Trojaner Win 7, nicht zu löschen

grohle1 · 07.12.2012, 18:32

Code:

ATTFilter

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-07 18:11:37
-----------------------------
18:11:37.523    OS Version: Windows 6.1.7601 Service Pack 1
18:11:37.523    Number of processors: 1 586 0x1F00
18:11:37.523    ComputerName: CHRISTIAN  UserName: Christia
18:11:38.171    Initialize success
18:11:52.898    AVAST engine defs: 12120700
18:11:54.539    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-6
18:11:54.539    Disk 0 Vendor: HDS722516VLSA80 V34OA6MA Size: 157066MB BusType: 3
18:11:54.546    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
18:11:54.554    Disk 1 Vendor: ST380021A 3.10 Size: 76319MB BusType: 3
18:11:54.585    Disk 1 MBR read successfully
18:11:54.593    Disk 1 MBR scan
18:11:54.617    Disk 1 Windows 7 default MBR code
18:11:54.648    Disk 1 Partition 1 80 (A) 07    HPFS/NTFS NTFS        40939 MB offset 63
18:11:54.671    Disk 1 Partition 2 00     07    HPFS/NTFS NTFS        35369 MB offset 83859295
18:11:54.687    Disk 1 scanning sectors +156296385
18:11:54.781    Disk 1 scanning C:\Windows\system32\drivers
18:12:13.415    Service scanning
18:12:41.149    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
18:12:50.948    Modules scanning
18:13:16.261    Disk 1 trace - called modules:
18:13:16.277    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x8435f1f8]<<
18:13:16.277    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8514f030]
18:13:16.292    3 CLASSPNP.SYS[874f659e] -> nt!IofCallDriver -> [0x8509e760]
18:13:16.308    5 ACPI.sys[86d713d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x85077030]
18:13:16.308    \Driver\atapi[0x85051f38] -> IRP_MJ_CREATE -> 0x8435f1f8
18:13:17.042    AVAST engine scan C:\Windows
18:13:19.511    AVAST engine scan C:\Windows\system32
18:17:37.153    AVAST engine scan C:\Windows\system32\drivers
18:17:58.083    AVAST engine scan C:\Users\Christia
18:23:22.088    AVAST engine scan C:\ProgramData
18:23:45.363    Scan finished successfully
18:24:19.996    Disk 1 MBR has been saved successfully to "C:\Users\Christia\Documents\MBR.dat"
18:24:20.003    The log file has been saved successfully to "C:\Users\Christia\Documents\aswMBR.txt"

gut jetzt habe ich es verstanden mit dem coder tags!!!

Danke!

Text ist zu lang "Log"!!!!

Ich packe es als "rar" datei

grohle1 · 07.12.2012, 19:01

hier die datei

grohle1 · 07.12.2012, 19:02

Gruß

cosinus · 07.12.2012, 20:14

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

grohle1 · 08.12.2012, 14:37

Code:

ATTFilter

ComboFix 12-12-07.01 - Christia 08.12.2012  14:21:30.1.1 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1033.18.1024.167 [GMT 1:00]
ausgeführt von:: c:\users\Christia\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SET677A.tmp
c:\windows\system32\SETE2DB.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-08 bis 2012-12-08  ))))))))))))))))))))))))))))))
.
.
2012-12-07 15:17 . 2012-11-08 18:00	6812136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{BAC4CA90-D50B-4486-A2EB-31370AB5B894}\mpengine.dll
2012-11-29 15:36 . 2012-11-29 15:36	--------	d-----w-	c:\users\Christia\AppData\Local\Diagnostics
2012-11-29 15:28 . 2012-11-29 15:45	--------	d-----w-	c:\programdata\SecTaskMan
2012-11-29 15:28 . 2012-11-29 15:28	--------	d-----w-	c:\program files\Security Task Manager
2012-11-29 15:18 . 2012-11-29 15:18	--------	d-----w-	c:\users\Christia\AppData\Roaming\Simply Super Software
2012-11-29 15:17 . 2012-11-29 15:18	--------	d-----w-	c:\program files\Trojan Remover
2012-11-29 15:17 . 2012-11-29 15:17	--------	d-----w-	c:\programdata\Simply Super Software
2012-11-29 10:17 . 2011-12-13 08:29	21312	----a-w-	c:\windows\system32\authuitu.dll
2012-11-29 10:17 . 2011-12-13 08:29	29504	----a-w-	c:\windows\system32\uxtuneup.dll
2012-11-29 10:10 . 2011-12-13 08:35	31552	----a-w-	c:\windows\system32\TURegOpt.exe
2012-11-29 10:09 . 2012-11-29 10:17	--------	d-----w-	c:\program files\TuneUp Utilities 2011
2012-11-29 10:03 . 2012-11-29 10:03	--------	d-sh--w-	c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2012-11-29 09:11 . 2012-11-29 10:10	--------	d-----w-	c:\users\Christia\AppData\Roaming\TuneUp Software
2012-11-29 09:10 . 2012-11-29 10:10	--------	d-----w-	c:\programdata\TuneUp Software
2012-11-27 16:53 . 2012-11-27 16:53	--------	d-----w-	C:\found.000
2012-11-27 13:14 . 2011-06-21 10:24	32768	----a-w-	c:\windows\system32\drivers\sp_rsdrv2.sys
2012-11-27 13:13 . 2012-11-27 13:13	--------	d-----w-	c:\users\Christia\AppData\Roaming\Malwarebytes
2012-11-27 13:12 . 2012-11-27 13:12	--------	d-----w-	c:\programdata\Malwarebytes
2012-11-27 13:12 . 2012-09-29 18:54	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-11-27 13:12 . 2012-11-27 13:12	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-11-26 11:18 . 2012-12-07 16:47	--------	d-----w-	c:\users\Christia\dwhelper
2012-11-26 09:25 . 2012-11-26 09:25	--------	d-----w-	c:\users\Christia\AppData\Roaming\ProgSense
2012-11-26 09:25 . 2012-11-26 09:25	--------	d-----w-	c:\program files\Orbitdownloader
2012-11-26 09:22 . 2012-11-26 14:01	--------	d-----w-	c:\users\Christia\AppData\Roaming\Orbit
2012-11-26 08:33 . 2012-11-26 08:33	737072	----a-w-	c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-11-26 08:33 . 2012-11-26 08:33	2876528	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-11-26 08:33 . 2012-11-26 08:33	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-11-26 08:32 . 2012-11-26 08:32	539984	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-11-16 09:48 . 2012-11-16 09:48	--------	d-----w-	c:\users\Christia\AppData\Local\Adobe
2012-11-16 09:38 . 2012-11-16 09:39	--------	d-----w-	c:\program files\Common Files\Adobe
2012-11-16 07:40 . 2012-07-26 03:39	526952	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 07:40 . 2012-07-26 03:39	47720	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 07:40 . 2012-07-26 02:46	9728	----a-w-	c:\windows\system32\Wdfres.dll
2012-11-16 07:39 . 2012-07-26 02:33	66560	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2012-11-16 07:39 . 2012-07-26 02:32	155136	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2012-11-16 07:39 . 2012-07-26 03:20	73216	----a-w-	c:\windows\system32\WUDFSvc.dll
2012-11-16 07:39 . 2012-07-26 03:20	172032	----a-w-	c:\windows\system32\WUDFPlatform.dll
2012-11-16 07:39 . 2012-07-26 03:21	196608	----a-w-	c:\windows\system32\WUDFHost.exe
2012-11-16 07:39 . 2012-07-26 03:20	613888	----a-w-	c:\windows\system32\WUDFx.dll
2012-11-16 07:39 . 2012-07-26 03:20	38912	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2012-11-16 07:35 . 2012-10-18 17:59	2345984	----a-w-	c:\windows\system32\win32k.sys
2012-11-16 07:34 . 2012-10-03 16:58	1293680	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-11-16 07:34 . 2012-10-03 16:42	156672	----a-w-	c:\windows\system32\ncsi.dll
2012-11-16 07:34 . 2012-10-03 16:42	52224	----a-w-	c:\windows\system32\nlaapi.dll
2012-11-16 07:34 . 2012-10-03 16:42	242176	----a-w-	c:\windows\system32\nlasvc.dll
2012-11-16 07:34 . 2012-10-03 16:42	18944	----a-w-	c:\windows\system32\netevent.dll
2012-11-16 07:34 . 2012-10-03 16:42	175104	----a-w-	c:\windows\system32\netcorehc.dll
2012-11-16 07:34 . 2012-10-03 16:40	499712	----a-w-	c:\windows\system32\iphlpsvc.dll
2012-11-16 07:34 . 2012-10-03 15:21	35328	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2012-11-16 07:34 . 2012-09-25 22:47	78336	----a-w-	c:\windows\system32\synceng.dll
2012-11-16 07:34 . 2012-10-09 17:40	44032	----a-w-	c:\windows\system32\dhcpcsvc6.dll
2012-11-16 07:34 . 2012-10-09 17:40	193536	----a-w-	c:\windows\system32\dhcpcore6.dll
2012-11-15 08:08 . 2012-11-15 08:08	--------	d-----w-	c:\program files\Red Sky
2012-11-15 08:01 . 2012-11-15 08:01	--------	d-----w-	c:\programdata\FLEXnet
2012-11-15 07:11 . 2012-11-15 07:11	--------	d-----w-	c:\program files\Common Files\Macrovision Shared
2012-11-15 07:05 . 2012-11-15 15:17	--------	d-----w-	c:\users\Christia\AppData\Local\Autodesk
2012-11-15 07:01 . 2009-03-09 14:27	453456	----a-w-	c:\windows\system32\d3dx10_41.dll
2012-11-15 07:01 . 2009-03-09 14:27	1846632	----a-w-	c:\windows\system32\D3DCompiler_41.dll
2012-11-15 07:01 . 2009-03-09 14:27	4178264	----a-w-	c:\windows\system32\D3DX9_41.dll
2012-11-15 06:58 . 2012-11-27 09:02	--------	d-----w-	c:\program files\Common Files\Autodesk Shared
2012-11-14 19:01 . 2012-11-15 08:10	--------	d-----w-	c:\users\Christia\AppData\Roaming\Autodesk
2012-11-14 19:01 . 2012-11-15 08:09	--------	d-----w-	c:\programdata\Autodesk
2012-11-14 13:39 . 2012-11-14 13:38	746984	----a-w-	c:\windows\system32\deployJava1.dll
2012-11-14 13:39 . 2012-11-14 13:38	821736	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-11-14 13:32 . 2012-11-14 13:32	--------	d-----w-	c:\users\Christia\AppData\Local\Google
2012-11-14 13:32 . 2012-11-27 10:31	--------	d-----w-	c:\program files\JDownloader
2012-11-14 10:10 . 2012-11-14 13:17	--------	d-----w-	c:\program files\JDownloader 2
2012-11-14 10:10 . 2012-11-14 10:10	--------	d-----w-	c:\program files\Common Files\i4j_jres
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-16 13:19 . 2003-01-01 09:57	83432	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-11-16 13:19 . 2003-01-01 09:57	36552	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-11-16 13:19 . 2003-01-01 09:57	133824	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-11-06 17:32 . 2012-11-06 17:32	436792	----a-w-	c:\windows\system32\drivers\sptd.sys
2012-11-04 08:17 . 2009-07-14 02:05	152576	----a-w-	c:\windows\system32\msclmd.dll
2012-11-01 07:10 . 2012-11-01 07:10	74752	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2012-11-01 07:10 . 2012-11-01 07:10	161792	----a-w-	c:\windows\system32\msls31.dll
2012-11-01 07:10 . 2012-11-01 07:10	86528	----a-w-	c:\windows\system32\iesysprep.dll
2012-11-01 07:10 . 2012-11-01 07:10	76800	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2012-11-01 07:10 . 2012-11-01 07:10	74752	----a-w-	c:\windows\system32\iesetup.dll
2012-11-01 07:10 . 2012-11-01 07:10	63488	----a-w-	c:\windows\system32\tdc.ocx
2012-11-01 07:10 . 2012-11-01 07:10	48640	----a-w-	c:\windows\system32\mshtmler.dll
2012-11-01 07:10 . 2012-11-01 07:10	367104	----a-w-	c:\windows\system32\html.iec
2012-11-01 07:10 . 2012-11-01 07:10	23552	----a-w-	c:\windows\system32\licmgr10.dll
2012-11-01 07:10 . 2012-11-01 07:10	152064	----a-w-	c:\windows\system32\wextract.exe
2012-11-01 07:10 . 2012-11-01 07:10	150528	----a-w-	c:\windows\system32\iexpress.exe
2012-11-01 07:10 . 2012-11-01 07:10	110592	----a-w-	c:\windows\system32\IEAdvpack.dll
2012-11-01 07:10 . 2012-11-01 07:10	35840	----a-w-	c:\windows\system32\imgutil.dll
2012-11-01 07:10 . 2012-11-01 07:10	11776	----a-w-	c:\windows\system32\mshta.exe
2012-11-01 07:10 . 2012-11-01 07:10	101888	----a-w-	c:\windows\system32\admparse.dll
2012-10-31 13:20 . 2012-10-31 13:20	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-31 13:20 . 2012-10-31 13:20	696760	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-10-16 07:39 . 2012-11-29 09:37	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-10-09 19:31 . 2012-10-09 19:31	1629040	----a-w-	c:\windows\system32\WdfCoInstaller01011.dll
2012-10-02 22:20 . 2012-11-06 14:23	7697768	----a-w-	c:\windows\system32\nvcuda.dll
2012-10-02 22:20 . 2012-11-06 14:23	1867112	----a-w-	c:\windows\system32\nvcuvenc.dll
2012-10-02 22:20 . 2012-11-06 14:23	2574696	----a-w-	c:\windows\system32\nvcuvid.dll
2012-10-02 22:20 . 2012-11-06 14:23	888168	----a-w-	c:\windows\system32\nvdispgenco32.dll
2012-10-02 22:20 . 2012-11-06 14:23	10837352	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2012-10-02 22:20 . 2012-11-06 14:23	1009512	----a-w-	c:\windows\system32\nvdispco32.dll
2012-10-02 22:20 . 2012-11-06 14:23	19906920	----a-w-	c:\windows\system32\nvoglv32.dll
2012-10-02 22:20 . 2012-11-06 14:23	15309160	----a-w-	c:\windows\system32\nvd3dum.dll
2012-10-02 22:20 . 2012-11-06 14:23	6127464	----a-w-	c:\windows\system32\nvopencl.dll
2012-10-02 22:20 . 2012-11-06 14:23	17559912	----a-w-	c:\windows\system32\nvcompiler.dll
2012-10-02 22:20 . 2012-11-06 13:43	2428776	----a-w-	c:\windows\system32\nvapi.dll
2012-10-02 19:29 . 2010-10-08 01:03	645992	----a-w-	c:\windows\system32\nvvsvc.exe
2012-10-02 19:29 . 2010-10-08 01:03	2557288	----a-w-	c:\windows\system32\nvsvcr.dll
2012-10-02 19:29 . 2010-10-08 01:03	108392	----a-w-	c:\windows\system32\nvmctray.dll
2012-10-02 19:29 . 2010-07-09 15:37	62312	----a-w-	c:\windows\system32\nvshext.dll
2012-10-02 19:29 . 2010-10-08 01:03	2853224	----a-w-	c:\windows\system32\nvsvc.dll
2012-10-02 19:28 . 2010-10-08 01:03	3965288	----a-w-	c:\windows\system32\nvcpl.dll
2012-09-28 20:42 . 2012-09-28 20:42	2122392	----a-w-	c:\windows\system32\coin92.dll
2012-09-14 18:28 . 2012-10-31 14:49	2048	----a-w-	c:\windows\system32\tzres.dll
2012-12-05 18:06 . 2003-01-01 08:52	262112	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-11-26 384800]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07	2260480	--sha-r-	c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup	REG_MULTI_SZ   	GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-31 13:20]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.orbitdownloader.com
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Christia\AppData\Roaming\Mozilla\Firefox\Profiles\1p8naavs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - ExtSQL: 2012-11-26 12:12; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\Christia\AppData\Roaming\Mozilla\Firefox\Profiles\1p8naavs.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=f8ebbad50000000000000011d890aa6a&q=
FF - user.js: extensions.BabylonToolbar.id - f8ebbad50000000000000011d890aa6a
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15658
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.3.8
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.3.8
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.3.814:29
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtDtCtC0DzzzytD0A0AyC0A0B0A0DyDtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=1681310637
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtDtCtC0DzzzytD0A0AyC0A0B0A0DyDtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=1681310637
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtDtCtC0DzzzytD0A0AyC0A0B0A0DyDtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=1681310637&q=
FF - user.js: extensions.funmoods.id - 0011D890AA6ABAD5
FF - user.js: extensions.funmoods.instlDay - 15658
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2214:32:9
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - ironpub
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - ironpub
FF - user.js: extensions.funmoods.dfltLng - 
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
FF - user.js: network.http.max-persistent-connections-per-server - 4
.
.
------- Dateityp-Verknüpfung -------
.
.scr=AutoCADScriptFile
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-08  14:32:47
ComboFix-quarantined-files.txt  2012-12-08 13:32
.
Vor Suchlauf: 8 Verzeichnis(se), 24.811.204.608 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 24.946.765.824 Bytes frei
.
- - End Of File - - E5A210824C1C8E21637225AAFA9C28F5

dank

cosinus · 09.12.2012, 16:54

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

grohle1 · 10.12.2012, 11:24

Code:

ATTFilter

# AdwCleaner v2.100 - Logfile created 12/10/2012 at 11:24:06
# Updated 09/12/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : Christia - CHRISTIAN
# Boot Mode : Normal
# Running from : C:\Users\Christia\Downloads\adwcleaner(1).exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\Users\Christia\AppData\Local\funmoods-speeddial_sf.crx

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKU\S-1-5-21-4066182606-2905760520-1518053980-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-4066182606-2905760520-1518053980-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2937
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://searchfunmoods.com/?f=2&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtDtCtC0DzzzytD0A0AyC0A0B0A0DyDtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=1681310637
[HKCU\Software\Microsoft\Internet Explorer\Search - Start Page] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2937
[HKCU\Software\Microsoft\Internet Explorer\Search - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2937
[HKCU\Software\Microsoft\Internet Explorer\Search - Search Bar] = hxxp://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
[HKCU\Software\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Start Page] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2937
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2937
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Search Bar] = hxxp://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2937

-\\ Mozilla Firefox v17.0.1 (de)

Profile name : default 
File : C:\Users\Christia\AppData\Roaming\Mozilla\Firefox\Profiles\1p8naavs.default\prefs.js

Found : user_pref("extensions.BabylonToolbar.admin", false);
Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Found : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Found : user_pref("extensions.BabylonToolbar.excTlbr", false);
Found : user_pref("extensions.BabylonToolbar.id", "f8ebbad50000000000000011d890aa6a");
Found : user_pref("extensions.BabylonToolbar.instlDay", "15658");
Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Found : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Found : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
Found : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.814:29:58");
Found : user_pref("extensions.funmoods.aflt", "ironpub");
Found : user_pref("extensions.funmoods.autoRvrt", false);
Found : user_pref("extensions.funmoods.dfltLng", "");
Found : user_pref("extensions.funmoods.dfltSrch", true);
Found : user_pref("extensions.funmoods.dnsErr", true);
Found : user_pref("extensions.funmoods.envrmnt", "production");
Found : user_pref("extensions.funmoods.excTlbr", false);
Found : user_pref("extensions.funmoods.hmpg", true);
Found : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2[...]
Found : user_pref("extensions.funmoods.id", "0011D890AA6ABAD5");
Found : user_pref("extensions.funmoods.instlDay", "15658");
Found : user_pref("extensions.funmoods.instlRef", "ironpub");
Found : user_pref("extensions.funmoods.isdcmntcmplt", true);
Found : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Found : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=ironpub&chnl=ironpub&cd[...]
Found : user_pref("extensions.funmoods.prdct", "funmoods");
Found : user_pref("extensions.funmoods.prtnrId", "funmoods");
Found : user_pref("extensions.funmoods.srchPrvdr", "Search");
Found : user_pref("extensions.funmoods.tlbrId", "base");
Found : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=ironpub&chnl=ironpub&[...]
Found : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Found : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Found : user_pref("extensions.funmoods_i.newTab", true);
Found : user_pref("extensions.funmoods_i.smplGrp", "none");
Found : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2214:32:9");

*************************

AdwCleaner[R1].txt - [7467 octets] - [30/11/2012 10:21:07]
AdwCleaner[R2].txt - [7028 octets] - [10/12/2012 11:23:39]
AdwCleaner[R3].txt - [7088 octets] - [10/12/2012 11:23:58]
AdwCleaner[R4].txt - [7019 octets] - [10/12/2012 11:24:06]

########## EOF - C:\AdwCleaner[R4].txt - [7079 octets] ##########

cosinus · 10.12.2012, 12:45

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

grohle1 · 10.12.2012, 15:00

Code:

ATTFilter

# AdwCleaner v2.100 - Logfile created 12/10/2012 at 14:51:57
# Updated 09/12/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : Christia - CHRISTIAN
# Boot Mode : Normal
# Running from : C:\Users\Christia\Downloads\adwcleaner(1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Users\Christia\AppData\Local\funmoods-speeddial_sf.crx

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2937 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://searchfunmoods.com/?f=2&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtDtCtC0DzzzytD0A0AyC0A0B0A0DyDtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=1681310637 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Start Page] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2937 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2937 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Search Bar] = hxxp://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q= --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q= --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Start Page] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2937 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2937 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Search Bar] = hxxp://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q= --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q= --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2937 --> hxxp://www.google.com

-\\ Mozilla Firefox v17.0.1 (de)

Profile name : default 
File : C:\Users\Christia\AppData\Roaming\Mozilla\Firefox\Profiles\1p8naavs.default\prefs.js

C:\Users\Christia\AppData\Roaming\Mozilla\Firefox\Profiles\1p8naavs.default\user.js ... Deleted !

Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.id", "f8ebbad50000000000000011d890aa6a");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15658");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.814:29:58");
Deleted : user_pref("extensions.funmoods.aflt", "ironpub");
Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Deleted : user_pref("extensions.funmoods.dfltLng", "");
Deleted : user_pref("extensions.funmoods.dfltSrch", true);
Deleted : user_pref("extensions.funmoods.dnsErr", true);
Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Deleted : user_pref("extensions.funmoods.excTlbr", false);
Deleted : user_pref("extensions.funmoods.hmpg", true);
Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2[...]
Deleted : user_pref("extensions.funmoods.id", "0011D890AA6ABAD5");
Deleted : user_pref("extensions.funmoods.instlDay", "15658");
Deleted : user_pref("extensions.funmoods.instlRef", "ironpub");
Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=ironpub&chnl=ironpub&cd[...]
Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=ironpub&chnl=ironpub&[...]
Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Deleted : user_pref("extensions.funmoods_i.newTab", true);
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2214:32:9");

*************************

AdwCleaner[R1].txt - [7467 octets] - [30/11/2012 10:21:07]
AdwCleaner[R2].txt - [7028 octets] - [10/12/2012 11:23:39]
AdwCleaner[R3].txt - [7088 octets] - [10/12/2012 11:23:58]
AdwCleaner[R4].txt - [7148 octets] - [10/12/2012 11:24:06]
AdwCleaner[S1].txt - [7399 octets] - [10/12/2012 14:51:57]

########## EOF - C:\AdwCleaner[S1].txt - [7459 octets] ##########

cosinus · 10.12.2012, 15:08

Wie weit ist OTL?

grohle1 · 10.12.2012, 15:12

Code:

ATTFilter

OTL logfile created on: 10.12.2012 15:02:15 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Christia\Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1023,55 Mb Total Physical Memory | 328,58 Mb Available Physical Memory | 32,10% Memory free
2,00 Gb Paging File | 1,10 Gb Available in Paging File | 54,85% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,98 Gb Total Space | 22,74 Gb Free Space | 56,89% Space Free | Partition Type: NTFS
Drive D: | 34,54 Gb Total Space | 32,11 Gb Free Space | 92,98% Space Free | Partition Type: NTFS
Drive E: | 60,72 Gb Total Space | 10,71 Gb Free Space | 17,63% Space Free | Partition Type: NTFS
Drive F: | 70,20 Gb Total Space | 1,03 Gb Free Space | 1,47% Space Free | Partition Type: NTFS
Drive G: | 19,91 Gb Total Space | 11,92 Gb Free Space | 59,88% Space Free | Partition Type: NTFS
Drive M: | 2,55 Gb Total Space | 2,51 Gb Free Space | 98,43% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTIAN | User Name: Christia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Christia\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\prevhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (catchme) -- C:\Users\Christia\AppData\Local\Temp\catchme.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (ALCXWDM) -- C:\Windows\System32\drivers\RTKVAC.SYS (Realtek Semiconductor Corp.)
DRV - (nvmpu401) -- C:\Windows\System32\drivers\nvmpu401.sys (NVIDIA Corporation)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0500DF46-74B0-399A-B6E3-5ABF0F6B5226}: "URL" = hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=2937&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtDtCtC0DzzzytD0A0AyC0A0B0A0DyDtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=1681310637
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-4066182606-2905760520-1518053980-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-4066182606-2905760520-1518053980-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-4066182606-2905760520-1518053980-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.orbitdownloader.com
IE - HKU\S-1-5-21-4066182606-2905760520-1518053980-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-4066182606-2905760520-1518053980-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C6 B7 1C 67 77 B1 C2 01  [binary data]
IE - HKU\S-1-5-21-4066182606-2905760520-1518053980-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/
IE - HKU\S-1-5-21-4066182606-2905760520-1518053980-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = hxxp://www.google.com
IE - HKU\S-1-5-21-4066182606-2905760520-1518053980-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-4066182606-2905760520-1518053980-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-4066182606-2905760520-1518053980-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-4066182606-2905760520-1518053980-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-4066182606-2905760520-1518053980-1000\..\SearchScopes\{0500DF46-74B0-399A-B6E3-5ABF0F6B5226}: "URL" = hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=2937&q={searchTerms}
IE - HKU\S-1-5-21-4066182606-2905760520-1518053980-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-4066182606-2905760520-1518053980-1000\..\SearchScopes\{08DE07EB-8AB5-4D4D-8590-3B7440F8D876}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=IMB&o=15785&src=kw&q={searchTerms}&locale=&apn_ptnrs=HQ&apn_dtid=YYYYYYYYDE&apn_uid=08266cf2-fa01-4870-9957-6f5f53797369&apn_sauid=5484181B-6A05-48ED-B1B5-0212DA780BD0
IE - HKU\S-1-5-21-4066182606-2905760520-1518053980-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-4066182606-2905760520-1518053980-1001\..\SearchScopes,DefaultScope = 
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.05 19:06:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2003.01.01 09:54:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christia\AppData\Roaming\mozilla\Extensions
[2012.11.26 12:29:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christia\AppData\Roaming\mozilla\Firefox\Profiles\1p8naavs.default\extensions
[2012.11.26 12:12:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Christia\AppData\Roaming\mozilla\Firefox\Profiles\1p8naavs.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2003.01.01 09:52:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.12.05 19:06:50 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.06 17:07:51 | 000,003,269 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Web Search.xml
[2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.12.08 14:29:16 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-21-4066182606-2905760520-1518053980-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4066182606-2905760520-1518053980-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4066182606-2905760520-1518053980-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-4066182606-2905760520-1518053980-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3235089-283E-444C-A918-8C8BA5B92105}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012.11.27 10:02:25 | 000,000,000 | ---D | M] - D:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2012.11.14 16:03:46 | 209,715,200 | ---- | M] () - G:\Auto.part01.rar -- [ NTFS ]
O32 - AutoRun File - [2012.11.14 18:26:58 | 027,994,892 | ---- | M] () - G:\Auto.part02.rar.part -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.10 12:41:37 | 000,000,000 | ---D | C] -- C:\Users\Christia\AppData\Local\ElevatedDiagnostics
[2012.12.10 11:14:14 | 000,000,000 | -HSD | C] -- C:\found.001
[2012.12.08 14:32:56 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.12.08 14:32:49 | 000,000,000 | ---D | C] -- C:\Users\Christia\AppData\Local\temp
[2012.12.08 14:29:13 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.12.08 14:18:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.12.08 14:18:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.12.08 14:18:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.12.08 14:16:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.08 14:15:31 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.11.29 16:36:34 | 000,000,000 | ---D | C] -- C:\Users\Christia\AppData\Local\Diagnostics
[2012.11.29 16:36:17 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012.11.29 16:28:49 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012.11.29 16:28:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2012.11.29 16:28:45 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2012.11.29 16:18:01 | 000,000,000 | ---D | C] -- C:\Users\Christia\AppData\Roaming\Simply Super Software
[2012.11.29 16:17:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2012.11.29 16:17:49 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2012.11.29 16:17:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2012.11.29 11:17:43 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2012.11.29 11:17:43 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2012.11.29 11:10:39 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2012.11.29 11:10:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011
[2012.11.29 11:09:55 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2011
[2012.11.29 11:03:35 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2012.11.29 10:11:54 | 000,000,000 | ---D | C] -- C:\Users\Christia\AppData\Roaming\TuneUp Software
[2012.11.29 10:10:12 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.11.27 17:53:44 | 000,000,000 | ---D | C] -- C:\found.000
[2012.11.27 14:13:02 | 000,000,000 | ---D | C] -- C:\Users\Christia\AppData\Roaming\Malwarebytes
[2012.11.27 14:12:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.27 14:12:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.27 14:12:47 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.11.27 14:12:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.11.27 11:44:42 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.11.26 12:18:40 | 000,000,000 | ---D | C] -- C:\Users\Christia\dwhelper
[2012.11.26 10:25:13 | 000,000,000 | ---D | C] -- C:\Users\Christia\AppData\Roaming\ProgSense
[2012.11.26 10:25:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbit
[2012.11.26 10:25:00 | 000,000,000 | ---D | C] -- C:\Program Files\Orbitdownloader
[2012.11.26 10:22:09 | 000,000,000 | ---D | C] -- C:\Users\Christia\AppData\Roaming\Orbit
[2012.11.24 12:32:35 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.11.16 10:48:02 | 000,000,000 | ---D | C] -- C:\Users\Christia\AppData\Local\Adobe
[2012.11.16 10:38:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.11.16 10:38:34 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.11.16 08:40:21 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2012.11.16 08:40:21 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2012.11.16 08:39:05 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2012.11.16 08:39:04 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2012.11.16 08:39:04 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2012.11.16 08:37:44 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.11.16 08:37:41 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.11.16 08:37:40 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.11.16 08:37:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.11.16 08:37:40 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.11.16 08:37:36 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.11.16 08:37:36 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.11.16 08:37:33 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.11.16 08:35:38 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.11.16 08:34:30 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2012.11.16 08:34:29 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll
[2012.11.16 08:34:29 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2012.11.16 08:34:19 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012.11.16 08:34:15 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll
[2012.11.16 08:34:15 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2012.11.15 09:08:21 | 000,000,000 | ---D | C] -- C:\Program Files\Red Sky
[2012.11.15 09:01:04 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2012.11.15 08:11:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2012.11.15 08:05:12 | 000,000,000 | ---D | C] -- C:\Users\Christia\AppData\Local\Autodesk
[2012.11.15 08:01:02 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2012.11.15 08:01:02 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2012.11.15 08:01:01 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2012.11.15 08:00:48 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2012.11.15 07:59:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
[2012.11.15 07:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2012.11.14 20:01:46 | 000,000,000 | ---D | C] -- C:\Users\Christia\AppData\Roaming\Autodesk
[2012.11.14 20:01:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk
[2012.11.14 14:40:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.11.14 14:39:50 | 000,746,984 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012.11.14 14:39:49 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.11.14 14:32:26 | 000,000,000 | ---D | C] -- C:\Users\Christia\AppData\Local\Google
[2012.11.14 14:32:00 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2012.11.14 11:10:29 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader 2
[2012.11.14 11:10:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\i4j_jres
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.10 15:02:43 | 000,020,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.10 15:02:43 | 000,020,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.10 14:54:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.10 14:54:10 | 804,954,112 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.10 14:46:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.08 14:29:16 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.12.07 18:59:26 | 000,042,404 | ---- | M] () -- C:\Users\Christia\Documents\TDSS.rar
[2012.12.07 18:24:20 | 000,000,512 | ---- | M] () -- C:\Users\Christia\Documents\MBR.dat
[2012.11.30 08:24:46 | 000,001,274 | ---- | M] () -- C:\Users\Christia\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012.11.30 08:24:46 | 000,001,250 | ---- | M] () -- C:\Users\Christia\Desktop\Spybot - Search & Destroy.lnk
[2012.11.29 11:10:27 | 000,002,159 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.11.29 11:10:27 | 000,002,139 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
[2012.11.27 14:12:50 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.27 10:05:01 | 000,000,017 | ---- | M] () -- C:\Users\Christia\AppData\Local\resmon.resmoncfg
[2012.11.27 09:32:13 | 000,651,768 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.27 09:32:13 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.27 09:32:13 | 000,129,468 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.27 09:32:13 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.26 10:25:08 | 000,001,037 | ---- | M] () -- C:\Users\Christia\Application Data\Microsoft\Internet Explorer\Quick Launch\Orbit.lnk
[2012.11.26 09:52:27 | 000,003,159 | ---- | M] () -- C:\Users\Christia\Documents\Rock.wpl
[2012.11.18 13:53:42 | 000,340,384 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.16 14:19:45 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.11.16 14:19:45 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.11.16 14:19:45 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.11.15 09:08:20 | 000,000,014 | ---- | M] () -- C:\end
[2012.11.15 08:09:50 | 000,001,667 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD 2011 - Deutsch.lnk
[2012.11.14 14:38:24 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.11.14 14:38:24 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
 
========== Files Created - No Company Name ==========
 
[2012.12.08 14:18:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.12.08 14:18:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.08 14:18:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.12.08 14:18:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.12.08 14:18:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.12.07 18:59:26 | 000,042,404 | ---- | C] () -- C:\Users\Christia\Documents\TDSS.rar
[2012.12.07 18:24:19 | 000,000,512 | ---- | C] () -- C:\Users\Christia\Documents\MBR.dat
[2012.11.29 11:10:27 | 000,002,159 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.11.29 11:10:27 | 000,002,151 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011.lnk
[2012.11.29 11:10:27 | 000,002,139 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
[2012.11.27 14:14:47 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2012.11.27 14:12:50 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.27 10:05:01 | 000,000,017 | ---- | C] () -- C:\Users\Christia\AppData\Local\resmon.resmoncfg
[2012.11.26 10:25:08 | 000,001,037 | ---- | C] () -- C:\Users\Christia\Application Data\Microsoft\Internet Explorer\Quick Launch\Orbit.lnk
[2012.11.26 09:50:59 | 000,003,159 | ---- | C] () -- C:\Users\Christia\Documents\Rock.wpl
[2012.11.16 10:39:25 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012.11.16 08:40:29 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.16 08:39:03 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.15 08:09:50 | 000,001,667 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD 2011 - Deutsch.lnk
[2012.11.03 18:30:17 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012.11.03 18:27:38 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 10.12.2012 15:02:15 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Christia\Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1023,55 Mb Total Physical Memory | 328,58 Mb Available Physical Memory | 32,10% Memory free
2,00 Gb Paging File | 1,10 Gb Available in Paging File | 54,85% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,98 Gb Total Space | 22,74 Gb Free Space | 56,89% Space Free | Partition Type: NTFS
Drive D: | 34,54 Gb Total Space | 32,11 Gb Free Space | 92,98% Space Free | Partition Type: NTFS
Drive E: | 60,72 Gb Total Space | 10,71 Gb Free Space | 17,63% Space Free | Partition Type: NTFS
Drive F: | 70,20 Gb Total Space | 1,03 Gb Free Space | 1,47% Space Free | Partition Type: NTFS
Drive G: | 19,91 Gb Total Space | 11,92 Gb Free Space | 59,88% Space Free | Partition Type: NTFS
Drive M: | 2,55 Gb Total Space | 2,51 Gb Free Space | 98,43% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTIAN | User Name: Christia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-4066182606-2905760520-1518053980-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{29374356-7A98-416B-81FC-8DB85583A20B}" = dir=out | app=c:\program files\protected search\protectedsearch.exe | 
"{4A53C8F9-276B-4316-833E-D28378DBBAFE}" = dir=in | app=c:\program files\protected search\protectedsearch.exe | 
"{509BBE4E-F138-4666-ABA3-AACF19FF0E4A}" = dir=in | app=c:\program files\protected search\protectedsearch.exe | 
"{A638FEAC-B2D1-412D-B5C0-F795873358BA}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{E5DB1862-6272-4F45-94AD-B66B50DAF556}" = dir=out | app=c:\program files\protected search\protectedsearch.exe | 
"{FC85B2BD-74C3-47AF-A594-3F2A29700D4D}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | 
"TCP Query User{00A9431A-2965-4314-B94B-ED0A4BD17764}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{2F85CA3F-0415-4E18-8E2A-FDA7BEAE5BE4}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"TCP Query User{A17CA6BF-D440-4C5B-B558-401BCDD7E5AF}C:\program files\common files\i4j_jres\1.6.0_27\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\common files\i4j_jres\1.6.0_27\bin\javaw.exe | 
"UDP Query User{0427E154-CF49-4C38-8839-109ECA0AF655}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{F1267B31-EF6C-4FCF-BC8B-9670DCA59B2C}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{F9E0253D-7E71-4D22-9DAC-A7403F08F33D}C:\program files\common files\i4j_jres\1.6.0_27\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\common files\i4j_jres\1.6.0_27\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{5783F2D7-9001-0407-0002-0060B0CE6BBA}" = AutoCAD 2011 - Deutsch
"{5783F2D7-9001-0407-1002-0060B0CE6BBA}" = AutoCAD 2011 Language Pack - Deutsch
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{EBBB1DEF-8878-4CB8-BC0D-1196B30E7527}" = ANNO 1503
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AutoCAD 2011 - Deutsch" = AutoCAD 2011 - Deutsch
"AutoCAD 2011 - Deutsch Version 2.1" = AutoCAD 2011 - Deutsch Version 2.1
"Avira AntiVir Desktop" = Avira Free Antivirus
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"Orbit_is1" = Orbit Downloader
"Security Task Manager" = Security Task Manager 1.8d
"Trojan Remover_is1" = Trojan Remover 6.8.5
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"WinRAR archiver" = WinRAR 4.20 (32-Bit)
 
Error encountered while reading event logs.
 
< End of report >

cosinus · 10.12.2012, 15:28

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
IE - HKLM\..\SearchScopes\{0500DF46-74B0-399A-B6E3-5ABF0F6B5226}: "URL" = http://search.certified-toolbar.com?si=41460&bs=true&tid=2937&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtDtCtC0DzzzytD0A0AyC0A0B0A0DyDtN0D0Tzu0CtAtCzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=1681310637
IE - HKU\S-1-5-21-4066182606-2905760520-1518053980-1000\..\SearchScopes\{0500DF46-74B0-399A-B6E3-5ABF0F6B5226}: "URL" = http://search.certified-toolbar.com?si=41460&bs=true&tid=2937&q={searchTerms}
IE - HKU\S-1-5-21-4066182606-2905760520-1518053980-1000\..\SearchScopes\{08DE07EB-8AB5-4D4D-8590-3B7440F8D876}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=IMB&o=15785&src=kw&q={searchTerms}&locale=&apn_ptnrs=HQ&apn_dtid=YYYYYYYYDE&apn_uid=08266cf2-fa01-4870-9957-6f5f53797369&apn_sauid=5484181B-6A05-48ED-B1B5-0212DA780BD0
[2012.11.06 17:07:51 | 000,003,269 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Web Search.xml
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:CB0AACC9
:Files
C:\found.00?
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

grohle1 · 11.12.2012, 08:27

ich weiß nicht ob das mit den ganzen Aktionen zusammenhängt, aber mein Avira Antivir startet nicht mehr automatisch beim Start?

cosinus · 11.12.2012, 10:24

Das ist jetzt erstmal egal ich brauche das Log vom OTL-Fix

grohle1 · 11.12.2012, 12:38

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0500DF46-74B0-399A-B6E3-5ABF0F6B5226}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0500DF46-74B0-399A-B6E3-5ABF0F6B5226}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-4066182606-2905760520-1518053980-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0500DF46-74B0-399A-B6E3-5ABF0F6B5226}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0500DF46-74B0-399A-B6E3-5ABF0F6B5226}\ not found.
Registry key HKEY_USERS\S-1-5-21-4066182606-2905760520-1518053980-1000\Software\Microsoft\Internet Explorer\SearchScopes\{08DE07EB-8AB5-4D4D-8590-3B7440F8D876}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08DE07EB-8AB5-4D4D-8590-3B7440F8D876}\ not found.
C:\Program Files\mozilla firefox\searchplugins\Web Search.xml moved successfully.
ADS C:\ProgramData\TEMP:CB0AACC9 deleted successfully.
========== FILES ==========
C:\found.000 folder moved successfully.
C:\found.001 folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Christia\Downloads\cmd.bat deleted successfully.
C:\Users\Christia\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Christia
->Temp folder emptied: 304778 bytes
->Temporary Internet Files folder emptied: 91853980 bytes
->Java cache emptied: 549 bytes
->FireFox cache emptied: 472595071 bytes
->Flash cache emptied: 35570 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4166 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 539,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 12112012_121724

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

10.12.2012, 15:08	#25
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner Win 7, nicht zu löschen Wie weit ist OTL? __________________ Logfiles bitte immer in CODE-Tags posten

11.12.2012, 10:24	#29
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner Win 7, nicht zu löschen Das ist jetzt erstmal egal ich brauche das Log vom OTL-Fix __________________ Logfiles bitte immer in CODE-Tags posten

Trojaner Win 7, nicht zu löschen

Log-Analyse und Auswertung: Trojaner Win 7, nicht zu löschen