Internet gesperrt, 100 € Ukash zahlen

Waikiki-Burg · 12.10.2012, 16:50

Hallo Trojaner-Board-Team,
mich hat es leider auch mit dem bereits bekannten Trojaner erwischt.

Sobald das WLAN an ist wird mein Bildschirm binnen wenigen Sekunden komplett geblockt.

Habe anschließend im Offline Modus Avira laufen lassen. Entgegen dem hier geposteten Vorgehen (hatte ich zu dem Zeitpunkt noch nicht gelesen) habe ich die 6 gefundenen Dateien nicht in die Quarantäne sondern gelöscht...

Folgend der OTL Logfile und anbei die Extras.txt gezippt:
Vielen Dank fürs Bearbeiten schon mal im Voraus!!

Gruß ToniOTL Logfile:

Code:

ATTFilter

OTL logfile created on: 11.10.2012 23:33:10 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Toni\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 52,86% Memory free
6,19 Gb Paging File | 4,78 Gb Available in Paging File | 77,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 40,30 Gb Free Space | 34,61% Space Free | Partition Type: NTFS
Drive D: | 106,68 Gb Total Space | 32,52 Gb Free Space | 30,49% Space Free | Partition Type: NTFS
Drive F: | 1003,22 Mb Total Space | 903,52 Mb Free Space | 90,06% Space Free | Partition Type: FAT
 
Computer Name: WAIKIKI-BURGER | User Name: Toni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.11 14:25:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Toni\Desktop\OTL.exe
PRC - [2012.10.03 10:26:29 | 000,035,328 | ---- | M] (stabsorce) -- C:\Users\Toni\ms.exe
PRC - [2012.08.08 21:23:55 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.31 15:00:22 | 000,445,624 | ---- | M] (Sony) -- C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Toni\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.05.08 20:24:25 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 20:24:25 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 20:24:25 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.30 11:57:42 | 000,067,072 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
PRC - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
PRC - [2008.09.16 02:46:12 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2008.07.15 20:29:00 | 007,651,328 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2008.07.15 20:22:46 | 000,217,088 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControl.exe
PRC - [2008.07.10 02:09:26 | 000,191,032 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2008.06.24 05:16:24 | 002,482,176 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2008.06.19 21:18:12 | 000,154,168 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
PRC - [2008.06.18 07:10:24 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008.06.13 07:52:51 | 006,183,456 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.06.12 06:52:18 | 000,196,608 | ---- | M] (CyberLink) -- C:\Program Files\ASUS\AI TouchMedia\AI TouchMedia\Kernel\CLML\CLMLSvc.exe
PRC - [2008.06.12 06:52:08 | 000,212,992 | ---- | M] (CyberLink Corp.) -- C:\Program Files\ASUS\AI TouchMedia\AI TouchMedia\PCMAgent.exe
PRC - [2008.06.04 02:29:08 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2008.05.20 02:15:06 | 000,172,032 | ---- | M] (CyberLink Corp.) -- C:\Program Files\ASUS\AI TouchMedia\PlayMovie\PMVService.exe
PRC - [2008.03.18 06:27:11 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008.02.01 23:29:32 | 000,061,440 | ---- | M] () -- C:\Program Files\ASUS\ATK Media\DMedia.exe
PRC - [2008.01.23 19:51:28 | 000,151,552 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\WDC.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008.01.12 07:40:10 | 000,098,304 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
PRC - [2007.11.05 04:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe
PRC - [2007.10.03 06:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
PRC - [2007.08.15 20:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007.08.03 21:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2007.07.06 01:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007.04.20 16:55:58 | 000,258,048 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\TotalMedia 3\TMMonitor.exe
PRC - [2005.07.07 00:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.24 11:50:32 | 000,203,776 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\MExplorer.dll
MOD - [2012.05.23 11:38:36 | 000,583,680 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PhoneUpdate.dll
MOD - [2012.04.30 11:57:42 | 000,067,072 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
MOD - [2012.04.30 11:57:42 | 000,039,936 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll
MOD - [2012.04.04 14:33:24 | 000,139,776 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\CAgdLNotes.dll
MOD - [2012.03.16 12:51:02 | 000,188,416 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\CAgdOutlook.dll
MOD - [2012.02.13 09:53:50 | 000,086,016 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\CalEngine.dll
MOD - [2011.11.01 19:32:48 | 000,573,100 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\sqlite3.dll
MOD - [2011.07.07 14:54:36 | 000,233,984 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\Report.dll
MOD - [2010.09.14 15:01:00 | 000,212,992 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\VistaCalendar.dll
MOD - [2010.01.11 16:44:54 | 000,053,248 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\VObject.dll
MOD - [2009.09.04 23:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009.04.11 08:28:21 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2008.09.16 21:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
MOD - [2008.06.12 06:52:20 | 000,778,240 | ---- | M] () -- C:\Program Files\ASUS\AI TouchMedia\AI TouchMedia\Kernel\CLML\CLMediaLibrary.dll
MOD - [2008.06.12 06:52:16 | 000,007,680 | ---- | M] () -- C:\Program Files\ASUS\AI TouchMedia\AI TouchMedia\Kernel\CLML\CLMLSvcPS.dll
MOD - [2008.02.01 23:29:32 | 000,061,440 | ---- | M] () -- C:\Program Files\ASUS\ATK Media\DMedia.exe
MOD - [2008.02.01 23:29:28 | 000,049,152 | ---- | M] () -- C:\Program Files\ASUS\ATK Media\ATKMETHOD.dll
MOD - [2008.01.12 07:40:10 | 000,098,304 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
MOD - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
MOD - [2007.11.13 00:41:50 | 000,106,496 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\MsgTran.dll
MOD - [2007.08.14 22:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007.08.08 11:52:08 | 000,331,776 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\AdsmendecExt.dll
MOD - [2007.07.12 22:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007.07.12 22:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2007.06.15 19:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
MOD - [2007.06.02 02:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
MOD - [2006.10.26 00:37:52 | 000,045,056 | ---- | M] () -- C:\Program Files\ASUS\ATK Media\GERSTRING.dll
MOD - [2006.01.06 15:51:00 | 000,266,303 | ---- | M] () -- C:\Program Files\ArcSoft\TotalMedia 3\magengin.dll
MOD - [2005.08.05 17:24:00 | 000,028,672 | ---- | M] () -- C:\Program Files\ArcSoft\TotalMedia 3\uPiApi.dll
MOD - [2004.12.14 13:00:00 | 000,430,080 | ---- | M] () -- C:\Program Files\ArcSoft\TotalMedia 3\fpxlib.dll
MOD - [2004.12.01 18:21:22 | 000,180,224 | ---- | M] () -- C:\Program Files\ArcSoft\TotalMedia 3\kgl.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.09 18:17:24 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.06 21:26:05 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.05.08 20:24:25 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 20:24:25 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2008.03.18 06:27:11 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.10.03 06:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2007.08.08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007.08.03 21:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2007.05.18 11:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.05.08 20:24:26 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 20:24:26 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.12.15 16:00:35 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.03.18 21:29:09 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011.03.18 21:29:08 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.05.28 23:41:28 | 004,233,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008.12.08 18:42:00 | 007,451,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.09.24 17:09:48 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.06.03 23:41:51 | 000,015,928 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2008.05.29 19:21:02 | 000,015,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\lullaby.sys -- (lullaby)
DRV - [2008.05.20 02:15:42 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\ASUS\AI TouchMedia\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008.03.21 06:12:59 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.02.16 02:42:42 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008.02.14 23:56:01 | 000,118,784 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.01.23 10:19:44 | 000,501,560 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV11.sys -- (acedrv11)
DRV - [2007.12.19 02:12:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2007.10.18 00:50:00 | 000,107,904 | ---- | M] (e3C, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EC168BDA.sys -- (EC168BDA)
DRV - [2007.10.15 09:39:25 | 000,206,336 | ---- | M] (eMPIA Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\etFilter.sys -- (FiltUSBET)
DRV - [2007.09.06 17:45:21 | 000,006,656 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\etScan.sys -- (ScanUSBET)
DRV - [2007.09.06 10:43:49 | 000,474,624 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\etDevice.sys -- (DCamUSBET)
DRV - [2007.08.11 05:19:26 | 000,029,752 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm)
DRV - [2007.08.03 06:26:21 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2007.07.30 20:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.07.30 19:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.07.24 20:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2006.12.15 00:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2006.11.02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.asus.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://ecosia.org/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.09 18:17:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.09 18:17:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.20 22:00:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.09 18:17:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.09 18:17:18 | 000,000,000 | ---D | M]
 
[2008.11.27 03:54:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Toni\AppData\Roaming\mozilla\Extensions
[2012.07.25 20:22:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Toni\AppData\Roaming\mozilla\Firefox\Profiles\9v7nq752.default\extensions
[2012.07.25 20:22:35 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Toni\AppData\Roaming\mozilla\firefox\profiles\9v7nq752.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.09 18:17:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2009.08.24 00:51:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012.09.09 18:17:25 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.16 23:46:08 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.03.25 20:10:06 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.09 15:47:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.25 20:10:06 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.25 20:10:06 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.25 20:10:06 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.25 20:10:06 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE ()
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\ASUS\AI TouchMedia\AI TouchMedia\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DXM6Patch_981116] C:\Windows\p_981116.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PCMAgent] C:\Program Files\ASUS\AI TouchMedia\AI TouchMedia\PCMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\ASUS\AI TouchMedia\PlayMovie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [] C:\Users\Toni\ms.exe (stabsorce)
O4 - HKCU..\Run: [NvCplDaemonTool] rundll32.exe C:\Users\Toni\vtloadF4.dll,_IWMPEvents File not found
O4 - HKCU..\Run: [Screenpresso] C:\Users\Toni\AppData\Local\Learnpulse\Screenpresso\Screenpresso.exe (Learnpulse)
O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - Startup: C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Toni\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B1316B1-B457-4593-8011-CC602215F56D}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E41790C8-7B14-49F2-A562-8D9B5E3DAB5E}: DhcpNameServer = 10.156.33.53 129.187.5.1
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6215836d-58d6-11e1-ac67-00235416aea9}\Shell - "" = AutoRun
O33 - MountPoints2\{6215836d-58d6-11e1-ac67-00235416aea9}\Shell\AutoRun\command - "" = F:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.11 23:32:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Toni\Desktop\OTL.exe
[2012.10.07 23:06:26 | 000,000,000 | ---D | C] -- C:\Users\Toni\Desktop\Steuer
[2012.10.03 10:37:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.10.03 10:26:29 | 000,035,328 | ---- | C] (stabsorce) -- C:\Users\Toni\ms.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.11 23:31:57 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.11 23:31:57 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.11 22:11:12 | 000,000,000 | ---- | M] () -- C:\Users\Toni\defogger_reenable
[2012.10.11 22:09:59 | 000,456,070 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.10.11 21:32:28 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2012.10.11 21:31:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.11 21:27:08 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.10.11 14:25:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Toni\Desktop\OTL.exe
[2012.10.11 14:24:18 | 000,050,477 | ---- | M] () -- C:\Users\Toni\Desktop\Defogger.exe
[2012.10.11 00:33:04 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
[2012.10.10 20:45:46 | 000,456,070 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.10.07 22:41:10 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.07 22:41:09 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.07 22:41:09 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.07 22:41:09 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.03 11:06:48 | 000,007,592 | ---- | M] () -- C:\Users\Toni\AppData\Local\d3d9caps.dat
[2012.10.03 10:26:29 | 000,035,328 | ---- | M] (stabsorce) -- C:\Users\Toni\ms.exe
[2012.09.30 13:11:51 | 000,034,816 | ---- | M] () -- C:\Users\Toni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.22 18:00:00 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
 
========== Files Created - No Company Name ==========
 
[2012.10.11 22:11:12 | 000,000,000 | ---- | C] () -- C:\Users\Toni\defogger_reenable
[2012.10.11 22:09:59 | 000,050,477 | ---- | C] () -- C:\Users\Toni\Desktop\Defogger.exe
[2012.05.30 19:35:48 | 000,006,562 | ---- | C] () -- C:\Users\Toni\.recently-used.xbel
[2011.10.30 15:44:24 | 000,007,592 | ---- | C] () -- C:\Users\Toni\AppData\Local\d3d9caps.dat
[2011.03.18 21:29:09 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.03.18 21:29:08 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.11.20 23:44:16 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin
[2010.01.07 23:10:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.11.28 19:37:49 | 000,034,816 | ---- | C] () -- C:\Users\Toni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.11.25 23:29:17 | 000,456,070 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.11.25 23:28:07 | 000,456,070 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.07.02 04:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll
[2008.05.22 18:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.10.26 20:47:17 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\bibble
[2008.11.29 01:40:45 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\dp3d
[2009.01.17 01:19:34 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\DriverCure
[2012.10.11 21:34:00 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Dropbox
[2010.04.15 21:01:54 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\fotobuch.de AG
[2012.05.08 19:10:08 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\GameRanger
[2012.05.30 19:35:48 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\gtk-2.0
[2010.08.21 11:02:48 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\IrfanView
[2011.08.22 14:19:44 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Might & Magic Heroes VI - Public Closed Beta
[2012.09.08 19:50:14 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\MusicBee
[2009.12.27 16:57:03 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\ProtectDisc
[2010.10.27 13:38:11 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Research In Motion
[2012.03.19 23:47:22 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Sony
[2012.02.05 11:42:07 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\The Creative Assembly
[2011.07.05 23:03:45 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Thunderbird
[2011.10.26 23:00:38 | 000,000,000 | ---D | M] -- C:\Users\Toni\AppData\Roaming\Ulead Systems
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

t'john · 13.10.2012, 00:12

Hast du das Log von Avira?

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

Waikiki-Burg · 17.10.2012, 11:56

Avira Log:
Avira Free Antivirus
Report file date: Freitag, 5. Oktober 2012 00:49

Scanning for 4305876 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available.

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista (TM) Home Premium
Windows version : (Service Pack 2) [6.0.6002]
Boot mode : Normally booted
Username : SYSTEM
Computer name : WAIKIKI-BURGER

Version information:
BUILD.DAT : 12.0.0.1199 40869 Bytes 07.09.2012 22:20:00
AVSCAN.EXE : 12.3.0.33 468472 Bytes 08.08.2012 19:23:56
AVSCAN.DLL : 12.3.0.15 54736 Bytes 08.05.2012 18:24:25
LUKE.DLL : 12.3.0.15 68304 Bytes 08.05.2012 18:24:25
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 08.05.2012 18:24:26
AVREG.DLL : 12.3.0.17 232200 Bytes 10.05.2012 22:12:33
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 23:33:08
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 16:22:34
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 16:25:33
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 21:20:36
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 19:10:44
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 14:43:35
VBASE007.VDF : 7.11.41.251 2048 Bytes 06.09.2012 14:43:35
VBASE008.VDF : 7.11.41.252 2048 Bytes 06.09.2012 14:43:35
VBASE009.VDF : 7.11.41.253 2048 Bytes 06.09.2012 14:43:35
VBASE010.VDF : 7.11.41.254 2048 Bytes 06.09.2012 14:43:35
VBASE011.VDF : 7.11.41.255 2048 Bytes 06.09.2012 14:43:35
VBASE012.VDF : 7.11.42.0 2048 Bytes 06.09.2012 14:43:35
VBASE013.VDF : 7.11.42.1 2048 Bytes 06.09.2012 14:43:35
VBASE014.VDF : 7.11.42.65 203264 Bytes 09.09.2012 14:42:48
VBASE015.VDF : 7.11.42.125 156672 Bytes 11.09.2012 19:13:18
VBASE016.VDF : 7.11.42.171 187904 Bytes 12.09.2012 19:13:17
VBASE017.VDF : 7.11.42.235 141312 Bytes 13.09.2012 18:59:04
VBASE018.VDF : 7.11.43.35 133632 Bytes 15.09.2012 18:59:06
VBASE019.VDF : 7.11.43.89 129024 Bytes 18.09.2012 18:59:45
VBASE020.VDF : 7.11.43.141 130560 Bytes 19.09.2012 18:58:59
VBASE021.VDF : 7.11.43.187 121856 Bytes 21.09.2012 18:59:00
VBASE022.VDF : 7.11.43.251 147456 Bytes 24.09.2012 07:02:10
VBASE023.VDF : 7.11.44.43 152064 Bytes 25.09.2012 07:02:11
VBASE024.VDF : 7.11.44.103 165888 Bytes 27.09.2012 07:02:11
VBASE025.VDF : 7.11.44.167 160256 Bytes 30.09.2012 16:59:06
VBASE026.VDF : 7.11.44.223 199680 Bytes 02.10.2012 08:07:36
VBASE027.VDF : 7.11.44.224 2048 Bytes 02.10.2012 08:07:36
VBASE028.VDF : 7.11.44.225 2048 Bytes 02.10.2012 08:07:36
VBASE029.VDF : 7.11.44.226 2048 Bytes 02.10.2012 08:07:36
VBASE030.VDF : 7.11.44.227 2048 Bytes 02.10.2012 08:07:36
VBASE031.VDF : 7.11.45.2 114176 Bytes 03.10.2012 08:07:36
Engine version : 8.2.10.178
AEVDF.DLL : 8.1.2.10 102772 Bytes 11.07.2012 20:50:23
AESCRIPT.DLL : 8.1.4.58 463226 Bytes 29.09.2012 07:02:26
AESCN.DLL : 8.1.9.2 131444 Bytes 29.09.2012 07:02:25
AESBX.DLL : 8.2.5.12 606578 Bytes 14.06.2012 17:19:22
AERDL.DLL : 8.1.9.15 639348 Bytes 14.12.2011 23:32:23
AEPACK.DLL : 8.3.0.38 811382 Bytes 29.09.2012 07:02:25
AEOFFICE.DLL : 8.1.2.48 201082 Bytes 29.09.2012 07:02:23
AEHEUR.DLL : 8.1.4.108 5329272 Bytes 29.09.2012 07:02:23
AEHELP.DLL : 8.1.24.0 258423 Bytes 29.09.2012 07:02:15
AEGEN.DLL : 8.1.5.38 434548 Bytes 29.09.2012 07:02:15
AEEXP.DLL : 8.2.0.2 115060 Bytes 29.09.2012 07:02:26
AEEMU.DLL : 8.1.3.2 393587 Bytes 11.07.2012 20:50:22
AECORE.DLL : 8.1.28.2 201079 Bytes 29.09.2012 07:02:14
AEBB.DLL : 8.1.1.0 53618 Bytes 14.12.2011 23:32:19
AVWINLL.DLL : 12.3.0.15 27344 Bytes 08.05.2012 18:24:24
AVPREF.DLL : 12.3.0.15 51920 Bytes 08.05.2012 18:24:25
AVREP.DLL : 12.3.0.15 179208 Bytes 08.05.2012 18:24:26
AVARKT.DLL : 12.3.0.15 211408 Bytes 08.05.2012 18:24:25
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 08.05.2012 18:24:25
SQLITE3.DLL : 3.7.0.1 398288 Bytes 08.05.2012 18:24:25
AVSMTP.DLL : 12.3.0.32 63480 Bytes 08.08.2012 19:23:56
NETNT.DLL : 12.3.0.15 17104 Bytes 08.05.2012 18:24:25
RCIMAGE.DLL : 12.3.0.31 4445944 Bytes 08.08.2012 19:23:48
RCTEXT.DLL : 12.3.0.31 97784 Bytes 08.08.2012 19:23:48

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended

Start of the scan: Freitag, 5. Oktober 2012 00:49

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting search for hidden objects.
c:\adsm_pdata_0150\dragwait.exe
c:\adsm_pdata_0150\dragwait.exe
[NOTE] The file is not visible.
c:\adsm_pdata_0150\_avt
c:\adsm_pdata_0150\_avt
[NOTE] The file is not visible.
c:\adsm_pdata_0150\db\si.db
c:\adsm_pdata_0150\db\si.db
[NOTE] The file is not visible.
c:\adsm_pdata_0150\db\ul.db
c:\adsm_pdata_0150\db\ul.db
[NOTE] The file is not visible.
c:\adsm_pdata_0150\db\vl.db
c:\adsm_pdata_0150\db\vl.db
[NOTE] The file is not visible.
c:\adsm_pdata_0150\db\_avt
c:\adsm_pdata_0150\db\_avt
[NOTE] The file is not visible.
c:\program files\asus\asus data security manager\driver\x86\asdsm.sys
c:\program files\asus\asus data security manager\driver\x86\asdsm.sys
[NOTE] The file is not visible.
c:\program files\asus\asus data security manager\driver\x86\_avt
c:\program files\asus\asus data security manager\driver\x86\_avt
[NOTE] The file is not visible.
c:\adsm_pdata_0150
c:\adsm_pdata_0150
[NOTE] The directory is not visible.
c:\adsm_pdata_0150\db
c:\adsm_pdata_0150\db
[NOTE] The directory is not visible.
c:\program files\asus\asus data security manager\driver\x86
c:\program files\asus\asus data security manager\driver\x86
[NOTE] The directory is not visible.

The scan of running processes will be started
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'vssvc.exe' - '49' Module(s) have been scanned
Scan process 'avscan.exe' - '87' Module(s) have been scanned
Scan process 'avscan.exe' - '29' Module(s) have been scanned
Scan process 'conime.exe' - '16' Module(s) have been scanned
Scan process 'avcenter.exe' - '72' Module(s) have been scanned
Scan process 'SynTPHelper.exe' - '14' Module(s) have been scanned
Scan process 'PCCompanionInfo.exe' - '36' Module(s) have been scanned
Scan process 'ms.exe' - '59' Module(s) have been scanned
Scan process 'Dropbox.exe' - '61' Module(s) have been scanned
Scan process 'TMMonitor.exe' - '176' Module(s) have been scanned
Scan process 'Screenpresso.exe' - '89' Module(s) have been scanned
Scan process 'PCCompanion.exe' - '123' Module(s) have been scanned
Scan process 'LightScribeControlPanel.exe' - '31' Module(s) have been scanned
Scan process 'sidebar.exe' - '99' Module(s) have been scanned
Scan process 'jusched.exe' - '29' Module(s) have been scanned
Scan process 'avgnt.exe' - '73' Module(s) have been scanned
Scan process 'rundll32.exe' - '37' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '37' Module(s) have been scanned
Scan process 'AsScrPro.exe' - '32' Module(s) have been scanned
Scan process 'DMedia.exe' - '20' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '49' Module(s) have been scanned
Scan process 'ATKOSD2.exe' - '21' Module(s) have been scanned
Scan process 'HControlUser.exe' - '17' Module(s) have been scanned
Scan process 'PMVService.exe' - '38' Module(s) have been scanned
Scan process 'PCMAgent.exe' - '47' Module(s) have been scanned
Scan process 'CLMLSvc.exe' - '48' Module(s) have been scanned
Scan process 'MSASCui.exe' - '41' Module(s) have been scanned
Scan process 'svchost.exe' - '21' Module(s) have been scanned
Scan process 'WDC.exe' - '27' Module(s) have been scanned
Scan process 'KBFiltr.exe' - '13' Module(s) have been scanned
Scan process 'ATKOSD.exe' - '13' Module(s) have been scanned
Scan process 'Explorer.EXE' - '135' Module(s) have been scanned
Scan process 'ACEngSvr.exe' - '32' Module(s) have been scanned
Scan process 'ACMON.exe' - '37' Module(s) have been scanned
Scan process 'BatteryLife.exe' - '26' Module(s) have been scanned
Scan process 'aspg.exe' - '22' Module(s) have been scanned
Scan process 'wcourier.exe' - '22' Module(s) have been scanned
Scan process 'HControl.exe' - '59' Module(s) have been scanned
Scan process 'MsgTranAgt.exe' - '13' Module(s) have been scanned
Scan process 'sensorsrv.exe' - '22' Module(s) have been scanned
Scan process 'ALU.exe' - '44' Module(s) have been scanned
Scan process 'taskeng.exe' - '68' Module(s) have been scanned
Scan process 'Dwm.exe' - '37' Module(s) have been scanned
Scan process 'taskeng.exe' - '25' Module(s) have been scanned
Scan process 'avshadow.exe' - '33' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '59' Module(s) have been scanned
Scan process 'svchost.exe' - '9' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'spmgr.exe' - '38' Module(s) have been scanned
Scan process 'PsiService_2.exe' - '17' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '23' Module(s) have been scanned
Scan process 'btwdins.exe' - '27' Module(s) have been scanned
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '33' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '32' Module(s) have been scanned
Scan process 'avguard.exe' - '59' Module(s) have been scanned
Scan process 'agrsmsvc.exe' - '16' Module(s) have been scanned
Scan process 'aavus.exe' - '38' Module(s) have been scanned
Scan process 'rundll32.exe' - '43' Module(s) have been scanned
Scan process 'svchost.exe' - '56' Module(s) have been scanned
Scan process 'sched.exe' - '52' Module(s) have been scanned
Scan process 'spoolsv.exe' - '91' Module(s) have been scanned
Scan process 'GFNEXSrv.exe' - '12' Module(s) have been scanned
Scan process 'ASLDRSrv.exe' - '25' Module(s) have been scanned
Scan process 'ADSMSrv.exe' - '12' Module(s) have been scanned
Scan process 'svchost.exe' - '87' Module(s) have been scanned
Scan process 'svchost.exe' - '77' Module(s) have been scanned
Scan process 'SLsvc.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '145' Module(s) have been scanned
Scan process 'svchost.exe' - '102' Module(s) have been scanned
Scan process 'svchost.exe' - '66' Module(s) have been scanned
Scan process 'svchost.exe' - '51' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '26' Module(s) have been scanned
Scan process 'winlogon.exe' - '30' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'lsm.exe' - '22' Module(s) have been scanned
Scan process 'lsass.exe' - '60' Module(s) have been scanned
Scan process 'services.exe' - '33' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting to scan executable files (registry).
The registry was scanned ( '10418' files ).

Starting the file scan:

Begin scan in 'C:\' <VistaOS>
C:\Program Files\WinRAR\rarnew.dat
[WARNING] Error no files to extract
C:\Users\Toni\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9ATTK8EO\avira_free_antivirus_en[1].exe
[WARNING] The file is password protected
C:\Users\Toni\AppData\Local\Temp\DE80.tmp
[DETECTION] Is the TR/PWS.Sinowal.Gen Trojan
C:\Users\Toni\AppData\Local\Temp\F589.tmp
[DETECTION] Is the TR/PWS.Sinowal.Gen Trojan
C:\Users\Toni\AppData\Local\Temp\pzlsv20h.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan
C:\Users\Toni\AppData\Local\Temp\V.class
[DETECTION] Contains recognition pattern of the EXP/JAVA.Ternub.Gen exploit
C:\Users\Toni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\7ee0a02a-62e9f0f8
[0] Archive type: ZIP
--> AppleT.class
[DETECTION] Contains recognition pattern of the JAVA/ClassLoader.AV Java virus
C:\Users\Toni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\411abbb6-13872b08
[0] Archive type: ZIP
--> H_e2a/H_e2a.class
[DETECTION] Contains recognition pattern of the EXP/2012-1723.EZ.1 exploit
--> H_e2a/H_e2c.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2012-0507.A.310 exploit
--> H_e2a/H_e2b.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Karame.AJ Java virus
--> H_e2a/H_e2d.class
[DETECTION] Contains recognition pattern of the EXP/2012-1723.FA.1 exploit
C:\Users\Toni\AppData\Local\Temp\DE80.tmp
[DETECTION] Is the TR/PWS.Sinowal.Gen Trojan
C:\Users\Toni\AppData\Local\Temp\F589.tmp
[DETECTION] Is the TR/PWS.Sinowal.Gen Trojan
C:\Users\Toni\AppData\Local\Temp\pzlsv20h.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan
C:\Users\Toni\AppData\Local\Temp\V.class
[DETECTION] Contains recognition pattern of the EXP/JAVA.Ternub.Gen exploit
Begin scan in 'D:\' <DATA>
D:\DVBT\TV_Stick\AutoPlay\TV_Stick.cdd
[WARNING] The file is password protected

Beginning disinfection:
C:\Users\Toni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\411abbb6-13872b08
[DETECTION] Contains recognition pattern of the EXP/2012-1723.FA.1 exploit
[NOTE] The file was moved to the quarantine directory under the name '5582dc0e.qua'.
C:\Users\Toni\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\7ee0a02a-62e9f0f8
[DETECTION] Contains recognition pattern of the JAVA/ClassLoader.AV Java virus
[NOTE] The file was moved to the quarantine directory under the name '4d59f395.qua'.
C:\Users\Toni\AppData\Local\Temp\V.class
[DETECTION] Contains recognition pattern of the EXP/JAVA.Ternub.Gen exploit
[NOTE] The file was moved to the quarantine directory under the name '1f04a946.qua'.
C:\Users\Toni\AppData\Local\Temp\pzlsv20h.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '79381948.qua'.
C:\Users\Toni\AppData\Local\Temp\F589.tmp
[DETECTION] Is the TR/PWS.Sinowal.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '3cc0cbb1.qua'.
C:\Users\Toni\AppData\Local\Temp\DE80.tmp
[DETECTION] Is the TR/PWS.Sinowal.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '43dbf9c0.qua'.

End of the scan: Freitag, 5. Oktober 2012 08:35
Used time: 3:06:33 Hour(s)

The scan has been done completely.

49638 Scanned directories
2270956 Files were scanned
13 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
6 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
2270943 Files not concerned
15297 Archives were scanned
3 Warnings
17 Notes
630409 Objects were scanned with rootkit scan
11 Hidden objects were found

Malwarebytes Log:
alwarebytes Anti-Malware (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.07.13

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Toni :: WAIKIKI-BURGER [Administrator]

Schutz: Aktiviert

16.10.2012 12:00:48
mbam-log-2012-10-16 (12-00-48).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 507294
Laufzeit: 3 Stunde(n), 54 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Users\Toni\ms.exe (Trojan.Agent) -> 2700 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run| (Trojan.Agent) -> Daten: C:\Users\Toni\ms.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NvCplDaemonTool (Trojan.Agent.WIMP) -> Daten: rundll32.exe C:\Users\Toni\vtloadF4.dll,_IWMPEvents -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Toni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Toni\ms.exe (Trojan.Agent) -> Löschen bei Neustart.

(Ende)

Da ich mit dem besagten Rechner nicht ins Internet konnte,lief der scan nicht in der aktuellsten Version, aber bin soeben wieder erfolgreich online

Stellt sich nur die Frage ob nichts verstecktes mehr irgendwo verborgen ist?
Danke und Gruß - Toni

t'john · 17.10.2012, 12:58

Sehr gut!

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

danach:

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

Waikiki-Burg · 17.10.2012, 16:55

adwcleaner Log:
# AdwCleaner v2.005 - Datei am 17/10/2012 um 14:45:43 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Toni - WAIKIKI-BURGER
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Toni\Desktop\adwcleaner.exe
# Option [Löschen]

**** [Dienste] ****

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Windows\Uninstall.exe

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pm_launcher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pm_printmanager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.tbtoolband
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.useroptions
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.useroptions.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0 (de)

Profilname : default
Datei : C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\9v7nq752.default\prefs.js

C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\9v7nq752.default\user.js ... Gelöscht !

[OK] Die Datei ist sauber.

Profilname : default
Datei : C:\Users\....\AppData\Roaming\Mozilla\Firefox\Profiles\y1e8hsh3.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : default
Datei : C:\Users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\4n7hgk53.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : default
Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\ir143gl6.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [3252 octets] - [17/10/2012 14:45:43]

########## EOF - C:\AdwCleaner[S1].txt - [3312 octets] ##########

emsisoftware Log:
Emsisoft Anti-Malware - Version 7.0
Letztes Update: 17.10.2012 15:08:13

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\

Riskware-Erkennung: Aus
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan Beginn: 17.10.2012 15:15:57

Gescannt 545409
Gefunden 0

Scan Ende: 17.10.2012 17:48:32
Scan Zeit: 2:32:35

t'john · 17.10.2012, 17:53

Sehr gut!

Deinstalliere:
Emsisoft Anti-Malware

ESET Online Scanner

Vorbereitung

Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.

Los geht's

Lade und starte Eset Smartinstaller
Haken setzen bei YES, I accept the Terms of Use.
Klick auf Start.
Haken setzen bei Remove found threads und Scan archives.
Klick auf Start.
Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Finish drücken.
Browser schließen.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
Logfile hier posten.
Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Waikiki-Burg · 17.10.2012, 23:02

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e21f101d40654a478c85a71596a5ffa5
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-17 09:18:03
# local_time=2012-10-17 11:18:03 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 22472904 22472904 0 0
# compatibility_mode=5892 16776573 100 100 24937 188028879 0 0
# compatibility_mode=8192 67108863 100 0 111 111 0 0
# scanned=256462
# found=0
# cleaned=0
# scan_time=12532

t'john · 18.10.2012, 01:02

Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.

Downloade dir bitte die neueste Java-Version von hier
Speichere die jxpiinstall.exe
Schließe alle laufenden Programme. Speziell deinen Browser.
Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 9 ) herunter laden.
Wenn die Installation beendet wurde
Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.

Nach dem Neustart

Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
Klicke auf Dateien löschen....
Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
Klicke erneut OK.

Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck

Java deaktivieren

Aufgrund derezeitigen Sicherheitsluecke:

http://www.trojaner-board.de/122961-...ktivieren.html

Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck

Waikiki-Burg · 20.10.2012, 11:55

PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.

Firefox 15.0.1 ist veraltet!

Flash (11,4,402,287) ist aktuell.

Java (1,7,0,9) ist aktuell.

Adobe Reader 10,1,4,38 ist aktuell.

PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.

Firefox 15.0.1 ist veraltet!

Flash (11,4,402,287) ist aktuell.

Java ist nicht Installiert oder nicht aktiviert.

Adobe Reader 10,1,4,38 ist aktuell.

und nu.. ? :-)

t'john · 20.10.2012, 17:25

Sehr gut!

damit bist Du sauber und entlassen!

adwCleaner entfernen

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Uninstall.
Bestätige mit Ja.

Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.

Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
Speichere es auf Deinem Desktop.
Doppelklick auf OTL.exe um das Programm auszuführen.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Klicke auf den Button "Bereinigung"
OTL fragt eventuell nach einem Neustart.
Sollte es dies tun, so lasse dies bitte zu.

Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

Zurücksetzen der Sicherheitszonen

Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen.
Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html

Systemwiederherstellungen leeren

Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein:
Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7
Danach wieder aktivieren.

Aufräumen mit CCleaner

Lasse mit CCleaner (Download) (Anleitung) Fehler in der

Registry beheben (mehrmals, solange bis keine Fehler mehr gefunden werden) und
temporäre Dateien löschen.

Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
http://www.trojaner-board.de/109844-...ren-seite.html
PC wird immer langsamer - was tun?

Waikiki-Burg · 21.10.2012, 18:12

Hi t'john,
vielen Dank. Hat alles wunderbar geklappt, bis auf das Zurücksetzen der Sicherheitszonen
Die Beschreibung ist für den IE. Nutze aber Firefox und konnte dort die beschriebenen Einstellungen oder vergleichbares finden...

Gruß - Toni

t'john · 23.10.2012, 03:13

Das gibts nur im IE.
IE ist Teil des Systems, bitte da trotzdem ausfuehren.

Waikiki-Burg · 24.10.2012, 09:18

Done und nochmal danke!!

t'john · 24.10.2012, 22:06

wir wuenschen eine virenfreie Zeit

23.10.2012, 03:13	#12
t'john /// Helfer-Team	Internet gesperrt, 100 € Ukash zahlen Das gibts nur im IE. IE ist Teil des Systems, bitte da trotzdem ausfuehren. __________________ Mfg, t'john Das TB unterstützen

24.10.2012, 22:06	#14
t'john /// Helfer-Team	Internet gesperrt, 100 € Ukash zahlen wir wuenschen eine virenfreie Zeit __________________ Mfg, t'john Das TB unterstützen

Internet gesperrt, 100 € Ukash zahlen

Plagegeister aller Art und deren Bekämpfung: Internet gesperrt, 100 € Ukash zahlen