Trojaner "Dieses Programm kann Webseite nicht anzeigen"

charly2000 · 29.04.2012, 19:16

Hallo bin neu hier im board und brauche Eure Hilfe.

Habe mir gestern (vermutlich) einen Trojaner eingefangen. Ich habe Windows Vista (SP2) 32 Bit.

Nach dem Starten erscheint der Desktop kurz danach kommt sofort eine Seite mit dem Hinweis "Das Programm kann die Webseite nicht anzeigen". Dann ist nichts mehr möglich. Übereinstimmungen der Screenshots bei www.bka-trojaner.de habe ich nicht gefunden. Von gesperrten Dateien oder einer Aufforderung zum Bezahlen habe ich nichts gesehen.

Habe im abgesicherten Modus die Systemwiederherstellung versucht und nun läuft erst mal alles wieder normal. Vor der Systemwiederherstellung mit Malwarebytes fündig geworden (Roque.residue und Heuristics.Residue) nach der Systemwiederherstellung mit selbigen Dateien nochmals fündig geworden.

Soeben Logfile mit HijackThis erstellt.

Kann das bitte jemand checken?
Tausend Dank. Bei Fragen gern.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:07:59, on 29.04.2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Analyst\Downloads\HiJackThis204(1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: Samsung Auto Backup Guage.lnk = ?
O4 - Startup: Samsung Auto Backup Real-Time Daemon.lnk = ?
O4 - Startup: Samsung Auto Backup Scheduler.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 (file missing)
O9 - Extra button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home (file missing)
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - hxxp://www.webtip.ch/cgi-bin/toshiba/tracker_url_de.pl?hxxp://www.ebay.de/ (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AAA64D87-2456-4D7E-ADAD-38A22530F209}: NameServer = 192.168.0.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPO\TempoSVC.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9388 bytes

kira · 30.04.2012, 08:19

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Hast du den Rechner bereits auf Viren überprüft? Folgende Ergebnisse möchte ich noch sehen:

Code:

ATTFilter

Malwarebytes
(alle vorhandenen Protokolle!)

2.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

3.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:

Download den CCleaner - Installer herunter
Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira

charly2000 · 01.05.2012, 17:20

Hallo Kira,

Danke, hier die Infos:

1.) Habe mit AVG Komplettscan durchgeführt - ohne Ergebnis:

Code:

ATTFilter

 "Scan ""Gesamten Computer scannen"" wurde beendet."
"Bei diesem Scan wurde keine Infizierung gefunden"
"Für den Scanvorgang ausgewählte Ordner:";"Gesamten Computer scannen"
"Start des Scans:";"Dienstag, 1. Mai 2012, 16:59:43"
"Scan beendet:";"Dienstag, 1. Mai 2012, 17:41:35 (41 Minute(n) 51 Sekunde(n))"
"Gesamtanzahl gescannter Objekte:";"664981"
"Benutzer, der den Scan gestartet hat:";"Analyst"

Protokolle Malwarebytes:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.01.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Analyst :: Analyst-PC [Administrator]

Schutz: Deaktiviert

01.05.2012 13:25:07
mbam-log-2012-05-01 (13-25-07).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 351960
Laufzeit: 1 Stunde(n), 28 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.28.05

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Analyst :: Analyst-PC [Administrator]

Schutz: Deaktiviert

28.04.2012 20:29:59
mbam-log-2012-04-28 (20-29-59).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 365723
Laufzeit: 1 Stunde(n), 11 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\Users\Steffen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JPW983OY\SoftonicDownloader_fuer_trojan-remover (1).exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt.
C:\Users\Steffen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JPW983OY\SoftonicDownloader_fuer_trojan-remover.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt.
C:\Users\Steffen\Downloads\SoftonicDownloader_fuer_trojan-remover (1).exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt.
C:\Users\Steffen\Downloads\SoftonicDownloader_fuer_trojan-remover (2).exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt.
C:\Users\Steffen\Downloads\SoftonicDownloader_fuer_trojan-remover.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt.

(Ende)

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.28.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Analyst :: Analyst-PC [Administrator]

Schutz: Deaktiviert

29.04.2012 15:39:34
mbam-log-2012-04-29 (15-39-34).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 350154
Laufzeit: 2 Stunde(n), 12 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\fcn (Rogue.Residue) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows\Rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.28.05

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Analyst :: Analyst-PC [Administrator]

Schutz: Deaktiviert

29.04.2012 09:30:34
mbam-log-2012-04-29 (09-30-34).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 365215
Laufzeit: 1 Stunde(n), 6 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

 Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.28.05

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Analyst :: Analyst-PC [Administrator]

28.04.2012 18:20:21
mbam-log-2012-04-28 (18-20-21).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 364751
Laufzeit: 1 Stunde(n), 6 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\fcn (Rogue.Residue) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows\Rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

2. OTL.TXT
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 01.05.2012 17:48:44 - Run 1
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\Analyst\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,73 Gb Available Physical Memory | 36,79% Memory free
4,22 Gb Paging File | 2,57 Gb Available in Paging File | 61,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 8,26 Gb Free Space | 11,08% Space Free | Partition Type: NTFS
Drive E: | 73,06 Gb Total Space | 51,77 Gb Free Space | 70,86% Space Free | Partition Type: NTFS
 
Computer Name: Analyst-PC | User Name: Analyst | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Analyst\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG Secure Search\vprot.exe ()
PRC - C:\Programme\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Clarus\Samsung Auto Backup\ISFTimerD.exe (Clarus, Inc.)
PRC - C:\Programme\Clarus\Samsung Auto Backup\ISFRealTimeD.exe (Clarus, Inc.)
PRC - C:\Programme\Clarus\Samsung Auto Backup\ISFGuage.exe (Clarus, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Synaptics\SynTP\SynToshiba.exe (Synaptics Incorporated)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Toshiba TEMPO\TempoSVC.exe (Toshiba Europe GmbH)
PRC - C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Programme\TOSHIBA\Utilities\KeNotify.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\TCrdMain\d20a10ce0db1ff6cf948b2988f27a836\TCrdMain.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a8100864c7dd9ecf5d9f07fdaf5ba246\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\89b3b18de5d2cc945c24c0333d78f665\PresentationCore.ni.dll ()
MOD - C:\Users\Analyst\AppData\Roaming\Mozilla\Firefox\Profiles\tlzq1cc7.default\extensions\{00b2f024-4c9d-4f95-88b9-de678d1de316}\components\RadioWMPCoreGecko11.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d48e106e015d0f8cb2d5295015cee508\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1e258a951222c818540b33880ca45f2e\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll ()
MOD - C:\Programme\AVG Secure Search\vprot.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Windows\System32\igfxTMM.dll ()
MOD - C:\Programme\TOSHIBA\FlashCards\de\TCrdMain.resources.dll ()
MOD - C:\Programme\TOSHIBA\TBS\NotifyTBS.dll ()
MOD - C:\Programme\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll ()
MOD - C:\Programme\TOSHIBA\PCDiag\NotifyPCD.dll ()
MOD - C:\Programme\TOSHIBA\Utilities\KeNotify.exe ()
MOD - C:\Programme\TOSHIBA\TOSHIBA Assist\NotifyX.dll ()
MOD - C:\Programme\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TOSHIBA Bluetooth Service) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe File not found
SRV - (avg9wd) -- C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AVG Security Toolbar Service) -- C:\Programme\AVG\AVG9\Toolbar\ToolbarBroker.exe ()
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (getPlusHelper) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (TempoMonitoringService) -- C:\Programme\Toshiba TEMPO\TempoSVC.exe (Toshiba Europe GmbH)
SRV - (TNaviSrv) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (TosCoSrv) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (CFSvcs) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (MDM) -- C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (vnet) -- system32\DRIVERS\virtualnet.sys File not found
DRV - (vflt) -- system32\DRIVERS\vfilter.sys File not found
DRV - (TpChoice) -- system32\DRIVERS\TpChoice.sys File not found
DRV - (Tosrfcom) --  File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (MBAMSwissArmy) --  File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (AvgMfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (tos_sps32) -- C:\Windows\System32\drivers\tos_sps32.sys (TOSHIBA Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (CplIR) -- C:\Windows\System32\drivers\CplIR.sys (COMPAL ELECTRONIC INC.)
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (KR10N) -- C:\Windows\System32\drivers\KR10N.sys (TOSHIBA CORPORATION)
DRV - (KR10I) -- C:\Windows\System32\drivers\KR10I.sys (TOSHIBA CORPORATION)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (Nokia USB Phone Parent) -- C:\Windows\System32\drivers\nmwcd.sys (Nokia)
DRV - (Nokia USB Port) -- C:\Windows\System32\drivers\nmwcdcj.sys (Nokia)
DRV - (Nokia USB Modem) -- C:\Windows\System32\drivers\nmwcdcm.sys (Nokia)
DRV - (Nokia USB Generic) -- C:\Windows\System32\drivers\nmwcdc.sys (Nokia)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (LPCFilter) -- C:\Windows\System32\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {2C5BAA34-F8C4-42C0-80CE-02A267502AE7}
IE - HKLM\..\SearchScopes\{2C5BAA34-F8C4-42C0-80CE-02A267502AE7}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
IE - HKCU\..\SearchScopes\{0F36E18A-6296-4333-9D99-269AAFE3D111}_Search Solver: "URL" = hxxp://www.search-solver.com/?t=Q0908221719&s=b&keywords={searchTerms}
IE - HKCU\..\SearchScopes\{2C5BAA34-F8C4-42C0-80CE-02A267502AE7}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={D056E45D-88C7-40CA-9340-DC2BFFB44DE9}&mid=4258a7e80e4df4355e997e37031c912e-89a0743544eb25f6fe1a70e6c7689c0422b59eb7&lang=de&ds=AVG&pr=fr&d=2011-12-03 17:21:13&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "sporthdtv Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2546759&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://google.de"
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.227.0
FF - prefs.js..extensions.enabledItems: {00b2f024-4c9d-4f95-88b9-de678d1de316}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.87
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7B457a1ed1-5f1c-4ac4-8aa7-ee17ca72491a%7D&mid=4258a7e80e4df4355e997e37031c912e-89a0743544eb25f6fe1a70e6c7689c0422b59eb7&ds=AVG&v=10.0.0.7&lang=de&pr=fr&d=2011-12-03%2017%3A21%3A13&sap=ku&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011.08.10 18:48:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.0.0.7\ [2012.01.16 20:38:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.25 19:53:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.18 22:59:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@gutscheinrausch.de: C:\Users\Analyst\AppData\Roaming\Mozilla\Firefox\Profiles\tlzq1cc7.default\extensions\mail@gutscheinrausch.de [2012.01.29 13:40:06 | 000,000,000 | ---D | M]
 
[2010.01.19 20:21:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Analyst\AppData\Roaming\mozilla\Extensions
[2012.04.29 14:02:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Analyst\AppData\Roaming\mozilla\Firefox\Profiles\tlzq1cc7.default\extensions
[2012.04.29 11:47:00 | 000,000,000 | ---D | M] (sporthdtv Community Toolbar) -- C:\Users\Analyst\AppData\Roaming\mozilla\Firefox\Profiles\tlzq1cc7.default\extensions\{00b2f024-4c9d-4f95-88b9-de678d1de316}
[2010.10.01 15:01:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Analyst\AppData\Roaming\mozilla\Firefox\Profiles\tlzq1cc7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.22 14:49:52 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Analyst\AppData\Roaming\mozilla\Firefox\Profiles\tlzq1cc7.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2012.03.26 21:18:36 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\Analyst\AppData\Roaming\mozilla\Firefox\Profiles\tlzq1cc7.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2011.05.10 09:39:15 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Analyst\AppData\Roaming\mozilla\Firefox\Profiles\tlzq1cc7.default\extensions\engine@conduit.com
[2012.01.29 13:40:06 | 000,000,000 | ---D | M] (Gutscheinrausch.de) -- C:\Users\Analyst\AppData\Roaming\mozilla\Firefox\Profiles\tlzq1cc7.default\extensions\mail@gutscheinrausch.de
[2012.05.01 17:47:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Analyst\AppData\Roaming\mozilla\Firefox\Profiles\tlzq1cc7.default\extensions\staged
[2010.03.24 16:15:10 | 000,000,921 | ---- | M] () -- C:\Users\Analyst\AppData\Roaming\Mozilla\Firefox\Profiles\tlzq1cc7.default\searchplugins\conduit.xml
[2011.03.15 22:47:11 | 000,001,583 | ---- | M] () -- C:\Users\Analyst\AppData\Roaming\Mozilla\Firefox\Profiles\tlzq1cc7.default\searchplugins\web-search.xml
[2012.01.01 15:10:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.01.16 20:38:18 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\10.0.0.7
() (No name found) -- C:\USERS\Analyst\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLZQ1CC7.DEFAULT\EXTENSIONS\{DD05FD3D-18DF-4CE4-AE53-E795339C5F01}.XPI
[2012.03.25 19:52:59 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.12.18 22:58:01 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.17 00:15:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.16 20:37:41 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.02.17 00:15:13 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.17 00:15:13 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.17 00:15:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.17 00:15:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.17 00:15:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] \HWSetup.exe hwSetUP File not found
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KeNotify] C:\Programme\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TOSCDSPD] TOSCDSPD.EXE File not found
O4 - HKCU..\Run: [Winsweep]  File not found
O4 - HKCU..\Run: [Winsweep Popupblocker]  File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Analyst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Guage.lnk = C:\Programme\Clarus\Samsung Auto Backup\ISFGuage.exe (Clarus, Inc.)
O4 - Startup: C:\Users\Analyst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Real-Time Daemon.lnk = C:\Programme\Clarus\Samsung Auto Backup\ISFRealTimeD.exe (Clarus, Inc.)
O4 - Startup: C:\Users\Analyst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Scheduler.lnk = C:\Programme\Clarus\Samsung Auto Backup\ISFTimerD.exe (Clarus, Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found
O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - hxxp://www.webtip.ch/cgi-bin/toshiba/tracker_url_de.pl?hxxp://www.ebay.de/ File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AAA64D87-2456-4D7E-ADAD-38A22530F209}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0DACA61-45DF-496A-93A2-362873DBB8BA}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll ()
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Analyst\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Analyst\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0c920310-8d66-11dc-853d-001b384c250f}\Shell - "" = AutoRun
O33 - MountPoints2\{0c920310-8d66-11dc-853d-001b384c250f}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{666ef152-0265-11de-b51c-001b384c250f}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \TestPersonal\Testpersonal.exe
O33 - MountPoints2\{6dcf734b-2920-11df-b73c-001b384c250f}\Shell - "" = AutoRun
O33 - MountPoints2\{6dcf734b-2920-11df-b73c-001b384c250f}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{9a28f430-ca2a-11de-a85e-001b384c250f}\Shell\AutoRun\command - "" = D:\setupSNK.exe
O33 - MountPoints2\{cd54ccde-72df-11df-a383-001b384c250f}\Shell\AutoRun\command - "" = D:\PrivacyDongle-Windows.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.01 17:46:37 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Analyst\Desktop\OTL.exe
[2012.05.01 13:12:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012.04.29 15:04:07 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2012.04.29 11:57:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.29 11:57:23 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.04.28 22:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\Ashampoo
[2012.04.28 18:14:10 | 000,000,000 | ---D | C] -- C:\Users\Analyst\AppData\Roaming\Malwarebytes
[2012.04.28 18:14:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.28 18:14:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.04.14 20:54:41 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.04.14 20:54:39 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.04.14 20:54:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.04.14 20:54:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.04.14 20:54:38 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.04.14 20:54:37 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.04.14 20:54:01 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.04.14 20:54:01 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.04.14 20:47:54 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.04.14 20:47:52 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2012.04.14 20:47:25 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012.04.14 20:47:25 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.04.14 20:47:25 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012.04.14 20:47:25 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012.04.14 20:47:25 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012.04.07 11:20:32 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.04.07 11:20:32 | 000,070,304 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.01 17:46:09 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Analyst\Desktop\OTL.exe
[2012.05.01 17:18:33 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.01 17:04:02 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.01 17:04:02 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.01 16:47:14 | 096,800,245 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2012.05.01 16:45:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.01 13:17:13 | 000,638,748 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.01 13:17:13 | 000,604,324 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.01 13:17:13 | 000,130,668 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.01 13:17:13 | 000,107,760 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.01 13:03:35 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.29 11:57:39 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.29 09:25:01 | 000,000,016 | ---- | M] () -- C:\ProgramData\wkirjnexyigxavkrtxytmjcnngajnqaf
[2012.04.29 09:15:31 | 000,001,356 | ---- | M] () -- C:\Users\Analyst\AppData\Local\d3d9caps.dat
[2012.04.14 21:03:10 | 000,275,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.04.09 11:41:28 | 229,386,216 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.04.07 11:20:32 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.04.07 11:20:32 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.29 11:57:39 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.29 11:48:32 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
[2012.04.28 14:23:47 | 000,000,016 | ---- | C] () -- C:\ProgramData\wkirjnexyigxavkrtxytmjcnngajnqaf
[2012.04.07 11:20:57 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.01.29 13:39:59 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2011.02.27 15:49:09 | 000,000,030 | ---- | C] () -- C:\Windows\SSEKonf.ini
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:F3D5B2AD

< End of report >

--- --- ---

OTL Extra.TXT
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 01.05.2012 17:48:44 - Run 1
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\analyst\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,73 Gb Available Physical Memory | 36,79% Memory free
4,22 Gb Paging File | 2,57 Gb Available in Paging File | 61,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 8,26 Gb Free Space | 11,08% Space Free | Partition Type: NTFS
Drive E: | 73,06 Gb Total Space | 51,77 Gb Free Space | 70,86% Space Free | Partition Type: NTFS
 
Computer Name: analyst-PC | User Name: analyst | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "E:\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "E:\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01FB684B-B383-49F5-A893-945786987BCD}" = lport=445 | protocol=6 | dir=in | app=system | 
"{068CEBD1-3C2C-4C96-B1D7-7469D93DA4FC}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{37400866-BACC-4B85-B37A-313BE751B741}" = lport=137 | protocol=17 | dir=in | app=system | 
"{3F98854E-137B-4A76-A276-3E33E584779F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{539782FC-DCB7-4EF9-826C-FCA47E6F14CA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5A097B65-DB6C-4E3E-8AF5-E023BCB80638}" = rport=137 | protocol=17 | dir=out | app=system | 
"{64E77B25-D833-45E7-A1B0-9CA8B2FE2C6F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6F1E8AB2-FDEB-4F82-B744-30834C18FD29}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{73440219-2689-4B31-AECF-83B9A66D9D6C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{747AD30B-5E90-4008-9EE2-7F10A4837123}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{85D1D3D2-C116-414E-AB24-841067607E59}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{99F20903-3637-4723-A079-7F56930813D8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{9FEC4459-5A1F-4560-B507-CF4CA5F64F0B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D3BEECD3-990C-4F46-9369-09ED64FEFB68}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D7244E89-D82E-4501-98D8-39DCAEC0C9BF}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D8CF807A-A014-4698-80C7-14F2A996C1E9}" = rport=139 | protocol=6 | dir=out | app=system | 
"{DF3CC9FA-9999-4023-80BF-BBA47959B9DB}" = lport=139 | protocol=6 | dir=in | app=system | 
"{EAA03634-6E59-42A8-B982-CB3336A7188E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{F791EFAB-4F24-405C-91BD-03B5F3F98055}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0007AF3C-B250-4AC3-A149-2D824AB3A88C}" = protocol=6 | dir=in | app=e:\tobit clipinc\server\clipinc-server.exe | 
"{00B47A50-CDDF-4F2B-9E36-19D2ACE69694}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0CB687C0-802E-42FD-825D-3752F1F544F8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1149D5E6-F08F-4ADB-9E4B-1B970A120555}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{13147B18-365F-4449-BAB3-9F89A6A6A5AA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1321AEC1-D423-44A8-A39E-AC03629F1715}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{263E312E-130F-4DAE-8513-A1FC68DF019A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{320F21C4-BD22-4BA2-AD36-1A07C64DA32B}" = protocol=6 | dir=out | app=system | 
"{36BBC2A4-A572-4C50-8090-39304618A3D3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{672E82DC-3152-42A7-A3BB-9DBB84007538}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{9E0AAC1B-2535-403A-A03B-3D76B551CFC0}" = protocol=6 | dir=in | app=e:\tobit clipinc\player\clipinc-player.exe | 
"{A27639F6-9DAD-475F-8879-FF839CCA84A6}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe | 
"{A2CB7694-C3A5-4398-8624-697E2AB98A26}" = protocol=17 | dir=in | app=e:\tobit clipinc\server\clipinc-server.exe | 
"{A9473613-C196-4F8F-908E-E184A7CAD75E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AB85B8B4-D5AC-4000-A914-90F779E80A57}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C11D1CBF-F922-4A1B-9F80-583DC0D049FE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C42598A6-47DF-41B4-B820-C5193F524D10}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D70EB1AA-B8A9-4A6F-9F15-D64D98C4BC82}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D95B3F87-F376-4806-B0D1-F8A9BFDFA592}" = protocol=17 | dir=in | app=e:\tobit clipinc\player\clipinc-player.exe | 
"{DE398B46-1E1E-4775-B7F8-142FA40BE728}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe | 
"{EDFF3588-652A-4464-A161-9FEB3A68D58D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EFD37496-C293-49A0-90AC-2ACA69B61360}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0FF1922C-B6C4-40BB-AF30-BEF75A482444}" = Nokia Connectivity Cable Driver
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series" = Canon MP630 series MP Drivers
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1B58C9D2-1925-413F-B29A-C4E7596C43F5}" = Nokia PC Suite
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2B11BA9C-7F97-4C16-970F-1491FD77969B}_is1" = GutscheinRausch.de - AddOn für Firefox
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ACF5CB8-CADE-42C9-B3D3-B8751A2CDFD6}" = Toshiba TEMPO
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5980B928-1C95-4B3E-957B-B02D8147FF9E}" = Desktop SMS
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{821D6F49-1B20-4809-8C73-286CFC52B1B1}" = Samsung Auto Backup
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver
"{AC76BA86-7AD7-1031-7B44-A70900000002}" = Adobe Reader 7.0.9 - Deutsch
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{C233D370-4B1A-4F6F-BD55-16B0C131335B}_is1" = Batch DOCX to DOC Converter 2009
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBCD1FF1-6127-41A5-ABF3-D8C494E59094}" = SA31xx Device Manager & Media Converter
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D8E4A66D-DB68-481F-ABA8-AC622566D4CB}" = PC Connectivity Solution
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E572B060-C98B-4984-A48E-E4FA56265903}" = SA31xx Device Manager & Media Converter
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F5FB4B71-6301-11D4-9AD1-00A0C9B0C5F6}" = InfoBibliothek
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9D54D77-01A4-7D34-6F3C-EDC9F8F466E3}" = Fragen-Lern-CD 4.0
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"6315-1853-9670-8217" = Polysun Demo 5.8.6.15775
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"AVG9Uninstall" = AVG Free 9.0
"Canon MP630 series Benutzerregistrierung" = Canon MP630 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1" = Fragen-Lern-CD 4.0
"Digital Editions" = Adobe Digital Editions
"dm-Fotowelt" = dm-Fotowelt
"doPDF 5  printer_is1" = doPDF 5.3  printer
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ElsterFormular für Privatanwender 12.0.0.5880p" = ElsterFormular-Update
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 4.1.0.835 (D)
"MAGIX Foto Suite D" = MAGIX Foto Suite 1.12.0.89 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"NAVIGON Fresh" = NAVIGON Fresh 3.3.0
"nwwfo" = Favorit
"PVProfit" = PVProfit
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

--- --- ---

3. CCleaner:

Code:

ATTFilter

 Adobe AIR	Adobe Systems Inc.	22.02.2011	29,4MB	2.5.1.17730
Adobe Digital Editions		21.01.2012	13,4MB	
Adobe Download Manager	NOS Microsystems Ltd.	21.08.2010	0,37MB	1.6.2.87
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	18.03.2010		10.0.45.2
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	06.04.2012		11.2.202.228
Adobe Photoshop 7.0	Adobe Systems, Inc.	04.11.2007	144,8MB	7.0
Adobe Reader 7.0.9 - Deutsch	Adobe Systems Incorporated	15.04.2007	78,2MB	7.0.9
ALPS Touch Pad Driver	ALPS ELECTRIC CO., LTD	04.11.2007		7.0.301.4
Atheros Driver Installation Program	Atheros	04.11.2007	4,00KB	7.1
AVG Free 9.0	AVG Technologies	22.12.2009	59,5MB	
Batch DOCX to DOC Converter 2009	Batchwork Software	12.01.2010	4,62MB	
Bluetooth Stack for Windows by Toshiba		15.04.2007	54,7MB	v5.10.06(T)
CamStudio OSS Desktop Recorder	CamStudio Open Source Dev Team	04.08.2011	15,0MB	2.6 Beta r294
Canon MP Navigator EX 2.0		25.10.2009	69,6MB	
Canon MP630 series Benutzerregistrierung		25.10.2009	0,52MB	
Canon MP630 series MP Drivers		25.10.2009		
Canon Utilities Easy-PhotoPrint EX		25.10.2009	206MB	
Canon Utilities My Printer		25.10.2009	2,39MB	
Canon Utilities Solution Menu		25.10.2009	1,93MB	
CCleaner	Piriform	30.04.2012	4,47MB	3.18
CD-LabelPrint		25.10.2009	11,7MB	
CD/DVD Drive Acoustic Silencer	TOSHIBA	04.11.2007	0,45MB	2.00.02
Compatibility Pack for the 2007 Office system	Microsoft Corporation	12.01.2010	121,7MB	12.*.****.5001
Compatibility Pack für 2007 Office System	Microsoft Corporation	07.06.2010	68,9MB	12.*.****.5001
Desktop SMS	IDM	14.10.2007	15,2MB	1.2.0
dm-Fotowelt		22.01.2011	472MB	
doPDF 5.3  printer	Softland	09.01.2008	1,22MB	
DVD MovieFactory for TOSHIBA	Ulead Systems, Inc.	04.11.2007	252MB	5.3
ElsterFormular 2008/2009	Steuerverwaltung des Bundes und der Länder	13.02.2009	159,0MB	10.0.0.0
ElsterFormular-Update	Landesfinanzdirektion Thüringen	30.12.2011	4.624MB	1.0
Emdedded IR Driver	Compal Electronics, Inc.	11.07.2007	0,89MB	0.0.0.6C
Favorit		21.08.2009		
Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)	MAGIX AG	15.04.2007	6,65MB	2.0.0.1
Fragen-Lern-CD 4.0	Wendel-Verlag GmbH	22.02.2011	18,5MB	4.0.1
GutscheinRausch.de - AddOn für Firefox	GutscheinRausch.de	28.01.2012	96,00KB	2.81
InfoBibliothek	Akademische Arbeitsgemeinschaft	09.11.2007	2,17MB	
Intel Matrix Storage Manager		04.11.2007	37,1MB	
Intel(R) Graphics Media Accelerator Driver		04.11.2007		
Java(TM) 6 Update 30	Oracle	17.12.2011	95,2MB	6.0.300
Java(TM) SE Runtime Environment 6	Sun Microsystems, Inc.	15.04.2007	114,6MB	1.6.0.0
MAGIX Digital Foto Maker SE 4.1.0.835 (D)	MAGIX AG	15.04.2007	240MB	4.1.0.835
MAGIX Foto Suite 1.12.0.89 (D)	MAGIX AG	15.04.2007	122,4MB	1.12.0.89
MAGIX Online Druck Service 2.3.2.0 (D)	MAGIX AG	15.04.2007	9,35MB	2.3.2.0
Malwarebytes Anti-Malware Version 1.61.0.1400	Malwarebytes Corporation	28.04.2012	11,7MB	1.61.0.1400
Microsoft .NET Framework 1.1		13.12.2007		
Microsoft .NET Framework 1.1 German Language Pack	Microsoft	04.11.2007	3,02MB	1.1.4322
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU	Microsoft Corporation	17.08.2009	37,0MB	
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	08.08.2009	37,0MB	
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	30.04.2012	120,3MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	30.04.2012	24,5MB	4.0.30319
Microsoft Office XP Professional mit FrontPage	Microsoft Corporation	19.11.2007	468MB	10.0.2701.0
Microsoft Silverlight	Microsoft Corporation	06.07.2011	20,4MB	4.0.60531.0
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	22.12.2009	0,33MB	8.0.59193
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	16.03.2010	0,58MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	22.08.2009	0,58MB	9.0.30729
Mozilla Firefox 11.0 (x86 de)	Mozilla	24.03.2012	36,5MB	11.0
MSXML 4.0 SP2 (KB927978)	Microsoft Corporation	11.07.2007	1,25MB	4.**.****.0
MSXML 4.0 SP2 (KB936181)	Microsoft Corporation	13.12.2007	1,28MB	4.**.****.0
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	19.11.2008	1,29MB	4.**.****.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	26.12.2009	1,35MB	4.**.****.0
NAVIGON Fresh 3.3.0	NAVIGON	24.04.2011	66,9MB	3.3.0
Nokia Connectivity Cable Driver	Nokia	04.11.2007	0,83MB	6.82.4.0
Nokia PC Suite	Nokia	04.11.2007	32,7MB	6.82.20.2
PC Connectivity Solution	Nokia	04.11.2007	6,29MB	6.43.8.0
Polysun Demo 5.8.6.15775	Vela Solaris AG	04.02.2012	474MB	5.8.6.15775
PVProfit		14.02.2012	3,66MB	
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista	Realtek	11.07.2007	4,59MB	1.00.0000
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	14.10.2007	15,4MB	6.0.1.5477
SA31xx Device Manager & Media Converter	Philips	04.11.2007	36,5MB	0.3
Samsung Auto Backup	Clarus	14.02.2011	19,4MB	4.1.371.0
Synaptics Pointing Device Driver	Synaptics Incorporated	26.12.2009	20,9MB	12.2.11.0
Texas Instruments PCIxx21/x515/xx12 drivers.	Ihr Firmenname	15.04.2007	0,94MB	2.00.0001
TOSHIBA Assist		04.11.2007	1,21MB	2.01.02
TOSHIBA ConfigFree	TOSHIBA	14.10.2007	39,6MB	7.00.32
TOSHIBA Disc Creator	TOSHIBA Corporation	11.07.2007	9,68MB	2.0.0.8
TOSHIBA DVD PLAYER	TOSHIBA Corporation	04.11.2007	20,4MB	1.10.13
TOSHIBA Extended Tiles for Windows Mobility Center	Toshiba	15.04.2007	1,28MB	1.01.00
TOSHIBA Flash Cards Support Utility	TOSHIBA	15.04.2007		1.48.0.3C
TOSHIBA Hardware Setup	TOSHIBA	11.07.2007		1.48.0.11C
Toshiba Online Product Information	TOSHIBA	14.10.2007	5,51MB	1.00.0012
TOSHIBA SD Memory Utilities	TOSHIBA	15.04.2007	1,61MB	1.8.1.1
TOSHIBA Software Modem	Agere Systems	14.10.2007		2.1.77 (SM2177ALD04)
TOSHIBA Supervisorkennwort	TOSHIBA	15.04.2007		1.48.0.8C
Toshiba TEMPO	Toshiba Europe GmbH	03.01.2008	7,10MB	1.0
TOSHIBA Value Added Package	TOSHIBA Corporation	14.10.2007	48,00KB	1.0.28
Windows Media Encoder 9-Reihe		15.04.2007	13,7MB	
WinRAR		24.11.2007	3,66MB

Danke und Viele Grüße

kira · 01.05.2012, 22:43

Systemreinigung und Prüfung:

1.
Deinstalliere:

Zitat:

Favorit <- Adware -Navipromo
GutscheinRausch.de <- wenn nicht benötigst

2.
Windows Defender abschalten:
Neben 1 AV-Scanner und 1 Firewall garnix erst nötig und nicht Empfehlenswert aktiv laufen lassen, weil dadurch können sich in die Quere kommen. Bitte dich ihn so zu deaktivieren: -> Aktivieren und Deaktivieren von Windows Defender
► Nach einem Neustart (falls noch existirt) unter "Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK -> Systemstart kontrolliere, ob mitläuft?! - ggf Häckhen rausnehmen
► Unter Dienste:
Start -> Ausführen -> "Services.msc" -> (reinschreiben ohne ""-> OK" - "Eigenschaften"-> Starttyp "Deaktiviert" auswählen

3.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht:

Code:

ATTFilter

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {2C5BAA34-F8C4-42C0-80CE-02A267502AE7}
IE - HKLM\..\SearchScopes\{2C5BAA34-F8C4-42C0-80CE-02A267502AE7}: "URL" = http://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
IE - HKCU\..\SearchScopes\{0F36E18A-6296-4333-9D99-269AAFE3D111}_Search Solver: "URL" = http://www.search-solver.com/?t=Q0908221719&s=b&keywords={searchTerms}
IE - HKCU\..\SearchScopes\{2C5BAA34-F8C4-42C0-80CE-02A267502AE7}: "URL" = http://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={D056E45D-88C7-40CA-9340-DC2BFFB44DE9}&mid=4258a7e80e4df4355e997e37031c912e-89a0743544eb25f6fe1a70e6c7689c0422b59eb7&lang=de&ds=AVG&pr=fr&d=2011-12-03 17:21:13&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2546759&SearchSource=3&q={searchTerms}"
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.227.0
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
[2011.05.10 09:39:15 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Analyst\AppData\Roaming\mozilla\Firefox\Profiles\tlzq1cc7.default\extensions\engine@conduit.com
[2010.03.24 16:15:10 | 000,000,921 | ---- | M] () -- C:\Users\Analyst\AppData\Roaming\Mozilla\Firefox\Profiles\tlzq1cc7.default\searchplugins\conduit.xml
[2011.03.15 22:47:11 | 000,001,583 | ---- | M] () -- C:\Users\Analyst\AppData\Roaming\Mozilla\Firefox\Profiles\tlzq1cc7.default\searchplugins\web-search.xml
[2012.02.17 00:15:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.17 00:15:13 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.17 00:15:13 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.17 00:15:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.17 00:15:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKCU..\Run: [Winsweep]  File not found
O4 - HKCU..\Run: [Winsweep Popupblocker]  File not found
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found
O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - hxxp://www.webtip.ch/cgi-bin/toshiba/tracker_url_de.pl?hxxp://www.ebay.de/ File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0c920310-8d66-11dc-853d-001b384c250f}\Shell - "" = AutoRun
O33 - MountPoints2\{0c920310-8d66-11dc-853d-001b384c250f}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{666ef152-0265-11de-b51c-001b384c250f}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \TestPersonal\Testpersonal.exe
O33 - MountPoints2\{6dcf734b-2920-11df-b73c-001b384c250f}\Shell - "" = AutoRun
O33 - MountPoints2\{6dcf734b-2920-11df-b73c-001b384c250f}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{9a28f430-ca2a-11de-a85e-001b384c250f}\Shell\AutoRun\command - "" = D:\setupSNK.exe
O33 - MountPoints2\{cd54ccde-72df-11df-a383-001b384c250f}\Shell\AutoRun\command - "" = D:\PrivacyDongle-Windows.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
[2012.04.29 09:25:01 | 000,000,016 | ---- | M] () -- C:\ProgramData\wkirjnexyigxavkrtxytmjcnngajnqaf
[2012.04.28 14:23:47 | 000,000,016 | ---- | C] () -- C:\ProgramData\wkirjnexyigxavkrtxytmjcnngajnqaf
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:F3D5B2AD

:Files
C:\ProgramData\wkirjnexyigxavkrtxytmjcnngajnqaf
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

4.
läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit)
Achtung!:
WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten!
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :

- also lade Dir Gmer herunter und entpacke es auf deinen Desktop
- starte gmer.exe
- [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
- bitte nichts am Pc machen während der Scan läuft!
- klicke auf "Scan", um das Tool zu starten
- wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
- mit "Ok" wird GMER beendet.
- das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!
Anleitung:-> GMER - Rootkit Scanner

5.
Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit)

Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.

Downloade die MBR.exe von Gmer und
kopiere die Datei mbr.exe in den Ordner C:\Windows\system32.
Falls Du den Ordner nicht sehen kannst, diese Einstellungen in den Ordneroptionen vornehmen.
Start => ausführen => cmd (da reinschreiben) => OK
es öffnet sich eine Eingabeaufforderung.

Vista- und Windows 7-User: Start => Alle Programme => Zubehör => Rechtsklick auf Eingabeaufforderung und wähle Als Administrator ausführen.
Nach dem Prompt (>_) folgenden

aus der Codebox manuell eingeben oder alternativ den mit STRG + C ins Clipboard kopieren und einfügen.
Einfügen in der Eingabeaufforderung: in der Titelleiste einen Rechtsklick machen => Bearbeiten => einfügen.
Code:
ATTFilter
```
mbr.exe -t > C:\mbr.log & C:\mbr.log
         
```
(Enter drücken)
Nach kurzer Zeit wird sich Dein Editor öffnen und die Datei C:\mbr.log beinhalten.
Bitte kopiere den Inhalt hier in Deinen Thread.

6.
Deine Javaversion ist nicht aktuell!
Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen:
→ Systemsteuerung → Software → deinstallieren...
→ Rechner neu aufstarten
→ Downloade nun die Offline-Version von Java "Empfohlen Version 6 Update 31 " von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!

7.
Adobe Reader aktualisieren :
- Bei Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus")
Adobe Reader
Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..."

8.
Tipps (unabhängig davon ob man den Internet Explorer benutzt oder nicht!):
-> Tipps zu Internet Explorer
-> Standard Suchmaschine des Explorers ändern
-> Wie kann ich den Cache im Internet Explorer leeren?

9.
reinige dein System mit CCleaner:

"CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

10.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

Zitat:

► Berichte mir kurz über alle Umsetzungsschritte (zu jedem Punkt), die Du erledigt hast!

charly2000 · 05.05.2012, 20:07

Hallo Kira,

zu 1) GutscheinRausch.de => deinstalliert

Nach Punkt 1) habe ich Neustart gemacht, dabei hat Windows (Vista) insgesamt 7(!) Updatepakete installiert. Deshalb habe ich OTL noch mal neu gemacht und die Dateien OTL(Neu).TXT und Extras(Neu).TXT nachfolgend nochmal reingehangen. => Ich weis nicht, ob die Updates Auswirkungen auf Punkt 3) haben.

OTL(Neu).TXT

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 05.05.2012 20:11:39 - Run 2
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\Steffen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 47,86% Memory free
4,21 Gb Paging File | 3,11 Gb Available in Paging File | 73,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 7,85 Gb Free Space | 10,53% Space Free | Partition Type: NTFS
Drive E: | 73,06 Gb Total Space | 51,77 Gb Free Space | 70,86% Space Free | Partition Type: NTFS
 
Computer Name: STEFFEN-PC | User Name: Steffen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Steffen\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG Secure Search\vprot.exe ()
PRC - C:\Programme\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Clarus\Samsung Auto Backup\ISFTimerD.exe (Clarus, Inc.)
PRC - C:\Programme\Clarus\Samsung Auto Backup\ISFRealTimeD.exe (Clarus, Inc.)
PRC - C:\Programme\Clarus\Samsung Auto Backup\ISFGuage.exe (Clarus, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Synaptics\SynTP\SynToshiba.exe (Synaptics Incorporated)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Toshiba TEMPO\TempoSVC.exe (Toshiba Europe GmbH)
PRC - C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Programme\TOSHIBA\Utilities\KeNotify.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d48e106e015d0f8cb2d5295015cee508\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a8100864c7dd9ecf5d9f07fdaf5ba246\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\89b3b18de5d2cc945c24c0333d78f665\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1e258a951222c818540b33880ca45f2e\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\TCrdMain\d20a10ce0db1ff6cf948b2988f27a836\TCrdMain.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Programme\AVG Secure Search\vprot.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Windows\System32\igfxTMM.dll ()
MOD - C:\Programme\TOSHIBA\FlashCards\de\TCrdMain.resources.dll ()
MOD - C:\Programme\TOSHIBA\TBS\NotifyTBS.dll ()
MOD - C:\Programme\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll ()
MOD - C:\Programme\TOSHIBA\PCDiag\NotifyPCD.dll ()
MOD - C:\Programme\TOSHIBA\Utilities\KeNotify.exe ()
MOD - C:\Programme\TOSHIBA\TOSHIBA Assist\NotifyX.dll ()
MOD - C:\Programme\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TOSHIBA Bluetooth Service) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe File not found
SRV - (avg9wd) -- C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AVG Security Toolbar Service) -- C:\Programme\AVG\AVG9\Toolbar\ToolbarBroker.exe ()
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (getPlusHelper) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (TempoMonitoringService) -- C:\Programme\Toshiba TEMPO\TempoSVC.exe (Toshiba Europe GmbH)
SRV - (TNaviSrv) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (TosCoSrv) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (CFSvcs) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (MDM) -- C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (vnet) -- system32\DRIVERS\virtualnet.sys File not found
DRV - (vflt) -- system32\DRIVERS\vfilter.sys File not found
DRV - (TpChoice) -- system32\DRIVERS\TpChoice.sys File not found
DRV - (Tosrfcom) --  File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (AvgMfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (tos_sps32) -- C:\Windows\System32\drivers\tos_sps32.sys (TOSHIBA Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (CplIR) -- C:\Windows\System32\drivers\CplIR.sys (COMPAL ELECTRONIC INC.)
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (KR10N) -- C:\Windows\System32\drivers\KR10N.sys (TOSHIBA CORPORATION)
DRV - (KR10I) -- C:\Windows\System32\drivers\KR10I.sys (TOSHIBA CORPORATION)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (Nokia USB Phone Parent) -- C:\Windows\System32\drivers\nmwcd.sys (Nokia)
DRV - (Nokia USB Port) -- C:\Windows\System32\drivers\nmwcdcj.sys (Nokia)
DRV - (Nokia USB Modem) -- C:\Windows\System32\drivers\nmwcdcm.sys (Nokia)
DRV - (Nokia USB Generic) -- C:\Windows\System32\drivers\nmwcdc.sys (Nokia)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (LPCFilter) -- C:\Windows\System32\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {2C5BAA34-F8C4-42C0-80CE-02A267502AE7}
IE - HKLM\..\SearchScopes\{2C5BAA34-F8C4-42C0-80CE-02A267502AE7}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
IE - HKCU\..\SearchScopes\{0F36E18A-6296-4333-9D99-269AAFE3D111}_Search Solver: "URL" = hxxp://www.search-solver.com/?t=Q0908221719&s=b&keywords={searchTerms}
IE - HKCU\..\SearchScopes\{2C5BAA34-F8C4-42C0-80CE-02A267502AE7}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={D056E45D-88C7-40CA-9340-DC2BFFB44DE9}&mid=4258a7e80e4df4355e997e37031c912e-89a0743544eb25f6fe1a70e6c7689c0422b59eb7&lang=de&ds=AVG&pr=fr&d=2011-12-03 17:21:13&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "sporthdtv Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2546759&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://google.de"
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.227.0
FF - prefs.js..extensions.enabledItems: {00b2f024-4c9d-4f95-88b9-de678d1de316}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.87
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7B457a1ed1-5f1c-4ac4-8aa7-ee17ca72491a%7D&mid=4258a7e80e4df4355e997e37031c912e-89a0743544eb25f6fe1a70e6c7689c0422b59eb7&ds=AVG&v=10.0.0.7&lang=de&pr=fr&d=2011-12-03%2017%3A21%3A13&sap=ku&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011.08.10 18:48:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.0.0.7\ [2012.01.16 20:38:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.25 19:53:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.18 22:59:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@gutscheinrausch.de: C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\tlzq1cc7.default\extensions\mail@gutscheinrausch.de [2012.01.29 13:40:06 | 000,000,000 | ---D | M]
 
[2010.01.19 20:21:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffen\AppData\Roaming\mozilla\Extensions
[2012.05.05 19:25:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffen\AppData\Roaming\mozilla\Firefox\Profiles\tlzq1cc7.default\extensions
[2012.05.01 21:10:12 | 000,000,000 | ---D | M] (sporthdtv Community Toolbar) -- C:\Users\Steffen\AppData\Roaming\mozilla\Firefox\Profiles\tlzq1cc7.default\extensions\{00b2f024-4c9d-4f95-88b9-de678d1de316}
[2010.10.01 15:01:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Steffen\AppData\Roaming\mozilla\Firefox\Profiles\tlzq1cc7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.22 14:49:52 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Steffen\AppData\Roaming\mozilla\Firefox\Profiles\tlzq1cc7.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2012.03.26 21:18:36 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\Steffen\AppData\Roaming\mozilla\Firefox\Profiles\tlzq1cc7.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2011.05.10 09:39:15 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Steffen\AppData\Roaming\mozilla\Firefox\Profiles\tlzq1cc7.default\extensions\engine@conduit.com
[2012.01.29 13:40:06 | 000,000,000 | ---D | M] (Gutscheinrausch.de) -- C:\Users\Steffen\AppData\Roaming\mozilla\Firefox\Profiles\tlzq1cc7.default\extensions\mail@gutscheinrausch.de
[2012.05.05 19:26:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffen\AppData\Roaming\mozilla\Firefox\Profiles\tlzq1cc7.default\extensions\staged
[2010.03.24 16:15:10 | 000,000,921 | ---- | M] () -- C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\tlzq1cc7.default\searchplugins\conduit.xml
[2011.03.15 22:47:11 | 000,001,583 | ---- | M] () -- C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\tlzq1cc7.default\searchplugins\web-search.xml
[2012.01.01 15:10:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.01.16 20:38:18 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\10.0.0.7
() (No name found) -- C:\USERS\STEFFEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLZQ1CC7.DEFAULT\EXTENSIONS\{DD05FD3D-18DF-4CE4-AE53-E795339C5F01}.XPI
[2012.03.25 19:52:59 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.12.18 22:58:01 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.17 00:15:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.16 20:37:41 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.02.17 00:15:13 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.17 00:15:13 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.17 00:15:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.17 00:15:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.17 00:15:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] \HWSetup.exe hwSetUP File not found
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KeNotify] C:\Programme\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TOSCDSPD] TOSCDSPD.EXE File not found
O4 - HKCU..\Run: [Winsweep]  File not found
O4 - HKCU..\Run: [Winsweep Popupblocker]  File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Guage.lnk = C:\Programme\Clarus\Samsung Auto Backup\ISFGuage.exe (Clarus, Inc.)
O4 - Startup: C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Real-Time Daemon.lnk = C:\Programme\Clarus\Samsung Auto Backup\ISFRealTimeD.exe (Clarus, Inc.)
O4 - Startup: C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Scheduler.lnk = C:\Programme\Clarus\Samsung Auto Backup\ISFTimerD.exe (Clarus, Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found
O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - hxxp://www.webtip.ch/cgi-bin/toshiba/tracker_url_de.pl?hxxp://www.ebay.de/ File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AAA64D87-2456-4D7E-ADAD-38A22530F209}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0DACA61-45DF-496A-93A2-362873DBB8BA}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll ()
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Steffen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Steffen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0c920310-8d66-11dc-853d-001b384c250f}\Shell - "" = AutoRun
O33 - MountPoints2\{0c920310-8d66-11dc-853d-001b384c250f}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{666ef152-0265-11de-b51c-001b384c250f}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \TestPersonal\Testpersonal.exe
O33 - MountPoints2\{6dcf734b-2920-11df-b73c-001b384c250f}\Shell - "" = AutoRun
O33 - MountPoints2\{6dcf734b-2920-11df-b73c-001b384c250f}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{9a28f430-ca2a-11de-a85e-001b384c250f}\Shell\AutoRun\command - "" = D:\setupSNK.exe
O33 - MountPoints2\{cd54ccde-72df-11df-a383-001b384c250f}\Shell\AutoRun\command - "" = D:\PrivacyDongle-Windows.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.05 19:27:01 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.05.01 18:00:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.05.01 18:00:40 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.05.01 17:46:37 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Steffen\Desktop\OTL.exe
[2012.05.01 13:12:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012.04.29 15:04:07 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2012.04.29 11:57:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.29 11:57:23 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.04.28 22:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\Ashampoo
[2012.04.28 18:14:10 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\Malwarebytes
[2012.04.28 18:14:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.28 18:14:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.04.14 20:54:41 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.04.14 20:54:39 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.04.14 20:54:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.04.14 20:54:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.04.14 20:54:38 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.04.14 20:54:37 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.04.14 20:54:01 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.04.14 20:54:01 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.04.14 20:47:54 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.04.14 20:47:52 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2012.04.14 20:47:25 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012.04.14 20:47:25 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.04.14 20:47:25 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012.04.14 20:47:25 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012.04.14 20:47:25 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012.04.07 11:20:32 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.04.07 11:20:32 | 000,070,304 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.05 19:54:02 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.05 19:54:02 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.05 19:54:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.05 19:53:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.05 19:53:49 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.05 19:49:46 | 000,638,748 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.05 19:49:46 | 000,604,324 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.05 19:49:46 | 000,130,668 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.05 19:49:46 | 000,107,760 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.05 19:19:24 | 097,215,246 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2012.05.01 18:00:42 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.01 17:46:09 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Steffen\Desktop\OTL.exe
[2012.04.29 11:57:39 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.29 09:25:01 | 000,000,016 | ---- | M] () -- C:\ProgramData\wkirjnexyigxavkrtxytmjcnngajnqaf
[2012.04.29 09:15:31 | 000,001,356 | ---- | M] () -- C:\Users\Steffen\AppData\Local\d3d9caps.dat
[2012.04.14 21:03:10 | 000,275,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.04.09 11:41:28 | 229,386,216 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.04.07 11:20:32 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.04.07 11:20:32 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.05.01 18:00:42 | 000,000,809 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.04.29 11:57:39 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.29 11:48:32 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
[2012.04.28 14:23:47 | 000,000,016 | ---- | C] () -- C:\ProgramData\wkirjnexyigxavkrtxytmjcnngajnqaf
[2012.04.07 11:20:57 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.01.29 13:39:59 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2011.02.27 15:49:09 | 000,000,030 | ---- | C] () -- C:\Windows\SSEKonf.ini
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:F3D5B2AD

< End of report >

--- --- ---

[/code]

Extras(Neu).TXT:

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 05.05.2012 20:11:39 - Run 2
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\Steffen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 47,86% Memory free
4,21 Gb Paging File | 3,11 Gb Available in Paging File | 73,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 7,85 Gb Free Space | 10,53% Space Free | Partition Type: NTFS
Drive E: | 73,06 Gb Total Space | 51,77 Gb Free Space | 70,86% Space Free | Partition Type: NTFS
 
Computer Name: STEFFEN-PC | User Name: Steffen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "E:\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "E:\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01FB684B-B383-49F5-A893-945786987BCD}" = lport=445 | protocol=6 | dir=in | app=system | 
"{068CEBD1-3C2C-4C96-B1D7-7469D93DA4FC}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{37400866-BACC-4B85-B37A-313BE751B741}" = lport=137 | protocol=17 | dir=in | app=system | 
"{3F98854E-137B-4A76-A276-3E33E584779F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{539782FC-DCB7-4EF9-826C-FCA47E6F14CA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5A097B65-DB6C-4E3E-8AF5-E023BCB80638}" = rport=137 | protocol=17 | dir=out | app=system | 
"{64E77B25-D833-45E7-A1B0-9CA8B2FE2C6F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6F1E8AB2-FDEB-4F82-B744-30834C18FD29}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{73440219-2689-4B31-AECF-83B9A66D9D6C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{747AD30B-5E90-4008-9EE2-7F10A4837123}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{85D1D3D2-C116-414E-AB24-841067607E59}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{99F20903-3637-4723-A079-7F56930813D8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{9FEC4459-5A1F-4560-B507-CF4CA5F64F0B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D3BEECD3-990C-4F46-9369-09ED64FEFB68}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D7244E89-D82E-4501-98D8-39DCAEC0C9BF}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D8CF807A-A014-4698-80C7-14F2A996C1E9}" = rport=139 | protocol=6 | dir=out | app=system | 
"{DF3CC9FA-9999-4023-80BF-BBA47959B9DB}" = lport=139 | protocol=6 | dir=in | app=system | 
"{EAA03634-6E59-42A8-B982-CB3336A7188E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{F791EFAB-4F24-405C-91BD-03B5F3F98055}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0007AF3C-B250-4AC3-A149-2D824AB3A88C}" = protocol=6 | dir=in | app=e:\tobit clipinc\server\clipinc-server.exe | 
"{00B47A50-CDDF-4F2B-9E36-19D2ACE69694}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0CB687C0-802E-42FD-825D-3752F1F544F8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1149D5E6-F08F-4ADB-9E4B-1B970A120555}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{13147B18-365F-4449-BAB3-9F89A6A6A5AA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1321AEC1-D423-44A8-A39E-AC03629F1715}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{263E312E-130F-4DAE-8513-A1FC68DF019A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{320F21C4-BD22-4BA2-AD36-1A07C64DA32B}" = protocol=6 | dir=out | app=system | 
"{36BBC2A4-A572-4C50-8090-39304618A3D3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{672E82DC-3152-42A7-A3BB-9DBB84007538}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{9E0AAC1B-2535-403A-A03B-3D76B551CFC0}" = protocol=6 | dir=in | app=e:\tobit clipinc\player\clipinc-player.exe | 
"{A27639F6-9DAD-475F-8879-FF839CCA84A6}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe | 
"{A2CB7694-C3A5-4398-8624-697E2AB98A26}" = protocol=17 | dir=in | app=e:\tobit clipinc\server\clipinc-server.exe | 
"{A9473613-C196-4F8F-908E-E184A7CAD75E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AB85B8B4-D5AC-4000-A914-90F779E80A57}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C11D1CBF-F922-4A1B-9F80-583DC0D049FE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C42598A6-47DF-41B4-B820-C5193F524D10}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D70EB1AA-B8A9-4A6F-9F15-D64D98C4BC82}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D95B3F87-F376-4806-B0D1-F8A9BFDFA592}" = protocol=17 | dir=in | app=e:\tobit clipinc\player\clipinc-player.exe | 
"{DE398B46-1E1E-4775-B7F8-142FA40BE728}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe | 
"{EDFF3588-652A-4464-A161-9FEB3A68D58D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EFD37496-C293-49A0-90AC-2ACA69B61360}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0FF1922C-B6C4-40BB-AF30-BEF75A482444}" = Nokia Connectivity Cable Driver
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series" = Canon MP630 series MP Drivers
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1B58C9D2-1925-413F-B29A-C4E7596C43F5}" = Nokia PC Suite
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2B11BA9C-7F97-4C16-970F-1491FD77969B}_is1" = GutscheinRausch.de - AddOn für Firefox
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ACF5CB8-CADE-42C9-B3D3-B8751A2CDFD6}" = Toshiba TEMPO
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5980B928-1C95-4B3E-957B-B02D8147FF9E}" = Desktop SMS
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{821D6F49-1B20-4809-8C73-286CFC52B1B1}" = Samsung Auto Backup
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver
"{AC76BA86-7AD7-1031-7B44-A70900000002}" = Adobe Reader 7.0.9 - Deutsch
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{C233D370-4B1A-4F6F-BD55-16B0C131335B}_is1" = Batch DOCX to DOC Converter 2009
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBCD1FF1-6127-41A5-ABF3-D8C494E59094}" = SA31xx Device Manager & Media Converter
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D8E4A66D-DB68-481F-ABA8-AC622566D4CB}" = PC Connectivity Solution
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E572B060-C98B-4984-A48E-E4FA56265903}" = SA31xx Device Manager & Media Converter
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F5FB4B71-6301-11D4-9AD1-00A0C9B0C5F6}" = InfoBibliothek
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9D54D77-01A4-7D34-6F3C-EDC9F8F466E3}" = Fragen-Lern-CD 4.0
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"6315-1853-9670-8217" = Polysun Demo 5.8.6.15775
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"AVG9Uninstall" = AVG Free 9.0
"Canon MP630 series Benutzerregistrierung" = Canon MP630 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1" = Fragen-Lern-CD 4.0
"Digital Editions" = Adobe Digital Editions
"dm-Fotowelt" = dm-Fotowelt
"doPDF 5  printer_is1" = doPDF 5.3  printer
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ElsterFormular für Privatanwender 12.0.0.5880p" = ElsterFormular-Update
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 4.1.0.835 (D)
"MAGIX Foto Suite D" = MAGIX Foto Suite 1.12.0.89 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"NAVIGON Fresh" = NAVIGON Fresh 3.3.0
"nwwfo" = Favorit
"PVProfit" = PVProfit
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

--- --- ---

Kannst Du bitte das Script unter Punkt 3 nochmal aktualisieren? Oder hat sich da (trotz der 7 Updatepakete) nichts geändert???

zu 2) nach OTL habe ich den Defender abgeschalten und deaktiviert

Punkte 3 - 10 => noch nichts gemacht

Was meinst Du?
Danke und Gruß

kira · 06.05.2012, 09:28

1.
auch deinstalliert?:

Zitat:

Favorit

2.
zu Punkt 2. - Windows Defender
nochmal kontrolliere, ob Du richtig gemacht hast!:-> http://www.trojaner-board.de/114333-...tml#post825302

neue Script:
3.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht):

Code:

ATTFilter

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {2C5BAA34-F8C4-42C0-80CE-02A267502AE7}
IE - HKLM\..\SearchScopes\{2C5BAA34-F8C4-42C0-80CE-02A267502AE7}: "URL" = http://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
IE - HKCU\..\SearchScopes\{0F36E18A-6296-4333-9D99-269AAFE3D111}_Search Solver: "URL" = http://www.search-solver.com/?t=Q0908221719&s=b&keywords={searchTerms}
IE - HKCU\..\SearchScopes\{2C5BAA34-F8C4-42C0-80CE-02A267502AE7}: "URL" = http://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={D056E45D-88C7-40CA-9340-DC2BFFB44DE9}&mid=4258a7e80e4df4355e997e37031c912e-89a0743544eb25f6fe1a70e6c7689c0422b59eb7&lang=de&ds=AVG&pr=fr&d=2011-12-03 17:21:13&v=10.0.0.7&sap=dsp&q={searchTerms}
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2546759&SearchSource=3&q={searchTerms}"
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
[2011.05.10 09:39:15 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Steffen\AppData\Roaming\mozilla\Firefox\Profiles\tlzq1cc7.default\extensions\engine@conduit.com
[2012.01.29 13:40:06 | 000,000,000 | ---D | M] (Gutscheinrausch.de) -- C:\Users\Steffen\AppData\Roaming\mozilla\Firefox\Profiles\tlzq1cc7.default\extensions\mail@gutscheinrausch.de
[2010.03.24 16:15:10 | 000,000,921 | ---- | M] () -- C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\tlzq1cc7.default\searchplugins\conduit.xml
[2011.03.15 22:47:11 | 000,001,583 | ---- | M] () -- C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\tlzq1cc7.default\searchplugins\web-search.xml
[2012.02.17 00:15:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.16 20:37:41 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.02.17 00:15:13 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.17 00:15:13 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.17 00:15:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.17 00:15:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKCU..\Run: [Winsweep]  File not found
O4 - HKCU..\Run: [Winsweep Popupblocker]  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0c920310-8d66-11dc-853d-001b384c250f}\Shell - "" = AutoRun
O33 - MountPoints2\{0c920310-8d66-11dc-853d-001b384c250f}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{666ef152-0265-11de-b51c-001b384c250f}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \TestPersonal\Testpersonal.exe
O33 - MountPoints2\{6dcf734b-2920-11df-b73c-001b384c250f}\Shell - "" = AutoRun
O33 - MountPoints2\{6dcf734b-2920-11df-b73c-001b384c250f}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{9a28f430-ca2a-11de-a85e-001b384c250f}\Shell\AutoRun\command - "" = D:\setupSNK.exe
O33 - MountPoints2\{cd54ccde-72df-11df-a383-001b384c250f}\Shell\AutoRun\command - "" = D:\PrivacyDongle-Windows.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
[2012.04.29 09:25:01 | 000,000,016 | ---- | M] () -- C:\ProgramData\wkirjnexyigxavkrtxytmjcnngajnqaf
[2012.04.28 14:23:47 | 000,000,016 | ---- | C] () -- C:\ProgramData\wkirjnexyigxavkrtxytmjcnngajnqaf
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:F3D5B2AD

:Files
C:\ProgramData\wkirjnexyigxavkrtxytmjcnngajnqaf
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

dann ab Punkt 4. weiter, wie gehabt!

charly2000 · 06.05.2012, 13:11

Danke ;-)

zu 3) OTL fixiert:

Code:

ATTFilter

 All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2C5BAA34-F8C4-42C0-80CE-02A267502AE7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C5BAA34-F8C4-42C0-80CE-02A267502AE7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0F36E18A-6296-4333-9D99-269AAFE3D111}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F36E18A-6296-4333-9D99-269AAFE3D111}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2C5BAA34-F8C4-42C0-80CE-02A267502AE7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C5BAA34-F8C4-42C0-80CE-02A267502AE7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2546759&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@checkpoint.com/FFApi\ not found.
Folder C:\Users\Steffen\AppData\Roaming\mozilla\Firefox\Profiles\tlzq1cc7.default\extensions\engine@conduit.com\ not found.
Folder C:\Users\Steffen\AppData\Roaming\mozilla\Firefox\Profiles\tlzq1cc7.default\extensions\mail@gutscheinrausch.de\ not found.
File C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\tlzq1cc7.default\searchplugins\conduit.xml not found.
File C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\tlzq1cc7.default\searchplugins\web-search.xml not found.
File C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml not found.
File C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml not found.
File C:\Program Files\mozilla firefox\searchplugins\bing.xml not found.
File C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml not found.
File C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml not found.
File C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{965B54B0-71E0-4611-8DE7-F73FA0B20E26} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{965B54B0-71E0-4611-8DE7-F73FA0B20E26}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Winsweep not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Winsweep Popupblocker not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c920310-8d66-11dc-853d-001b384c250f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c920310-8d66-11dc-853d-001b384c250f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c920310-8d66-11dc-853d-001b384c250f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c920310-8d66-11dc-853d-001b384c250f}\ not found.
File D:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{666ef152-0265-11de-b51c-001b384c250f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{666ef152-0265-11de-b51c-001b384c250f}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \TestPersonal\Testpersonal.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6dcf734b-2920-11df-b73c-001b384c250f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6dcf734b-2920-11df-b73c-001b384c250f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6dcf734b-2920-11df-b73c-001b384c250f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6dcf734b-2920-11df-b73c-001b384c250f}\ not found.
File D:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a28f430-ca2a-11de-a85e-001b384c250f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a28f430-ca2a-11de-a85e-001b384c250f}\ not found.
File D:\setupSNK.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cd54ccde-72df-11df-a383-001b384c250f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd54ccde-72df-11df-a383-001b384c250f}\ not found.
File D:\PrivacyDongle-Windows.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
File D:\LaunchU3.exe -a not found.
File C:\ProgramData\wkirjnexyigxavkrtxytmjcnngajnqaf not found.
File C:\ProgramData\wkirjnexyigxavkrtxytmjcnngajnqaf not found.
Unable to delete ADS C:\ProgramData\TEMP:F3D5B2AD .
========== FILES ==========
File\Folder C:\ProgramData\wkirjnexyigxavkrtxytmjcnngajnqaf not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Steffen\Desktop\cmd.bat deleted successfully.
C:\Users\Steffen\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: B
 
User: Public
 
User: Steffen
->Temp folder emptied: 96929 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 8688123 bytes
->Flash cache emptied: 456 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 410782693 bytes
RecycleBin emptied: 1545 bytes
 
Total Files Cleaned = 400,00 mb
 
 
OTL by OldTimer - Version 3.2.42.2 log created on 05062012_121957

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

zu 4) Gmer hat funktioniert:
GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-05-06 12:07:13
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.SB4O
Running: h8w17zzc.exe; Driver: C:\Users\Steffen\AppData\Local\Temp\uxrirfob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           C:\Windows\system32\DRIVERS\tos_sps32.sys                                                            section is writeable [0x88751000, 0x4036D, 0xE8000020]
.dsrt           C:\Windows\system32\DRIVERS\tos_sps32.sys                                                            unknown last section [0x8879A000, 0x510, 0x40000040]

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[3096] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                [73207817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3096] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                 [7325A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3096] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]             [7320BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3096] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]       [731FF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3096] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                 [732075E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3096] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]              [731FE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3096] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]  [73238395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3096] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]     [7320DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3096] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]             [731FFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3096] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]              [731FFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3096] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]               [731F71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3096] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]       [7328CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3096] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]          [7322C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3096] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]             [731FD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3096] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                       [731F6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3096] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                      [731F687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3096] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]         [73202AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                              avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\tdx \Device\Udp                                                                              avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\tdx \Device\RawIp                                                                            avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

--- --- ---

zu 5) MBR:

Code:

ATTFilter

 Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.0.6002 Disk: Hitachi_ rev.SB4O -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys 
C:\Windows\system32\DRIVERS\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver
1 ntkrnlpa!IofCallDriver[0x8244A912] -> \Device\Harddisk0\DR0[0x86619AC8]
3 CLASSPNP[0x885168B3] -> ntkrnlpa!IofCallDriver[0x8244A912] -> [0x85610760]
5 acpi[0x82A996BC] -> ntkrnlpa!IofCallDriver[0x8244A912] -> \Device\Ide\IAAStorageDevice-0[0x8563B030]
kernel: MBR read successfully
user & kernel MBR OK

zu 6 + 7) jeweils aktualisiert

zu 8) Danke

zu 9) CCleaner i.O.

zu 10) OTL Final:
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 06.05.2012 13:50:48 - Run 3
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\Steffen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,99 Gb Available Physical Memory | 49,76% Memory free
4,21 Gb Paging File | 3,17 Gb Available in Paging File | 75,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 16,81 Gb Free Space | 22,55% Space Free | Partition Type: NTFS
Drive E: | 73,06 Gb Total Space | 51,77 Gb Free Space | 70,86% Space Free | Partition Type: NTFS
 
Computer Name: STEFFEN-PC | User Name: Steffen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.01 17:46:09 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Steffen\Desktop\OTL.exe
PRC - [2012.04.29 15:30:36 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgwdsvc.exe
PRC - [2012.04.29 15:30:18 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgcsrvx.exe
PRC - [2012.04.29 15:30:17 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgchsvx.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.01.29 11:19:32 | 002,077,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgtray.exe
PRC - [2012.01.16 20:37:43 | 000,939,872 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe
PRC - [2011.09.13 21:09:16 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgrsx.exe
PRC - [2010.09.23 13:35:15 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgnsx.exe
PRC - [2010.08.30 16:49:30 | 000,102,400 | ---- | M] (Clarus, Inc.) -- C:\Programme\Clarus\Samsung Auto Backup\ISFTimerD.exe
PRC - [2010.08.30 16:48:28 | 000,065,536 | ---- | M] (Clarus, Inc.) -- C:\Programme\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
PRC - [2010.08.30 16:47:14 | 000,823,296 | ---- | M] (Clarus, Inc.) -- C:\Programme\Clarus\Samsung Auto Backup\ISFGuage.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.20 08:36:58 | 000,210,216 | ---- | M] (Synaptics Incorporated) -- C:\Programme\Synaptics\SynTP\SynToshiba.exe
PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.10.29 17:21:54 | 000,095,624 | ---- | M] (Toshiba Europe GmbH) -- C:\Programme\Toshiba TEMPO\TempoSVC.exe
PRC - [2007.09.19 12:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007.09.03 12:39:22 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.07.20 20:45:16 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2007.06.19 15:28:32 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2007.05.22 16:32:52 | 000,538,744 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2007.04.03 16:52:22 | 000,509,496 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2007.03.29 10:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007.03.29 10:39:00 | 000,411,192 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2007.02.12 14:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.02.12 14:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006.11.14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2006.11.13 10:29:40 | 000,413,696 | ---- | M] (TOSHIBA) -- C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2006.11.06 17:14:44 | 000,034,352 | ---- | M] () -- C:\Programme\TOSHIBA\Utilities\KeNotify.exe
PRC - [2006.10.05 06:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006.05.25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2001.02.23 11:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.05 20:04:16 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d48e106e015d0f8cb2d5295015cee508\PresentationFramework.Aero.ni.dll
MOD - [2012.05.05 20:00:51 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll
MOD - [2012.05.05 20:00:40 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll
MOD - [2012.05.05 20:00:36 | 014,328,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a8100864c7dd9ecf5d9f07fdaf5ba246\PresentationFramework.ni.dll
MOD - [2012.05.05 20:00:14 | 012,216,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\89b3b18de5d2cc945c24c0333d78f665\PresentationCore.ni.dll
MOD - [2012.05.05 19:59:56 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1e258a951222c818540b33880ca45f2e\WindowsBase.ni.dll
MOD - [2012.05.05 19:59:52 | 000,519,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\TCrdMain\d20a10ce0db1ff6cf948b2988f27a836\TCrdMain.ni.exe
MOD - [2012.05.05 19:59:33 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MOD - [2012.05.05 19:59:24 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2012.01.16 20:37:43 | 000,939,872 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2007.09.20 19:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2007.09.13 09:11:18 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2007.05.31 16:38:22 | 000,958,464 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\de\TCrdMain.resources.dll
MOD - [2006.12.01 18:55:42 | 000,009,216 | ---- | M] () -- C:\Programme\TOSHIBA\TBS\NotifyTBS.dll
MOD - [2006.11.09 18:27:00 | 000,090,112 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2006.11.08 19:08:30 | 000,009,216 | ---- | M] () -- C:\Programme\TOSHIBA\PCDiag\NotifyPCD.dll
MOD - [2006.11.06 17:14:44 | 000,034,352 | ---- | M] () -- C:\Programme\TOSHIBA\Utilities\KeNotify.exe
MOD - [2006.10.10 11:44:16 | 000,009,728 | ---- | M] () -- C:\Programme\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MOD - [2006.10.07 12:57:04 | 000,053,248 | ---- | M] () -- C:\Programme\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.04.29 15:30:36 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2012.04.07 11:20:32 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.10 15:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010.07.26 16:01:58 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2009.12.01 20:41:40 | 000,051,384 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.10.29 17:21:54 | 000,095,624 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Programme\Toshiba TEMPO\TempoSVC.exe -- (TempoMonitoringService)
SRV - [2007.09.19 12:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007.03.29 10:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007.02.12 14:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2006.11.14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006.11.06 15:21:10 | 000,210,432 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006.10.05 06:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006.05.25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2001.02.23 11:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\virtualnet.sys -- (vnet)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\vfilter.sys -- (vflt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\TpChoice.sys -- (TpChoice)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.09.13 21:09:16 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011.05.06 09:54:24 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010.06.23 20:35:12 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2008.07.29 06:05:04 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.11.09 06:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007.07.26 17:18:04 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2007.04.30 07:42:14 | 000,081,408 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.03.06 15:01:04 | 000,014,848 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\CplIR.sys -- (CplIR)
DRV - [2007.01.24 14:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2007.01.18 16:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)
DRV - [2007.01.18 16:40:56 | 000,219,392 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2006.11.28 09:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.10.23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006.10.18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006.10.10 09:54:34 | 000,138,240 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcd.sys -- (Nokia USB Phone Parent)
DRV - [2006.10.10 09:54:32 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcj.sys -- (Nokia USB Port)
DRV - [2006.10.10 09:54:32 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcm.sys -- (Nokia USB Modem)
DRV - [2006.10.10 09:54:32 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdc.sys -- (Nokia USB Generic)
DRV - [2006.08.30 10:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006.07.28 16:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0F36E18A-6296-4333-9D99-269AAFE3D111}_Search Solver: "URL" = hxxp://www.search-solver.com/?t=Q0908221719&s=b&keywords={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "sporthdtv Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2546759&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://google.de"
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.227.0
FF - prefs.js..extensions.enabledItems: {00b2f024-4c9d-4f95-88b9-de678d1de316}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.87
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7B457a1ed1-5f1c-4ac4-8aa7-ee17ca72491a%7D&mid=4258a7e80e4df4355e997e37031c912e-89a0743544eb25f6fe1a70e6c7689c0422b59eb7&ds=AVG&v=10.0.0.7&lang=de&pr=fr&d=2011-12-03%2017%3A21%3A13&sap=ku&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011.08.10 18:48:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.0.0.7\ [2012.01.16 20:38:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.25 19:53:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.06 13:39:35 | 000,000,000 | ---D | M]
 
[2010.01.19 20:21:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffen\AppData\Roaming\mozilla\Extensions
[2012.05.06 11:06:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffen\AppData\Roaming\mozilla\Firefox\Profiles\tlzq1cc7.default\extensions
[2012.05.01 21:10:12 | 000,000,000 | ---D | M] (sporthdtv Community Toolbar) -- C:\Users\Steffen\AppData\Roaming\mozilla\Firefox\Profiles\tlzq1cc7.default\extensions\{00b2f024-4c9d-4f95-88b9-de678d1de316}
[2010.10.01 15:01:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Steffen\AppData\Roaming\mozilla\Firefox\Profiles\tlzq1cc7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.22 14:49:52 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Steffen\AppData\Roaming\mozilla\Firefox\Profiles\tlzq1cc7.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2012.03.26 21:18:36 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\Steffen\AppData\Roaming\mozilla\Firefox\Profiles\tlzq1cc7.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2012.05.05 20:48:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffen\AppData\Roaming\mozilla\Firefox\Profiles\tlzq1cc7.default\extensions\staged
[2012.05.06 13:29:16 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.05.06 13:29:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2012.01.16 20:38:18 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\10.0.0.7
() (No name found) -- C:\USERS\STEFFEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLZQ1CC7.DEFAULT\EXTENSIONS\{DD05FD3D-18DF-4CE4-AE53-E795339C5F01}.XPI
[2012.03.25 19:52:59 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.17 00:15:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] \HWSetup.exe hwSetUP File not found
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KeNotify] C:\Programme\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [TOSCDSPD] TOSCDSPD.EXE File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Guage.lnk = C:\Programme\Clarus\Samsung Auto Backup\ISFGuage.exe (Clarus, Inc.)
O4 - Startup: C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Real-Time Daemon.lnk = C:\Programme\Clarus\Samsung Auto Backup\ISFRealTimeD.exe (Clarus, Inc.)
O4 - Startup: C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Scheduler.lnk = C:\Programme\Clarus\Samsung Auto Backup\ISFTimerD.exe (Clarus, Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found
O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - hxxp://www.webtip.ch/cgi-bin/toshiba/tracker_url_de.pl?hxxp://www.ebay.de/ File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AAA64D87-2456-4D7E-ADAD-38A22530F209}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0DACA61-45DF-496A-93A2-362873DBB8BA}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll ()
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Steffen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Steffen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.06 13:30:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.05.06 13:29:11 | 000,476,960 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012.05.06 13:29:10 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.05.06 13:29:10 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.05.06 13:29:09 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.05.06 13:28:11 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.05.06 11:06:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.05.01 18:00:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.05.01 18:00:40 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.05.01 17:46:37 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Steffen\Desktop\OTL.exe
[2012.05.01 13:12:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012.04.29 15:04:07 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2012.04.29 11:57:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.29 11:57:23 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.04.28 22:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\Ashampoo
[2012.04.28 18:14:10 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\Malwarebytes
[2012.04.28 18:14:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.28 18:14:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.04.14 20:54:41 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.04.14 20:54:39 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.04.14 20:54:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.04.14 20:54:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.04.14 20:54:38 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.04.14 20:54:37 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.04.14 20:54:01 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.04.14 20:54:01 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.04.14 20:47:54 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.04.14 20:47:52 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2012.04.14 20:47:25 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012.04.14 20:47:25 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.04.14 20:47:25 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012.04.14 20:47:25 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012.04.14 20:47:25 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012.04.07 11:20:32 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.04.07 11:20:32 | 000,070,304 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.06 13:47:34 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.06 13:47:34 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.06 13:47:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.06 13:47:25 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.06 13:45:46 | 000,050,196 | ---- | M] () -- C:\Users\Steffen\Desktop\cc_20120506_134530.reg
[2012.05.06 13:39:37 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.05.06 13:28:20 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.05.06 13:28:20 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.05.06 13:28:20 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.05.06 13:28:19 | 000,476,960 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012.05.06 13:28:19 | 000,472,864 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012.05.06 13:20:14 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.06 13:06:26 | 000,089,088 | ---- | M] () -- C:\Windows\System32\mbr.exe
[2012.05.06 11:24:04 | 000,302,592 | ---- | M] () -- C:\Users\Steffen\Desktop\h8w17zzc.exe
[2012.05.06 10:56:38 | 097,285,812 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2012.05.06 10:53:16 | 000,638,748 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.06 10:53:16 | 000,604,324 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.06 10:53:16 | 000,130,668 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.06 10:53:16 | 000,107,760 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.01 18:00:42 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.01 17:46:09 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Steffen\Desktop\OTL.exe
[2012.04.29 11:57:39 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.29 09:15:31 | 000,001,356 | ---- | M] () -- C:\Users\Steffen\AppData\Local\d3d9caps.dat
[2012.04.14 21:03:10 | 000,275,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.04.07 11:20:32 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.04.07 11:20:32 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2012.05.06 13:45:40 | 000,050,196 | ---- | C] () -- C:\Users\Steffen\Desktop\cc_20120506_134530.reg
[2012.05.06 13:39:37 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.05.06 13:39:35 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.05.06 13:06:25 | 000,089,088 | ---- | C] () -- C:\Windows\System32\mbr.exe
[2012.05.06 11:24:02 | 000,302,592 | ---- | C] () -- C:\Users\Steffen\Desktop\h8w17zzc.exe
[2012.05.01 18:00:42 | 000,000,809 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.04.29 11:57:39 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.29 11:48:32 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
[2012.04.07 11:20:57 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.01.29 13:39:59 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2011.02.27 15:49:09 | 000,000,030 | ---- | C] () -- C:\Windows\SSEKonf.ini
 
========== LOP Check ==========
 
[2007.11.10 18:45:50 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\AAV
[2007.11.21 17:20:32 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Akademische Arbeitsgemeinschaft
[2009.10.26 22:26:34 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Canon
[2010.11.30 13:17:01 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\CD-LabelPrint
[2010.03.28 10:29:41 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\CheckPoint
[2011.02.23 19:22:27 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1
[2008.10.29 11:30:48 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\DesktopSMS
[2011.10.26 10:17:41 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\elsterformular
[2011.01.26 17:12:59 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\MAGIX
[2009.10.28 21:39:37 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\NCH Swift Sound
[2008.10.29 11:31:50 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Nokia
[2011.11.10 21:02:02 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Nokia Multimedia Player
[2009.06.03 10:02:19 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\PC Suite
[2009.03.13 17:51:16 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\phonostar-Player
[2012.02.18 22:20:56 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\PVProfit
[2009.11.19 10:14:17 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\SmartDraw
[2010.03.27 10:57:21 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Softi Software
[2012.02.15 21:33:36 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Solarschmiede
[2007.11.20 23:08:45 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Steinberg
[2009.10.28 21:41:48 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Tobit
[2007.11.08 20:46:45 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Toshiba
[2010.06.12 06:13:27 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\WinSweep
[2012.05.06 13:46:20 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 06.05.2012 13:50:48 - Run 3
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\Steffen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,99 Gb Available Physical Memory | 49,76% Memory free
4,21 Gb Paging File | 3,17 Gb Available in Paging File | 75,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 16,81 Gb Free Space | 22,55% Space Free | Partition Type: NTFS
Drive E: | 73,06 Gb Total Space | 51,77 Gb Free Space | 70,86% Space Free | Partition Type: NTFS
 
Computer Name: STEFFEN-PC | User Name: Steffen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "E:\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "E:\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01FB684B-B383-49F5-A893-945786987BCD}" = lport=445 | protocol=6 | dir=in | app=system | 
"{068CEBD1-3C2C-4C96-B1D7-7469D93DA4FC}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{37400866-BACC-4B85-B37A-313BE751B741}" = lport=137 | protocol=17 | dir=in | app=system | 
"{3F98854E-137B-4A76-A276-3E33E584779F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{539782FC-DCB7-4EF9-826C-FCA47E6F14CA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5A097B65-DB6C-4E3E-8AF5-E023BCB80638}" = rport=137 | protocol=17 | dir=out | app=system | 
"{64E77B25-D833-45E7-A1B0-9CA8B2FE2C6F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6F1E8AB2-FDEB-4F82-B744-30834C18FD29}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{73440219-2689-4B31-AECF-83B9A66D9D6C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{747AD30B-5E90-4008-9EE2-7F10A4837123}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{85D1D3D2-C116-414E-AB24-841067607E59}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{99F20903-3637-4723-A079-7F56930813D8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{9FEC4459-5A1F-4560-B507-CF4CA5F64F0B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D3BEECD3-990C-4F46-9369-09ED64FEFB68}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D7244E89-D82E-4501-98D8-39DCAEC0C9BF}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D8CF807A-A014-4698-80C7-14F2A996C1E9}" = rport=139 | protocol=6 | dir=out | app=system | 
"{DF3CC9FA-9999-4023-80BF-BBA47959B9DB}" = lport=139 | protocol=6 | dir=in | app=system | 
"{EAA03634-6E59-42A8-B982-CB3336A7188E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{F791EFAB-4F24-405C-91BD-03B5F3F98055}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B47A50-CDDF-4F2B-9E36-19D2ACE69694}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0CB687C0-802E-42FD-825D-3752F1F544F8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1149D5E6-F08F-4ADB-9E4B-1B970A120555}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{13147B18-365F-4449-BAB3-9F89A6A6A5AA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1321AEC1-D423-44A8-A39E-AC03629F1715}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{263E312E-130F-4DAE-8513-A1FC68DF019A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{320F21C4-BD22-4BA2-AD36-1A07C64DA32B}" = protocol=6 | dir=out | app=system | 
"{36BBC2A4-A572-4C50-8090-39304618A3D3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{672E82DC-3152-42A7-A3BB-9DBB84007538}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A9473613-C196-4F8F-908E-E184A7CAD75E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AB85B8B4-D5AC-4000-A914-90F779E80A57}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C11D1CBF-F922-4A1B-9F80-583DC0D049FE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C42598A6-47DF-41B4-B820-C5193F524D10}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D70EB1AA-B8A9-4A6F-9F15-D64D98C4BC82}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{EDFF3588-652A-4464-A161-9FEB3A68D58D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EFD37496-C293-49A0-90AC-2ACA69B61360}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0FF1922C-B6C4-40BB-AF30-BEF75A482444}" = Nokia Connectivity Cable Driver
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series" = Canon MP630 series MP Drivers
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1B58C9D2-1925-413F-B29A-C4E7596C43F5}" = Nokia PC Suite
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ACF5CB8-CADE-42C9-B3D3-B8751A2CDFD6}" = Toshiba TEMPO
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5980B928-1C95-4B3E-957B-B02D8147FF9E}" = Desktop SMS
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{821D6F49-1B20-4809-8C73-286CFC52B1B1}" = Samsung Auto Backup
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{C233D370-4B1A-4F6F-BD55-16B0C131335B}_is1" = Batch DOCX to DOC Converter 2009
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBCD1FF1-6127-41A5-ABF3-D8C494E59094}" = SA31xx Device Manager & Media Converter
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D8E4A66D-DB68-481F-ABA8-AC622566D4CB}" = PC Connectivity Solution
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E572B060-C98B-4984-A48E-E4FA56265903}" = SA31xx Device Manager & Media Converter
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F5FB4B71-6301-11D4-9AD1-00A0C9B0C5F6}" = InfoBibliothek
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9D54D77-01A4-7D34-6F3C-EDC9F8F466E3}" = Fragen-Lern-CD 4.0
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"6315-1853-9670-8217" = Polysun Demo 5.8.6.15775
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"AVG9Uninstall" = AVG Free 9.0
"Canon MP630 series Benutzerregistrierung" = Canon MP630 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1" = Fragen-Lern-CD 4.0
"Digital Editions" = Adobe Digital Editions
"dm-Fotowelt" = dm-Fotowelt
"doPDF 5  printer_is1" = doPDF 5.3  printer
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ElsterFormular für Privatanwender 12.0.0.5880p" = ElsterFormular-Update
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 4.1.0.835 (D)
"MAGIX Foto Suite D" = MAGIX Foto Suite 1.12.0.89 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"NAVIGON Fresh" = NAVIGON Fresh 3.3.0
"nwwfo" = Favorit
"PVProfit" = PVProfit
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

--- --- ---

Ist damit der Trojaner endgültig weg?

Hallo,

scheint hartnäckig zu sein. Habe nochmals mit Malewarebytes gescannt und Infektionen gefunden:

Protokoll MWB:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.06.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Steffen :: STEFFEN-PC [Administrator]

Schutz: Deaktiviert

06.05.2012 14:38:43
mbam-log-2012-05-06 (14-38-43).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 341262
Laufzeit: 1 Stunde(n), 22 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Toshiba\Webshops\Amazon\CopyGadget.exe (Spyware.Password) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Toshiba\Webshops\eBay\CopyGadget.exe (Spyware.Password) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

kira · 07.05.2012, 07:36

1.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht):

Code:

ATTFilter

:OTL
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0F36E18A-6296-4333-9D99-269AAFE3D111}_Search Solver: "URL" = http://www.search-solver.com/?t=Q0908221719&s=b&keywords={searchTerms}
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2546759&SearchSource=3&q={searchTerms}"
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.

:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

2.
Malwarebytes aus dem Autostart (Häckhen rausnehmen):
den Autostart-Programmen zu gelangen: "Start-> Alle Programme-> Autostart...Reiter "Systemstart"
oder: Drücke bitte die Tastenkombination [Windows-Taste]+[R], gibt`s Du den Befehl "msconfig" (ohne "") ein, und klicke auf OK.

3.
Vor dem nächsten Schritt, also bevor wir weitermachen:
Da jederzeit etwas passieren kann, wenn du wichtige Daten hast die Du sichern möchtest, empfehle ich Dir es jetzt machen (wie Bilder, Musik usw)
►Achte darauf: Die sicherten Daten sollen keine "Ausführbare Dateien" enthalten! - ►Dateiendungen - Dies ist eine Liste von Dateiendungen, die Dateien mit ausführbarem Code bezeichnen können.
Unabhängig von einem Befall (weil ja kann eine Festplatte auch kaputt gehen, oder es gibt andere technische Probleme ), sollte man regelmäßig Sicherung machen und an einem sicheren Ort bewahren, wie CD und DVD, externe Festplatten oder/und USB-Sticks
Mache das jetzt bitte!

4.
Lade Combofix von einem der folgenden Download-Spiegel herunter:

BleepingComputer.com - ForoSpyware.com

und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig!
Beachte die ausführliche Original-Anleitung.

Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:

Windows XP (nur 32-bit)
Windows 2000 (nur 32-bit)
Windows Vista (32-bit/64-bit)
Windows 7 (32-bit/64-bit)

Vorbereitung und wichtige Hinweise

Bitte während des Scans mit Combofix Antiviren- sowie Antispy-Programme, die Firewall und evtl. vorhandenes Skript-Blocking (Norton) deaktivieren.
Liste der zu deaktivierenden Programme.
Bei Unklarheiten bitte vorher fragen.
Bitte während des Laufs von Combofix nicht in das Combofix-Fenster klicken.
Das könnte Dein System einfrieren oder hängen bleiben lassen.
Es kann circa eine Viertelstunde dauern, bis der Scan fertig ist.
ComboFix wird Deine Einstellungen in Bezug auf den Bildschirmschoner zurücksetzen.
Diese Einstellungen kannst Du nach Beendigung unserer Bereinigung wieder ändern.
Mache nichts anderes, wenn es Dir nicht gelungen ist, Combofix laufen zu lassen.
Teile uns das mit und warte auf unsere Anweisungen.

Kurzanleitung zur Installation der Wiederherstellungskonsole unter XP

Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
Akzeptiere die Bedingungen (Disclaimer) mit "Ja".
ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist.
Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.

** Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.

Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:

Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.

Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment).
Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint.
Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread.

Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop.
Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen.

Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

charly2000 · 07.05.2012, 19:41

zu 1) OTL: i.O.

Code:

ATTFilter

 All processes killed
========== OTL ==========
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0F36E18A-6296-4333-9D99-269AAFE3D111}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F36E18A-6296-4333-9D99-269AAFE3D111}\ not found.
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2546759&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Steffen\Desktop\cmd.bat deleted successfully.
C:\Users\Steffen\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: B
 
User: Public
 
User: Steffen
->Temp folder emptied: 433862 bytes
->Temporary Internet Files folder emptied: 65737 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 62306667 bytes
->Flash cache emptied: 456 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8209942 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 68,00 mb
 
 
OTL by OldTimer - Version 3.2.42.2 log created on 05072012_195418

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

zu 2 - 3): i.O.

zu 4): Combo:

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-05-07.02 - Steffen 07.05.2012  20:16:39.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2038.997 [GMT 2:00]
ausgeführt von:: c:\users\Steffen\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\newname
c:\program files\newname\leesditeerst.txt
c:\program files\newname\le¡dome.txt
c:\program files\newname\liesmich.txt
c:\program files\newname\NewNamePro.exe
c:\program files\newname\NewNamePro_Help.chm
c:\program files\newname\NewNamePro_Hilfe.chm
c:\program files\newname\readme.txt
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\Steffen\AppData\Local\asuhsuh.dat
c:\users\Steffen\AppData\Local\asuhsuh_nav.dat
c:\users\Steffen\AppData\Local\asuhsuh_navps.dat
c:\users\Steffen\Favorites\mxfilerelatedcache.mxc2
c:\windows\IsUn0407.exe
c:\windows\system32\CddbCdda.dll
E:\setup.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-04-07 bis 2012-05-07  ))))))))))))))))))))))))))))))
.
.
2012-05-06 11:30 . 2012-05-06 11:30	--------	d-----w-	c:\program files\Common Files\Java
2012-05-06 11:29 . 2012-05-06 11:28	476960	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-05-06 11:28 . 2012-05-06 11:28	--------	d-----w-	c:\program files\Java
2012-05-06 11:06 . 2012-05-06 11:06	89088	----a-w-	c:\windows\system32\mbr.exe
2012-05-06 09:06 . 2012-05-06 09:06	--------	d-----w-	C:\_OTL
2012-05-01 16:00 . 2012-05-01 16:00	--------	d-----w-	c:\program files\CCleaner
2012-05-01 11:12 . 2012-05-01 11:12	--------	d-----w-	c:\program files\Microsoft.NET
2012-04-29 13:04 . 2012-04-29 13:04	--------	d-----w-	c:\windows\Internet Logs
2012-04-29 12:58 . 2012-04-18 01:06	6734704	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{98039DAF-F176-4E64-8B2D-C84FAC0661A8}\mpengine.dll
2012-04-29 09:57 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-04-28 20:26 . 2012-04-28 20:26	--------	d-----w-	c:\program files\Ashampoo
2012-04-28 16:14 . 2012-04-28 16:14	--------	d-----w-	c:\users\Steffen\AppData\Roaming\Malwarebytes
2012-04-28 16:14 . 2012-04-28 16:14	--------	d-----w-	c:\programdata\Malwarebytes
2012-04-28 16:14 . 2012-04-29 09:57	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-04-14 18:48 . 2012-03-01 11:01	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2012-04-14 18:47 . 2012-02-02 15:16	2044416	----a-w-	c:\windows\system32\win32k.sys
2012-04-14 18:47 . 2012-01-09 15:54	613376	----a-w-	c:\windows\system32\rdpencom.dll
2012-04-14 18:47 . 2012-01-09 13:58	180736	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-04-14 18:47 . 2012-02-14 15:45	219648	----a-w-	c:\windows\system32\d3d10_1core.dll
2012-04-14 18:47 . 2012-02-14 15:45	160768	----a-w-	c:\windows\system32\d3d10_1.dll
2012-04-14 18:47 . 2012-02-13 14:12	1172480	----a-w-	c:\windows\system32\d3d10warp.dll
2012-04-14 18:47 . 2012-02-13 13:47	683008	----a-w-	c:\windows\system32\d2d1.dll
2012-04-14 18:47 . 2012-02-13 13:44	1068544	----a-w-	c:\windows\system32\DWrite.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-06 11:28 . 2011-12-18 20:59	472864	----a-w-	c:\windows\system32\deployJava1.dll
2012-04-07 09:20 . 2012-04-07 09:20	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-07 09:20 . 2012-04-07 09:20	418464	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-02-23 08:18 . 2009-10-29 19:38	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-03-25 17:52 . 2011-05-08 16:14	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HWSetup"="\HWSetup.exe hwSetUP" [X]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-22 438272]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-03 4702208]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-04-03 509496]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 538744]
"NDSTray.exe"="NDSTray.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-20 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-20 129560]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2012-01-29 2077536]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-01-16 939872]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-16 928096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]
.
c:\users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Samsung Auto Backup Guage.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFGuage.exe [2011-2-15 823296]
Samsung Auto Backup Real-Time Daemon.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe [2011-2-15 65536]
Samsung Auto Backup Scheduler.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFTimerD.exe [2011-2-15 102400]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-5 110592]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Urteilsmonitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WISO Urteilsmonitor.lnk
backup=c:\windows\pss\WISO Urteilsmonitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2008-03-17 16:06	1848648	----a-w-	c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2008-03-10 16:20	689488	----a-w-	c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop SMS]
2007-06-18 08:51	1507328	----a-w-	c:\program files\IDM\Desktop SMS\DesktopSMS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 13:56	462408	----a-w-	c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2006-11-08 12:27	222208	----a-w-	c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-08-03 05:22	1826816	----a-w-	c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi]
2007-07-10 07:24	581632	----a-w-	c:\program files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]
2007-02-19 14:00	571024	----a-w-	c:\program files\TOSHIBA\Registration\ToshibaRegistration.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba TEMPO]
2007-10-29 15:22	103824	----a-w-	c:\program files\Toshiba TEMPO\Toshiba.Tempo.UI.TrayApplication.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38	1008184	----a-w-	c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 253600]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper	REG_MULTI_SZ   	getPlusHelper
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
nosGetPlusHelper	REG_MULTI_SZ   	nosGetPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 09:20]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{AAA64D87-2456-4D7E-ADAD-38A22530F209}: NameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
FF - ProfilePath - c:\users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\tlzq1cc7.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.startup.homepage - hxxp://google.de
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B457a1ed1-5f1c-4ac4-8aa7-ee17ca72491a%7D&mid=4258a7e80e4df4355e997e37031c912e-89a0743544eb25f6fe1a70e6c7689c0422b59eb7&ds=AVG&v=10.0.0.7&lang=de&pr=fr&d=2011-12-03%2017%3A21%3A13&sap=ku&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
AddRemove-Adobe Photoshop 7.0 - c:\windows\ISUN0407.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-05-07 20:24
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{1468eddf-deba-431d-89e9-ac873a0fdb4c}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:13000000
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{1ba9192e-a810-41e4-9571-416a29f6b562}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0f0016e3
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{20ff91a0-9407-4e3c-a878-3f763d23d1a1}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:11000000
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{34a76019-bcce-4313-9aaa-aec8c3c433bf}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0f0016cf
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{5f49d162-4c73-4403-b0aa-ae5a7db4aaae}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:12000000
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{6961b119-cdc9-4139-89d7-c06b01bd28ae}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07020054
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{7d18d203-b55d-4f1e-a0d1-bac60ab0364e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c0016d4
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{82f5df43-f348-43b6-a44c-b69a0ebc1a1c}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:090016cf
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{aaa64d87-2456-4d7e-adad-38a22530f209}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0b001b9e
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{d0daca61-45df-496a-93a2-362873dbb8ba}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0d0016d4
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
Zeit der Fertigstellung: 2012-05-07  20:27:27
ComboFix-quarantined-files.txt  2012-05-07 18:27
.
Vor Suchlauf: 9 Verzeichnis(se), 13.482.717.184 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 15.902.433.280 Bytes frei
.
- - End Of File - - 62186CCB21AD9C829D30A47DB0740108

--- --- ---

Add-Remove:

Code:

ATTFilter

 Adobe AIR
Adobe Digital Editions
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop 7.0
Adobe Reader X (10.1.3) - Deutsch
ALPS Touch Pad Driver
Atheros Driver Installation Program
AVG Free 9.0
Batch DOCX to DOC Converter 2009
Bluetooth Stack for Windows by Toshiba
CamStudio OSS Desktop Recorder
Canon MP Navigator EX 2.0
Canon MP630 series Benutzerregistrierung
Canon MP630 series MP Drivers
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CCleaner
CD-LabelPrint
CD/DVD Drive Acoustic Silencer
Compatibility Pack für 2007 Office System
Compatibility Pack for the 2007 Office system
Desktop SMS
dm-Fotowelt
doPDF 5.3  printer
DVD MovieFactory for TOSHIBA
ElsterFormular-Update
ElsterFormular 2008/2009
Emdedded IR Driver
Favorit
Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
Fragen-Lern-CD 4.0
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
InfoBibliothek
Intel Matrix Storage Manager
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 32
MAGIX Digital Foto Maker SE 4.1.0.835 (D)
MAGIX Foto Suite 1.12.0.89 (D)
MAGIX Online Druck Service 2.3.2.0 (D)
Malwarebytes Anti-Malware Version 1.61.0.1400
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 German Language Pack
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Office XP Professional mit FrontPage
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft XML Parser
Mozilla Firefox 11.0 (x86 de)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NAVIGON Fresh 3.3.0
Nokia Connectivity Cable Driver
Nokia PC Suite
PC Connectivity Solution
Polysun Demo 5.8.6.15775
PVProfit
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
SA31xx Device Manager & Media Converter
Samsung Auto Backup
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
Toshiba Online Product Information
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Supervisor Password
TOSHIBA Supervisorkennwort
Toshiba TEMPO
TOSHIBA Value Added Package
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Utility Common Driver
Windows Media Encoder 9-Reihe
WinRAR

kira · 08.05.2012, 09:20

1.

lade Dir SUPERAntiSpyware FREE Edition herunter.
Achte darauf, eventuell angebotene Toolbar nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar (falls nötig), entfernen.
installiere das Programm und update online.
starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

2.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

3.
-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

4.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

charly2000 · 12.05.2012, 05:22

Hallo Kira

anbei die Protokolle:

zu 1)

Code:

ATTFilter

 SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 05/08/2012 at 11:00 PM

Application Version : 5.0.1148

Core Rules Database Version : 8569
Trace Rules Database Version: 6381

Scan type       : Complete Scan
Total Scan Time : 01:16:03

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned      : 679
Memory threats detected   : 0
Registry items scanned    : 34058
Registry threats detected : 0
File items scanned        : 44440
File threats detected     : 30

Adware.Tracking Cookie
	.thetrafficstat.net [ C:\USERS\STEFFEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLZQ1CC7.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\STEFFEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLZQ1CC7.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\STEFFEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLZQ1CC7.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\STEFFEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLZQ1CC7.DEFAULT\COOKIES.SQLITE ]
	.kontera.com [ C:\USERS\STEFFEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLZQ1CC7.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\STEFFEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLZQ1CC7.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\STEFFEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLZQ1CC7.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\STEFFEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLZQ1CC7.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\STEFFEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLZQ1CC7.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\STEFFEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLZQ1CC7.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\STEFFEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLZQ1CC7.DEFAULT\COOKIES.SQLITE ]
	.zanox.com [ C:\USERS\STEFFEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLZQ1CC7.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\STEFFEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLZQ1CC7.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\STEFFEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLZQ1CC7.DEFAULT\COOKIES.SQLITE ]
	ww251.smartadserver.com [ C:\USERS\STEFFEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLZQ1CC7.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\STEFFEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLZQ1CC7.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\STEFFEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLZQ1CC7.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\STEFFEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLZQ1CC7.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\STEFFEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLZQ1CC7.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\STEFFEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLZQ1CC7.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\STEFFEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLZQ1CC7.DEFAULT\COOKIES.SQLITE ]
	.autoscout24.112.2o7.net [ C:\USERS\STEFFEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLZQ1CC7.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\STEFFEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLZQ1CC7.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\STEFFEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLZQ1CC7.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\STEFFEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLZQ1CC7.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\STEFFEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLZQ1CC7.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\STEFFEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLZQ1CC7.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\STEFFEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLZQ1CC7.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\STEFFEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLZQ1CC7.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\STEFFEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLZQ1CC7.DEFAULT\COOKIES.SQLITE ]

zu 2) i.O.

zu 3)

Code:

ATTFilter

 
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=531a9eeb02828e4898e2f6bb28a25ccb
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-11 09:09:54
# local_time=2012-05-11 11:09:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1024 16777215 100 0 75163737 75163737 0 0
# compatibility_mode=5892 16776574 100 100 1059651 174296698 0 0
# compatibility_mode=8192 67108863 100 0 236 236 0 0
# scanned=168429
# found=1
# cleaned=1
# scan_time=6624
E:\radio\ps_radio2014.exe	Variante von Win32/Adware.ADON Anwendung (gelöscht - in Quarantäne kopiert)	00000000000000000000000000000000	C

zu 4) OTL:
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 12.05.2012 06:06:49 - Run 4
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\Steffen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 50,82% Memory free
4,22 Gb Paging File | 2,96 Gb Available in Paging File | 70,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 15,96 Gb Free Space | 21,42% Space Free | Partition Type: NTFS
Drive D: | 963,70 Mb Total Space | 650,55 Mb Free Space | 67,50% Space Free | Partition Type: FAT
Drive E: | 73,06 Gb Total Space | 51,77 Gb Free Space | 70,87% Space Free | Partition Type: NTFS
 
Computer Name: STEFFEN-PC | User Name: Steffen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.01 17:46:09 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Steffen\Desktop\OTL.exe
PRC - [2012.04.29 15:30:36 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgwdsvc.exe
PRC - [2012.04.29 15:30:18 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgcsrvx.exe
PRC - [2012.04.29 15:30:17 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgchsvx.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.01.16 20:37:43 | 000,939,872 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe
PRC - [2011.09.13 21:09:16 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgrsx.exe
PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe
PRC - [2010.09.23 13:35:15 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgnsx.exe
PRC - [2010.08.30 16:49:30 | 000,102,400 | ---- | M] (Clarus, Inc.) -- C:\Programme\Clarus\Samsung Auto Backup\ISFTimerD.exe
PRC - [2010.08.30 16:48:28 | 000,065,536 | ---- | M] (Clarus, Inc.) -- C:\Programme\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
PRC - [2010.08.30 16:47:14 | 000,823,296 | ---- | M] (Clarus, Inc.) -- C:\Programme\Clarus\Samsung Auto Backup\ISFGuage.exe
PRC - [2010.01.27 02:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.03.20 08:36:58 | 000,210,216 | ---- | M] (Synaptics Incorporated) -- C:\Programme\Synaptics\SynTP\SynToshiba.exe
PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.10.29 17:21:54 | 000,095,624 | ---- | M] (Toshiba Europe GmbH) -- C:\Programme\Toshiba TEMPO\TempoSVC.exe
PRC - [2007.09.19 12:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007.09.03 12:39:22 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.07.20 20:45:16 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2007.06.19 15:28:32 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2007.05.22 16:32:52 | 000,538,744 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2007.04.03 16:52:22 | 000,509,496 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2007.03.29 10:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007.03.29 10:39:00 | 000,411,192 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2007.02.12 14:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.02.12 14:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006.11.14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2006.11.06 17:14:44 | 000,034,352 | ---- | M] () -- C:\Programme\TOSHIBA\Utilities\KeNotify.exe
PRC - [2006.10.05 06:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006.05.25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2001.02.23 11:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.09 21:56:33 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012.02.13 13:02:15 | 001,249,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
MOD - [2012.02.13 13:02:09 | 005,283,840 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2012.02.13 13:02:04 | 004,214,784 | ---- | M] () -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
MOD - [2012.01.26 13:00:14 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012.01.16 20:37:43 | 000,939,872 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe
MOD - [2012.01.03 12:58:11 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012.01.03 12:58:08 | 003,186,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.02.18 20:39:19 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
MOD - [2009.02.18 20:39:19 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
MOD - [2009.02.18 20:39:17 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
MOD - [2007.09.20 19:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2007.09.13 09:11:18 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2007.05.31 16:38:22 | 000,958,464 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\de\TCrdMain.resources.dll
MOD - [2006.12.01 18:55:42 | 000,009,216 | ---- | M] () -- C:\Programme\TOSHIBA\TBS\NotifyTBS.dll
MOD - [2006.11.09 18:27:00 | 000,090,112 | ---- | M] () -- C:\Programme\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2006.11.08 19:08:30 | 000,009,216 | ---- | M] () -- C:\Programme\TOSHIBA\PCDiag\NotifyPCD.dll
MOD - [2006.11.06 17:14:44 | 000,034,352 | ---- | M] () -- C:\Programme\TOSHIBA\Utilities\KeNotify.exe
MOD - [2006.10.10 11:44:16 | 000,009,728 | ---- | M] () -- C:\Programme\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MOD - [2006.10.07 12:57:04 | 000,053,248 | ---- | M] () -- C:\Programme\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.04.29 15:30:36 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2012.04.07 11:20:32 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.10 15:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2010.07.26 16:01:58 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2009.12.01 20:41:40 | 000,051,384 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.10.29 17:21:54 | 000,095,624 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Programme\Toshiba TEMPO\TempoSVC.exe -- (TempoMonitoringService)
SRV - [2007.09.19 12:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007.03.29 10:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007.02.12 14:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2006.11.14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006.11.06 15:21:10 | 000,210,432 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006.10.05 06:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006.05.25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2001.02.23 11:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\virtualnet.sys -- (vnet)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\vfilter.sys -- (vflt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\TpChoice.sys -- (TpChoice)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Steffen\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.09.13 21:09:16 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.05.06 09:54:24 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010.06.23 20:35:12 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2008.07.29 06:05:04 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.11.09 06:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007.07.26 17:18:04 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2007.04.30 07:42:14 | 000,081,408 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.03.06 15:01:04 | 000,014,848 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\CplIR.sys -- (CplIR)
DRV - [2007.01.24 14:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2007.01.18 16:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)
DRV - [2007.01.18 16:40:56 | 000,219,392 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2006.11.28 09:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.10.23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006.10.18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006.10.10 09:54:34 | 000,138,240 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcd.sys -- (Nokia USB Phone Parent)
DRV - [2006.10.10 09:54:32 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcj.sys -- (Nokia USB Port)
DRV - [2006.10.10 09:54:32 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcm.sys -- (Nokia USB Modem)
DRV - [2006.10.10 09:54:32 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdc.sys -- (Nokia USB Generic)
DRV - [2006.08.30 10:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006.07.28 16:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0F36E18A-6296-4333-9D99-269AAFE3D111}_Search Solver: "URL" = hxxp://www.search-solver.com/?t=Q0908221719&s=b&keywords={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "sporthdtv Customized Web Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://google.de"
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.227.0
FF - prefs.js..extensions.enabledItems: {00b2f024-4c9d-4f95-88b9-de678d1de316}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.87
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7B457a1ed1-5f1c-4ac4-8aa7-ee17ca72491a%7D&mid=4258a7e80e4df4355e997e37031c912e-89a0743544eb25f6fe1a70e6c7689c0422b59eb7&ds=AVG&v=10.0.0.7&lang=de&pr=fr&d=2011-12-03%2017%3A21%3A13&sap=ku&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011.08.10 18:48:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.0.0.7\ [2012.01.16 20:38:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.25 19:53:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.06 13:39:35 | 000,000,000 | ---D | M]
 
[2010.01.19 20:21:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffen\AppData\Roaming\mozilla\Extensions
[2012.05.06 14:21:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffen\AppData\Roaming\mozilla\Firefox\Profiles\tlzq1cc7.default\extensions
[2012.03.26 21:18:36 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\Steffen\AppData\Roaming\mozilla\Firefox\Profiles\tlzq1cc7.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2012.05.06 14:21:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffen\AppData\Roaming\mozilla\Firefox\Profiles\tlzq1cc7.default\extensions\staged
[2012.05.06 13:29:16 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.05.06 13:29:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2012.05.06 13:29:16 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2012.01.16 20:38:18 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\10.0.0.7
[2009.08.23 15:52:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012.03.25 19:52:59 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.17 00:15:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
 
O1 HOSTS File: ([2012.05.07 20:24:21 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] \HWSetup.exe hwSetUP File not found
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KeNotify] C:\Programme\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Guage.lnk = C:\Programme\Clarus\Samsung Auto Backup\ISFGuage.exe (Clarus, Inc.)
O4 - Startup: C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Real-Time Daemon.lnk = C:\Programme\Clarus\Samsung Auto Backup\ISFRealTimeD.exe (Clarus, Inc.)
O4 - Startup: C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Scheduler.lnk = C:\Programme\Clarus\Samsung Auto Backup\ISFTimerD.exe (Clarus, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found
O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - hxxp://www.webtip.ch/cgi-bin/toshiba/tracker_url_de.pl?hxxp://www.ebay.de/ File not found
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AAA64D87-2456-4D7E-ADAD-38A22530F209}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0DACA61-45DF-496A-93A2-362873DBB8BA}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll ()
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Steffen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Steffen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.11 21:15:34 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.05.11 21:09:20 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\AVG9
[2012.05.09 21:00:22 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012.05.09 21:00:22 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.05.09 21:00:22 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012.05.09 21:00:21 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012.05.09 21:00:21 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012.05.09 20:59:53 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.05.09 20:59:52 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.05.09 20:59:52 | 002,044,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.05.08 21:39:35 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\SUPERAntiSpyware.com
[2012.05.08 21:38:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.05.08 21:38:33 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.05.08 21:38:33 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.05.07 20:32:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.05.07 20:28:44 | 000,192,512 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxres.dll
[2012.05.07 20:27:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.05.07 20:27:29 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\temp
[2012.05.07 20:14:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.05.07 20:14:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.05.07 20:14:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.05.07 20:14:18 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.05.07 20:14:17 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.05.07 20:14:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.05.07 20:09:39 | 004,486,979 | R--- | C] (Swearware) -- C:\Users\Steffen\Desktop\ComboFix.exe
[2012.05.06 13:30:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.05.06 13:29:11 | 000,476,960 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012.05.06 13:29:10 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.05.06 13:29:10 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.05.06 13:29:09 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.05.06 13:28:11 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.05.06 11:06:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.05.01 18:00:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.05.01 18:00:40 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.05.01 17:46:37 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Steffen\Desktop\OTL.exe
[2012.05.01 13:12:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012.04.29 15:04:07 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2012.04.29 11:57:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.29 11:57:23 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.04.28 22:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\Ashampoo
[2012.04.28 18:14:10 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\Malwarebytes
[2012.04.28 18:14:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.28 18:14:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.04.14 20:54:41 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.04.14 20:54:39 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.04.14 20:54:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.04.14 20:54:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.04.14 20:54:38 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.04.14 20:54:37 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.04.14 20:47:52 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.12 05:18:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.12 04:56:38 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.12 04:56:38 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.11 21:01:07 | 097,852,530 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2012.05.11 20:56:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.11 20:54:49 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.09 21:53:27 | 000,275,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.05.09 21:17:52 | 000,638,748 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.09 21:17:52 | 000,604,324 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.09 21:17:52 | 000,130,668 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.09 21:17:52 | 000,107,760 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.08 21:38:41 | 000,001,805 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.05.07 20:24:21 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.05.07 20:10:03 | 004,486,979 | R--- | M] (Swearware) -- C:\Users\Steffen\Desktop\ComboFix.exe
[2012.05.06 16:26:06 | 000,000,328 | ---- | M] () -- C:\Users\Steffen\Desktop\cc_20120506_162543.reg
[2012.05.06 13:45:46 | 000,050,196 | ---- | M] () -- C:\Users\Steffen\Desktop\cc_20120506_134530.reg
[2012.05.06 13:39:37 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.05.06 13:28:20 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.05.06 13:28:20 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.05.06 13:28:20 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.05.06 13:28:19 | 000,476,960 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012.05.06 13:28:19 | 000,472,864 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012.05.06 13:06:26 | 000,089,088 | ---- | M] () -- C:\Windows\System32\mbr.exe
[2012.05.06 11:24:04 | 000,302,592 | ---- | M] () -- C:\Users\Steffen\Desktop\h8w17zzc.exe
[2012.05.01 18:00:42 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.01 17:46:09 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Steffen\Desktop\OTL.exe
[2012.04.29 11:57:39 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.29 09:15:31 | 000,001,356 | ---- | M] () -- C:\Users\Steffen\AppData\Local\d3d9caps.dat
 
========== Files Created - No Company Name ==========
 
[2012.05.08 21:38:41 | 000,001,805 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.05.07 20:14:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.05.07 20:14:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.05.07 20:14:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.05.07 20:14:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.05.07 20:14:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.05.06 16:25:52 | 000,000,328 | ---- | C] () -- C:\Users\Steffen\Desktop\cc_20120506_162543.reg
[2012.05.06 13:45:40 | 000,050,196 | ---- | C] () -- C:\Users\Steffen\Desktop\cc_20120506_134530.reg
[2012.05.06 13:39:37 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.05.06 13:39:35 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.05.06 13:06:25 | 000,089,088 | ---- | C] () -- C:\Windows\System32\mbr.exe
[2012.05.06 11:24:02 | 000,302,592 | ---- | C] () -- C:\Users\Steffen\Desktop\h8w17zzc.exe
[2012.05.01 18:00:42 | 000,000,809 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.04.29 11:57:39 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.29 11:48:32 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
[2012.01.29 13:39:59 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2011.02.27 15:49:09 | 000,000,030 | ---- | C] () -- C:\Windows\SSEKonf.ini
 
========== LOP Check ==========
 
[2007.11.10 18:45:50 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\AAV
[2007.11.21 17:20:32 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Akademische Arbeitsgemeinschaft
[2012.05.11 21:09:20 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\AVG9
[2009.10.26 22:26:34 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Canon
[2010.11.30 13:17:01 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\CD-LabelPrint
[2010.03.28 10:29:41 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\CheckPoint
[2011.02.23 19:22:27 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1
[2008.10.29 11:30:48 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\DesktopSMS
[2011.10.26 10:17:41 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\elsterformular
[2011.01.26 17:12:59 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\MAGIX
[2009.10.28 21:39:37 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\NCH Swift Sound
[2008.10.29 11:31:50 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Nokia
[2011.11.10 21:02:02 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Nokia Multimedia Player
[2009.06.03 10:02:19 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\PC Suite
[2009.03.13 17:51:16 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\phonostar-Player
[2012.02.18 22:20:56 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\PVProfit
[2009.11.19 10:14:17 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\SmartDraw
[2010.03.27 10:57:21 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Softi Software
[2012.02.15 21:33:36 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Solarschmiede
[2007.11.20 23:08:45 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Steinberg
[2009.10.28 21:41:48 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Tobit
[2007.11.08 20:46:45 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Toshiba
[2010.06.12 06:13:27 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\WinSweep
[2012.05.09 21:56:48 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 12.05.2012 06:06:49 - Run 4
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\Steffen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 50,82% Memory free
4,22 Gb Paging File | 2,96 Gb Available in Paging File | 70,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 15,96 Gb Free Space | 21,42% Space Free | Partition Type: NTFS
Drive D: | 963,70 Mb Total Space | 650,55 Mb Free Space | 67,50% Space Free | Partition Type: FAT
Drive E: | 73,06 Gb Total Space | 51,77 Gb Free Space | 70,87% Space Free | Partition Type: NTFS
 
Computer Name: STEFFEN-PC | User Name: Steffen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "E:\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "E:\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01FB684B-B383-49F5-A893-945786987BCD}" = lport=445 | protocol=6 | dir=in | app=system | 
"{068CEBD1-3C2C-4C96-B1D7-7469D93DA4FC}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{37400866-BACC-4B85-B37A-313BE751B741}" = lport=137 | protocol=17 | dir=in | app=system | 
"{3F98854E-137B-4A76-A276-3E33E584779F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{539782FC-DCB7-4EF9-826C-FCA47E6F14CA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5A097B65-DB6C-4E3E-8AF5-E023BCB80638}" = rport=137 | protocol=17 | dir=out | app=system | 
"{64E77B25-D833-45E7-A1B0-9CA8B2FE2C6F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6F1E8AB2-FDEB-4F82-B744-30834C18FD29}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{73440219-2689-4B31-AECF-83B9A66D9D6C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{747AD30B-5E90-4008-9EE2-7F10A4837123}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{85D1D3D2-C116-414E-AB24-841067607E59}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{99F20903-3637-4723-A079-7F56930813D8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{9FEC4459-5A1F-4560-B507-CF4CA5F64F0B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D3BEECD3-990C-4F46-9369-09ED64FEFB68}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D7244E89-D82E-4501-98D8-39DCAEC0C9BF}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D8CF807A-A014-4698-80C7-14F2A996C1E9}" = rport=139 | protocol=6 | dir=out | app=system | 
"{DF3CC9FA-9999-4023-80BF-BBA47959B9DB}" = lport=139 | protocol=6 | dir=in | app=system | 
"{EAA03634-6E59-42A8-B982-CB3336A7188E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{F791EFAB-4F24-405C-91BD-03B5F3F98055}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B47A50-CDDF-4F2B-9E36-19D2ACE69694}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0CB687C0-802E-42FD-825D-3752F1F544F8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1149D5E6-F08F-4ADB-9E4B-1B970A120555}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{13147B18-365F-4449-BAB3-9F89A6A6A5AA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1321AEC1-D423-44A8-A39E-AC03629F1715}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{263E312E-130F-4DAE-8513-A1FC68DF019A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{320F21C4-BD22-4BA2-AD36-1A07C64DA32B}" = protocol=6 | dir=out | app=system | 
"{36BBC2A4-A572-4C50-8090-39304618A3D3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{672E82DC-3152-42A7-A3BB-9DBB84007538}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A9473613-C196-4F8F-908E-E184A7CAD75E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AB85B8B4-D5AC-4000-A914-90F779E80A57}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C11D1CBF-F922-4A1B-9F80-583DC0D049FE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C42598A6-47DF-41B4-B820-C5193F524D10}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D70EB1AA-B8A9-4A6F-9F15-D64D98C4BC82}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{EDFF3588-652A-4464-A161-9FEB3A68D58D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EFD37496-C293-49A0-90AC-2ACA69B61360}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0FF1922C-B6C4-40BB-AF30-BEF75A482444}" = Nokia Connectivity Cable Driver
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series" = Canon MP630 series MP Drivers
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1B58C9D2-1925-413F-B29A-C4E7596C43F5}" = Nokia PC Suite
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ACF5CB8-CADE-42C9-B3D3-B8751A2CDFD6}" = Toshiba TEMPO
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5980B928-1C95-4B3E-957B-B02D8147FF9E}" = Desktop SMS
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{821D6F49-1B20-4809-8C73-286CFC52B1B1}" = Samsung Auto Backup
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{C233D370-4B1A-4F6F-BD55-16B0C131335B}_is1" = Batch DOCX to DOC Converter 2009
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBCD1FF1-6127-41A5-ABF3-D8C494E59094}" = SA31xx Device Manager & Media Converter
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D8E4A66D-DB68-481F-ABA8-AC622566D4CB}" = PC Connectivity Solution
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E572B060-C98B-4984-A48E-E4FA56265903}" = SA31xx Device Manager & Media Converter
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F5FB4B71-6301-11D4-9AD1-00A0C9B0C5F6}" = InfoBibliothek
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9D54D77-01A4-7D34-6F3C-EDC9F8F466E3}" = Fragen-Lern-CD 4.0
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"6315-1853-9670-8217" = Polysun Demo 5.8.6.15775
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG9Uninstall" = AVG Free 9.0
"Canon MP630 series Benutzerregistrierung" = Canon MP630 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1" = Fragen-Lern-CD 4.0
"Digital Editions" = Adobe Digital Editions
"dm-Fotowelt" = dm-Fotowelt
"doPDF 5  printer_is1" = doPDF 5.3  printer
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ElsterFormular für Privatanwender 12.0.0.5880p" = ElsterFormular-Update
"ESET Online Scanner" = ESET Online Scanner v3
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 4.1.0.835 (D)
"MAGIX Foto Suite D" = MAGIX Foto Suite 1.12.0.89 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"NAVIGON Fresh" = NAVIGON Fresh 3.3.0
"nwwfo" = Favorit
"PVProfit" = PVProfit
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

--- --- ---

Gruß

kira · 12.05.2012, 07:31

1.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht:

Code:

ATTFilter

:OTL
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0F36E18A-6296-4333-9D99-269AAFE3D111}_Search Solver: "URL" = http://www.search-solver.com/?t=Q0908221719&s=b&keywords={searchTerms}
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

charly2000 · 12.05.2012, 19:56

OTL Fix:

Code:

ATTFilter

 All processes killed
========== OTL ==========
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0F36E18A-6296-4333-9D99-269AAFE3D111}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F36E18A-6296-4333-9D99-269AAFE3D111}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Steffen\Desktop\cmd.bat deleted successfully.
C:\Users\Steffen\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: B
->Temp folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Steffen
->Temp folder emptied: 714337 bytes
->Temporary Internet Files folder emptied: 16227774 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 111924081 bytes
->Flash cache emptied: 675 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 51098555 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 172,00 mb
 
 
OTL by OldTimer - Version 3.2.42.2 log created on 05122012_204808

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Gruß

kira · 12.05.2012, 20:38

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

charly2000 · 13.05.2012, 07:22

Hallo Kira,

ich werd mal beobachten...

Was ist aus Deiner Sicht die beste Kombination zwischen Antiviren, Antispyware und Firewall? Es sind ja viele verschiedene Programme auf dem Markt. Vielleicht gibt es auch eine gute Kombination von Freeware-Programmen? Wichtig wäre auch, dass die Performance nicht zu sehr belastet wird.

Habe aktuell AVG, Windowsfirewall und Superantispy. Zusätzlich habe ich Malwarebytes drauf. Sollte ich ComboFix deinstallieren?

Danke und Gruß