:\Users\***\Desktop\pxyfv7if.exe
[2010.08.14 13:19:51 | 001,602,126 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.14 13:19:51 | 000,689,604 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.14 13:19:51 | 000,645,990 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.14 13:19:51 | 000,151,372 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.14 13:19:51 | 000,122,818 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.14 12:40:15 | 000,293,376 | ---- | M] () -- C:\Users\***\Desktop\3g8jx9mx.exe
[2010.08.13 23:02:10 | 000,072,704 | ---- | M] (GravityGripp) -- C:\Users\***\Desktop\ZipIt2.exe
[2010.08.13 21:50:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.08.13 20:16:58 | 000,339,991 | ---- | M] () -- C:\Users\***\Desktop\RSIT.exe
[2010.08.13 19:54:43 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.13 18:19:17 | 000,085,504 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.13 17:38:05 | 000,307,122 | ---- | M] () -- C:\Users\***\Desktop\auftragsbestaetigung.pdf
[2010.08.13 00:30:37 | 000,000,674 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010.08.12 02:12:13 | 000,105,816 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.08.12 02:11:54 | 000,394,480 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.12 02:08:15 | 000,000,219 | ---- | M] () -- C:\Windows\win.ini
[2010.08.11 22:49:35 | 000,000,764 | ---- | M] () -- C:\Users\***\Desktop\CCleaner.lnk
[2010.08.11 17:56:57 | 000,001,684 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.08.11 17:52:52 | 000,000,839 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2010.08.11 17:42:32 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010.08.11 17:38:32 | 000,000,736 | ---- | M] () -- C:\Users\Public\Desktop\Mp3tag.lnk
[2010.08.11 17:18:07 | 000,001,750 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2010.08.08 16:06:07 | 000,001,705 | ---- | M] () -- C:\Windows\ST6UNST.002
[2010.08.08 16:02:59 | 000,000,724 | ---- | M] () -- C:\Windows\ST6UNST.001
[2010.08.08 15:45:47 | 000,000,724 | ---- | M] () -- C:\Windows\ST6UNST.000
[2010.08.08 14:22:10 | 000,000,275 | ---- | M] () -- C:\WirelessDiagLog.csv
[2010.07.01 21:22:09 | 000,003,354 | ---- | M] () -- C:\Windows\System32\dmlg.dat
[2010.06.25 19:48:35 | 000,016,653 | ---- | M] () -- C:\Users\***\Desktop\WM 2010.odt
[2010.06.23 12:35:52 | 000,059,392 | ---- | M] () -- C:\Windows\System32\xvid.ax
[2010.06.12 14:44:41 | 167,555,440 | ---- | M] () -- C:\Users\***\Desktop\OOo_3.2.0_Win32Intel_install_wJRE_de.exe
 
========== Files Created - No Company Name ==========
 
[2010.08.14 17:48:31 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.08.14 16:50:07 | 000,134,966 | ---- | C] () -- C:\Users\***\Desktop\MovedFiles.rar
[2010.08.14 16:19:43 | 000,000,022 | ---- | C] () -- C:\Users\***\Desktop\***.zip
[2010.08.14 13:39:08 | 000,293,376 | ---- | C] () -- C:\Users\***\Desktop\pxyfv7if.exe
[2010.08.14 12:40:15 | 000,293,376 | ---- | C] () -- C:\Users\***\Desktop\3g8jx9mx.exe
[2010.08.13 20:16:58 | 000,339,991 | ---- | C] () -- C:\Users\***\Desktop\RSIT.exe
[2010.08.13 19:54:43 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.13 17:38:04 | 000,307,122 | ---- | C] () -- C:\Users\***\Desktop\auftragsbestaetigung.pdf
[2010.08.13 00:30:37 | 000,000,674 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2010.08.12 19:52:47 | 000,000,436 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{EDBA682A-4CCF-4440-A406-FC63B1CDC3AF}.job
[2010.08.11 22:49:35 | 000,000,764 | ---- | C] () -- C:\Users\***\Desktop\CCleaner.lnk
[2010.08.11 17:56:57 | 000,001,684 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.08.11 17:52:52 | 000,000,839 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2010.08.11 17:42:32 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010.08.11 17:38:32 | 000,000,736 | ---- | C] () -- C:\Users\Public\Desktop\Mp3tag.lnk
[2010.08.11 17:18:07 | 000,001,750 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2010.08.11 16:45:37 | 000,153,088 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2010.08.08 16:06:06 | 000,001,705 | ---- | C] () -- C:\Windows\ST6UNST.002
[2010.08.08 16:02:49 | 000,000,724 | ---- | C] () -- C:\Windows\ST6UNST.001
[2010.08.08 15:45:39 | 000,000,724 | ---- | C] () -- C:\Windows\ST6UNST.000
[2010.06.23 12:35:52 | 000,059,392 | ---- | C] () -- C:\Windows\System32\xvid.ax
[2010.06.12 22:37:11 | 000,016,653 | ---- | C] () -- C:\Users\***\Desktop\WM 2010.odt
[2010.06.12 14:32:59 | 167,555,440 | ---- | C] () -- C:\Users\***\Desktop\OOo_3.2.0_Win32Intel_install_wJRE_de.exe
[2009.09.24 23:19:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.02.06 18:30:00 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009.01.02 08:26:25 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2009.01.02 08:26:25 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2009.01.02 08:18:07 | 000,004,860 | ---- | C] () -- C:\Windows\HotFixList.ini
[2009.01.02 07:51:14 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009.01.02 07:51:04 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1540.dll
[2008.09.12 15:21:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001.11.14 05:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2009.09.15 20:08:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2010.03.13 16:29:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2009.09.29 19:04:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2010.08.13 18:21:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NetSpeedMonitor
[2009.05.20 22:58:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2010.08.13 00:30:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2010.08.12 01:00:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan
[2009.04.01 19:43:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2010.08.12 23:24:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uniblue
[2010.08.13 23:35:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Western Digital
[2010.08.14 19:35:13 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.08.15 00:33:07 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\SupBackGroundTask.job
[2010.08.15 00:50:22 | 000,000,436 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{EDBA682A-4CCF-4440-A406-FC63B1CDC3AF}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:C69EAC3C
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:CB0AACC9
< End of report >

--- --- ---

LG Alke

Larusso · 15.08.2010, 10:54

Schritt 1

Windows + R Taste drücken. Kopiere nun folgendes in die Zeile

Code:

ATTFilter

reg add "HKEY_LOCAL_MACHINE\Software\Policies\ Microsoft\Windows Defender" /v DisableAntiSpyware /t Reg_Dword /d 1 /f

und drücke OK

Starte den Rechner neu auf.

Schritt 2

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

:OTL
O3 - HKLM\..\Toolbar: (no name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O4 - HKCU..\Run: [{ED0B4B8D-3966-B24A-F69A-984CA48C147A}] C:\Users\***\AppData\Roaming\Sium\opun.exe File not found
:services
:files
:reg
:Commands
[purity]
[emptytemp]
[reboot]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
Klick auf .
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 3

Starte bitte OTL und drücke den QuickScan Button.

Alke_1981 · 15.08.2010, 12:44

Hallo,

hier Schritt 2:

All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{ED0B4B8D-3966-B24A-F69A-984CA48C147A} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ED0B4B8D-3966-B24A-F69A-984CA48C147A}\ not found.

========== SERVICES/DRIVERS ==========

========== FILES ==========

========== REGISTRY ==========

========== COMMANDS ==========

[EMPTYTEMP]

User: ***

->Temp folder emptied: 42848 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Opera cache emptied: 3627498 bytes

->Flash cache emptied: 1219 bytes

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 264618 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 4,00 mb

OTL by OldTimer - Version 3.2.9.1 log created on 08152010_132614

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

und Schritt 3:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 15.08.2010 13:30:11 - Run 3
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 68,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 109,88 Gb Total Space | 68,25 Gb Free Space | 62,11% Space Free | Partition Type: NTFS
Drive D: | 110,00 Gb Total Space | 21,33 Gb Free Space | 19,39% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***-PC
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.08.14 17:50:25 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.08.13 21:50:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2010.03.02 10:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.04.17 04:50:00 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.08.13 21:50:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
MOD - [2009.04.11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008.01.21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - File not found [Auto | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2010.08.14 17:50:25 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.09.25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\wdcsam.sys -- (WDC_SAM)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VMC326.sys -- (VMC326)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VMC302.sys -- (VMC302)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010.03.01 09:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.12.17 16:02:20 | 001,203,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.11 06:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2008.08.05 05:02:22 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008.08.05 05:02:22 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2008.07.22 08:33:02 | 000,319,000 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008.04.17 09:31:00 | 002,098,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.01.21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2008.01.21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.12.28 03:51:00 | 000,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007.10.26 07:39:08 | 000,193,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007.05.23 10:13:10 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p:\\www.samsungcomputer.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://search.conduit.com?SearchSource=10&ctid=CT2431245
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy1.ewetel.net:8080
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.11 17:56:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.15 02:28:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird 3 Beta 2\components
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird 3 Beta 2\plugins [2010.08.15 02:28:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.08.11 17:18:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.08.15 02:28:39 | 000,000,000 | ---D | M]
 
[2010.08.12 18:20:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.08.12 18:20:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.08.12 17:28:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ag6sai08.default\extensions
[2010.02.12 22:32:35 | 000,000,261 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\ag6sai08.default\searchplugins\Search.xml
[2010.08.12 23:43:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.08.12 23:43:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.08.12 23:42:43 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} h**p://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} h**p://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} h**p://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} h**p://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{60b801ca-a6d6-11df-bb07-001377985cdf}\Shell - "" = AutoRun
O33 - MountPoints2\{60b801ca-a6d6-11df-bb07-001377985cdf}\Shell\AutoRun\command - "" = H:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.08.15 02:28:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010.08.15 02:28:11 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010.08.15 02:26:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Adobe
[2010.08.14 17:48:25 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.08.14 17:48:24 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.08.14 17:48:24 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.08.14 17:48:24 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.08.14 17:48:24 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.08.14 17:48:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.08.14 17:48:24 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010.08.14 12:56:54 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.08.14 00:09:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.08.13 23:49:58 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Neuer Ordner
[2010.08.13 23:02:10 | 000,072,704 | ---- | C] (GravityGripp) -- C:\Users\***\Desktop\ZipIt2.exe
[2010.08.13 21:50:36 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.08.13 20:18:16 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.08.13 20:18:15 | 000,000,000 | ---D | C] -- C:\rsit
[2010.08.13 19:55:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.08.13 19:54:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.13 19:54:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.13 19:54:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.08.13 19:54:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.13 19:17:16 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Simply Super Software
[2010.08.13 19:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2010.08.13 19:07:37 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2010.08.13 16:29:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Western Digital
[2010.08.13 16:28:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Western Digital
[2010.08.13 16:27:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Western Digital
[2010.08.13 00:30:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Opera
[2010.08.13 00:30:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Opera
[2010.08.13 00:30:31 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2010.08.12 23:39:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2010.08.12 23:24:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Uniblue
[2010.08.12 19:26:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\NetSpeedMonitor
[2010.08.12 01:00:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\QuickScan
[2010.08.11 22:49:34 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.08.11 20:10:49 | 016,299,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\ProgramData\jre-6u21-windows-i586-s.exe
[2010.08.11 19:55:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010.08.11 19:53:52 | 000,875,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\ProgramData\jre-6u21-windows-i586-iftw-rv.exe
[2010.08.11 17:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010.08.11 17:50:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010.08.11 17:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010.08.11 17:49:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010.08.11 17:49:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010.08.11 17:41:02 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2010.08.11 17:40:54 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2010.08.11 17:40:27 | 000,000,000 | ---D | C] -- C:\Program Files\readmes
[2010.08.11 17:40:26 | 000,000,000 | ---D | C] -- C:\Program Files\redist
[2010.08.11 17:40:26 | 000,000,000 | ---D | C] -- C:\Program Files\licenses
[2010.08.11 17:38:30 | 000,000,000 | ---D | C] -- C:\Program Files\Mp3tag
[2010.08.11 17:33:54 | 000,000,000 | ---D | C] -- C:\Program Files\ElsterFormular
[2010.08.11 17:33:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010.08.11 17:29:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird 3 Beta 2
[2010.08.11 17:29:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2010.08.11 17:29:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010.08.11 17:18:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2010.08.11 16:54:16 | 000,000,000 | R--D | C] -- C:\Users\***\Documents\Notes
[2010.08.11 16:34:26 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010.08.11 16:34:19 | 000,000,000 | ---D | C] -- C:\Program Files\softonic-de3
[2010.08.11 16:33:52 | 000,000,000 | ---D | C] -- C:\ProgramData\VistaCodecs
[2010.08.08 15:45:47 | 000,241,664 | ---- | C] (TODO: <Company name>) -- C:\Windows\System32\TFTPClientAX.dll
[2010.06.05 12:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010.06.05 12:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010.06.05 12:17:28 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
 
========== Files - Modified Within 90 Days ==========
 
[2010.08.15 13:30:12 | 003,145,728 | -HS- | M] () -- C:\Users\***\NTUSER.DAT
[2010.08.15 13:27:22 | 000,000,438 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2010.08.15 13:27:05 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.15 13:27:05 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.15 13:27:04 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\SupBackGroundTask.job
[2010.08.15 13:27:01 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.15 13:26:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.15 13:26:20 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.08.15 13:26:20 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.15 13:22:30 | 003,090,339 | -H-- | M] () -- C:\Users\***AppData\Local\IconCache.db
[2010.08.15 13:20:05 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EDBA682A-4CCF-4440-A406-FC63B1CDC3AF}.job
[2010.08.15 02:28:40 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.08.14 17:48:31 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.08.14 16:49:45 | 000,134,966 | ---- | M] () -- C:\Users\***\Desktop\MovedFiles.rar
[2010.08.14 16:20:09 | 000,000,022 | ---- | M] () -- C:\Users\***\Desktop\***.zip
[2010.08.14 13:39:08 | 000,293,376 | ---- | M] () -- C:\Users\***\Desktop\pxyfv7if.exe
[2010.08.14 13:19:51 | 001,602,126 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.14 13:19:51 | 000,689,604 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.14 13:19:51 | 000,645,990 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.14 13:19:51 | 000,151,372 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.14 13:19:51 | 000,122,818 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.14 12:40:15 | 000,293,376 | ---- | M] () -- C:\Users\***\Desktop\3g8jx9mx.exe
[2010.08.13 23:02:10 | 000,072,704 | ---- | M] (GravityGripp) -- C:\Users\***\Desktop\ZipIt2.exe
[2010.08.13 21:50:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.08.13 20:16:58 | 000,339,991 | ---- | M] () -- C:\Users\***\Desktop\RSIT.exe
[2010.08.13 19:54:43 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.13 18:19:17 | 000,085,504 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.13 17:38:05 | 000,307,122 | ---- | M] () -- C:\Users\***\Desktop\auftragsbestaetigung.pdf
[2010.08.13 00:30:37 | 000,000,674 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010.08.12 02:12:13 | 000,105,816 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.08.12 02:11:54 | 000,394,480 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.12 02:08:15 | 000,000,219 | ---- | M] () -- C:\Windows\win.ini
[2010.08.11 22:49:35 | 000,000,764 | ---- | M] () -- C:\Users\***\Desktop\CCleaner.lnk
[2010.08.11 17:56:57 | 000,001,684 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.08.11 17:52:52 | 000,000,839 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2010.08.11 17:42:32 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010.08.11 17:38:32 | 000,000,736 | ---- | M] () -- C:\Users\Public\Desktop\Mp3tag.lnk
[2010.08.11 17:18:07 | 000,001,750 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2010.08.08 16:06:07 | 000,001,705 | ---- | M] () -- C:\Windows\ST6UNST.002
[2010.08.08 16:02:59 | 000,000,724 | ---- | M] () -- C:\Windows\ST6UNST.001
[2010.08.08 15:45:47 | 000,000,724 | ---- | M] () -- C:\Windows\ST6UNST.000
[2010.08.08 14:22:10 | 000,000,275 | ---- | M] () -- C:\WirelessDiagLog.csv
[2010.07.01 21:22:09 | 000,003,354 | ---- | M] () -- C:\Windows\System32\dmlg.dat
[2010.06.25 19:48:35 | 000,016,653 | ---- | M] () -- C:\Users\***\Desktop\WM 2010.odt
[2010.06.23 12:35:52 | 000,059,392 | ---- | M] () -- C:\Windows\System32\xvid.ax
[2010.06.12 14:44:41 | 167,555,440 | ---- | M] () -- C:\Users\***\Desktop\OOo_3.2.0_Win32Intel_install_wJRE_de.exe
 
========== Files Created - No Company Name ==========
 
[2010.08.15 02:28:40 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.08.14 17:48:31 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.08.14 16:50:07 | 000,134,966 | ---- | C] () -- C:\Users\***\Desktop\MovedFiles.rar
[2010.08.14 16:19:43 | 000,000,022 | ---- | C] () -- C:\Users\***\Desktop\***.zip
[2010.08.14 13:39:08 | 000,293,376 | ---- | C] () -- C:\Users\***\Desktop\pxyfv7if.exe
[2010.08.14 12:40:15 | 000,293,376 | ---- | C] () -- C:\Users\***\Desktop\3g8jx9mx.exe
[2010.08.13 20:16:58 | 000,339,991 | ---- | C] () -- C:\Users\***\Desktop\RSIT.exe
[2010.08.13 19:54:43 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.13 17:38:04 | 000,307,122 | ---- | C] () -- C:\Users\***\Desktop\auftragsbestaetigung.pdf
[2010.08.13 00:30:37 | 000,000,674 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2010.08.12 19:52:47 | 000,000,436 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{EDBA682A-4CCF-4440-A406-FC63B1CDC3AF}.job
[2010.08.11 22:49:35 | 000,000,764 | ---- | C] () -- C:\Users\***\Desktop\CCleaner.lnk
[2010.08.11 17:56:57 | 000,001,684 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.08.11 17:52:52 | 000,000,839 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2010.08.11 17:42:32 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010.08.11 17:38:32 | 000,000,736 | ---- | C] () -- C:\Users\Public\Desktop\Mp3tag.lnk
[2010.08.11 17:18:07 | 000,001,750 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2010.08.11 16:45:37 | 000,153,088 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2010.08.08 16:06:06 | 000,001,705 | ---- | C] () -- C:\Windows\ST6UNST.002
[2010.08.08 16:02:49 | 000,000,724 | ---- | C] () -- C:\Windows\ST6UNST.001
[2010.08.08 15:45:39 | 000,000,724 | ---- | C] () -- C:\Windows\ST6UNST.000
[2010.06.23 12:35:52 | 000,059,392 | ---- | C] () -- C:\Windows\System32\xvid.ax
[2010.06.12 22:37:11 | 000,016,653 | ---- | C] () -- C:\Users\***\Desktop\WM 2010.odt
[2010.06.12 14:32:59 | 167,555,440 | ---- | C] () -- C:\Users\***\Desktop\OOo_3.2.0_Win32Intel_install_wJRE_de.exe
[2009.09.24 23:19:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.02.06 18:30:00 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009.01.02 08:26:25 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2009.01.02 08:26:25 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2009.01.02 08:18:07 | 000,004,860 | ---- | C] () -- C:\Windows\HotFixList.ini
[2009.01.02 07:51:14 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009.01.02 07:51:04 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1540.dll
[2008.09.12 15:21:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001.11.14 05:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2009.09.15 20:08:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2010.03.13 16:29:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2009.09.29 19:04:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2010.08.13 18:21:00 | 000,000,000 | ---D | M] -- C:\Users\***\Roaming\NetSpeedMonitor
[2009.05.20 22:58:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2010.08.13 00:30:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2010.08.12 01:00:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan
[2009.04.01 19:43:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2010.08.12 23:24:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uniblue
[2010.08.13 23:35:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Western Digital
[2010.08.15 13:26:22 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.08.15 13:27:04 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\SupBackGroundTask.job
[2010.08.15 13:20:05 | 000,000,436 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{EDBA682A-4CCF-4440-A406-FC63B1CDC3AF}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:C69EAC3C
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:CB0AACC9
< End of report >

--- --- ---

LG Alke

Larusso · 15.08.2010, 14:03

Schritt 1

Öffne bitte Windows Defender --> Administratoroption
und entferne den Hacken bei Windows Defender verwenden

Rechner neu starten.

Schritt 2

Update bitte Malwarebytes und lass einen QuickScan laufen.

Schritt 3

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
Dein Anti-Virus-Programm während des Scans deaktivieren.

Button (<< klick) drücken.
- Firefox-User:
  Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
- IE-User:
  müssen das Installieren eines ActiveX Elements erlauben.
Setze den einen Hacken bei Yes, i accept the Terms of Use.
Drücke den Button.
Warte bis die Komponenten herunter geladen wurden.
Setze einen Haken bei "Remove found threads" und "Scan archives".
drücken.
Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.

Wenn der Scan beendet wurde

Klicke Finish.
Browser schließen.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
Logfile hier posten.

Schritt 4

Downloade Dir bitte SecurityCheck

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument ( checkup.txt ) öffnen.

Poste den Inhalt bitte hier.

Bitte poste in deiner nächsten Antwort
MBAM Logfile
ESET Log
checkup.txt
Berichte wie der Rechner läuft

Alke_1981 · 15.08.2010, 16:05

Hallo,

hier der MBAM Logfile:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Datenbank Version: 4432

Windows 6.0.6002 Service Pack 2

Internet Explorer 7.0.6002.18005

15.08.2010 15:20:22

mbam-log-2010-08-15 (15-20-22).txt

Art des Suchlaufs: Quick-Scan

Durchsuchte Objekte: 129904

Laufzeit: 6 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0

Infizierte Speicherprozesse: