BKA Trojaner mit Virenscanner entfernt - ist jetzt alles in Ordnung?

threeColors · 02.08.2012, 13:35

Hi,

ich hatte letzte Woche plötzlich einen Sperrbildschirm vom BKA - habe von botfrei die DE-Scanner von Avira und Kapersky laufen lassen, beide haben je eine Datei gefunden (eine in Windows\Temp mit TU am Anfang, eine in einem Ordner namens 4849 unterhalb von Appdata\Roaming).
Habe danach mit Malwarebyte gescannt und es wurde nichts gefunden.

Jetzt frage ich mich: Ist alles wieder gut?
Oder muß ich noch etwas tun .. oder hat sich da vielleicht auch noch ein rootkit installiert? Ich frage mich das weil es bei mir einen Ordner hellomoto gibt, genau wie in dem Post nicht gelisteter Trojaner wo drin steht auf dem Rechner des Posters sei ein Rootkit.

Danke für jede Hilfe!

Viele Grüße,
R.

Code:

ATTFilter

OTL logfile created on: 01.08.2012 13:46:35 - Run 2
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\***\Desktop
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1013,75 Mb Total Physical Memory | 122,23 Mb Available Physical Memory | 12,06% Memory free
2,24 Gb Paging File | 0,49 Gb Available in Paging File | 21,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,46 Gb Total Space | 1,40 Gb Free Space | 2,02% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.31 11:41:22 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.07.11 22:55:40 | 000,935,008 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
PRC - [2012.07.11 22:55:34 | 001,209,952 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\ScriptHelperInstaller\11.2.0\ScriptHelper.exe
PRC - [2012.07.11 22:55:33 | 001,107,552 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe
PRC - [2012.07.04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgidsagent.exe
PRC - [2012.06.13 03:48:26 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgrsx.exe
PRC - [2012.06.13 03:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgnsx.exe
PRC - [2012.06.13 03:48:04 | 000,990,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgscanx.exe
PRC - [2012.04.05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgtray.exe
PRC - [2012.03.19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgemcx.exe
PRC - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgwdsvc.exe
PRC - [2012.02.14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgcsrvx.exe
PRC - [2011.11.28 22:01:39 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.05.28 08:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.03.04 07:28:48 | 000,035,616 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\TrackPoint\tp4servinst.exe
PRC - [2008.03.04 07:28:44 | 000,092,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\TrackPoint\tp4serv.exe
PRC - [2008.01.19 09:33:30 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007.03.09 15:24:04 | 000,124,464 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2007.03.09 15:23:36 | 000,120,368 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2007.03.09 15:23:18 | 000,419,376 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2007.03.09 15:23:08 | 000,194,096 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2007.03.09 15:23:02 | 000,083,504 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2007.02.06 12:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007.01.17 20:01:00 | 000,058,416 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2006.12.15 17:50:52 | 000,011,776 | ---- | M] ( ) -- c:\Programme\Lenovo\System Update\SUService.exe
PRC - [2006.12.14 00:13:02 | 000,569,344 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2006.12.13 23:59:04 | 000,022,016 | ---- | M] () -- C:\Programme\Common Files\Lenovo\Logger\logmon.exe
PRC - [2006.12.13 22:46:08 | 000,045,056 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2006.12.13 13:18:38 | 000,927,296 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Client Security Solution\tvtpwm_tray.exe
PRC - [2006.12.13 12:43:16 | 000,644,672 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2006.11.20 07:14:14 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\Windows\System32\IPSSVC.EXE
PRC - [2006.11.15 17:21:56 | 000,217,176 | ---- | M] (Diskeeper Corporation) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2006.11.15 17:20:46 | 000,634,988 | ---- | M] (Diskeeper Corporation) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006.11.10 06:26:08 | 000,064,128 | ---- | M] () -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2006.11.07 12:51:40 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\AwayTask\AwaySch.EXE
PRC - [2006.10.13 06:09:00 | 000,073,256 | ---- | M] () -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2006.10.13 06:08:56 | 000,055,928 | ---- | M] () -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2006.09.06 09:39:10 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe
PRC - [2006.02.24 01:38:22 | 001,138,688 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Sun\StarOffice 8\program\soffice.bin
PRC - [2006.02.24 01:38:18 | 000,991,232 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Sun\StarOffice 8\program\soffice.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.11 22:55:43 | 000,132,704 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll
MOD - [2012.07.11 22:55:34 | 001,209,952 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\ScriptHelperInstaller\11.2.0\ScriptHelper.exe
MOD - [2012.07.11 22:55:33 | 001,107,552 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe
MOD - [2009.08.23 19:58:06 | 000,094,208 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2007.01.31 19:01:00 | 000,063,024 | ---- | M] () -- C:\Programme\ThinkVantage\PrdCtr\GR\LPRESMGR.DLL
MOD - [2007.01.17 20:01:00 | 000,235,056 | ---- | M] () -- C:\Programme\Lenovo\NPDIRECT\tpfnf7.dll
MOD - [2007.01.17 20:01:00 | 000,071,216 | ---- | M] () -- C:\Programme\Lenovo\NPDIRECT\OEMDSP4I.DLL
MOD - [2007.01.17 20:01:00 | 000,063,024 | ---- | M] () -- C:\Programme\Lenovo\NPDIRECT\OEMDSPIF.DLL
MOD - [2006.12.19 19:01:00 | 000,120,368 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\PWMIF32V.DLL
MOD - [2006.12.19 19:01:00 | 000,035,376 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\PWMRT32V.DLL
MOD - [2006.12.13 23:58:20 | 000,139,264 | ---- | M] () -- C:\Programme\Common Files\Lenovo\CDRecord.dll
MOD - [2006.12.13 12:24:40 | 000,110,592 | ---- | M] () -- C:\Programme\Common Files\Lenovo\xml4cmessages5_5.dll
MOD - [2006.11.28 19:30:00 | 000,063,024 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\EZMAPRES.DLL
MOD - [2006.11.10 06:26:08 | 000,064,128 | ---- | M] () -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
MOD - [2006.11.10 06:26:02 | 000,030,256 | ---- | M] () -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.dll
MOD - [2006.10.13 06:09:00 | 000,073,256 | ---- | M] () -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
MOD - [2006.09.06 09:37:02 | 000,079,400 | ---- | M] () -- C:\Programme\Lenovo\HOTKEY\TPLHMM.dll
MOD - [2006.02.10 22:31:10 | 000,828,416 | ---- | M] () -- C:\Programme\Sun\StarOffice 8\program\libxml2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler)
SRV - [2012.07.27 17:10:03 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.11 22:55:40 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012.07.04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.12.10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ)
SRV - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2010.12.10 18:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2009.06.17 11:18:42 | 006,582,912 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
SRV - [2008.12.10 01:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- C:\Programme\wamp\bin\apache\Apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2008.03.04 07:28:48 | 000,035,616 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\TrackPoint\tp4servinst.exe -- (tp4serv)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007.03.09 15:23:08 | 000,194,096 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2007.03.09 15:23:02 | 000,083,504 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2007.02.06 12:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2006.12.15 17:50:52 | 000,011,776 | ---- | M] ( ) [Auto | Running] -- c:\Programme\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2006.12.14 00:13:02 | 000,569,344 | ---- | M] () [Auto | Running] -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2006.12.13 22:46:08 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2006.12.13 12:43:16 | 000,644,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2006.11.20 07:14:14 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Windows\System32\IPSSVC.EXE -- (IPSSVC)
SRV - [2006.11.15 17:20:46 | 000,634,988 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.13 06:08:56 | 000,055,928 | ---- | M] () [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.04.19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012.03.19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012.02.22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012.01.31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.12.23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.12.23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011.12.23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011.12.23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2009.10.22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\65230672.sys -- (65230672)
DRV - [2009.10.09 23:31:02 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\6523067.sys -- (setup_9.0.0.722_07.07.2012_12-34drv)
DRV - [2009.09.25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\65230671.sys -- (65230671)
DRV - [2007.10.15 20:29:28 | 000,737,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2006.12.19 19:01:00 | 000,012,080 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2006.12.14 05:32:08 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006.11.27 17:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006.11.06 10:24:56 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006.09.13 13:42:44 | 000,035,264 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2006.09.13 07:42:18 | 000,028,224 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2006.08.30 12:04:04 | 000,013,744 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.live.com
IE - HKLM\..\SearchScopes,DefaultScope = {14E66683-C83B-4580-BD9E-569D4396E209}
IE - HKLM\..\SearchScopes\{14E66683-C83B-4580-BD9E-569D4396E209}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=LENIE
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-559201451-4058377737-3668885732-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-559201451-4058377737-3668885732-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-559201451-4058377737-3668885732-1003\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-559201451-4058377737-3668885732-1003\..\SearchScopes\{14E66683-C83B-4580-BD9E-569D4396E209}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=LENIE
IE - HKU\S-1-5-21-559201451-4058377737-3668885732-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={E6CB145B-555B-45EF-95B6-637E05292147}&mid=7652ab69105e30af62d5667de3c6d6bb-14a1cfcc2cd3033a734069eb5e436630d4c1a06f&lang=de&ds=AVG&pr=fr&d=2012-07-11 22:55:49&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-559201451-4058377737-3668885732-1003\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = hxxp://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=us&nt=1
IE - HKU\S-1-5-21-559201451-4058377737-3668885732-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012.07.17 08:20:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012.07.11 22:50:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012.07.11 22:56:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.27 17:10:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.11 22:02:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{FCF36B88-1BBA-487f-B64B-D2E8980A9293}: C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension [2009.11.18 20:23:47 | 000,000,000 | ---D | M]
 
[2009.11.27 23:22:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2009.11.27 23:22:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\uploadr@flickr.com
[2012.07.30 23:06:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4dv4qp29.default\extensions
[2011.03.27 22:36:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4dv4qp29.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.07.27 17:10:26 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.27 17:10:04 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007.08.24 21:52:00 | 000,300,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll
[2012.07.27 17:10:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.11 22:55:23 | 000,003,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.07.27 17:10:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.27 17:10:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.27 17:10:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.27 17:10:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.27 17:10:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-559201451-4058377737-3668885732-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-559201451-4058377737-3668885732-1003\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKU\S-1-5-21-559201451-4058377737-3668885732-1003\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-559201451-4058377737-3668885732-1003\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [BLOG] C:\Programme\ThinkPad\Utilities\BTVLOGEX.DLL ()
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [LenovoOobeOffers] c:\swtools\LenovoWelcome\LenovoOobeOffers.exe (Lenovo)
O4 - HKLM..\Run: [LenovoRegistration] C:\SWTOOLS\LenovoWelcome\LenovoRegistration.exe (Lenovo)
O4 - HKLM..\Run: [PWMTRV] C:\Programme\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_07.07.2012_12-34.lnk = C:\Users\***\Desktop\DE-Cleaner powered by Kaspersky\setup_9.0.0.722_07.07.2012_12-34\startup.exe ()
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StarOffice 8.lnk = C:\Programme\Sun\StarOffice 8\program\quickstart.exe ()
O7 - HKU\S-1-5-21-559201451-4058377737-3668885732-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-559201451-4058377737-3668885732-1003\..Trusted Domains: xing.com ([www] https in Trusted sites)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab (EPUImageControl Class)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} hxxp://static.pe.studivz.net/photouploader/ImageUploader4.cab?nocache=1204124616 (Image Uploader Control)
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} hxxp://cid-a4a0c25285dc5c20.spaces.live.com/PhotoUpload/VistaMsnPUpldde-de.cab (Windows Live Photo Upload Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8440AC40-B18B-4481-B99B-43740385BC96}: NameServer = 195.50.140.118 195.50.140.180
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.31 11:41:07 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.07.31 07:34:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.07.31 07:33:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.31 07:33:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.31 07:33:57 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.31 07:33:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.30 23:23:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012.07.30 23:20:12 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\65230672.sys
[2012.07.30 23:20:11 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\65230671.sys
[2012.07.30 23:20:10 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\6523067.sys
[2012.07.30 23:19:53 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\DE-Cleaner powered by Kaspersky
[2012.07.30 22:54:24 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam-setup-1.62.0.1300.exe
[2012.07.30 22:23:03 | 000,000,000 | ---D | C] -- C:\J
[2012.07.30 22:15:05 | 000,000,000 | ---D | C] -- C:\I
[2012.07.30 15:26:22 | 000,000,000 | ---D | C] -- C:\H
[2012.07.30 14:24:32 | 000,000,000 | ---D | C] -- C:\G
[2012.07.30 14:20:07 | 000,000,000 | ---D | C] -- C:\F
[2012.07.30 14:17:19 | 000,000,000 | ---D | C] -- C:\E
[2012.07.30 14:05:34 | 000,000,000 | ---D | C] -- C:\D
[2012.07.30 13:42:30 | 000,000,000 | ---D | C] -- C:\C
[2012.07.30 13:31:18 | 000,000,000 | ---D | C] -- C:\B
[2012.07.28 07:53:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\hellomoto
[2012.07.27 17:10:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.07.27 17:10:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.07.24 13:55:23 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\von_bp
[2012.07.17 08:20:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012.07.11 22:56:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\AVG Secure Search
[2012.07.11 22:55:44 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012.07.11 22:55:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012.07.11 22:55:32 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012.07.11 22:49:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\AVG2012
[2012.07.11 22:48:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.01 15:01:03 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.01 15:01:03 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.01 13:12:54 | 102,697,338 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012.08.01 13:00:14 | 000,025,269 | ---- | M] () -- C:\Windows\System32\PROCDB.INI
[2012.08.01 13:00:13 | 000,000,480 | ---- | M] () -- C:\Windows\System32\IPSCtrl.INI
[2012.08.01 12:59:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.31 11:41:22 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.07.31 07:34:11 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.30 23:56:52 | 000,646,466 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.30 23:56:51 | 000,690,080 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.30 23:56:51 | 000,123,294 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.30 23:56:50 | 000,151,654 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.30 23:23:08 | 000,002,329 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_07.07.2012_12-34.lnk
[2012.07.30 22:54:30 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam-setup-1.62.0.1300.exe
[2012.07.30 22:51:53 | 138,252,688 | ---- | M] (                                                            ) -- C:\Users\***\Desktop\setup_9.0.0.722_07.07.2012_12-34.exe
[2012.07.30 22:28:54 | 000,000,144 | ---- | M] () -- C:\Users\***\AppData\Roaming\503599849
[2012.07.30 20:00:07 | 000,000,714 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Systemprüfung ausführen - ***.job
[2012.07.30 17:18:46 | 000,001,876 | ---- | M] () -- C:\Users\***\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2012.07.30 17:18:46 | 000,001,805 | ---- | M] () -- C:\Users\***\Desktop\Avira DE-Cleaner.lnk
[2012.07.30 17:03:17 | 000,883,840 | ---- | M] () -- C:\Users\***\Desktop\Avira-DE-Cleaner.exe
[2012.07.27 18:56:25 | 004,919,784 | ---- | M] () -- C:\Users\***\Desktop\wordpress-3.4.1.zip
[2012.07.25 17:44:42 | 000,032,538 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012.07.31 07:34:11 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.30 23:23:08 | 000,002,329 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_07.07.2012_12-34.lnk
[2012.07.30 22:51:25 | 138,252,688 | ---- | C] (                                                            ) -- C:\Users\***\Desktop\setup_9.0.0.722_07.07.2012_12-34.exe
[2012.07.30 22:28:54 | 000,000,144 | ---- | C] () -- C:\Users\***\AppData\Roaming\503599849
[2012.07.30 17:18:46 | 000,001,876 | ---- | C] () -- C:\Users\***\Desktop\Entfernen des Avira DE-Cleaners.lnk
[2012.07.30 17:18:46 | 000,001,805 | ---- | C] () -- C:\Users\***\Desktop\Avira DE-Cleaner.lnk
[2012.07.30 17:03:01 | 000,883,840 | ---- | C] () -- C:\Users\***\Desktop\Avira-DE-Cleaner.exe
[2012.07.27 18:56:05 | 004,919,784 | ---- | C] () -- C:\Users\***\Desktop\wordpress-3.4.1.zip
[2008.02.27 19:41:00 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008.01.09 15:13:48 | 000,008,704 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.01.09 14:30:08 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
 
========== LOP Check ==========
 
[2012.07.11 22:49:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AVG2012
[2010.03.06 09:06:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AVG9
[2012.07.24 18:30:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CoreFTP
[2009.09.28 16:21:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2009.11.27 23:22:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Flickr
[2012.07.28 07:54:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\hellomoto
[2008.04.19 12:29:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lenovo
[2012.08.01 13:03:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\StarOffice8
[2012.08.01 08:14:28 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

t'john · 02.08.2012, 13:55

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Code:

ATTFilter

:OTL

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys) 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP) 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) 
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) 
DRV - [2006.12.19 19:01:00 | 000,012,080 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF) 
IE - HKLM\..\SearchScopes,DefaultScope = {14E66683-C83B-4580-BD9E-569D4396E209} 
IE - HKLM\..\SearchScopes\{14E66683-C83B-4580-BD9E-569D4396E209}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE 
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-559201451-4058377737-3668885732-1003\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} 
IE - HKU\S-1-5-21-559201451-4058377737-3668885732-1003\..\SearchScopes\{14E66683-C83B-4580-BD9E-569D4396E209}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE 
IE - HKU\S-1-5-21-559201451-4058377737-3668885732-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={E6CB145B-555B-45EF-95B6-637E05292147}&mid=7652ab69105e30af62d5667de3c6d6bb-14a1cfcc2cd3033a734069eb5e436630d4c1a06f&lang=de&ds=AVG&pr=fr&d=2012-07-11 22:55:49&v=11.1.0.12&sap=dsp&q={searchTerms} 
IE - HKU\S-1-5-21-559201451-4058377737-3668885732-1003\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=us&nt=1 
IE - HKU\S-1-5-21-559201451-4058377737-3668885732-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - user.js - File not found 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012.07.11 22:56:25 | 000,000,000 | ---D | M] 
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) 
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. 
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. 
O3 - HKU\S-1-5-21-559201451-4058377737-3668885732-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. 
O3 - HKU\S-1-5-21-559201451-4058377737-3668885732-1003\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found. 
O3 - HKU\S-1-5-21-559201451-4058377737-3668885732-1003\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. 
O3 - HKU\S-1-5-21-559201451-4058377737-3668885732-1003\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. 

O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_07.07.2012_12-34.lnk = C:\Users\***\Desktop\DE-Cleaner powered by Kaspersky\setup_9.0.0.722_07.07.2012_12-34\startup.exe () 
O7 - HKU\S-1-5-21-559201451-4058377737-3668885732-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O15 - HKU\S-1-5-21-559201451-4058377737-3668885732-1003\..Trusted Domains: xing.com ([www] https in Trusted sites) 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] 

[2012.07.30 22:54:24 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\***\Desktop\mbam-setup-1.62.0.1300.exe 

[2012.07.30 23:23:08 | 000,002,329 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_07.07.2012_12-34.lnk 
[2012.07.30 22:51:53 | 138,252,688 | ---- | M] ( ) -- C:\Users\***\Desktop\setup_9.0.0.722_07.07.2012_12-34.exe 
[2012.07.30 17:03:17 | 000,883,840 | ---- | M] () -- C:\Users\***\Desktop\Avira-DE-Cleaner.exe 
[2012.07.27 17:10:26 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions 
[2012.07.27 17:10:04 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll 
[2012.07.27 17:10:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml 
[2012.07.27 17:10:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml 
[2012.07.27 17:10:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml 
[2012.07.27 17:10:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml 
[2012.07.27 17:10:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml 
[2012.07.27 17:10:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml 

[2012.07.28 07:53:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\hellomoto 

[2012.07.30 20:00:07 | 000,000,714 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Systemprüfung ausführen - ***.job 
:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

threeColors · 02.08.2012, 16:33

Danke t'john.

OTL lief einmal durch - am Ende stand im Fenster so etwas "Processing completed" und darüber eine Meldung von Windows "OTL funktioniert nicht mehr und muß beendet werden". Danach konnte ich den PC nur neu starten, weil die Startleiste seit dem Beginn des Fix nicht mehr zu sehen war.

Hier das Log - wie schaut es aus?

Code:

ATTFilter

All processes killed
========== OTL ==========
Service UIUSys stopped successfully!
Service UIUSys deleted successfully!
File system32\DRIVERS\UIUSYS.SYS not found.
Service SymIMMP stopped successfully!
Service SymIMMP deleted successfully!
File system32\DRIVERS\SymIM.sys not found.
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File system32\DRIVERS\nwlnkfwd.sys not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File system32\DRIVERS\nwlnkflt.sys not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File system32\DRIVERS\ipinip.sys not found.
Service blbdrive stopped successfully!
Service blbdrive deleted successfully!
File C:\Windows\system32\drivers\blbdrive.sys not found.
Error: Unable to stop service TPPWRIF!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TPPWRIF deleted successfully.
C:\Windows\System32\drivers\TPPWR32V.SYS moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{14E66683-C83B-4580-BD9E-569D4396E209}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14E66683-C83B-4580-BD9E-569D4396E209}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKEY_USERS\S-1-5-21-559201451-4058377737-3668885732-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-559201451-4058377737-3668885732-1003\Software\Microsoft\Internet Explorer\SearchScopes\{14E66683-C83B-4580-BD9E-569D4396E209}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14E66683-C83B-4580-BD9E-569D4396E209}\ not found.
Registry key HKEY_USERS\S-1-5-21-559201451-4058377737-3668885732-1003\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-559201451-4058377737-3668885732-1003\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
HKU\S-1-5-21-559201451-4058377737-3668885732-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ not found.
File move failed. C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\S-1-5-21-559201451-4058377737-3668885732-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-559201451-4058377737-3668885732-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
Registry value HKEY_USERS\S-1-5-21-559201451-4058377737-3668885732-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\S-1-5-21-559201451-4058377737-3668885732-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
C:\Users\Rainer Krauß\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_07.07.2012_12-34.lnk moved successfully.
C:\Users\Rainer Krauß\Desktop\DE-Cleaner powered by Kaspersky\setup_9.0.0.722_07.07.2012_12-34\startup.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-559201451-4058377737-3668885732-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\S-1-5-21-559201451-4058377737-3668885732-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xing.com\www\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
C:\Users\Rainer Krauß\Desktop\mbam-setup-1.62.0.1300.exe moved successfully.
File C:\Users\Rainer Krauß\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_07.07.2012_12-34.lnk not found.
C:\Users\Rainer Krauß\Desktop\setup_9.0.0.722_07.07.2012_12-34.exe moved successfully.
C:\Users\Rainer Krauß\Desktop\Avira-DE-Cleaner.exe moved successfully.
C:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\Programme\Mozilla Firefox\extensions folder moved successfully.
C:\Programme\Mozilla Firefox\components\browsercomps.dll moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\bing.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully.
C:\Users\Rainer Krauß\AppData\Roaming\hellomoto folder moved successfully.
C:\Windows\Tasks\Norton Internet Security - Systemprüfung ausführen - Rainer Krauß.job moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
No captured output from command...
C:\Users\Rainer Krauß\Desktop\cmd.bat deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Rainer Krauß
->Temp folder emptied: 124188992 bytes
->Temporary Internet Files folder emptied: 128668038 bytes
->Java cache emptied: 3073344 bytes
->FireFox cache emptied: 222891766 bytes
->Flash cache emptied: 1096 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 439382568 bytes
RecycleBin emptied: 343007440 bytes
 
Total Files Cleaned = 1.203,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Rainer Krauß
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.55.0 log created on 08022012_170419

Files\Folders moved on Reboot...
File move failed. C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll scheduled to be moved on reboot.

PendingFileRenameOperations files...
[2009.12.18 03:16:54 | 000,061,888 | ---- | M] (Adobe Systems Incorporated) C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll : MD5=EAE7D779D59448F98B8A7F9102199DEB

Registry entries deleted on Reboot...

t'john · 02.08.2012, 16:57

Sehr gut!

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

threeColors · 02.08.2012, 20:18

Danke, t'john!

Hier die Logs: Von Malwarebytes ...

Code:

ATTFilter

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.02.07

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
*** :: ***-PC [Administrator]

02.08.2012 18:58:48
mbam-log-2012-08-02 (18-58-48).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 341457
Laufzeit: 2 Stunde(n), 7 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

...und von AdwCleaner ...

Code:

ATTFilter

# AdwCleaner v1.800 - Logfile created 08/02/2012 at 21:10:47
# Updated 01/08/2012 by Xplode
# Operating system : Windows Vista (TM) Business Service Pack 1 (32 bits)
# User : *** - ***-PC
# Running from : C:\Users\***\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****

Found : vToolbarUpdater11.2.0

***** [Files / Folders] *****

Folder Found : C:\Users\***\AppData\Local\AVG Secure Search
Folder Found : C:\Users\***\AppData\LocalLow\AVG Secure Search
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\Program Files\AVG Secure Search
Folder Found : C:\Program Files\Common Files\AVG Secure Search
File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml

***** [Registry] *****

Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\IGearSettings
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19088

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (de)

Profile name : default 
File : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4dv4qp29.default\prefs.js

Found : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\11.1.0.12");
Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Found : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7B7b7d404e-99c8-467e-b789-ed9b4d0fdbc7%[...]

*************************

AdwCleaner[R1].txt - [4580 octets] - [02/08/2012 21:10:47]

########## EOF - C:\AdwCleaner[R1].txt - [4708 octets] ##########

Was meinst Du dazu?

t'john · 03.08.2012, 13:16

Sehr gut!

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

danach:

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

threeColors · 06.08.2012, 21:30

Hallo t'john,

danke für das Lob, das gebe ich gerne zurück.

Emsisoft wollte auf Vista nicht ohne SP2 - eigentlich habe ich alle Updates, ich schaue mal nach wo da was fehlt.

Hier das Log von adwcleaner - beim Delete hat AVG gemeckert es habe möglicherweise einen rogue Anti-Malware entdeckt.

Code:

ATTFilter

# AdwCleaner v1.800 - Logfile created 08/06/2012 at 21:55:25
# Updated 01/08/2012 by Xplode
# Operating system : Windows Vista (TM) Business Service Pack 1 (32 bits)
# User : *** - ***-PC
# Running from : C:\Users\***\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : vToolbarUpdater11.2.0

***** [Files / Folders] *****

Folder Deleted : C:\Users\***\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\***\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19088

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (de)

Profile name : default 
File : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4dv4qp29.default\prefs.js

Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\11.1.0.12");
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7B7b7d404e-99c8-467e-b789-ed9b4d0fdbc7%[...]

*************************

AdwCleaner[R1].txt - [4709 octets] - [02/08/2012 21:10:47]
AdwCleaner[S1].txt - [4748 octets] - [06/08/2012 21:55:25]

########## EOF - C:\AdwCleaner[S1].txt - [4876 octets] ##########

t'john · 07.08.2012, 13:36

Wie schauts aus, alle Updates eingespielt?

threeColors · 07.08.2012, 19:25

Hi t'john,

ja, alle Updates sind drin - mein PC hat jetzt auch vista SP 2.

Hier das log von emisoft vom Detail-Scan:

Code:

ATTFilter

Emsisoft Anti-Malware - Version 6.6
Letztes Update: 07.08.2012 12:32:05

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	07.08.2012 12:35:42


Gescannt	603172
Gefunden	0

Scan Ende:	07.08.2012 20:10:07
Scan Zeit:	7:34:25

t'john · 07.08.2012, 19:27

Sehr gut!

Deinstalliere:
Emsisoft Anti-Malware

ESET Online Scanner

Vorbereitung

Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.

Los geht's

Lade und starte Eset Smartinstaller
Haken setzen bei YES, I accept the Terms of Use.
Klick auf Start.
Haken setzen bei Remove found threads und Scan archives.
Klick auf Start.
Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Finish drücken.
Browser schließen.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
Logfile hier posten.
Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

threeColors · 07.08.2012, 19:43

Hi t'john,

mit ESET habe ich vor kurzem in der Online-Variante gescannt. Ergebnis: "no threats found" - allerdings waren dabei Firewall und AVG Virenscanner eingeschaltet.
Ist das okay oder sollte ich es erneut durchlaufen lassen und dabei, wie Du geschrieben hast, beide ausschalten?

t'john · 07.08.2012, 19:51

Alles ausschalten, neu scannen. Danach Log posten!

threeColors · 14.08.2012, 13:46

Hi t'john,

ich habe den Scan mit ESET durchgeführt wie von Dir beschrieben.

Ergebnis: "no threats found".

Es gibt jedoch kein log.txt

Was sagst Du dazu?

t'john · 14.08.2012, 15:23

Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.

Downloade dir bitte die neueste Java-Version von hier
Speichere die jxpiinstall.exe
Schließe alle laufenden Programme. Speziell deinen Browser.
Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 5 ) herunter laden.
Wenn die Installation beendet wurde
Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.

Nach dem Neustart

Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
Klicke auf Dateien löschen....
Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
Klicke erneut OK.

Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck

threeColors · 14.08.2012, 15:55

Hi t'john,

ich habe Java inzwischen auf den neuesten Stand gebracht und soeben die Einstellungen vorgenommen wie von Dir beschrieben.

PluginCheck sagt:
Firefox 12.0 ist aktuell

Flash 10,2,153,1 ist veraltet!

Java (1,7,0,5) ist aktuell.

Adobe Reader 8,2,0,81 ist veraltet!

Ich gehe das mal eben aktualisieren..

07.08.2012, 13:36	#8
t'john /// Helfer-Team	BKA Trojaner mit Virenscanner entfernt - ist jetzt alles in Ordnung? Wie schauts aus, alle Updates eingespielt? __________________ Mfg, t'john Das TB unterstützen

07.08.2012, 19:51	#12
t'john /// Helfer-Team	BKA Trojaner mit Virenscanner entfernt - ist jetzt alles in Ordnung? Alles ausschalten, neu scannen. Danach Log posten! __________________ Mfg, t'john Das TB unterstützen

BKA Trojaner mit Virenscanner entfernt - ist jetzt alles in Ordnung?

Log-Analyse und Auswertung: BKA Trojaner mit Virenscanner entfernt - ist jetzt alles in Ordnung?