Verschlüsselungsvirus - Log Files scannen

VBike · 12.05.2012, 22:10

Hallo Board,

ich hatte einen Verschlüsselungstojaner (der die Dateien mit dem locked versieht), habe gesäubert mit AVir und Malware.

Habe jetzt die Logs erstellt und diese hier angehängt.

Was komisch aussieht ist das gmer.txt.

Könnt Ihr mir sagen was ich noch machen muss?

Vielen Dank
VBike

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32
Run by ralf at 22:20:25 on 2012-05-12
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2814.1422 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\System Control Manager\MSIService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\WUDFHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
E:\Defogger.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.t-online.de/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
uURLSearchHooks: DVDVideoSoftTB Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - c:\program files\dvdvideosoft\tbDVDV.dll
mURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
mURLSearchHooks: DVDVideoSoftTB Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - c:\program files\dvdvideosoft\tbDVDV.dll
mURLSearchHooks: H - No File
mURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: DVDVideoSoftTB Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - c:\program files\dvdvideosoft\tbDVDV.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: DVDVideoSoftTB Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - c:\program files\dvdvideosoft\tbDVDV.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [MGSysCtrl] c:\program files\system control manager\MGSysCtrl.exe
mRun: [Skytel] Skytel.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\ralf\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\ralf\appdata\roaming\dvdvideosoftiehelpers\youtubetomp3.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{01F76A63-34A1-4BED-9EFB-28A0A3867AD7} : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{022FDE6A-15A5-4F39-86BB-781947C041D8} : DhcpNameServer = 192.168.178.1
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ralf\appdata\roaming\mozilla\firefox\profiles\4m84wyl1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\users\ralf\appdata\locallow\powerc~1\nppowerloader.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-22 36000]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2011-10-22 86224]
R2 AntiVirService;Avira Echtzeit Scanner;c:\program files\avira\antivir desktop\avguard.exe [2011-10-22 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-2 83392]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 ICQ Service;ICQ Service;c:\program files\icq6toolbar\ICQ Service.exe [2009-8-22 246520]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-5-12 654408]
R2 Micro Star SCM;Micro Star SCM;c:\program files\system control manager\MSIService.exe [2008-12-11 159744]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-12-11 52736]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-5-12 22344]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-12-11 45600]
R3 ReallusionVirtualAudio;Reallusion Virtual Audio;c:\windows\system32\drivers\RLVrtAuCbl.sys [2009-6-2 31616]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-8 136176]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\drivers\athrusb.sys [2008-7-29 904192]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-8 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr28.sys [2008-12-11 313344]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-05-12 19:34:43 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-12 19:34:43 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-05-12 19:34:43 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-12 19:34:43 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-12 19:15:25 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-12 19:15:24 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-12 19:15:24 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-05-12 15:20:50 6734704 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a3681153-50d9-4162-8012-17162be129f6}\mpengine.dll
2012-05-12 15:15:31 6734704 ------w- c:\programdata\microsoft\windows defender\definition updates\updates\mpengine.dll
2012-05-12 14:51:17 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-12 14:15:52 -------- d-----w- c:\users\ralf\appdata\local\temp
2012-05-12 14:14:12 -------- dcsh--w- C:\$RECYCLE.BIN
2012-05-12 14:05:11 -------- d-----w- c:\program files\CCleaner
2012-05-12 14:00:21 98816 ----a-w- c:\windows\sed.exe
2012-05-12 14:00:21 518144 ----a-w- c:\windows\SWREG.exe
2012-05-12 14:00:21 256000 ----a-w- c:\windows\PEV.exe
2012-05-12 14:00:21 208896 ----a-w- c:\windows\MBR.exe
2012-05-12 14:00:14 -------- dc----w- C:\ComboFix
2012-05-12 13:57:31 -------- d-----w- c:\users\ralf\appdata\roaming\Malwarebytes
2012-05-12 13:57:20 -------- d-----w- c:\programdata\Malwarebytes
2012-05-12 13:57:19 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-12 13:57:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-12 13:38:14 1186056 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2012-05-01 07:42:32 -------- d-----w- c:\users\ralf\appdata\roaming\Vrutdxft
.
==================== Find3M ====================
.
2012-05-12 14:50:57 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-12 14:44:02 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-03-30 12:39:11 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-20 23:28:50 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-03-01 14:46:01 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-01 14:46:01 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-29 14:08:47 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-29 13:44:50 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-29 13:41:40 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-23 08:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 22:21:57,82 ===============

kira · 13.05.2012, 23:15

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

► Hast Du deine Daten auch schon entschlüsseln können, oder noch nicht?

► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Hast du den Rechner bereits auf Viren überprüft? Folgende Ergebnisse möchte ich noch sehen:

Code:

ATTFilter

Malwarebytes
(alle vorhandenen Protokolle!)

2.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

3.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:

Download den CCleaner herunter
Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles, die Du posten möchtest)[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

gruß
kira

VBike · 14.05.2012, 08:42

Hallo Kira,

vielen Dank schon mal vorab! Wie gewünscht hier die Antworten:

0/
Hast Du deine Daten auch schon entschlüsseln können?

Ja, habe ich, wobei ich erst einmal nur über mein LW D: = Bilder die entschlüsselung komplett habe laufen lassen (ca. 2000 dateien). Auf C: habe ich das selektiv gemacht (ca. 8000 dateien), also dort sind noch ein paar verschlüsselt.

1/
Log von Malwarebytes

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.12.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
ralf :: RALF-PC [Administrator]

Schutz: Aktiviert

12.05.2012 18:27:33
mbam-log-2012-05-12 (18-27-33).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 333367
Laufzeit: 1 Stunde(n), 22 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

2a/
OTL logfile:
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 14.05.2012 09:16:13 - Run 1
OTL by OldTimer - Version 3.2.43.0     Folder = C:\Users\ralf\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,56 Gb Available Physical Memory | 56,65% Memory free
5,73 Gb Paging File | 4,34 Gb Available in Paging File | 75,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 112,09 Gb Total Space | 71,29 Gb Free Space | 63,60% Space Free | Partition Type: NTFS
Drive D: | 112,99 Gb Total Space | 108,89 Gb Free Space | 96,38% Space Free | Partition Type: NTFS
Drive E: | 1,88 Gb Total Space | 1,78 Gb Free Space | 95,03% Space Free | Partition Type: FAT32
 
Computer Name: RALF-PC | User Name: ralf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\ralf\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International  CO., LTD.)
PRC - C:\Program Files\System Control Manager\MSIService.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\System Control Manager\MSIWmiAcpi.dll ()
MOD - C:\Program Files\System Control Manager\MGKBHook.dll ()
MOD - C:\Program Files\WinRAR 3.61 Multi\rarext.dll ()
MOD - C:\Windows\System32\TosCommAPI.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
SRV - (Micro Star SCM) -- C:\Program Files\System Control Manager\MSIService.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SymIMMP) -- system32\DRIVERS\SymIM.sys File not found
DRV - (SymIM) -- system32\DRIVERS\SymIM.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (HTCAND32) -- System32\Drivers\ANDROIDUSB.sys File not found
DRV - (catchme) -- C:\Users\ralf\AppData\Local\Temp\catchme.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (athrusb) -- C:\Windows\System32\drivers\athrusb.sys (Atheros Communications, Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (ReallusionVirtualAudio) -- C:\Windows\System32\drivers\RLVrtAuCbl.sys ()
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (slabser) -- C:\Windows\System32\drivers\slabser.sys (MCCI)
DRV - (slabbus) Suunto Sports Device driver (WDM) -- C:\Windows\System32\drivers\slabbus.sys (MCCI)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 29 C1 5E 79 09 CC 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://supertoolbar.ask.com/redirect?client=ie&tb=DVSV5&o=15012&src=crm&q={searchTerms}&locale=de_DE
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\..\SearchScopes\{E08A9998-D98F-476f-8F5C-37C80FE0A4DA}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-ober&type=gamenextde&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://go.microsoft.com/fwlink/?LinkId=69157"
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@powerchallenge.com/PowerLoader: C:\Users\ralf\AppData\LocalLow\POWERC~1\nppowerloader.dll (Power Challenge Sweden AB)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.08.29 21:53:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.12 17:05:36 | 000,000,000 | ---D | M]
 
[2010.04.17 00:35:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ralf\AppData\Roaming\mozilla\Extensions
[2010.10.11 13:22:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ralf\AppData\Roaming\mozilla\Firefox\Profiles\4m84wyl1.default\extensions
[2010.04.17 00:36:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\ralf\AppData\Roaming\mozilla\Firefox\Profiles\4m84wyl1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.20 13:06:48 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\ralf\AppData\Roaming\mozilla\Firefox\Profiles\4m84wyl1.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.05.01 16:19:12 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\ralf\AppData\Roaming\mozilla\Firefox\Profiles\4m84wyl1.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010.08.23 10:42:37 | 000,000,000 | ---D | M] (Microsoft Choice Guard) -- C:\Users\ralf\AppData\Roaming\mozilla\Firefox\Profiles\4m84wyl1.default\extensions\ChoiceGuard@Microsoft
[2010.05.19 14:35:34 | 000,001,819 | ---- | M] () -- C:\Users\ralf\AppData\Roaming\Mozilla\Firefox\Profiles\4m84wyl1.default\searchplugins\bing.xml
[2010.05.19 14:35:37 | 000,000,873 | ---- | M] () -- C:\Users\ralf\AppData\Roaming\Mozilla\Firefox\Profiles\4m84wyl1.default\searchplugins\conduit.xml
[2012.05.12 16:51:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010.06.10 17:01:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.22 20:22:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2012.05.12 16:51:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2011.07.08 09:31:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2012.05.12 16:12:02 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International  CO., LTD.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\ralf\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01F76A63-34A1-4BED-9EFB-28A0A3867AD7}: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{022FDE6A-15A5-4F39-86BB-781947C041D8}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\ralf\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\ralf\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.14 09:11:00 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\ralf\Desktop\OTL.exe
[2012.05.13 00:17:56 | 000,000,000 | ---D | C] -- C:\Users\ralf\AppData\Roaming\Avira
[2012.05.13 00:17:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.05.13 00:16:54 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.05.13 00:16:53 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.05.13 00:16:53 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.05.13 00:16:53 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.05.13 00:16:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.05.13 00:16:51 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.05.12 23:53:53 | 000,000,000 | ---D | C] -- C:\Users\ralf\Desktop\Logs
[2012.05.12 21:40:31 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.05.12 21:40:29 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.05.12 21:40:27 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.05.12 21:40:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.05.12 21:40:27 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.05.12 21:40:26 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.05.12 21:18:29 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012.05.12 21:18:29 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.05.12 21:18:29 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012.05.12 21:18:29 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012.05.12 21:18:29 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012.05.12 21:15:25 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.05.12 21:15:24 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.05.12 21:15:24 | 002,044,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.05.12 16:52:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.05.12 16:51:17 | 000,476,960 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012.05.12 16:51:17 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.05.12 16:51:17 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.05.12 16:51:17 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.05.12 16:15:52 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.05.12 16:15:52 | 000,000,000 | ---D | C] -- C:\Users\ralf\AppData\Local\temp
[2012.05.12 16:14:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.05.12 16:05:11 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.05.12 16:00:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.05.12 16:00:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.05.12 16:00:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.05.12 16:00:15 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.05.12 16:00:14 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.05.12 15:59:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.05.12 15:57:31 | 000,000,000 | ---D | C] -- C:\Users\ralf\AppData\Roaming\Malwarebytes
[2012.05.12 15:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.12 15:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.12 15:57:19 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.05.12 15:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.01 09:42:32 | 000,000,000 | ---D | C] -- C:\Users\ralf\AppData\Roaming\Vrutdxft
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.14 09:09:13 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.14 09:09:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.14 09:09:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.14 09:08:59 | 000,049,680 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.05.14 09:08:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.14 09:05:42 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\ralf\Desktop\OTL.exe
[2012.05.13 00:17:07 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.05.13 00:10:27 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.13 00:10:27 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.13 00:10:27 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.13 00:10:27 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.12 23:53:11 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.12 22:19:24 | 000,000,000 | ---- | M] () -- C:\Users\ralf\defogger_reenable
[2012.05.12 22:15:28 | 000,296,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.05.12 16:50:57 | 000,476,960 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012.05.12 16:50:57 | 000,472,864 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012.05.12 16:50:57 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.05.12 16:50:57 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.05.12 16:50:57 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.05.12 16:12:02 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.05.12 16:05:11 | 000,000,814 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.12 15:57:20 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.01 09:43:08 | 000,049,680 | ---- | M] () -- C:\ProgramData\locked-nvModes.001.mwni
[2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.05.13 00:17:07 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.05.12 22:19:24 | 000,000,000 | ---- | C] () -- C:\Users\ralf\defogger_reenable
[2012.05.12 16:05:11 | 000,000,814 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.12 16:00:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.05.12 16:00:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.05.12 16:00:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.05.12 16:00:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.05.12 16:00:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.05.12 15:57:20 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.01 13:23:11 | 000,049,680 | ---- | C] () -- C:\ProgramData\nvModes.001
[2012.02.12 11:48:25 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.12.16 13:09:56 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.02.16 13:35:02 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:F2721624
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:CDFF58FE
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:8BB2EE92
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:DCDE7C60
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:5F538558
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:CBEB737E
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:F7CB87BE
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:002640E3
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:2FF4577A
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:1C9565AC
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:4C509008
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:52DBE86F
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:4D7FCCD3
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:9B2EDA15
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:41099CE9
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:20B17557
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:9AB338B9
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:A696643D

< End of report >

--- --- ---

2b/
OTL logfile:
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 14.05.2012 09:16:13 - Run 1
OTL by OldTimer - Version 3.2.43.0     Folder = C:\Users\ralf\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,56 Gb Available Physical Memory | 56,65% Memory free
5,73 Gb Paging File | 4,34 Gb Available in Paging File | 75,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 112,09 Gb Total Space | 71,29 Gb Free Space | 63,60% Space Free | Partition Type: NTFS
Drive D: | 112,99 Gb Total Space | 108,89 Gb Free Space | 96,38% Space Free | Partition Type: NTFS
Drive E: | 1,88 Gb Total Space | 1,78 Gb Free Space | 95,03% Space Free | Partition Type: FAT32
 
Computer Name: RALF-PC | User Name: ralf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{245A130A-7632-4196-A22C-A4B4977AC8F2}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5874312A-69D8-492B-BC58-3FDB2A836D3B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{64CA7315-D4AC-4BE8-A50F-4A5DE7FFDDD8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{897A987F-3DF1-4A03-8700-063CC1C1B375}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9CC2FDD4-2609-4DA6-AFD6-3FA60EC8FA4C}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A5E5F871-F250-4308-A61A-B05EEEC4D848}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D2C64689-1054-4692-8391-D101CDF80E73}" = lport=137 | protocol=17 | dir=in | app=system | 
"{DCC69C85-8298-49C3-867D-4B42A768F0AC}" = rport=138 | protocol=17 | dir=out | app=system | 
"{DE9CCFCF-F2F5-4436-A338-699474C89DFE}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F0B49F68-CD5B-4739-80AD-53F4FDFF6C90}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F2E43E56-7EFE-4717-97E0-8B755E53C5B1}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F8006D4D-E69B-48B6-B928-C0CDDF24E55C}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04E84C4E-D5D5-401F-B564-9CDDED529F74}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{15AA7534-1768-4917-9FA2-AD6C75204139}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{38C521D5-943C-4D14-838D-68E913232917}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{476AF6CD-505D-42EA-8303-070C30D77F30}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{4ECD18FE-562A-41E8-A2A7-0D9EF440CE48}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{578D0726-B12E-478B-9D2E-AE054DE4B431}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{821A398A-B0CB-40FC-B1AA-A9B2828989E6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{93BE4C8F-7BE2-4BF4-B28D-8E816281C6F7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{95C2F029-AA83-4760-8DAE-FC664E319338}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A634E8AC-34F7-49A4-8F02-F2AFDEB01660}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"TCP Query User{4655B090-3E4B-4EBA-9319-A952241ADBA4}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{BF67EFB6-EC2D-427B-851E-163132F4C434}C:\users\ralf\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe" = protocol=6 | dir=in | app=c:\users\ralf\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe | 
"UDP Query User{8ADD6DD5-7BB6-4C99-BE36-667BBE4911BB}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{C74BB095-5B73-4E29-B250-2E46ABE41A9E}C:\users\ralf\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe" = protocol=17 | dir=in | app=c:\users\ralf\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07690F1C-04B1-4060-9691-6748ED1826B9}" = MSI Software Install
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}" = BurnRecovery
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C2690CF-5B74-4F93-8139-7B5644CD6A3B}" = MobileMe Control Panel
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_HOMESTUDENTR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_HOMESTUDENTR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_HOMESTUDENTR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0403-0000-0000000FF1CE}_HOMESTUDENTR_{BEADB115-DB47-4BD0-A9EC-AE585AFAB2D8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_HOMESTUDENTR_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-042D-0000-0000000FF1CE}_HOMESTUDENTR_{017A6981-5E03-4A97-830A-35FE0927BB7F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0456-0000-0000000FF1CE}_HOMESTUDENTR_{A3A03B41-14EA-4E50-97D8-FCF429AE0CCB}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_HOMESTUDENTR_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2007
"{90120000-00A1-0410-0000-0000000FF1CE}_HOMESTUDENTR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007
"{90120000-00A1-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901C0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D1504C77-1B19-4AF0-8DEC-946666123B55}" = CrazyTalk Cam Suite
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Audio Dub_is1" = Free Audio Dub version 1.5
"Free Disc Burner_is1" = Free Disc Burner version 1.2
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.2
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5 SE
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 5.0.1 (x86 de)" = Mozilla Firefox 5.0.1 (x86 de)
"NAVIGON Fresh" = NAVIGON Fresh 3.2.0
"NVIDIA Drivers" = NVIDIA Drivers
"SMSERIAL" = Motorola SM56 Data Fax Modem
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"YTdetect" = Yahoo! Detect
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.05.2012 10:41:13 | Computer Name = ralf-PC | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 12.05.2012 10:41:30 | Computer Name = ralf-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.05.2012 10:55:22 | Computer Name = ralf-PC | Source = VSS | ID = 12289
Description = 
 
Error - 12.05.2012 14:18:29 | Computer Name = ralf-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.05.2012 16:15:55 | Computer Name = ralf-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.05.2012 16:27:26 | Computer Name = ralf-PC | Source = Perflib | ID = 1010
Description = 
 
Error - 12.05.2012 17:36:26 | Computer Name = ralf-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.05.2012 18:01:12 | Computer Name = ralf-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.05.2012 18:14:04 | Computer Name = ralf-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.05.2012 03:09:44 | Computer Name = ralf-PC | Source = WinMgmt | ID = 10
Description = 
 
[ OSession Events ]
Error - 09.02.2010 15:24:55 | Computer Name = ralf-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 22.09.2010 01:58:18 | Computer Name = ralf-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 26.02.2011 12:07:55 | Computer Name = ralf-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 30.03.2011 16:47:33 | Computer Name = ralf-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 16.04.2011 04:06:58 | Computer Name = ralf-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 25.05.2011 14:10:11 | Computer Name = ralf-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 12.02.2012 06:12:57 | Computer Name = ralf-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 148
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 22.02.2012 16:40:22 | Computer Name = ralf-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 337
 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error - 03.03.2012 06:53:16 | Computer Name = ralf-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 479
 seconds with 60 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 12.05.2012 15:46:43 | Computer Name = ralf-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 12.05.2012 15:46:43 | Computer Name = ralf-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 12.05.2012 16:19:12 | Computer Name = ralf-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 12.05.2012 17:37:35 | Computer Name = ralf-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 12.05.2012 17:38:05 | Computer Name = ralf-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 12.05.2012 17:38:23 | Computer Name = ralf-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 12.05.2012 17:38:35 | Computer Name = ralf-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 12.05.2012 18:02:56 | Computer Name = ralf-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 12.05.2012 18:15:40 | Computer Name = ralf-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 14.05.2012 03:11:38 | Computer Name = ralf-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
 
< End of report >

--- --- ---

3/
CCleaner Prog Info

Code:

ATTFilter

Adobe AIR	Adobe Systems Inc.	25.01.2011	29,4MB	2.5.1.17730
Adobe Flash Player 10 Plugin	Adobe Systems Incorporated	16.04.2010		10.0.45.2
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	01.11.2011		11.0.1.152
Adobe Reader X (10.1.3) - Deutsch	Adobe Systems Incorporated	11.05.2012		10.1.3
Apple Application Support	Apple Inc.	22.11.2010	52,7MB	1.4.1
Apple Mobile Device Support	Apple Inc.	22.11.2010	21,7MB	3.3.0.69
Apple Software Update	Apple Inc.	23.12.2010	2,26MB	2.1.2.120
Ask Toolbar	Ask.com	30.09.2009	1,41MB	1.4.4.0
Avira Free Antivirus	Avira	12.05.2012	65,1MB	12.0.0.1125
Bluetooth Stack for Windows by Toshiba	TOSHIBA CORPORATION	10.12.2008	57,5MB	v6.00.03
Bonjour	Apple Inc.	23.12.2010	0,76MB	2.0.4.0
BurnRecovery	MSI	10.12.2008	26,5MB	1.0.0.1030
CCleaner	Piriform	11.05.2012	4,47MB	3.18
CrazyTalk Cam Suite	Reallusion	01.06.2009	40,8MB	2.0
DVDVideoSoft Toolbar		24.02.2010	25,3MB	
Free Audio CD Burner version 1.4	DVDVideoSoft Limited.	04.09.2010	3,07MB	
Free Audio Dub version 1.5	DVDVideoSoft Limited.	29.10.2009	2,61MB	
Free Disc Burner version 1.2	DVDVideoSoft Limited.	31.10.2009	2,78MB	
Free Video to MP3 Converter version 3.2	DVDVideoSoft Limited.	22.03.2010	3,34MB	
Free YouTube Download 2.3	DVDVideoSoft Limited.	29.10.2009	2,65MB	
Free YouTube to iPod Converter version 3.2	DVDVideoSoft Limited.	24.02.2010	2,58MB	
Free YouTube to MP3 Converter version 3.8	DVDVideoSoft Limited.	04.09.2010	2,68MB	
Google Toolbar for Internet Explorer	Google Inc.	01.04.2012	10,7MB	7.3.2710.138
ICQ Toolbar	ICQ	21.08.2009		3.0.0
iTunes	Apple Inc.	23.12.2010	144,8MB	10.1.1.4
Java(TM) 6 Update 32	Oracle	11.05.2012	95,7MB	6.0.320
Malwarebytes Anti-Malware Version 1.61.0.1400	Malwarebytes Corporation	11.05.2012	11,7MB	1.61.0.1400
McAfee Security Scan Plus	McAfee, Inc.	18.07.2011	9,00MB	2.0.181.2
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU	Microsoft Corporation	29.06.2009	37,0MB	
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	01.06.2009	27,8MB	
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	26.06.2010	120,3MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	26.06.2010	24,5MB	4.0.30319
Microsoft Office Access 2003 Runtime	Microsoft Corporation	11.05.2012		11.0.8173.0
Microsoft Office File Validation Add-In	Microsoft Corporation	18.09.2011		14.0.5130.5003
Microsoft Office Home and Student 2007	Microsoft Corporation	17.03.2012	664MB	12.0.6612.1000
Microsoft Office Live Add-in 1.5	Microsoft Corporation	25.05.2010	0,49MB	2.0.4024.1
Microsoft Office Suite Activation Assistant	Microsoft Corporation	10.12.2008	8,37MB	2.9
Microsoft Silverlight	Microsoft Corporation	12.05.2012		5.1.10411.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	28.07.2009	0,25MB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	14.06.2011	0,29MB	8.0.61001
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	28.07.2009	0,19MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	29.05.2011	0,58MB	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	01.06.2009	0,58MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	14.06.2011	0,58MB	9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	22.10.2011		10.0.40219
Microsoft Works	Microsoft Corporation	09.12.2009		08.05.0822
MobileMe Control Panel	Apple Inc.	22.11.2010	11,9MB	3.1.4.0
Motorola SM56 Data Fax Modem		10.12.2008	2,24MB	
Mozilla Firefox 5.0.1 (x86 de)	Mozilla	14.07.2011	33,1MB	5.0.1
MSI Software Install	MSI	10.12.2008	2,08MB	1.0.8.0922
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	01.06.2009	1,28MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	24.11.2009	1,34MB	4.20.9876.0
MSXML 4.0 SP3 Parser	Microsoft Corporation	25.01.2011	1,48MB	4.30.2100.0
MSXML 4.0 SP3 Parser (KB973685)	Microsoft Corporation	26.01.2011	1,54MB	4.30.2107.0
NAVIGON Fresh 3.2.0	NAVIGON	25.03.2011	66,9MB	3.2.0
NVIDIA Drivers		02.06.2009		
PDFCreator	Frank Heindörfer, Philip Chinery	15.12.2011	30,1MB	1.2.2
QuickTime	Apple Inc.	23.12.2010	73,7MB	7.69.80.9
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista	Realtek	10.12.2008	0,85MB	1.00.0000
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	10.12.2008	22,0MB	6.0.1.5648
Realtek USB 2.0 Card Reader	Realtek Semiconductor Corp.	10.12.2008	4,00MB	
Safari	Apple Inc.	22.11.2010	41,3MB	5.33.19.4
System Control Manager		10.12.2008	4,17MB	2.0208.0922.001.10
Ulead Burn.Now 4.5 SE	InterVideo Digital Technology Corporation	01.06.2009	55,2MB	4.5.0
Uninstall 1.0.0.1		04.09.2010	16,6MB	
Windows Live Essentials	Microsoft Corporation	12.05.2010	44,0MB	14.0.8117.0416
Windows Live ID-Anmelde-Assistent	Microsoft Corporation	25.05.2010	4,69MB	6.500.3165.0
Windows Live-Uploadtool	Microsoft Corporation	06.12.2009	0,22MB	14.0.8014.1029
WinRAR archiver		02.06.2009

Viele Grüße & Danke
VB

kira · 14.05.2012, 11:14

Systemreinigung und Prüfung:

1.
Hast du den Rechner bereits auf Viren überprüft? Folgende Ergebnisse möchte ich noch sehen:

Code:

ATTFilter

C:\Qoobox 
oder C:\ComboFix.txt
(alle vorhandenen Protokolle!)

2.
Deinstalliere, falls unter Systemsteuerung-> Software/Programme existiert:

Code:

ATTFilter

Ask Toolbar <- Adware

Leider oft tragen sich "ungebetene Gäste direkt in die Suchleiste, Startseite und unter Erweiterungen ein" und sie können schon wirklich lästig sein... meistens aus Unwissenheit oder Ignoranz wird mitinstalliert, manche davon gehört sogar zur gefährlichsten Art der Adware , oder auch zum eine "Foistware-Gruppe".

Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
Während des Installationsvorgangs die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.
In diese Kategorie gehören noch einige, wie z.B: -> Unerwünschte Toolbars

Zitat:

Daher ist es ratsam, nach jeder Installation in alle installierten Browser zu kontrollieren, ob:
die aktuelle Webseite als Startseite unter die Lupe nehmen
unter Extras ⇒ Erweiterungen nach ungewollte AddOns/PlugIns, Toolbars schauen
In der Liste Zurzeit installierte Programme (unter Systemsteuerung) nachsehen, ob sich so etwas "ungewoltes" (Programm, Toolbar etc) eingenistet hat!

3.
Wenn Du nicht absichtlich installiert hast, da oft mit andere Programm wird mitinstalliert bzw angeboten (vermutlich durch Adobe Reader), deinstalliere:

Code:

ATTFilter

McAfee Security Scan Plus
vermutlich über Adobe (Flash Player) auf dem rechner gelandet!

obwohl selbst die Programmierer/hersteller ein sehr gute Ruf hat, durch dieses "Helferprinzip" wird dein PC nicht noch mehr geschützt, aber beeinträchtigt die Systemleistung
Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
Bei Installation bitte die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.

4.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht:

Code:

ATTFilter

:OTL
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://supertoolbar.ask.com/redirect?client=ie&tb=DVSV5&o=15012&src=crm&q={searchTerms}&locale=de_DE
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\..\SearchScopes\{E08A9998-D98F-476f-8F5C-37C80FE0A4DA}: "URL" = http://de.search.yahoo.com/search?fr=chr-ober&type=gamenextde&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
[2010.05.01 16:19:12 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\ralf\AppData\Roaming\mozilla\Firefox\Profiles\4m84wyl1.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010.05.19 14:35:34 | 000,001,819 | ---- | M] () -- C:\Users\ralf\AppData\Roaming\Mozilla\Firefox\Profiles\4m84wyl1.default\searchplugins\bing.xml
[2010.05.19 14:35:37 | 000,000,873 | ---- | M] () -- C:\Users\ralf\AppData\Roaming\Mozilla\Firefox\Profiles\4m84wyl1.default\searchplugins\conduit.xml
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
[2012.05.14 09:09:13 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.12 23:53:11 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:F2721624
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:CDFF58FE
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:8BB2EE92
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:DCDE7C60
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:5F538558
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:CBEB737E
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:F7CB87BE
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:002640E3
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:2FF4577A
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:1C9565AC
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:4C509008
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:52DBE86F
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:4D7FCCD3
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:9B2EDA15
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:41099CE9
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:20B17557
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:9AB338B9
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:A696643D

:Files
C:\Users\ralf\AppData\Roaming\Vrutdxft
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

5.
Mozilla Firefox Aktualisieren - über Menü Hilfe und klicken Sie auf Nach Updates suchen....

6.
Tipps (unabhängig davon ob man den Internet Explorer benutzt oder nicht!):
-> Tipps zu Internet Explorer
-> Standard Suchmaschine des Explorers ändern
-> Wie kann ich den Cache im Internet Explorer leeren?

7.
reinige dein System mit CCleaner:

"CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

8.

lade Dir SUPERAntiSpyware FREE Edition herunter.
Achte darauf, eventuell angebotene Toolbar nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar (falls nötig), entfernen.
installiere das Programm und update online.
starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

9.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

10.
-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

11.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

VBike · 14.05.2012, 18:35

Hallo Kira,

habe alles gemacht, beim 10. Schritt gabs Probleme, siehe unten:

1. ComboFix Log
Combofix Logfile:

Code:

ATTFilter

ComboFix 12-05-14.02 - ralf 14.05.2012  13:28:11.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2814.1677 [GMT 2:00]
ausgeführt von:: c:\users\ralf\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-04-14 bis 2012-05-14  ))))))))))))))))))))))))))))))
.
.
2012-05-14 11:36 . 2012-05-14 11:36	--------	d-----w-	c:\users\ralf\AppData\Local\temp
2012-05-14 11:36 . 2012-05-14 11:36	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-05-14 11:36 . 2012-05-14 11:36	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2012-05-12 22:17 . 2012-05-12 22:17	--------	d-----w-	c:\users\ralf\AppData\Roaming\Avira
2012-05-12 22:16 . 2012-04-27 08:20	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-05-12 22:16 . 2012-04-24 22:32	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-12 22:16 . 2012-04-16 19:17	36000	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-05-12 22:16 . 2012-05-12 22:16	--------	d-----w-	c:\programdata\Avira
2012-05-12 22:16 . 2012-05-12 22:16	--------	d-----w-	c:\program files\Avira
2012-05-12 19:34 . 2012-02-29 15:11	5120	----a-w-	c:\windows\system32\wmi.dll
2012-05-12 19:34 . 2012-02-29 15:11	172032	----a-w-	c:\windows\system32\wintrust.dll
2012-05-12 19:34 . 2012-02-29 15:09	157696	----a-w-	c:\windows\system32\imagehlp.dll
2012-05-12 19:34 . 2012-02-29 13:32	12800	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2012-05-12 19:15 . 2012-04-03 08:16	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-12 19:15 . 2012-04-03 08:16	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-05-12 19:15 . 2012-04-02 13:36	2044928	----a-w-	c:\windows\system32\win32k.sys
2012-05-12 15:20 . 2012-04-13 07:36	6734704	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A3681153-50D9-4162-8012-17162BE129F6}\mpengine.dll
2012-05-12 14:52 . 2012-05-12 14:52	--------	d-----w-	c:\program files\Common Files\Java
2012-05-12 14:51 . 2012-05-12 14:50	476960	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-05-12 14:05 . 2012-05-12 14:05	--------	d-----w-	c:\program files\CCleaner
2012-05-12 13:57 . 2012-05-12 13:57	--------	d-----w-	c:\users\ralf\AppData\Roaming\Malwarebytes
2012-05-12 13:57 . 2012-05-12 13:57	--------	d-----w-	c:\programdata\Malwarebytes
2012-05-12 13:57 . 2012-05-12 13:57	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-05-12 13:57 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-05-12 13:38 . 2012-05-12 13:38	1186056	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-05-01 07:42 . 2012-05-12 12:54	--------	d-----w-	c:\users\ralf\AppData\Roaming\Vrutdxft
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-12 14:50 . 2010-06-10 15:01	472864	----a-w-	c:\windows\system32\deployJava1.dll
2012-02-23 08:18 . 2009-10-03 06:40	237072	------w-	c:\windows\system32\MpSigStub.exe
2011-07-08 07:31 . 2011-07-15 17:09	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2010-03-09 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-06-16 15:22	1144712	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
2010-03-09 09:06	2355224	----a-w-	c:\program files\DVDVideoSoft\tbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-16 1144712]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2010-03-09 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-16 1144712]
"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2010-03-09 2355224]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-10 13552160]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-10 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-19 6244896]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-10-26 671744]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-29 75136]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2008-09-22 708608]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
c:\users\ralf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-2-22 2938184]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-08 18:49]
.
2012-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-08 18:49]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.t-online.de/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\ralf\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
TCP: DhcpNameServer = 192.168.178.1
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\users\ralf\AppData\Roaming\Mozilla\Firefox\Profiles\4m84wyl1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-05-14 13:36
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-05-14  13:38:49
ComboFix-quarantined-files.txt  2012-05-14 11:38
.
Vor Suchlauf: 10 Verzeichnis(se), 76.090.380.288 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 76.006.449.152 Bytes frei
.
- - End Of File - - 198A485B43427399E42C0353D4BEAD55

--- --- ---

2. Ask
=> deinstalliert

3. McAfee Security Scan Plus
> deinstalliert

4. OTL
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 14.05.2012 09:16:13 - Run 1
OTL by OldTimer - Version 3.2.43.0     Folder = C:\Users\ralf\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,56 Gb Available Physical Memory | 56,65% Memory free
5,73 Gb Paging File | 4,34 Gb Available in Paging File | 75,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 112,09 Gb Total Space | 71,29 Gb Free Space | 63,60% Space Free | Partition Type: NTFS
Drive D: | 112,99 Gb Total Space | 108,89 Gb Free Space | 96,38% Space Free | Partition Type: NTFS
Drive E: | 1,88 Gb Total Space | 1,78 Gb Free Space | 95,03% Space Free | Partition Type: FAT32
 
Computer Name: RALF-PC | User Name: ralf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\ralf\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International  CO., LTD.)
PRC - C:\Program Files\System Control Manager\MSIService.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\System Control Manager\MSIWmiAcpi.dll ()
MOD - C:\Program Files\System Control Manager\MGKBHook.dll ()
MOD - C:\Program Files\WinRAR 3.61 Multi\rarext.dll ()
MOD - C:\Windows\System32\TosCommAPI.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
SRV - (Micro Star SCM) -- C:\Program Files\System Control Manager\MSIService.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SymIMMP) -- system32\DRIVERS\SymIM.sys File not found
DRV - (SymIM) -- system32\DRIVERS\SymIM.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (HTCAND32) -- System32\Drivers\ANDROIDUSB.sys File not found
DRV - (catchme) -- C:\Users\ralf\AppData\Local\Temp\catchme.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (athrusb) -- C:\Windows\System32\drivers\athrusb.sys (Atheros Communications, Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (ReallusionVirtualAudio) -- C:\Windows\System32\drivers\RLVrtAuCbl.sys ()
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (slabser) -- C:\Windows\System32\drivers\slabser.sys (MCCI)
DRV - (slabbus) Suunto Sports Device driver (WDM) -- C:\Windows\System32\drivers\slabbus.sys (MCCI)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 29 C1 5E 79 09 CC 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://supertoolbar.ask.com/redirect?client=ie&tb=DVSV5&o=15012&src=crm&q={searchTerms}&locale=de_DE
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\..\SearchScopes\{E08A9998-D98F-476f-8F5C-37C80FE0A4DA}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-ober&type=gamenextde&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://go.microsoft.com/fwlink/?LinkId=69157"
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@powerchallenge.com/PowerLoader: C:\Users\ralf\AppData\LocalLow\POWERC~1\nppowerloader.dll (Power Challenge Sweden AB)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.08.29 21:53:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.12 17:05:36 | 000,000,000 | ---D | M]
 
[2010.04.17 00:35:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ralf\AppData\Roaming\mozilla\Extensions
[2010.10.11 13:22:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ralf\AppData\Roaming\mozilla\Firefox\Profiles\4m84wyl1.default\extensions
[2010.04.17 00:36:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\ralf\AppData\Roaming\mozilla\Firefox\Profiles\4m84wyl1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.20 13:06:48 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\ralf\AppData\Roaming\mozilla\Firefox\Profiles\4m84wyl1.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.05.01 16:19:12 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\ralf\AppData\Roaming\mozilla\Firefox\Profiles\4m84wyl1.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010.08.23 10:42:37 | 000,000,000 | ---D | M] (Microsoft Choice Guard) -- C:\Users\ralf\AppData\Roaming\mozilla\Firefox\Profiles\4m84wyl1.default\extensions\ChoiceGuard@Microsoft
[2010.05.19 14:35:34 | 000,001,819 | ---- | M] () -- C:\Users\ralf\AppData\Roaming\Mozilla\Firefox\Profiles\4m84wyl1.default\searchplugins\bing.xml
[2010.05.19 14:35:37 | 000,000,873 | ---- | M] () -- C:\Users\ralf\AppData\Roaming\Mozilla\Firefox\Profiles\4m84wyl1.default\searchplugins\conduit.xml
[2012.05.12 16:51:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010.06.10 17:01:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.22 20:22:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2012.05.12 16:51:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2011.07.08 09:31:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2012.05.12 16:12:02 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International  CO., LTD.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\ralf\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01F76A63-34A1-4BED-9EFB-28A0A3867AD7}: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{022FDE6A-15A5-4F39-86BB-781947C041D8}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\ralf\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\ralf\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.14 09:11:00 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\ralf\Desktop\OTL.exe
[2012.05.13 00:17:56 | 000,000,000 | ---D | C] -- C:\Users\ralf\AppData\Roaming\Avira
[2012.05.13 00:17:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.05.13 00:16:54 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.05.13 00:16:53 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.05.13 00:16:53 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.05.13 00:16:53 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.05.13 00:16:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.05.13 00:16:51 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.05.12 23:53:53 | 000,000,000 | ---D | C] -- C:\Users\ralf\Desktop\Logs
[2012.05.12 21:40:31 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.05.12 21:40:29 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.05.12 21:40:27 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.05.12 21:40:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.05.12 21:40:27 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.05.12 21:40:26 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.05.12 21:18:29 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012.05.12 21:18:29 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.05.12 21:18:29 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012.05.12 21:18:29 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012.05.12 21:18:29 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012.05.12 21:15:25 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.05.12 21:15:24 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.05.12 21:15:24 | 002,044,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.05.12 16:52:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.05.12 16:51:17 | 000,476,960 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012.05.12 16:51:17 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.05.12 16:51:17 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.05.12 16:51:17 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.05.12 16:15:52 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.05.12 16:15:52 | 000,000,000 | ---D | C] -- C:\Users\ralf\AppData\Local\temp
[2012.05.12 16:14:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.05.12 16:05:11 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.05.12 16:00:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.05.12 16:00:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.05.12 16:00:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.05.12 16:00:15 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.05.12 16:00:14 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.05.12 15:59:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.05.12 15:57:31 | 000,000,000 | ---D | C] -- C:\Users\ralf\AppData\Roaming\Malwarebytes
[2012.05.12 15:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.12 15:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.12 15:57:19 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.05.12 15:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.01 09:42:32 | 000,000,000 | ---D | C] -- C:\Users\ralf\AppData\Roaming\Vrutdxft
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.14 09:09:13 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.14 09:09:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.14 09:09:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.14 09:08:59 | 000,049,680 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.05.14 09:08:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.14 09:05:42 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\ralf\Desktop\OTL.exe
[2012.05.13 00:17:07 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.05.13 00:10:27 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.13 00:10:27 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.13 00:10:27 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.13 00:10:27 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.12 23:53:11 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.12 22:19:24 | 000,000,000 | ---- | M] () -- C:\Users\ralf\defogger_reenable
[2012.05.12 22:15:28 | 000,296,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.05.12 16:50:57 | 000,476,960 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012.05.12 16:50:57 | 000,472,864 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012.05.12 16:50:57 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.05.12 16:50:57 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.05.12 16:50:57 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.05.12 16:12:02 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.05.12 16:05:11 | 000,000,814 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.12 15:57:20 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.01 09:43:08 | 000,049,680 | ---- | M] () -- C:\ProgramData\locked-nvModes.001.mwni
[2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.05.13 00:17:07 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.05.12 22:19:24 | 000,000,000 | ---- | C] () -- C:\Users\ralf\defogger_reenable
[2012.05.12 16:05:11 | 000,000,814 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.12 16:00:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.05.12 16:00:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.05.12 16:00:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.05.12 16:00:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.05.12 16:00:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.05.12 15:57:20 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.01 13:23:11 | 000,049,680 | ---- | C] () -- C:\ProgramData\nvModes.001
[2012.02.12 11:48:25 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.12.16 13:09:56 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.02.16 13:35:02 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:F2721624
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:CDFF58FE
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:8BB2EE92
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:DCDE7C60
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:5F538558
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:CBEB737E
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:F7CB87BE
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:002640E3
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:2FF4577A
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:1C9565AC
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:4C509008
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:52DBE86F
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:4D7FCCD3
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:9B2EDA15
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:41099CE9
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:20B17557
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:9AB338B9
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:A696643D

< End of report >

--- --- ---

Extras:
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 14.05.2012 09:16:13 - Run 1
OTL by OldTimer - Version 3.2.43.0     Folder = C:\Users\ralf\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,56 Gb Available Physical Memory | 56,65% Memory free
5,73 Gb Paging File | 4,34 Gb Available in Paging File | 75,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 112,09 Gb Total Space | 71,29 Gb Free Space | 63,60% Space Free | Partition Type: NTFS
Drive D: | 112,99 Gb Total Space | 108,89 Gb Free Space | 96,38% Space Free | Partition Type: NTFS
Drive E: | 1,88 Gb Total Space | 1,78 Gb Free Space | 95,03% Space Free | Partition Type: FAT32
 
Computer Name: RALF-PC | User Name: ralf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{245A130A-7632-4196-A22C-A4B4977AC8F2}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5874312A-69D8-492B-BC58-3FDB2A836D3B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{64CA7315-D4AC-4BE8-A50F-4A5DE7FFDDD8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{897A987F-3DF1-4A03-8700-063CC1C1B375}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9CC2FDD4-2609-4DA6-AFD6-3FA60EC8FA4C}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A5E5F871-F250-4308-A61A-B05EEEC4D848}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D2C64689-1054-4692-8391-D101CDF80E73}" = lport=137 | protocol=17 | dir=in | app=system | 
"{DCC69C85-8298-49C3-867D-4B42A768F0AC}" = rport=138 | protocol=17 | dir=out | app=system | 
"{DE9CCFCF-F2F5-4436-A338-699474C89DFE}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F0B49F68-CD5B-4739-80AD-53F4FDFF6C90}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F2E43E56-7EFE-4717-97E0-8B755E53C5B1}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F8006D4D-E69B-48B6-B928-C0CDDF24E55C}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04E84C4E-D5D5-401F-B564-9CDDED529F74}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{15AA7534-1768-4917-9FA2-AD6C75204139}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{38C521D5-943C-4D14-838D-68E913232917}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{476AF6CD-505D-42EA-8303-070C30D77F30}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{4ECD18FE-562A-41E8-A2A7-0D9EF440CE48}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{578D0726-B12E-478B-9D2E-AE054DE4B431}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{821A398A-B0CB-40FC-B1AA-A9B2828989E6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{93BE4C8F-7BE2-4BF4-B28D-8E816281C6F7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{95C2F029-AA83-4760-8DAE-FC664E319338}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A634E8AC-34F7-49A4-8F02-F2AFDEB01660}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"TCP Query User{4655B090-3E4B-4EBA-9319-A952241ADBA4}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{BF67EFB6-EC2D-427B-851E-163132F4C434}C:\users\ralf\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe" = protocol=6 | dir=in | app=c:\users\ralf\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe | 
"UDP Query User{8ADD6DD5-7BB6-4C99-BE36-667BBE4911BB}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{C74BB095-5B73-4E29-B250-2E46ABE41A9E}C:\users\ralf\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe" = protocol=17 | dir=in | app=c:\users\ralf\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07690F1C-04B1-4060-9691-6748ED1826B9}" = MSI Software Install
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}" = BurnRecovery
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C2690CF-5B74-4F93-8139-7B5644CD6A3B}" = MobileMe Control Panel
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_HOMESTUDENTR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_HOMESTUDENTR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_HOMESTUDENTR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0403-0000-0000000FF1CE}_HOMESTUDENTR_{BEADB115-DB47-4BD0-A9EC-AE585AFAB2D8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_HOMESTUDENTR_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-042D-0000-0000000FF1CE}_HOMESTUDENTR_{017A6981-5E03-4A97-830A-35FE0927BB7F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0456-0000-0000000FF1CE}_HOMESTUDENTR_{A3A03B41-14EA-4E50-97D8-FCF429AE0CCB}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_HOMESTUDENTR_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2007
"{90120000-00A1-0410-0000-0000000FF1CE}_HOMESTUDENTR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007
"{90120000-00A1-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901C0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D1504C77-1B19-4AF0-8DEC-946666123B55}" = CrazyTalk Cam Suite
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Audio Dub_is1" = Free Audio Dub version 1.5
"Free Disc Burner_is1" = Free Disc Burner version 1.2
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.2
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5 SE
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 5.0.1 (x86 de)" = Mozilla Firefox 5.0.1 (x86 de)
"NAVIGON Fresh" = NAVIGON Fresh 3.2.0
"NVIDIA Drivers" = NVIDIA Drivers
"SMSERIAL" = Motorola SM56 Data Fax Modem
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"YTdetect" = Yahoo! Detect
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.05.2012 10:41:13 | Computer Name = ralf-PC | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 12.05.2012 10:41:30 | Computer Name = ralf-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.05.2012 10:55:22 | Computer Name = ralf-PC | Source = VSS | ID = 12289
Description = 
 
Error - 12.05.2012 14:18:29 | Computer Name = ralf-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.05.2012 16:15:55 | Computer Name = ralf-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.05.2012 16:27:26 | Computer Name = ralf-PC | Source = Perflib | ID = 1010
Description = 
 
Error - 12.05.2012 17:36:26 | Computer Name = ralf-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.05.2012 18:01:12 | Computer Name = ralf-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.05.2012 18:14:04 | Computer Name = ralf-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.05.2012 03:09:44 | Computer Name = ralf-PC | Source = WinMgmt | ID = 10
Description = 
 
[ OSession Events ]
Error - 09.02.2010 15:24:55 | Computer Name = ralf-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 22.09.2010 01:58:18 | Computer Name = ralf-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 26.02.2011 12:07:55 | Computer Name = ralf-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 30.03.2011 16:47:33 | Computer Name = ralf-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 16.04.2011 04:06:58 | Computer Name = ralf-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 25.05.2011 14:10:11 | Computer Name = ralf-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 12.02.2012 06:12:57 | Computer Name = ralf-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 148
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 22.02.2012 16:40:22 | Computer Name = ralf-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 337
 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error - 03.03.2012 06:53:16 | Computer Name = ralf-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 479
 seconds with 60 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 12.05.2012 15:46:43 | Computer Name = ralf-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 12.05.2012 15:46:43 | Computer Name = ralf-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 12.05.2012 16:19:12 | Computer Name = ralf-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 12.05.2012 17:37:35 | Computer Name = ralf-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 12.05.2012 17:38:05 | Computer Name = ralf-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 12.05.2012 17:38:23 | Computer Name = ralf-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 12.05.2012 17:38:35 | Computer Name = ralf-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 12.05.2012 18:02:56 | Computer Name = ralf-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 12.05.2012 18:15:40 | Computer Name = ralf-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 14.05.2012 03:11:38 | Computer Name = ralf-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
 
< End of report >

--- --- ---

FEHLER: Beim Runterfahren kam eine Meldung:
Ein Programm hat versucht einen Registry eintrag zu ändern, der zum löschen markiert wurde. Hier konnte ich aber nur ok machen.

der Rechner fuhr dann trotzdem runter.

5. Mozilla:
finde kein Update unter Hilfe, gehe dann später noch mal auf die Suche ...

6. ok

7. Ok

8. SUPERAnti

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 05/14/2012 at 02:41 PM

Application Version : 5.0.1148

Core Rules Database Version : 8590
Trace Rules Database Version: 6402

Scan type       : Complete Scan
Total Scan Time : 00:40:18

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned      : 672
Memory threats detected   : 0
Registry items scanned    : 33553
Registry threats detected : 0
File items scanned        : 37205
File threats detected     : 3

Adware.Tracking Cookie
	C:\USERS\RALF\AppData\Roaming\Microsoft\Windows\Cookies\ralf@www.google[1].txt [ Cookie:ralf@www.google.com/accounts ]
	C:\USERS\RALF\AppData\Roaming\Microsoft\Windows\Cookies\Low\ralf@www.google[4].txt [ Cookie:ralf@www.google.com/accounts ]
	C:\USERS\RALF\Cookies\ralf@www.google[1].txt [ Cookie:ralf@www.google.com/accounts ]

9. Das wird dauern ...

10. Eset

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=719e4586a0e3b54bb05f7b4a3d850f1a
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-14 04:03:28
# local_time=2012-05-14 06:03:28 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 139477 139477 0 0
# compatibility_mode=5892 16776574 100 100 164437 174533216 0 0
# compatibility_mode=8192 67108863 100 0 227 227 0 0
# scanned=128723
# found=1
# cleaned=1
# scan_time=10920
C:\Users\ralf\Favorites\Downloads\FreeYouTubeToiPodConverter.exe	Win32/Adware.ADON application (deleted - quarantined)	00000000000000000000000000000000	C

Fehler:
den eintrag: O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
finde ich in HJS nicht, dafür aber:

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - hxxp://game.zylom.com/activex/zylomgamesplayer.cab

Wenn ich den löschen will, kommt eine Fehlermeldung: ungültiger Prozeduraufruf. wenn ich das noch mal mache das gleiche.

VBike · 14.05.2012, 18:39

Hier das ganze HJT Log:
HiJackthis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:04:14, on 14.05.2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\ralf\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Micro Star SCM - Unknown owner - C:\Program Files\System Control Manager\MSIService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 7503 bytes

--- --- ---

11. OTL

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 14.05.2012 19:06:29 - Run 2
OTL by OldTimer - Version 3.2.43.0     Folder = C:\Users\ralf\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 64,91% Memory free
5,73 Gb Paging File | 4,31 Gb Available in Paging File | 75,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 112,09 Gb Total Space | 70,70 Gb Free Space | 63,08% Space Free | Partition Type: NTFS
Drive D: | 112,99 Gb Total Space | 108,89 Gb Free Space | 96,38% Space Free | Partition Type: NTFS
 
Computer Name: RALF-PC | User Name: ralf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.14 09:05:42 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\ralf\Desktop\OTL.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.01 18:48:04 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011.07.08 09:31:38 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.01.03 18:07:48 | 000,246,520 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.09.22 23:36:48 | 000,708,608 | ---- | M] (Mirco-Star International  CO., LTD.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe
PRC - [2008.08.27 02:52:14 | 000,159,744 | ---- | M] () -- C:\Program Files\System Control Manager\MSIService.exe
PRC - [2008.06.19 11:52:00 | 006,244,896 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.02.22 20:04:42 | 002,938,184 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2008.01.23 06:13:08 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
PRC - [2007.10.30 00:30:14 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2007.10.26 10:49:00 | 000,671,744 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2007.10.05 04:39:42 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2007.09.29 02:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.14 18:49:26 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012.05.14 18:49:26 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012.05.14 13:59:38 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012.05.14 13:59:38 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011.07.08 09:31:38 | 001,850,328 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2010.01.27 03:07:32 | 003,884,312 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2009.10.23 18:01:58 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008.08.25 21:47:16 | 000,192,512 | ---- | M] () -- C:\Program Files\System Control Manager\MSIWmiAcpi.dll
MOD - [2008.07.18 23:39:04 | 000,053,248 | ---- | M] () -- C:\Program Files\System Control Manager\MGKBHook.dll
MOD - [2006.09.14 09:20:24 | 000,126,464 | ---- | M] () -- C:\Program Files\WinRAR 3.61 Multi\rarext.dll
MOD - [2005.07.23 07:30:18 | 000,065,536 | ---- | M] () -- C:\Windows\System32\TosCommAPI.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2010.01.03 18:07:48 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2008.08.27 02:52:14 | 000,159,744 | ---- | M] () [Auto | Running] -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.09.29 02:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ralf\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.08.30 12:25:58 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008.09.10 16:05:00 | 007,587,328 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.09.05 19:50:20 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.08.24 21:22:00 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008.08.18 12:58:00 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008.07.29 05:45:00 | 000,904,192 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb)
DRV - [2008.03.26 08:48:10 | 000,766,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.02.16 01:01:06 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2008.02.01 01:55:06 | 000,074,240 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2008.01.25 10:46:40 | 000,106,496 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.01.24 07:23:12 | 000,052,736 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2008.01.23 06:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2007.11.29 19:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2007.10.26 10:54:00 | 001,020,800 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2007.10.19 00:25:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007.10.02 21:43:22 | 000,064,128 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007.03.19 16:00:14 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RLVrtAuCbl.sys -- (ReallusionVirtualAudio)
DRV - [2006.10.11 05:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2006.05.11 12:51:02 | 000,089,808 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\slabser.sys -- (slabser)
DRV - [2006.05.11 12:51:02 | 000,055,312 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\slabbus.sys -- (slabbus) Suunto Sports Device driver (WDM)
DRV - [2005.01.07 15:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 29 C1 5E 79 09 CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://go.microsoft.com/fwlink/?LinkId=69157"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@powerchallenge.com/PowerLoader: C:\Users\ralf\AppData\LocalLow\POWERC~1\nppowerloader.dll (Power Challenge Sweden AB)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.08.29 21:53:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.12 17:05:36 | 000,000,000 | ---D | M]
 
[2010.04.17 00:35:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ralf\AppData\Roaming\mozilla\Extensions
[2010.10.11 13:22:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ralf\AppData\Roaming\mozilla\Firefox\Profiles\4m84wyl1.default\extensions
[2010.04.17 00:36:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\ralf\AppData\Roaming\mozilla\Firefox\Profiles\4m84wyl1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.20 13:06:48 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\ralf\AppData\Roaming\mozilla\Firefox\Profiles\4m84wyl1.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.08.23 10:42:37 | 000,000,000 | ---D | M] (Microsoft Choice Guard) -- C:\Users\ralf\AppData\Roaming\mozilla\Firefox\Profiles\4m84wyl1.default\extensions\ChoiceGuard@Microsoft
[2012.05.12 16:51:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010.06.10 17:01:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.22 20:22:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2012.05.12 16:51:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2011.07.08 09:31:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2012.05.12 16:12:02 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International  CO., LTD.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\ralf\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01F76A63-34A1-4BED-9EFB-28A0A3867AD7}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{022FDE6A-15A5-4F39-86BB-781947C041D8}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\ralf\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\ralf\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.14 15:03:07 | 000,000,000 | ---D | C] -- C:\Users\ralf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012.05.14 15:03:06 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012.05.14 13:59:23 | 000,000,000 | ---D | C] -- C:\Users\ralf\AppData\Roaming\SUPERAntiSpyware.com
[2012.05.14 13:58:47 | 000,000,000 | ---D | C] -- C:\Users\ralf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.05.14 13:58:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.05.14 13:58:41 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.05.14 13:47:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.05.14 13:44:33 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.05.14 13:38:52 | 000,000,000 | ---D | C] -- C:\Users\ralf\AppData\Local\temp
[2012.05.14 13:37:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.05.14 13:26:49 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.05.14 13:26:29 | 004,492,383 | R--- | C] (Swearware) -- C:\Users\ralf\Desktop\ComboFix.exe
[2012.05.14 09:11:00 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\ralf\Desktop\OTL.exe
[2012.05.13 00:17:56 | 000,000,000 | ---D | C] -- C:\Users\ralf\AppData\Roaming\Avira
[2012.05.13 00:17:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.05.13 00:16:54 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.05.13 00:16:53 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.05.13 00:16:53 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.05.13 00:16:53 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.05.13 00:16:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.05.13 00:16:51 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.05.12 23:53:53 | 000,000,000 | ---D | C] -- C:\Users\ralf\Desktop\Logs
[2012.05.12 21:40:31 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.05.12 21:40:29 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.05.12 21:40:27 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.05.12 21:40:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.05.12 21:40:27 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.05.12 21:40:26 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.05.12 21:18:29 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012.05.12 21:18:29 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.05.12 21:18:29 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012.05.12 21:18:29 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012.05.12 21:18:29 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012.05.12 21:15:25 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.05.12 21:15:24 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.05.12 21:15:24 | 002,044,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.05.12 16:52:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.05.12 16:51:17 | 000,476,960 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012.05.12 16:51:17 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.05.12 16:51:17 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.05.12 16:51:17 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.05.12 16:05:11 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.05.12 16:00:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.05.12 16:00:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.05.12 16:00:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.05.12 16:00:15 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.05.12 15:59:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.05.12 15:57:31 | 000,000,000 | ---D | C] -- C:\Users\ralf\AppData\Roaming\Malwarebytes
[2012.05.12 15:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.12 15:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.12 15:57:19 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.05.12 15:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.14 18:54:31 | 000,002,521 | ---- | M] () -- C:\Users\ralf\Desktop\HiJackThis.lnk
[2012.05.14 18:48:14 | 000,049,680 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.05.14 18:48:11 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.14 18:48:11 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.14 18:48:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.14 13:58:47 | 000,001,810 | ---- | M] () -- C:\Users\ralf\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.05.14 13:14:38 | 004,492,383 | R--- | M] (Swearware) -- C:\Users\ralf\Desktop\ComboFix.exe
[2012.05.14 09:05:42 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\ralf\Desktop\OTL.exe
[2012.05.13 00:17:07 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.05.13 00:10:27 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.13 00:10:27 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.13 00:10:27 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.13 00:10:27 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.12 22:19:24 | 000,000,000 | ---- | M] () -- C:\Users\ralf\defogger_reenable
[2012.05.12 22:15:28 | 000,296,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.05.12 16:50:57 | 000,476,960 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012.05.12 16:50:57 | 000,472,864 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012.05.12 16:50:57 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.05.12 16:50:57 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.05.12 16:50:57 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.05.12 16:12:02 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.05.12 16:05:11 | 000,000,814 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.12 15:57:20 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.01 09:43:08 | 000,049,680 | ---- | M] () -- C:\ProgramData\locked-nvModes.001.mwni
[2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
 
========== Files Created - No Company Name ==========
 
[2012.05.14 15:03:07 | 000,002,521 | ---- | C] () -- C:\Users\ralf\Desktop\HiJackThis.lnk
[2012.05.14 13:58:47 | 000,001,810 | ---- | C] () -- C:\Users\ralf\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.05.13 00:17:07 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.05.12 22:19:24 | 000,000,000 | ---- | C] () -- C:\Users\ralf\defogger_reenable
[2012.05.12 16:05:11 | 000,000,814 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.12 16:00:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.05.12 16:00:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.05.12 16:00:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.05.12 16:00:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.05.12 16:00:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.05.12 15:57:20 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.01 13:23:11 | 000,049,680 | ---- | C] () -- C:\ProgramData\nvModes.001
[2012.02.12 11:48:25 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.12.16 13:09:56 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.02.16 13:35:02 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
 
========== LOP Check ==========
 
[2009.09.09 22:54:21 | 000,000,000 | ---D | M] -- C:\Users\ralf\AppData\Roaming\Blackberry Desktop
[2009.11.27 23:22:17 | 000,000,000 | ---D | M] -- C:\Users\ralf\AppData\Roaming\CasualForge
[2012.05.01 09:48:26 | 000,000,000 | ---D | M] -- C:\Users\ralf\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.08.10 19:30:27 | 000,000,000 | ---D | M] -- C:\Users\ralf\AppData\Roaming\Farm Mania
[2009.08.24 14:48:54 | 000,000,000 | ---D | M] -- C:\Users\ralf\AppData\Roaming\FileMaker
[2009.10.27 19:23:50 | 000,000,000 | ---D | M] -- C:\Users\ralf\AppData\Roaming\Gamelab
[2009.08.30 23:33:42 | 000,000,000 | ---D | M] -- C:\Users\ralf\AppData\Roaming\GARMIN
[2012.05.01 09:48:27 | 000,000,000 | ---D | M] -- C:\Users\ralf\AppData\Roaming\GOL_byHasbro
[2009.11.27 23:21:15 | 000,000,000 | ---D | M] -- C:\Users\ralf\AppData\Roaming\HSA
[2010.09.05 13:01:04 | 000,000,000 | ---D | M] -- C:\Users\ralf\AppData\Roaming\ICQ
[2009.10.03 16:53:51 | 000,000,000 | ---D | M] -- C:\Users\ralf\AppData\Roaming\PlayFirst
[2009.10.28 10:23:35 | 000,000,000 | ---D | M] -- C:\Users\ralf\AppData\Roaming\Pogo Games
[2011.12.30 20:08:26 | 000,000,000 | ---D | M] -- C:\Users\ralf\AppData\Roaming\redsn0w
[2009.09.09 22:55:30 | 000,000,000 | ---D | M] -- C:\Users\ralf\AppData\Roaming\Research In Motion
[2010.12.24 12:07:13 | 000,000,000 | ---D | M] -- C:\Users\ralf\AppData\Roaming\Samsung
[2009.06.03 23:21:03 | 000,000,000 | ---D | M] -- C:\Users\ralf\AppData\Roaming\Template
[2011.01.29 11:42:31 | 000,000,000 | ---D | M] -- C:\Users\ralf\AppData\Roaming\Ulead Systems
[2011.01.08 00:09:20 | 000,000,000 | ---D | M] -- C:\Users\ralf\AppData\Roaming\YoudaGames
[2010.02.15 18:12:33 | 000,000,000 | ---D | M] -- C:\Users\ralf\AppData\Roaming\Zylom
[2012.05.14 18:47:16 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 14.05.2012 19:06:29 - Run 2
OTL by OldTimer - Version 3.2.43.0     Folder = C:\Users\ralf\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 64,91% Memory free
5,73 Gb Paging File | 4,31 Gb Available in Paging File | 75,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 112,09 Gb Total Space | 70,70 Gb Free Space | 63,08% Space Free | Partition Type: NTFS
Drive D: | 112,99 Gb Total Space | 108,89 Gb Free Space | 96,38% Space Free | Partition Type: NTFS
 
Computer Name: RALF-PC | User Name: ralf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{245A130A-7632-4196-A22C-A4B4977AC8F2}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5874312A-69D8-492B-BC58-3FDB2A836D3B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{64CA7315-D4AC-4BE8-A50F-4A5DE7FFDDD8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{897A987F-3DF1-4A03-8700-063CC1C1B375}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9CC2FDD4-2609-4DA6-AFD6-3FA60EC8FA4C}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A5E5F871-F250-4308-A61A-B05EEEC4D848}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D2C64689-1054-4692-8391-D101CDF80E73}" = lport=137 | protocol=17 | dir=in | app=system | 
"{DCC69C85-8298-49C3-867D-4B42A768F0AC}" = rport=138 | protocol=17 | dir=out | app=system | 
"{DE9CCFCF-F2F5-4436-A338-699474C89DFE}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F0B49F68-CD5B-4739-80AD-53F4FDFF6C90}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F2E43E56-7EFE-4717-97E0-8B755E53C5B1}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F8006D4D-E69B-48B6-B928-C0CDDF24E55C}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04E84C4E-D5D5-401F-B564-9CDDED529F74}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{15AA7534-1768-4917-9FA2-AD6C75204139}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{38C521D5-943C-4D14-838D-68E913232917}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{476AF6CD-505D-42EA-8303-070C30D77F30}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{4ECD18FE-562A-41E8-A2A7-0D9EF440CE48}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{578D0726-B12E-478B-9D2E-AE054DE4B431}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{821A398A-B0CB-40FC-B1AA-A9B2828989E6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{93BE4C8F-7BE2-4BF4-B28D-8E816281C6F7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{95C2F029-AA83-4760-8DAE-FC664E319338}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A634E8AC-34F7-49A4-8F02-F2AFDEB01660}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"TCP Query User{4655B090-3E4B-4EBA-9319-A952241ADBA4}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{BF67EFB6-EC2D-427B-851E-163132F4C434}C:\users\ralf\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe" = protocol=6 | dir=in | app=c:\users\ralf\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe | 
"UDP Query User{8ADD6DD5-7BB6-4C99-BE36-667BBE4911BB}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{C74BB095-5B73-4E29-B250-2E46ABE41A9E}C:\users\ralf\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe" = protocol=17 | dir=in | app=c:\users\ralf\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07690F1C-04B1-4060-9691-6748ED1826B9}" = MSI Software Install
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}" = BurnRecovery
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C2690CF-5B74-4F93-8139-7B5644CD6A3B}" = MobileMe Control Panel
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_HOMESTUDENTR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_HOMESTUDENTR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_HOMESTUDENTR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0403-0000-0000000FF1CE}_HOMESTUDENTR_{BEADB115-DB47-4BD0-A9EC-AE585AFAB2D8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_HOMESTUDENTR_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-042D-0000-0000000FF1CE}_HOMESTUDENTR_{017A6981-5E03-4A97-830A-35FE0927BB7F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0456-0000-0000000FF1CE}_HOMESTUDENTR_{A3A03B41-14EA-4E50-97D8-FCF429AE0CCB}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_HOMESTUDENTR_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2007
"{90120000-00A1-0410-0000-0000000FF1CE}_HOMESTUDENTR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007
"{90120000-00A1-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901C0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D1504C77-1B19-4AF0-8DEC-946666123B55}" = CrazyTalk Cam Suite
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Audio Dub_is1" = Free Audio Dub version 1.5
"Free Disc Burner_is1" = Free Disc Burner version 1.2
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.2
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5 SE
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 5.0.1 (x86 de)" = Mozilla Firefox 5.0.1 (x86 de)
"NAVIGON Fresh" = NAVIGON Fresh 3.2.0
"NVIDIA Drivers" = NVIDIA Drivers
"SMSERIAL" = Motorola SM56 Data Fax Modem
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"YTdetect" = Yahoo! Detect
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.05.2012 16:27:26 | Computer Name = ralf-PC | Source = Perflib | ID = 1010
Description = 
 
Error - 12.05.2012 17:36:26 | Computer Name = ralf-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.05.2012 18:01:12 | Computer Name = ralf-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.05.2012 18:14:04 | Computer Name = ralf-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.05.2012 03:09:44 | Computer Name = ralf-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.05.2012 07:09:53 | Computer Name = ralf-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.05.2012 07:45:01 | Computer Name = ralf-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.05.2012 07:49:25 | Computer Name = ralf-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.05.2012 08:53:00 | Computer Name = ralf-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.05.2012 12:48:33 | Computer Name = ralf-PC | Source = WinMgmt | ID = 10
Description = 
 
[ OSession Events ]
Error - 09.02.2010 15:24:55 | Computer Name = ralf-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 22.09.2010 01:58:18 | Computer Name = ralf-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 26.02.2011 12:07:55 | Computer Name = ralf-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 30.03.2011 16:47:33 | Computer Name = ralf-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 16.04.2011 04:06:58 | Computer Name = ralf-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 25.05.2011 14:10:11 | Computer Name = ralf-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 12.02.2012 06:12:57 | Computer Name = ralf-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 148
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 22.02.2012 16:40:22 | Computer Name = ralf-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 337
 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error - 03.03.2012 06:53:16 | Computer Name = ralf-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 479
 seconds with 60 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 14.05.2012 07:19:25 | Computer Name = ralf-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 14.05.2012 07:19:33 | Computer Name = ralf-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 14.05.2012 07:28:02 | Computer Name = ralf-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 14.05.2012 07:32:01 | Computer Name = ralf-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 14.05.2012 07:36:14 | Computer Name = ralf-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 14.05.2012 07:47:04 | Computer Name = ralf-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 14.05.2012 07:47:07 | Computer Name = ralf-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 14.05.2012 07:51:10 | Computer Name = ralf-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 14.05.2012 08:54:52 | Computer Name = ralf-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 14.05.2012 12:50:12 | Computer Name = ralf-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
 
< End of report >

--- --- ---

Was denkst Du, sieht das soweit gut aus?

Vielen dank
VB

kira · 15.05.2012, 09:30

Zitat:

5. Mozilla:
finde kein Update unter Hilfe, gehe dann später noch mal auf die Suche ...

gehe auf Hilfe-> "Über Firefox"...dann läuft von selbst...

Zitat:

Fehler:
den eintrag: O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

Unter Systemsteuerung-> Software/Programme deinstallieren!-> Eset Online Scanner

1.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript (unverändert inkl. :OTL):

Code:

ATTFilter

:OTL
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes,DefaultScope = 

:Files
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Code-Tags in Deinen Thread.

2.
Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf:

Code:

ATTFilter

CCleaner

- Zeitweise laufen lassen:-> Anleitung

3.
Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.

Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
Speichere es auf Deinem Desktop.
Doppelklick auf OTL.exe um das Programm auszuführen.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Klicke auf den Button "Bereinigung"
OTL fragt eventuell nach einem Neustart.
Sollte es dies tun, so lasse dies bitte zu.

Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

4.
Windows legt beispielsweise regelmäßig Schattenkopien an (mindestens einmal täglich), die im Notfall zur Wiederherstellung des Systems und zum Zugriff auf ältere Dateiversionen dienen. Diese Funktion belegt sehr viel Speicherplatz. Standardmäßig beträgt der für Schattenkopien reservierte Speicherplatz 15 % der Volumegröße, so dass die Systemleistung auch beeinträchtigt wird. Außerdem gelöschte und ev. schädliche Objekte, die in der Systemwiederherstellung sitzen, müssen auch entfernt werden:
Also mach bitte folgendes:

*Systemwiederherstellung deaktivieren: Windows 7 und Vista*
PC runterfahren
wieder einschalten
Systemwiederherstellung aktivieren

also zuerst deaktivieren-> dann aktivieren - also am Ende soll wieder "aktiviert" sein!

5.
Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern (man sollte alle 3-4 Monate machen)
z.B. Login-, Mail- oder Website-Passwörter
Tipps:
Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)

6.
► Schaue bitte nach, ob für Windows neue Update gibt?!:-> - Microsoft Update hält Ihren Computer auf dem neuesten Stand!

► Wenn Du keine Probleme mehr hast, können wir damit dann Deinen Thread schließen?
** Lass dein System in der nächste Zeit noch unter Beobachtung!

VBike · 15.05.2012, 16:31

Hallo Kira,

danke für Deine Hilfe. Habe 1-6 gemacht, ohne probleme.

1/
Habe dann letztmalig neu gestartet und folgendes erhalten:

Im Windows Sicherheitscenter:
Avira Desktop hat gemeldet, dass es ausgeschalte ist.

Wenn ich es einschalten will, geht es nicht.

In Programme ist auch kein Avira Desktop drin. Aber ein Avira Free Antivirus.

Wenn ich den öffne sagt er mir:

Ihr Computer ist sicher.

2/
Habe noch immer den Eintrag in HJT:
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - hxxp://game.zylom.com/activex/zylomgamesplayer.cab

Wie bekomme ich den weg?

3/
OTL Log:

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\ralf\Desktop\cmd.bat deleted successfully.
C:\Users\ralf\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: ralf
->Temp folder emptied: 158742 bytes
->Temporary Internet Files folder emptied: 231210 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 62359298 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 625 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 219944 bytes
RecycleBin emptied: 66916 bytes
 
Total Files Cleaned = 60,00 mb
 
 
OTL by OldTimer - Version 3.2.43.0 log created on 05152012_164933

Files\Folders moved on Reboot...
C:\Windows\temp\MpSigStub.log moved successfully.

Registry entries deleted on Reboot...

Dankeschön im Voraus!
VB

kira · 16.05.2012, 08:25

1.
Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis starten→ "Do a system scan only"→ Einträge auswählen→ Häckhen setzen→ "Fix checked" klicken→ PC neu aufstarten):
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen

Code:

ATTFilter

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab

zur Info:
2.

Code:

ATTFilter

Kann ich Add-Ons und ActiveX-Steuerelemente löschen?

Sie können nur die ActiveX-Steuerelemente löschen, die Sie heruntergeladen und installiert haben. Vorinstallierte ActiveX-Steuerelemente und Add-Ons jeglicher Art können Sie nicht löschen, aber deaktivieren. Zum Löschen eines von Ihnen installierten ActiveX-Steuerelements verwenden Sie die Option "Add-Ons verwalten". Wenn das Add-On nicht über "Add-Ons verwalten" entfernt werden kann, sollten Sie versuchen, es über die Systemsteuerung zu deinstallieren.
So löschen Sie ActiveX-Steuerelemente, die Sie in Internet Explorer 8 installiert haben

Öffnen Sie Internet Explorer, indem Sie auf die Schaltfläche StartSchaltfläche "Start" klicken und dann auf Internet Explorer klicken.

Klicken Sie auf die Schaltfläche Extras und dann auf Add-Ons verwalten.

Klicken Sie unter Anzeigen auf Heruntergeladene Steuerelemente, um alle ActiveX-Steuerelemente anzuzeigen.

Klicken Sie auf das zu löschende ActiveX-Steuerelement, und klicken Sie dann auf Weitere Informationen.

Klicken Sie im Dialogfeld Weitere Informationen auf Entfernen. Administratorberechtigung erforderlich Wenn Sie aufgefordert werden, ein Administratorkennwort oder eine Bestätigung einzugeben, geben Sie das Kennwort bzw. die Bestätigung ein.

Wiederholen Sie die Schritte 4 und 5 für alle Steuerelemente, die Sie löschen möchten. Klicken Sie anschließend auf OK.

So löschen Sie ActiveX-Steuerelemente, die Sie in Internet Explorer 7 installiert haben

Öffnen Sie Internet Explorer, indem Sie auf die Schaltfläche StartSchaltfläche "Start" klicken und dann auf Internet Explorer klicken.

Klicken Sie auf die Schaltfläche Extras, zeigen Sie auf Add-Ons verwalten, und klicken Sie dann auf Add-Ons aktivieren bzw. deaktivieren.

Klicken Sie in der Liste Anzeigen auf Heruntergeladene Steuerelemente, um alle ActiveX-Steuerelemente anzuzeigen.

Klicken Sie auf das zu deaktivierende ActiveX-Steuerelement, und klicken Sie dann auf Löschen.

Wiederholen Sie Schritt 4 für jedes Add-On, das Sie deaktivieren möchten. Klicken Sie anschließend auf OK.

VBike · 16.05.2012, 19:16

Hallo Kira,

habe noch folgende Fragen:

1.
Aktuell sind 3 Virenprogramme aktiv im Speicher
a) Malwarebytes
b) Antivir
c) Windows defender.

soll ich die alle aktiv und installiert lassen?

2.
Das Problem dass Windows Security sagt, dass der Rechner unsecure wäre, weil Avira Desktop nicht aktiv wäre, kam heute wieder. Ist das bekannt, was ist da der richtige Schritt?

(Ich habe deshalb noch einmal Antivir im offlinemodus! deinstalliert und neu installiert - vielleicht hilft das?)

Vielen Dank!
VB

kira · 16.05.2012, 22:42

Zitat:

1.
Aktuell sind 3 Virenprogramme aktiv im Speicher
a) Malwarebytes <- kein Antivirusprogramm!
b) Antivir
c) Windows defender. <- auch nicht, aber deaktivieren empfohlen

► Malwarebytes <- deinstallieren

► Windows Defender:
Windows Defender abschalten:
Neben 1 AV-Scanner und 1 Firewall garnix erst nötig und nicht Empfehlenswert aktiv laufen lassen, weil dadurch können sich in die Quere kommen. Bitte dich ihn so zu deaktivieren: -> Aktivieren und Deaktivieren von Windows Defender
► Nach einem Neustart (falls noch existirt) unter "Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK -> Systemstart kontrolliere, ob mitläuft?! - ggf Häckhen rausnehmen
► Unter Dienste:
Start -> Ausführen -> "Services.msc" -> (reinschreiben ohne ""-> OK" - "Eigenschaften"-> Starttyp "Deaktiviert" auswählen

Zitat:

2.
Das Problem dass Windows Security sagt, dass der Rechner unsecure wäre, weil Avira Desktop nicht aktiv wäre, kam heute wieder. Ist das bekannt, was ist da der richtige Schritt?

(Ich habe deshalb noch einmal Antivir im offlinemodus! deinstalliert und neu installiert - vielleicht hilft das?)

ja bekannt...

Avira: schon deinstalliert und erneut installiert? ist das Problem behoben wurde?

VBike · 19.05.2012, 18:44

Hallo Kira,

Rechner ist nun schon seit ein paar Tagen wieder in Betrieb, alles läuft bis jetzt sehr gut.

Vielen Dank noch einmal für Deine freundliche und sehr hilfreiche Unterstützung!

VB

kira · 19.05.2012, 22:47

** Lass dein System in der nächste Zeit noch unter Beobachtung!

1.
Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf:

Code:

ATTFilter

CCleaner

- Zeitweise laufen lassen:-> Anleitung

2.
Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.

Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
Speichere es auf Deinem Desktop.
Doppelklick auf OTL.exe um das Programm auszuführen.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Klicke auf den Button "Bereinigung"
OTL fragt eventuell nach einem Neustart.
Sollte es dies tun, so lasse dies bitte zu.

Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

3.
Windows legt beispielsweise regelmäßig Schattenkopien an (mindestens einmal täglich), die im Notfall zur Wiederherstellung des Systems und zum Zugriff auf ältere Dateiversionen dienen. Diese Funktion belegt sehr viel Speicherplatz. Standardmäßig beträgt der für Schattenkopien reservierte Speicherplatz 15 % der Volumegröße, so dass die Systemleistung auch beeinträchtigt wird. Außerdem gelöschte und ev. schädliche Objekte, die in der Systemwiederherstellung sitzen, müssen auch entfernt werden:
Also mach bitte folgendes:

*Systemwiederherstellung deaktivieren: Windows 7 und Vista*
PC runterfahren
wieder einschalten
Systemwiederherstellung aktivieren

also zuerst deaktivieren-> dann aktivieren - also am Ende soll wieder "aktiviert" sein!

4.
Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern (man sollte alle 3-4 Monate machen)
z.B. Login-, Mail- oder Website-Passwörter
Tipps:
Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)

5.
► Schaue bitte nach, ob für Windows neue Update gibt?!:-> - Microsoft Update hält Ihren Computer auf dem neuesten Stand!

Lesestoff Nr.1:

Wie erstelle ich ein eingeschränktes Benutzerkonto?
Software immer auf dem neuesten Stand halten!:
ALLE auf dem System installierten Programme und Treiber, sollten regelmäßig upgedatet werden um Sicherheitslücken zu vermeiden und um das reibungslose Arbeitsabläufe zu erreichen!
Ein sicherer Browser als IE z.B. *Ein Wechsel des Standardbrowsers zu...von SETI@home* - Firefox - FirefoxWiki/Einstellungen - Erweiterungen für Firefox - Standardbrowser
Sichere eMail Clients z.B. Thunderbird-->Erweiterungen für Mozilla Thunderbird
- Unbekannten E-Mail-Anhang NICHT öffnen!
Sichere Paswort - Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)
Die fünf häufigsten Passwort-Fehler[/b[

"Never accept software from strangers" - Installiere grundsätzlich immer nur Programme, die Du auch wirklich benötigst und von denen Du überzeugt bist, dass sie seriös sind.
Du hast die Wahl!, welche zusätzlichen Komponenten noch installiert werden sollen? -> Bei der Installation immer mitlesen, Sponsoren und Partnerprogramme, Toolbars oder eventuell noch andere extra angebotene Programme möglichst abwählen!
Sponsor-Programm, Toolbars möglist abwählen (so wird oft Art von Adware/Spyware mitinstalliert)

NICHT irgendwelche Programme aus dem Netz laden, wenn nicht zu 100% fest steht, dass es sich dabei um saubere Software handelt. Nette Versprechen der Hersteller garantieren noch lange keine einwandfreie Funktionsweise, also vorher blättere die Seiten bei GOOGLE, da kannst Du Dir wertvolle Informationen holen!!!

Programme und Treiber:
Nur vom Hersteller!

Onlinebanking:
Gib deine Passwörter niemals preis!
Seriöse Bankinstitute, E- Mail- Provider oder Online- Shops versenden grundsätzlich keine E- Mails, in denen Kunden aufgefordert werden, vertrauliche Daten wie Passwörter, Verfügernummer, PINs oder TANs preiszugeben. Bei dieser Art von E- Mails handelt es sich immer um Betrugsversuche, weshalb entsprechende Anfragen nicht beantwortet werden sollten. Sobald der Verdacht auf Betrug entsteht, melde deinen Verdacht der jeweiligen Bank- Hotline.

Comnputer, anderen (Gästen/Freunden) zur Nutzung überlassen überlassen - Nutze nur vertrauenswürdige Computer!
Vergewissere dich, dass nur Personen deines Vertrauens deinen Computer nutzen oder verwalten und wickel niemals Bankgeschäfte über nicht vertrauenswürdige Computer - beispielsweise aus einem Internetcafé während des Urlaubs - ab

Vorsicht bei der Nutzung fremder Computer und anschliessbare Externe Speichermedien wie Festplatte, USB Sticks, Speicherkarten usw![/color] - IT-Betrüger machen keinen Urlaub!/bsi-fuer-buerger.de - auch zeitweise anschließen und scannen lassen (sehe unter `kostenlose Online-Viren-Scanner`)
Webseiten ohne Gültiges Impressum nicht besuchen
Lizenzkosten sparen? - Vorsicht bei Dateien/Programmen aus nicht vertrauenswürdigen Quellen! - "full Keygen, Crack, Serial, Warez, keygenerators" etc.
Sind immer verseucht mit diverse Malware/Schadprogramme/Code, es gibt keine seite wo Viren frei ist. (Man sollte nicht absitlich der Teufel holen) Eine weitere höchst unsichere Quelle ist das File-Sharing der sog. (Musik-)Tauschbörsen.
► Ausserdem machst Du dich damit strafbar!
Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten!
Das Installieren von `zuviel` Software beeinträchtigt die Systemleistung und Sicherheit, verlangsamt den Start-Vorgang enorm und belastet den Arbeitsspeicher (weil laufen ja die Programme nebeneinander gleichzeitig, die viel Performance fressen, aber wenig Qualität bringen). Im Laufe der Zeit wird der rechner durch zu viel unnötigen Ballast immer langsamer, und unsicherer. Um so mehr Programme installiert sind, um so häufiger treten Probleme auf, die dann unter Umständen nur schwer lösen können. Dazu kommt noch, das einige Programme große Sicherheitsrisiken mit sich bringen
Virenscanner
BSI für Bürger
SETI@home - [Sicherheit] Sicherheitskonzept
Entwicklung schädlicher Websites/viruslist.com
Brennpunkt: Bilder und Töne
Gefährliche Bilder, schräge Töne/BSI

** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !!

Zitat:

Da der Bestand der Datenbank wird täglich ergänzt und erweitert bzw werden mit der aktuellen Virendefinition die Informationen über den betroffenen Virus aufgenommen, empfehle ich dir mindestens einmal pro Woche (später genügt es sicherlich einmal im Monat) dein System Online Scannen lassen (immer mit einen anderen Scanner), um eine zweite Meinung einzuholen - Die auf dem Speichermedium gesicherten Daten sollten auch mit einbezogen werden!
(benutzen meist ActiveX und/oder Java): Kostenlose Online Scanner -

Lesestoff Nr.2:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:

Löschen der temporären Dateien in Windows
Verlauf, Cache und Cookies: Spuren beseitigen nach dem Surfen
hier nachlesen und hier microsoft.com
Wenn dein System reibungslos läuft, kannst zeitweise die alte Wiederherstellungspunkte entfernen: -> Alle Systemwiederherstellungspunkte bis auf den Letzten löschen
Oft den PC zu optimieren nütz wenig, der braucht jetzt eine Radikalkur (nach ca. 3-4 jahren, aber hängt von der Häufigkeit der Nutzung bzw Belastung ab): Anleitung: Neuaufsetzen des Systems + Absicherung
Staub, Fingerabdrücke, Handschweiß – PC und Peripherie sehen mit der Zeit ganz schön eklig aus, ausserdem laut, reagiert langsam und wird schnell heiß:
-> verschmutzte PCs sauber machen
-> Frühjahrsputz für den PC: Tipps zur Reinigung und Entrümpelung

wünsch Dir alles Gute

Wenn Du uns unterstützen möchtest→ Spendekonto

gruß
kira

Verschlüsselungsvirus - Log Files scannen

Log-Analyse und Auswertung: Verschlüsselungsvirus - Log Files scannen