RunDLL nach Bundestrojaner - was ist zur Computer Sicherheit noch nötig?

012 055-0 · 02.07.2012, 13:33

Hallo,

bin erst jetzt zum Lesen gekommen;
habe neues OTL laut Anweisung gemacht.

Grüße
Helmut

Edit: Nach Neustart ist die "run.dll" immer noch da :-(

Code:

ATTFilter

OTL logfile created on: 02.07.2012 14:21:58 - Run 4
OTL by OldTimer - Version 3.2.53.0     Folder = C:\Users\Helmut\Desktop
Windows Vista Home Basic Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
958,06 Mb Total Physical Memory | 292,55 Mb Available Physical Memory | 30,54% Memory free
2,12 Gb Paging File | 1,28 Gb Available in Paging File | 60,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147,04 Gb Total Space | 64,44 Gb Free Space | 43,83% Space Free | Partition Type: NTFS
 
Computer Name: HELMUT-PC | User Name: Helmut | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.28 21:48:45 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Helmut\Desktop\OTL.exe
PRC - [2012.05.08 17:45:47 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 17:45:46 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 17:45:46 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 17:45:46 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.09.01 14:39:54 | 000,966,712 | ---- | M] (Nokia) -- C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe
PRC - [2011.06.16 14:09:48 | 000,135,168 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclMSBTSrv.exe
PRC - [2011.06.14 17:42:26 | 001,540,096 | ---- | M] (Nokia) -- C:\Programme\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2011.06.08 14:49:48 | 000,159,744 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2011.06.08 13:02:00 | 000,633,856 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe
PRC - [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
PRC - [2008.03.28 15:39:26 | 000,171,448 | ---- | M] (Google Inc.) -- C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
PRC - [2008.02.22 05:25:21 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre1.6.0_05\bin\jusched.exe
PRC - [2007.02.15 11:04:56 | 000,282,624 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe
PRC - [2007.02.04 12:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Programme\ScanSoft\OmniPageSE4\OpWareSE4.exe
PRC - [2006.12.22 07:31:50 | 000,108,712 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2006.12.22 07:29:56 | 000,067,752 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Photoshop Elements 5.0\apdproxy.exe
PRC - [2006.11.02 14:34:59 | 000,895,488 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2006.11.02 14:34:59 | 000,201,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2006.10.30 16:59:34 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
PRC - [2006.09.20 08:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.09.01 14:38:32 | 000,931,896 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\Maps Service API.dll
MOD - [2011.09.01 14:37:50 | 010,837,504 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtWebKit4.dll
MOD - [2011.09.01 14:37:50 | 000,913,920 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtNetwork4.dll
MOD - [2011.09.01 14:37:50 | 000,416,256 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\sqldrivers\qsqlite4.dll
MOD - [2011.09.01 14:37:50 | 000,196,608 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\Imageformats\qjpeg4.dll
MOD - [2011.09.01 14:37:50 | 000,026,624 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\Imageformats\qgif4.dll
MOD - [2011.09.01 14:37:48 | 008,166,912 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtGui4.dll
MOD - [2011.09.01 14:37:48 | 002,551,296 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtXmlPatterns4.dll
MOD - [2011.09.01 14:37:48 | 002,282,496 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtCore4.dll
MOD - [2011.09.01 14:37:48 | 002,246,656 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtDeclarative4.dll
MOD - [2011.09.01 14:37:48 | 001,288,192 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtScript4.dll
MOD - [2011.09.01 14:37:48 | 000,676,864 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtOpenGL4.dll
MOD - [2011.09.01 14:37:48 | 000,340,480 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtXml4.dll
MOD - [2011.09.01 14:37:48 | 000,266,752 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\phonon4.dll
MOD - [2011.09.01 14:37:48 | 000,190,464 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtSql4.dll
MOD - [2011.09.01 14:08:58 | 000,508,416 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QtMultimediaKit1.dll
MOD - [2011.09.01 14:08:56 | 000,109,568 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\mediaservice\dsengine.dll
MOD - [2011.09.01 14:08:18 | 000,378,880 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QxtCore.dll
MOD - [2011.09.01 14:08:18 | 000,159,232 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\QxtWeb.dll
MOD - [2011.09.01 14:08:16 | 000,089,088 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\qjson.dll
MOD - [2011.09.01 14:08:14 | 000,392,080 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\ssoengine.dll
MOD - [2011.09.01 14:08:14 | 000,387,976 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\OviShareLib.dll
MOD - [2011.09.01 14:08:14 | 000,058,768 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\securestorage.dll
MOD - [2011.09.01 14:07:04 | 000,727,552 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\CommonUpdateChecker.dll
MOD - [2006.10.30 16:59:34 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
MOD - [2006.09.20 08:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
MOD - [2005.07.20 11:48:10 | 000,059,904 | ---- | M] () -- C:\Programme\Nokia\Nokia Ovi Suite\zlib1.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.08 17:45:47 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 17:45:46 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011.06.08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2008.01.02 23:31:09 | 000,265,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.12.22 07:31:50 | 000,108,712 | ---- | M] () [Auto | Running] -- C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2006.11.02 14:34:59 | 000,895,488 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Helmut\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.05.08 17:45:47 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 17:45:47 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.05.18 10:12:38 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011.05.18 10:12:36 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.05.18 10:12:32 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011.05.18 10:12:28 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.30 22:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.05.09 17:33:00 | 000,048,640 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV - [2006.11.02 09:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006.10.14 05:04:33 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006.10.09 15:03:56 | 000,017,152 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Common Files\Marmiko Shared\MInfraIS\MIINPazx.sys -- (MIINPazX)
DRV - [2006.10.09 14:46:44 | 000,017,536 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3080631581-2879162188-20154992-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.drehscheibe-online.de/
IE - HKU\S-1-5-21-3080631581-2879162188-20154992-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-3080631581-2879162188-20154992-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3080631581-2879162188-20154992-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-3080631581-2879162188-20154992-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNA
IE - HKU\S-1-5-21-3080631581-2879162188-20154992-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.09.08 20:25:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.09.08 20:25:51 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2012.06.25 20:28:50 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar2.dll (Google Germany GmbH)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar2.dll (Google Germany GmbH)
O3 - HKU\S-1-5-21-3080631581-2879162188-20154992-1000\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar2.dll (Google Germany GmbH)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ToADiMon.exe] C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - HKU\.DEFAULT..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-18..\Run: [InfoCockpit] C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)
O4 - HKU\S-1-5-21-3080631581-2879162188-20154992-1000..\Run: [BrowserChoice] C:\Windows\System32\browserchoice.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3080631581-2879162188-20154992-1000..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
O4 - HKU\S-1-5-21-3080631581-2879162188-20154992-1000..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-3080631581-2879162188-20154992-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3080631581-2879162188-20154992-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3080631581-2879162188-20154992-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKU\S-1-5-21-3080631581-2879162188-20154992-1000\..Trusted Domains: drehscheibe-online.de ([www] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3080631581-2879162188-20154992-1000\..Trusted Domains: olb.de ([www] * in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3080631581-2879162188-20154992-1000\..Trusted Domains: privatbahnforum.de ([www] http in Vertrauenswürdige Sites)
O16 - DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} https://www.olb.de/olb_fb3_1867b/plugin/AXFOAM.CAB (B+S Banksysteme AG DDBAC Plug-In)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E45CACCA-FE12-4220-A739-E4ECD74A176F}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.26 16:33:58 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\SUPERAntiSpyware.com
[2012.06.26 16:33:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.06.26 16:33:43 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.06.26 16:33:43 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.06.26 16:31:40 | 017,963,072 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Helmut\Desktop\SUPERAntiSpyware.exe
[2012.06.25 23:40:45 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.06.25 23:28:29 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Helmut\Desktop\aswMBR.exe
[2012.06.25 23:18:24 | 000,000,000 | ---D | C] -- C:\Users\Helmut\Desktop\osam_autorun_manager_5_0_portable
[2012.06.25 23:13:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.06.25 23:13:47 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.06.25 20:33:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.06.25 20:33:21 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.06.25 20:12:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.06.25 20:12:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.06.25 20:12:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2012.06.25 20:12:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.06.25 20:12:25 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.06.25 20:12:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.06.25 20:11:45 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.06.25 20:08:08 | 004,568,224 | R--- | C] (Swearware) -- C:\Users\Helmut\Desktop\ComboFix.exe
[2012.06.24 20:23:57 | 002,128,472 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Helmut\Desktop\tdsskiller.exe
[2012.06.21 21:43:01 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.06.18 20:16:20 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Helmut\Desktop\OTL.exe
[2012.06.18 18:48:48 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\Malwarebytes
[2012.06.18 18:48:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.18 18:48:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.18 18:48:38 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.18 18:48:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.06.18 14:52:54 | 000,000,000 | ---D | C] -- C:\T-Online
[2009.01.04 18:54:39 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Helmut\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.02 14:05:00 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.02 14:05:00 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.02 14:04:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.02 14:04:45 | 1005,244,416 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.28 21:48:45 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Helmut\Desktop\OTL.exe
[2012.06.27 15:21:36 | 000,651,112 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.27 15:21:36 | 000,618,272 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.27 15:21:36 | 000,120,908 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.27 15:21:36 | 000,107,416 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.26 16:33:48 | 000,001,806 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.06.26 16:32:17 | 017,963,072 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Helmut\Desktop\SUPERAntiSpyware.exe
[2012.06.26 16:25:38 | 000,002,517 | ---- | M] () -- C:\Users\Helmut\Desktop\Microsoft Office Picture Manager.lnk
[2012.06.25 23:47:11 | 000,000,512 | ---- | M] () -- C:\Users\Helmut\Desktop\MBR.dat
[2012.06.25 23:40:45 | 269,741,338 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.06.25 23:28:37 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Helmut\Desktop\aswMBR.exe
[2012.06.25 23:07:06 | 004,272,474 | ---- | M] () -- C:\Users\Helmut\Desktop\osam_autorun_manager_5_0_portable.rar
[2012.06.25 20:28:50 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.06.25 20:08:09 | 004,568,224 | R--- | M] (Swearware) -- C:\Users\Helmut\Desktop\ComboFix.exe
[2012.06.24 20:24:04 | 002,128,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Helmut\Desktop\tdsskiller.exe
[2012.06.22 12:44:29 | 000,002,609 | ---- | M] () -- C:\Users\Helmut\Desktop\Microsoft Office Word 2003.lnk
[2012.06.18 20:44:51 | 000,302,592 | ---- | M] () -- C:\Users\Helmut\Desktop\vnwfey1h.exe
[2012.06.18 20:14:08 | 000,000,000 | ---- | M] () -- C:\Users\Helmut\defogger_reenable
[2012.06.18 18:48:40 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.18 18:31:47 | 004,503,728 | ---- | M] () -- C:\ProgramData\0tbpw.pad
[2012.06.18 15:30:07 | 000,000,680 | ---- | M] () -- C:\Users\Helmut\AppData\Local\d3d9caps.dat
[2012.06.18 13:39:09 | 000,001,722 | ---- | M] () -- C:\Users\Helmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
 
========== Files Created - No Company Name ==========
 
[2012.06.26 16:33:48 | 000,001,806 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.06.25 23:47:11 | 000,000,512 | ---- | C] () -- C:\Users\Helmut\Desktop\MBR.dat
[2012.06.25 23:39:54 | 269,741,338 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.06.25 23:06:32 | 004,272,474 | ---- | C] () -- C:\Users\Helmut\Desktop\osam_autorun_manager_5_0_portable.rar
[2012.06.25 20:12:37 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.06.25 20:12:37 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.06.25 20:12:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.06.25 20:12:37 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.06.25 20:12:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.06.18 20:44:50 | 000,302,592 | ---- | C] () -- C:\Users\Helmut\Desktop\vnwfey1h.exe
[2012.06.18 20:14:08 | 000,000,000 | ---- | C] () -- C:\Users\Helmut\defogger_reenable
[2012.06.18 18:48:40 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.18 18:28:44 | 1005,244,416 | -HS- | C] () -- C:\hiberfil.sys
[2012.06.18 13:43:00 | 000,000,680 | ---- | C] () -- C:\Users\Helmut\AppData\Local\d3d9caps.dat
[2012.06.18 13:39:09 | 000,001,722 | ---- | C] () -- C:\Users\Helmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.06.18 13:39:08 | 004,503,728 | ---- | C] () -- C:\ProgramData\0tbpw.pad
[2010.10.01 20:01:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.11.29 15:23:21 | 000,008,313 | ---- | C] () -- C:\Users\Helmut\.recently-used.xbel
[2009.05.28 20:30:32 | 000,020,531 | -H-- | C] () -- C:\ProgramData\R49LW
[2009.02.25 16:01:54 | 022,200,867 | ---- | C] () -- C:\Users\Helmut\Streckenkarte_A0_Rastedt.jpg
[2009.02.25 16:00:53 | 000,235,911 | ---- | C] () -- C:\Users\Helmut\Streckenkarte NW.jpg
[2009.01.11 21:48:08 | 000,087,608 | ---- | C] () -- C:\Users\Helmut\AppData\Roaming\inst.exe
[2009.01.04 18:54:39 | 000,087,608 | ---- | C] () -- C:\Users\Helmut\AppData\Roaming\ezpinst.exe
[2009.01.04 18:54:39 | 000,007,887 | ---- | C] () -- C:\Users\Helmut\AppData\Roaming\pcouffin.cat
[2009.01.04 18:54:39 | 000,001,144 | ---- | C] () -- C:\Users\Helmut\AppData\Roaming\pcouffin.inf
[2008.05.24 11:01:49 | 000,049,152 | ---- | C] () -- C:\Users\Helmut\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.04.08 13:59:15 | 002,808,832 | ---- | C] () -- C:\Program Files\Common FilesDDBACSetup.msi
[2008.01.01 20:18:41 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.01.01 19:56:20 | 000,000,094 | ---- | C] () -- C:\Users\Helmut\AppData\Local\fusioncache.dat
 
========== LOP Check ==========
 
[2009.05.28 22:08:42 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Canon
[2008.01.01 20:43:47 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\DataDesign
[2009.11.29 15:23:21 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\gtk-2.0
[2009.07.12 19:50:24 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Lasersoft Imaging
[2009.08.25 22:20:31 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\NewSoft
[2011.10.04 13:30:58 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Nokia
[2011.10.04 13:30:58 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Nokia Ovi Suite
[2009.05.28 21:38:00 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Opera
[2011.10.15 22:25:53 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Packnet
[2011.09.08 21:55:23 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\PC Suite
[2009.05.28 19:37:02 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\ScanSoft
[2008.01.01 19:52:30 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\T-Online
[2009.01.11 21:48:09 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Vso
[2009.05.11 19:50:41 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Zoner
[2008.01.01 19:12:24 | 000,000,000 | ---D | M] -- C:\Users\Helmut.Helmut-PC\AppData\Roaming\DataDesign
[2007.12.29 18:32:34 | 000,000,000 | ---D | M] -- C:\Users\Helmut.Helmut-PC\AppData\Roaming\PeerNetworking
[2008.01.01 19:12:40 | 000,000,000 | ---D | M] -- C:\Users\Helmut.Helmut-PC\AppData\Roaming\T-Online
[2011.06.12 02:24:46 | 000,000,000 | ---D | M] -- C:\Users\Rita\AppData\Roaming\DataDesign
[2009.07.29 11:03:30 | 000,000,000 | ---D | M] -- C:\Users\Rita\AppData\Roaming\NewSoft
[2012.06.11 23:32:15 | 000,000,000 | ---D | M] -- C:\Users\Rita\AppData\Roaming\PC Suite
[2009.07.29 11:02:46 | 000,000,000 | ---D | M] -- C:\Users\Rita\AppData\Roaming\T-Online
[2012.06.28 22:56:02 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< :OTL >
 
< [2012.06.18 13:39:09 | 000,001,722 | ---- | C] () -- C:\Users\Helmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk >
 
< [2012.06.18 13:39:08 | 004,503,728 | ---- | C] () -- C:\ProgramData\0tbpw.pad >
 
< [2009.05.28 20:30:32 | 000,020,531 | -H-- | C] () -- C:\ProgramData\R49LW >
 
< O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present >
 
========== Drive Information ==========
 
Physical Drives
---------------
 
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: SCSI
Media Type: Fixed hard disk media
Model: WDC WD16 00AAJS-07PSA SCSI Disk Device
Partitions: 2
Status: OK
Status Info: 0
 
Partitions
---------------
 
DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 2,00GB
Starting Offset: 6491136
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 147,00GB
Starting Offset: 2156918784
Hidden sectors: 0
 
 
< O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present >
 
< O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present >
 
< O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present >
 
< O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present >
 
< O7 - HKU\S-1-5-21-3080631581-2879162188-20154992-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present >
 
========== Drive Information ==========
 
Physical Drives
---------------
 
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: SCSI
Media Type: Fixed hard disk media
Model: WDC WD16 00AAJS-07PSA SCSI Disk Device
Partitions: 2
Status: OK
Status Info: 0
 
Partitions
---------------
 
DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 2,00GB
Starting Offset: 6491136
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 147,00GB
Starting Offset: 2156918784
Hidden sectors: 0
 
 
<           >

< End of report >

cosinus · 02.07.2012, 14:18

Das ist aber nicht das Log vom Fix
Wie ich bereits sagte, finde ich den entsprechenden Eintrag der für die Meldung sorgt leider nicht

012 055-0 · 05.07.2012, 15:57

Hallo,

jetzt aber der OTL - Fix

Grüße + Danke
Helmut

Edit: Run.DLL jetzt nach Neustart weg...!

Code:

ATTFilter

========== OTL ==========
C:\Users\Helmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk moved successfully.
C:\ProgramData\0tbpw.pad moved successfully.
C:\ProgramData\R49LW moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-3080631581-2879162188-20154992-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3080631581-2879162188-20154992-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
 
OTL by OldTimer - Version 3.2.53.0 log created on 07052012_165428

cosinus · 05.07.2012, 16:12

Zitat:

Edit: Run.DLL jetzt nach Neustart weg...!

yipieee

Sind noch Probleme offen?

012 055-0 · 05.07.2012, 18:41

Hallo,

was ich als Laie ekennen kann, ist alles OK.
Wie geht es jetzt wohl weiter...?

cosinus · 05.07.2012, 20:20

Dann wären wir durch!

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks => Adobe Flash Player Distribution | Adobe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

012 055-0 · 08.07.2012, 18:15

DANKE ! ! !

Grüße

Helmut

02.07.2012, 14:18	#32
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	RunDLL nach Bundestrojaner - was ist zur Computer Sicherheit noch nötig? Das ist aber nicht das Log vom Fix Wie ich bereits sagte, finde ich den entsprechenden Eintrag der für die Meldung sorgt leider nicht __________________ __________________

RunDLL nach Bundestrojaner - was ist zur Computer Sicherheit noch nötig?

Plagegeister aller Art und deren Bekämpfung: RunDLL nach Bundestrojaner - was ist zur Computer Sicherheit noch nötig?